Should the government tell Apple how it hacked the iPhone?

As most of you know, the case against Apple to force them to help the government hack the dead terrorist’s iPhone has been dropped, as the government was aided by “a third party” and were able to gain access to the phone.

This morning while listening to NPR on my way to work some tech analyst said that the government had an obligation to tell Apple how it hacked the iPhone, so that Apple could correct the vulnerability and make the iPhone safer from hacking.

I disagree. It is not the government’s obligation to assist corporations in making their products better. If you believe that government should do this, should it then take on the responsibility of pointing out the Android’s vulnerabilities as well?

No, the government has no obligation to show Apple how they hacked their phone, especially considering that Apple wasn’t keen on assisting the government on hacking it (which I thought was the right stance for Apple, btw). But it works both ways, so I don’t see the government having any obligation at all to do anything. It’s on Apple to find and fix their own vulnerabilities, though honestly if it takes the US government that long to hack one it’s probably not even worth fixing in the short term.

That’s making an assumption that the hack doesn’t scale up…

It didn’t take that long to hack it. It took that long to find someone who already can.
Who knows how long the actual hacking took.

I disagree, too. What would the source of this obligation be? The government doesn’t guarantee “non-hackability” of smartphones like it guarantees non-lethality of drugs.

Apple chose not to do this the easy way. Now they get to deal with the consequences.

Yes. First, the government works for the people, not vice versa. Second, smartphone security is a matter of national security against (most obviously, but not limited to) economic espionage. While the government doesn’t have any proactive obligation to seek out security holes, they should certainly provide warnings of any that they do happen across.

Of course, this assumes that the FBI has in fact gotten into the phone. My suspicion is that they are BSing – since there isn’t any relevant intel on this phone anyway (it would all be on the personal phones which the shooters destroyed, not on the work phone which they didn’t), they can say whatever they like, like a poker player whose opponents “didn’t pay to see those cards”.

It’s not the governments job to ensure any of that. If the vendor (in this case Apple) is providing this as a service that people are paying for then it’s on them to patch their own holes or up or change their encryption algorithm. The government has nothing to do with that unless they are buying phones from that vendor and they have a requirement, in which case the governments responsibility ends in reviewing the vendors offerings in the RFQ/RFP and picking a phone that meets the requirements. IOW, the government is just a customer at that point.

I seriously doubt the FBI would do anything like this, as it would be stupid if/when it comes out that they really couldn’t hack the phone.

They couldn’t do it. They claim a 3rd party did it for them.

Now if Apple was really concerned about fixing their vulnerability, they should solicit the 3rd party to come to them and enter into an arrangement with Apple to show them the vulnerability.

You are missing the point (and you only quoted half the sentence there). Doesn’t matter if the FBI did it directly or they paid a contractor to do it…it was done. I was responding to the position that NO ONE really hacked the phone and the FBI just made it all up.

Or look into it themselves. Whatever…it’s on them if they really want to up their encryption or patch a hole in their security.

If the rumor mill is to be believed, there’s really no vulnerability here that needs to be fixed. The workaround was pretty sophisticated, required modifying the physical hardware of the phone, and could be foiled by simply having a 6 digit pin. But I suppose that’s still speculation at this point.

From memory on this, the FBI was trying to hack the 4 digit PIN, but needed a way to speed up inputting 4 digit codes in as well as turn off the lock out feature. Though no idea how they actually ended up breaking in…they could have hacked the PIN, they could have broken the encryption (much harder) or done something else to directly access the memory somehow (they would have had to break the encryption to do this though). They aren’t under any obligation to tell Apple how they did it, though. And like I said earlier and you allude to here, might not even be an issue Apple needs to worry about in the short term or require a huge fix from them aside from perhaps changing it to require a 6 digit PIN instead of a 4…or maybe make the PIN alpha-numeric-special to allow for strong passwords.

No it does not work both ways. The government works for us. It exists to be our slave. Handing over information that can be used to make us more secure is not equivalent to demanding Apple sabotage our security for the benefit of the government that commits felonies covering up their illegal attacks on our privacy.

My slave roots through my wallet every April 15.

My guess is that they already know.

This was never about “your security” or “our security”. If Apple cared about your security, they’d have complied with the FBI in the first place instead of giving them reason to find another way to break their oh-so-exalted encryption.

If they were stupid enough to start this fight only to get their butts handed to them, why wouldn’t they be stupid enough to find a lame way to weasel out of getting beaten even worse than they have already?

The key test will be all the other phones waiting in line behind this particular “just this one phone we double-pinky-swear” case. If the Feds keep trying to finagle judgments and/or legislation, that’ll indicate that my guess is right and they don’t have a sooper sekrit way in.

Of course they shouldn’t… though maybe they could make a “deal” with Apple in giving them the hacking vulnerability for a backdoor in for when subpoenaed.

Depends on what the ‘hack’ was though. If they actually broke the encryption then you are right. If they simply found a way to allow them to input the 4 digit PIN rapidly and without triggering the lock out then that will be useful in some cases but not others.

And no, I don’t think they would be stupid enough to say they did this and actually didn’t.

The government isn’t our slave, it simply works for us in theory. It doesn’t, however, work for Apple, and has zero obligations to share this with them. It’s on Apple to fix this or not fix it, and on us as consumers to demand they fix it or to shrug and carry on. Don’t like it, get an Android or something else.