It’s not a new version in any meaningful sense of the phrase new version. Two of the changes requested, removing the auto delete and the delay in the password check, are trivial. Allowing input of the password in a way other than the screen might be a bit of work, but realistically not very much.
The equivalent is a publisher asking a writer to remove two paragraphs and add another in a 3,000 page book. That strictly speaking makes it a new version, but calling that is misleading.
The backdoor already exists. If your HD becomes corrupt, you can hook the phone up to your computer and restore it to factory settings. In essence, there’s a backdoor allowing Apple signed software to be run on the phone. The FBI wants to take advantage of that to disable the safeguards against a brute force password attack. They absolutely could do that without Apple’s cooperation. But it would require them to forge Apple’s signature on the software and hack the OS to disable those features. Both would be extremely hard to do and pretty close to impossible without Apple’s cooperation.
It’s not whether or not I have anything to hide, but rather if the constitution allows the government to look. My understanding of the Fourth Amendment makes me think they do not.
My biggest problem is the court ordering a company to develop software to break into personal phones, even if it’s one specific phone at a time. That software or its algorithm can be altered, one would assume, for other phones, to include mine. Even if I don’t have stuff to hide from the government, I don’t trust the government to keep that process secret. I don’t want the bad guys to have access to the device I use for all of my personal financial transactions.
That’s in the court order. Apple doesn’t have to provide the FBI anything except access via the internet to a computer hooked up to the phone running the special software.
Essentially Apple has two secrets the FBI needs:
(1) Apple’s secret key to sign software
(2) The source code to iOS
Adding a third secret, the modified iOS version, doesn’t increase Apple’s risk of being hacked in any meaningful way. It’s not harder to keep three pieces of code secret than two.
Go ahead and get a warrant. Can’t open my safe if I’m dead and lost the combination? that’s not my problem.
Nor should it be the safe-maker’s problem if it means profoundly compromising the security of all their customer’s safes, thereby decreasing value in their product. Hacking is becoming a very large and imminent threat. This is a horrible idea, just to gain some information that may or may not be helpful to the bureau.
Does the court have the authority to have the phone company type in the instructions to trace a phone call? Software is no different, it is a set of instructions to do something already possible, like manually throwing a switch. The court does not order some employee of the phone company to trace a call, they order the phone company to do it through a company principal who must then instruct a technician to do perform the task. Apple writing this software is no different.
If Apple or the phone company can’t do what is requested that is another matter altogether.
They can do what the government is requesting (if it is possible) any time that they want.
Apple cannot break into your phone any time they want. That is the very point of this court order. The FBI wants them to create that capability, using software that currently doesn’t exist.
And I’m guessing you don’t do a lot of online shopping? Your health records are online. Your bank account information. Your credit card details. Your personal and professional communications. And if the government or Apple can get it, so can terrorists.
Smapti is dead wrong. The FBI wants Apple to market its products to terrorists, by making our devices more vulnerable to the likes of ISIS and Al Qaida. And Apple rightly told them to fuck off.
It is worth noting that the federal government has successfully used the All Writs Act to compel Apple to unlock phones at least 70 times. They seemed to have changed policy on this, including by changing iOS so it no longer has the backdoor exploited previously.
If you mean the crux is people don’t understand what is being required of Apple, then yes that’s the crux. If you mean something different, then the subpoena is very clear that Apple only needs to provide remote access to a computer hooked up to the phone running the software Apple created.
In other words, now you’ve got this dedicated team of people, both at Apple and the FBI, who will write some special code to be held on the target phone’s memory or in the firmware; whatever.
The point is, is creating the code necessary to hobble Apple’s baked in security a risk in that now it exists?
I think the government would compensate Apple. They asked for a “reasonable cost of providing the service.” They also said Apple can apply for relief if providing the service is too burdensome. I think Apple could successfully argue that it is.
No, you’ve got one coder at Apple that’s going to spend a week (if that) making a couple minor modifications to iOS.
Not really. The security risk already exists, you just need information only Apple has to exploit it. As I said before, Apple has two secrets: the iOS source code and their Secret Key to sign software. Adding a third secret doesn’t really add any risk. Especially since you can trivially derive the third secret if you already have the first two.
Of course. Several employees of Apple have access to far far more valuable and dangerous pieces of information. What the subpoena requests them to do is a negligible decrease in the security of the iPhone.
Executing software is like throwing a switch. Writing software is like instructing someone to throw a switch. The court can order them to reveal their intellectual property for this purpose.