"Apple Encryption Engineers, if Ordered to Unlock iPhone, Might Resist"

[Paul F.]

MrLynn wrote:
Tim Cook is resisting, claiming that this workaround, if it got out, would make all Apple devices vulnerable. I don't see how, as subsequent models use fingerprint sensing to unlock, not an easy-to-break 4-digit code, but I may be missing something. He also seems to be saying that Apple engineers can't create an update that would work on just this iPhone—not even if tied to the user's Apple ID?

There is no "if" it gets out. If the DOJ wants to use anything they find on the phone in court, or as part of any investigation, the process of unlocking the phone WILL be part of any legal documentation, and hence PUBLIC RECORD - and now it's out.

[mrlynn]

Paul F. wrote:
[quote=MrLynn]
Tim Cook is resisting, claiming that this workaround, if it got out, would make all Apple devices vulnerable. I don't see how, as subsequent models use fingerprint sensing to unlock, not an easy-to-break 4-digit code, but I may be missing something. He also seems to be saying that Apple engineers can't create an update that would work on just this iPhone—not even if tied to the user's Apple ID?

There is no "if" it gets out. If the DOJ wants to use anything they find on the phone in court, or as part of any investigation, the process of unlocking the phone WILL be part of any legal documentation, and hence PUBLIC RECORD - and now it's out.
Don't see how that's so. If the cops tap a telephone line, they don't have to explain how they did it, just what they heard.

/Mr Lynn

[JoeH]

mrlynn wrote:
[quote=Paul F.]
[quote=MrLynn]
Tim Cook is resisting, claiming that this workaround, if it got out, would make all Apple devices vulnerable. I don't see how, as subsequent models use fingerprint sensing to unlock, not an easy-to-break 4-digit code, but I may be missing something. He also seems to be saying that Apple engineers can't create an update that would work on just this iPhone—not even if tied to the user's Apple ID?

There is no "if" it gets out. If the DOJ wants to use anything they find on the phone in court, or as part of any investigation, the process of unlocking the phone WILL be part of any legal documentation, and hence PUBLIC RECORD - and now it's out.
Don't see how that's so. If the cops tap a telephone line, they don't have to explain how they did it, just what they heard.

/Mr Lynn
Not equivalent at all. In a case of a wiretap, they are just listening and recording. Any material they use in court would have to be disclosed to the defendants' legal team for examination. They can question the creation of any transcript with their own experts.

But the wiretapping itself does not alter the equipment, just allows an existing connection to be recorded elsewhere. In this unlocking case the request is for the actual firmware on the iPhone to be altered. Any code used to do so would probably need to be provided the defense team on any person the information gained would be used against. They would be able to have their own experts examine and question whether this alteration had been used to modify the information taken from the iPhone. I t would not be the use of an established (in the legal sense) technology or procedure before a court.

Apple would have its own engineering personnel called upon to testify as expert witnesses on the means used to alter the iPhone and whether or not it had altered the information retrieved.

As to your argument of being able to tie it to just this one iPhone, once just one example of the modified firmware code was out, any specific ties to hardware identifiers or Apple ID could just as easily be replaced. It just is not possible.

[mrlynn]

Joe: Good, if somewhat speculative points—might depend on bench rulings what engineering information gets revealed and what doesn't.

What about localization to just pre-encrypted, pre-fingerprint-locked phones? Might only apply to iPhone 5 and earlier, i.e. obsolete models?

/Mr Lynn

[Buzz]

Pretty sure biometric iPhones also have access code technology on board as well. It's a slippery slope, about the only reasonable way to resolve the issue would be to grant Apple foolproof immunity to create a one off device, that Apple maintains total control of, to crack the iPhone and deliver the recovered info in clear matters of national security. The FBI then gets the info and can chase down whatever leads that info provides. The perps' attorneys could make usual challenges, but Apple's device would remain proprietary, used only to provide info; not subject to substantiation, or challenge in court. IOW, the info found, if any, would be about the same as info received from an anonymous tip line. And this should have been done in the beginning, behind the scenes, without having been made public. Too many people and too many soapboxes aren't always in the best public interest.
==

[GGD]

This problem can be solved with money. It would cost about $587 Billion to purchase all of the shares of AAPL at today's prices. Probably only need a bit over half the shares to get a controlling interest.

Of course once that were to happen I doubt they would be able to maintain the iPhone market share, killing two birds with one stone.

[fauch]

I still don't get how the government thinks it can force a company to CREATE something that doesn't exist without any law in place to do so. Since when can the government make you DO stuff? Even court orders only apply to things that EXIST.

It shocks me that people don't see just HOW bad a precedent this would be not only just for Apple or iPhones, but in general the courts could order anyone to do their bidding at any time and they would be forced to comply...

[mrlynn]

fauch wrote:
I still don't get how the government thinks it can force a company to CREATE something that doesn't exist without any law in place to do so. Since when can the government make you DO stuff? Even court orders only apply to things that EXIST.

It shocks me that people don't see just HOW bad a precedent this would be not only just for Apple or iPhones, but in general the courts could order anyone to do their bidding at any time and they would be forced to comply...

I think fauch is correct here. If all the FBI wants is the software equivalent of the combination to a locked safe, then that's one thing; but if the FBI wants Apple to write new software that will somehow override the self-destruct lock that is currently in the terrorist's iPhone 5, that's different kettle of fish.

If I were Apple, and it were feasible to override the lock, for that particular device, then I'd do it immediately. Even if there were a risk that the technique would leak out and make it possible for thieves to override the locks on all iPhones (is that what Tim Cook is claiming?), surely all it would take would be an update with new locking code.

In any case, it would surprise me if some government agency, e.g. DoD, or NSA, could not reverse-engineer Apple's code and disable the lock. So why haven't they?

A bigger problem for law enforcement is the rise of unbreakable encryption. Apparently that stops everyone—or does it? ecret:

/Mr Lynn