Perhaps a little astray; Many/most states have laws/statutes requiring a citizen to assist a police officer. Also that idea is in common law. wiki Refusing to assist a police officer - Wikipedia
And we know now that Corporations are citizens.
IMHO [IANAL] Apple would have lost the case had it gone to judgement (and be bitterly fought to the Supreme Court). My supposition is based on the current extremist 5 to 4 slant in the court. Note that I believe the court is always conservative and Sylvia is the only one who could be considered moderate.
Had Apple lost, the company would have been economically devastated. Other countries would have outright banned Apple products due the the US having a backdoor [see Huawei banning by the US actions believing China has a backdoor]. Or, countries would have demanded Apple provide them with the backdoor to allow the company to continue doing business there. US consumers would have been pissed as well. The US government would have continued to pursue similar actions against any and all other phone/computer/software companies.
Since Colibri already had a note in this thread about not politicizing our answers, I’m going to make this a Warning for smithsb. The slant of the Supreme Court, if any, is not relevant to the factual questions under discussion here.
Go read your cite. Almost all of those are piddly wrist-slaps at best, and almost certainly don’t apply here because they refer to specific types of assistance in the heat of the moment. Like, if a police officer tackles a suspect and tells you to go call 911 for backup, or if they’re rounding up a search posse you have to help. Nothing that covers generic “law enforcement can ask you to do anything at any time” power.
The California law allows for a max $1000 penalty. Even if you could somehow slap every single employee of Apple with that, it’d be a rounding error on their quarterly expenses.
Once again, courts never reached the merits of using the All Writs Act to compel Apple to provide the assistance because the phone was cracked before the case was heard.
There is not a clear answer one way or another is Apple could have been compelled to render the assistance thr FBI was seeking.
IIRC unlocking with a finger stops working after 24 hours - then the passcode I needed. So unless someone is thinking right away, there comes a time shortly where the simple choice no longer works.
Many devices can download and update while the device is idle. Windows computers do so all the time.
create an isolated environment where a fake update server is available, named appropriately so the next time the phone does a “check for updates” it thinks its talking to apple and downloads the update containing the “crack”
restart the phone, update installs
its nowhere near that simple, but thats the nuts and bolts of it.
Using “MitM” to describe this may confuse some people. Since all iOS updates are digitally signed by Apple, the update must come from Apple. Having it available on the regular Apple servers could mean that other phones will also download the “fixed” version which would be bad.
So the solution is to have that iPhone get connected only to a particular Apple server not accessible to the public at large. And so a redirect from the normal server to the special one is needed.
Having the iPhone get updated over the cell phone connection makes this much harder. So that makes WiFi much easier, right? Not so fast.
Since it is locked, you can’t get it to connect to a new WiFi router. So you have to find a router it has used in the past, set it to redirect to the special Apple server, etc. Note that either you have to get the cooperation of whoever owns the previously used router (a coffee shop the perp went to, one at work, etc.) or use the perp’s own home router. Now, to change the settings on that requires bypassing the admin login/password on it. More fun!
(Or you plug that router into a router of your own that redirects to your desired server, but where’s the fun in that?)
I’m a bit surprised no one has mentioned this yet -
The reason they’re asking Apple in this case is presumably that there are a small number of Apple employees there who have the specialized knowledge of iPhone security to be able to attempt such a project, essentially the people who designed it in the first place. If this were something that any programmer could do they wouldn’t need Apple.
As far as I am aware, these programmers have broken no existing US law. It is plausible to me that each individual in this small group has declined to work on the proposed ‘break the iPhone security system you designed’ project.
Neither Apple nor the US government have the right to compel these persons to do this specific labor because of the 13th Amendment to the US Constitution. No one can compel these particular individuals who have committed no crime to do this labor.
Dude, this is just not right. This dispute has nothing to do with slavery.
For like the tenth time in this thread: the courts have not reached a conclusion on the merits of the idea that the government can obtain a writ to compel Apple to write the software the government sought. No court has said that doing so would be slavery, so what you said is just dead wrong.
I suppose it is possible that if such a controversy ever reached the merits, there could be a claim that requiring Apple to produce such software could be a taking and subject to “just compensation” under the 5th Amendment, but I readily admit that is speculation.
It is quite likely that the people who designed the system cannot gain access to it. If there is a flaw or weakness they are aware of, then those would be the very people to fix it. Some of this is the governments misguided thinking that Apple built it, Apple must be able to break it. These are the same people who insist that a system can be both secure and have a back door that only lets in the good guys, if only everybody would nerd harder.
My belief is that these are attempts to setup precedence and requirements for backdoors through the court system, instead of legislatively. The fantasy goes like this:
FBI: Open this phone
Apple: please rub my belly as a I roll over
or maybe even
FBI: Open this phone
Apple: No
Courts: Open the phone
Apple: We are not capable of doing that, whether we want to or not
Courts: You’d better be able to open all future phones you sell, or your CEO can spend some time in club Fed
The FBI has been backing off before things get before a judge, because I think they know that scenario is a fantasy, and they don’t want a precedence of:
FBI: Here are some laws that say Apple must open the phone
Court: That’s not what those laws mean, go away
Encryption and signed certificates were specifically meant to thwart man-in-the-middle attacks. basically, your device has a list of authoritative certificate signers. every certificate issues is signed by someone who is authorized to sign certificates by someone on that list. When you go to website [noparse]https://www.xxx.com[/noparse], that website establishes an encrypted communication and sends their certificate. If it doesn’t have a signature trail back to one of the authorized signers, it’s either a fake or a home-made (unsigned) certificate. A number of higher end firewalls do Anti-VIrus checking by playing man-in-the-middle, but the gotcha is that devices behind the firewall have to add the firewall’s certificate to "trusted signers. Then, when you ask for Google.com website, you actually connect to the firewall, but believe it’s google becaue you rust it’s certificate which says “google”. Meanwhile, it pretends to be you and gets the webpage you want, and relays it to you minus any virus.
There are obvious ways around. The FBI/CIA/NSA could go to Verisign or someone and ask (i.e. demand) signing authority. You could put the spooks’ own certificate into a device as a signing authority, but for that you need to be admin and be able to logon. How much business will Verisign or Apple do if it comes out they are making devices wide open for the CIA? After all, once they have this power, it can be used to intercept live communications with man-in-the-middle, not just iPhones in clean rooms.
I suppose the feds could draft the necessary coders into the army and order them to produce code. But, how do you prove someone is deliberately not being creative, especially with the wrong motivation? They can play Call of Duty every day and simply say “I’m trying to think of a way in but I can’t…” Even if the courts ordered them… How can you say a person just “isn’t trying hard enough” and lock them up? If the courts ordered Apple, and all their good tech guys simply take their millions in bonuses and quit… Can you bribe them? The top security designers for Apple probably have a bigger paycheque than anyone in the FBI, and an annual bonus that exceeds any agent’s net worth. Try telling a guy who makes, say, no more than $150,000 a year - “Go offer these guys $5M to do the following” and see how enthusiastic your own agents are.
The big problem is - if the court orders it, and the coders produce no results, how do you prove they are not trying? What grounds would you have to punish them? Worst case, the rest of Apple moves overseas to avoid court orders, and the politicians have to explain to all the iPhone fanatics why they can’t buy iPhones; or start seizing voters’ parcels coming over the border from the Tijuana Apple Store.
Whether the device-to-Apple network connection is encrypted/signed or not is irrelevant to deploying an OS update. All iOS updates are signed by Apple. No MitM attacker can (presumably) fake that.
The FBI going to Verisign to ask for help in this situation will just result in “Are you really that clueless?” looks.