It's a non starter then.
The 5th amendment isn't being changed. There's no way in **** you could get enough states to agree to pass an amendment to do that.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Actively Working to 'Double Down' on iCloud Encryption
- Thread starter MacRumors
- Start date
- Sort by reaction score
It's a non starter then.
The 5th amendment isn't being changed. There's no way in **** you could get enough states to agree to pass an amendment to do that.
Nice opinion article by one person, but it doesn't matter as this is just one guy saying what he thinks should be done, not what's actually reality now.
Plus, someone can just claim they forgot their password. There is no way to prove otherwise beyond a reasonable doubt unless you go around advertising this, so they couldn't prove a contempt case anyways.
You said it. I run a ton of commerce websites and noticed there was a hacker running through a database of credit cards trying to see which ones have been reported stolen by doing cheap $1 transactions. If they decline, he took them off his database. I got a hold of that database (long story how) and his IP, and eventually called and got him. Identified him completely. I called the FBI, told them all this, told them about a database of about 30k+ credit card numbers. They told me they will "look into it" and call me back if they have questions. I asked them if they wanted the database and all the information I collected. They said they will ask for it when needed. Months later, site started getting thousands of transactions again, $1, same IP, different data base. "We'll take care of it"... 5 years later, no one called me back.
I wouldn't be surprised if they have a way to get in, they are just too lazy to do anything or just don't give a crap and waited patiently for some crime they can run this publicity stunt with so that they can get someone else to do their job. Since American's are so scared of the word "terrorist", they will just throw all their rights at the government.
NSA was collecting millions if not more messasges, phone calls, content, pictures, you name it... they stopped NO terrorist attacks, prevent no crimes. And don't argue that they just didn't tell anyone about it. When sh*t hit the fit, a defense like that would justify them. They had no defense.
Getting a back door to every iPhone in the world will NOT prevent crimes. Will not solve crimes except for the really dumb criminals, but I think you can just look at their public facebook profile and see the crime happening. Because I hate to say it, and I HOPE FBI knows it... there are secure apps that they won't be able to get into. And already I'm seeing news of new ones popping up that are unbreakable even with Apple's key.
Having been part of the intel system in a previous decade, I would dispute that. Something that might harm Americans was found out or stopped every week.
You know nothing about NSA if you think they would voluntarily say anything that might reveal important sources, even to protect themselves from bad PR. Even PR hungry Congress critters are smart enough to not say anything about such things.
Some of you keep saying this.
So tell us, please, how Apple keeping the device in their own labs... as the FBI suggested as an option... would compromise the security of every other user who does not have a warrant out for them?
True, the courts have ruled in the past that while a person can be forced to give up a key (or fingerprint!) to their safe, they cannot be forced to give up a combination because it's in their mind. But what if they wrote down the combination?
Personally, I go with the idea that a passcode is the same as a key. Certainly Apple thought so for years, since they used to (and probably still do) provide law enforcement agencies with an iOS version for older devices that bypassed the passcode entry screen.
(For casual readers, the reason why a simple passcode bypass won't work any more, is because nowadays the passcode is combined with the device's specific id... which cannot be read, only interacted with... to decrypt the file system contents. This is also why the FBI's requested passcode crack attempts have to be run on the actual device in question... which could take years!... rather than being able to just copy off the file system and do the brute force cracking on a supercomputer somewhere in minutes.)
Last edited:
Make my healthKit app restore data history through iCloud please. I was just told that we need iCloud encryption for that to happen.
What happens when that code gets leaked?
Look at how many leaks we see now before a new product launch.
Or look at about a decade ago when MS built a similar tool for breaking into XP. It was leaked on to a torrent site and used maliciously.
Once that code is made, there's no telling who could get their hands on it. For people like me who work in information security, you always work under the assumption that eventually someone will break in or get their hands on something they aren't supposed to. That's why the tech community is vehemently opposed to this.
If they find the combination written down when they search a house, there's nothing stopping them from using it.
Agree with you on encryption. Disagree with you on Guns. Should have guesed that the moronic, pathetic gun-nuts/NRA would be desperate enough to latch on to the encryption issue in this way.
You're asking me to trust a bunch of nameless faceless people who work for government, which exists solely based on force. So how do I opt out of all this collection and spying? I don't do anything wrong, and know I don't. The government should just have to trust me, not the other way around.
So you are saying that NSA saying "yup, we stopped some crimes" would absolutely cause a national security risk? Come on, you are reaching. American's knowing that NSA did ANYTHING would put their minds at ease. But they said and did nothing. So I can't take your word for it, even if you worked for "intel", which I highly doubt as you wouldn't be parading it around as if it somehow gives you credibility. You just seem to feel strongly that we should allow the government overreach and give them the ability to tell companies what to do, how to build their products, what features they need to force on them and say it's all in the name of "national security". Maybe we should ask Apple to rewrite software on the watch that when your heart rate goes up, it automatically sends information to the FBI because you are nervous and that MIGHT be because you are about to commit a crime. Once this case that allows the government to force a company to create something for them is allowed, there is no limit to what they can ask any private firm to do. Car tracking, done, they can ask the car manufacturers to write brand new software that tracks how fast the car is going and if you exceed the speed limit, you are breaking the law. It will automatically dial the police since you ARE committing a crime.
It seems our founding fathers saw this coming and quite frankly, I agree with the quote that if you give up your privacy for security, you deserve neither.
Crimes aren't stopped by being able to crack into a phone. The crime was already committed, the horrific acts already done. All you're doing is figuring out why it happened, and if lucky maybe get evidence to convict someone else. Although you can't make it credible, just like I can't you, my father in law is a homicide investigator for the Jacksonville, FL DA and we had very long discussions around this. He was originally on the side of the FBI, because it makes their job easier, but he would never, even as an investigator, give up freedoms for the sake of "solving these crimes". Once I explained how encryption works he absolutely does not agree with the FBI. He says that the department A LOT of the time absolutely got questionable warrants because they have a good relationship with a judge. Imagine they will record everything they do. One time said that you think pedophiles should die, because you believe in free speech. Not a crime. But next time a crime is committed, you will be a suspect because you said that, even years ago. NO ONE SHOULD HAVE THIS POWER, ABOVE ALL THE GOVERNMENT. Hell even the older director of the NSA doesn't agree with the FBI and yet somehow YOU know better.
So no, I don't buy you reaching for this national security BS and that you are some special agent that knows better. While we are talking, I guarantee you, there is already 10 new apps on the market that makes this FBI FORCING someone to create something to help them is worthless. Encryption is not going away and there is no way to weaken it without disabling it, and even if they do, they cannot stop it. So for your terrorists, instead of hitting the iMessages app button, they will hit another app button and whalla, FBI is stomped again. There is over 800 encrypted chat apps. FBI will not force them all to just "remove it".
So again, not sure WTF the FBI is doing. They get nothing out of this other than the ability to be able to come to any private firm and tell them to create or do something that they want regardless of what the company does or says.
Of course, those are not even close to the same kind of leak.
When has a version of iOS ever leaked from Apple engineers onto the public's devices? And this would be on just devices inside a secure Apple lab where extra special care would be taken.
Just to be clear:
The code itself is easy to write, especially for anyone at Apple with access to iOS source code. Turning off the login attempt counter checks is just a matter of returning okay in a few places. Probably some of those who have written jailbreak code could do it as well.
What's far more important is the signing keys. Without those, you cannot install the modified code into the secure enclave. (Although, since the device in question is a 5C, there is no secure enclave, so it's even easier to update the security code.)
But WITH the keys, you can do anything. And Apple keeps both the source code AND the keys now. Why are we not unsafe already?
Note also that there have constantly been holes in iOS that could've allowed outsiders to install key loggers, etc. There is no such thing as perfect security as long as there is a passcode or fingerprint or any way in for the user... and you have to have that
[doublepost=1458163678][/doublepost]
I'm not asking you to trust anyone in any government. If Apple keeps the device in-house, no government is involved with the code.
I'm saying that if you don't trust Apple to keep a special version secure in a special lab right now, then we're already in trouble since the ability to create such a version is already in their hands, and has been all along.
On the contrary, history is full of such secrecy surrounding signals intelligence. Heck, it took fifty years before anything came out about Enigma and other huge programs, and they saved many lives and years of war, and should have been public heroes all along. But that's not the way SIGINT works.
It's not just me. There are plenty of intel veterans who know how harsh the world really is, and how much that information collection and analysis helps keeps us all safe and free.
Also, NSA doesn't give two shakes about what people in the US are doing, unless you're a foreigner or you're planning something with a foreign national. Collection of data != surveillance. It's more like having the ability to Google past events.
Don't make up strawmen. No one has asked for anything like that. They have asked to access information under a legal warrant granted by a judge.
This is not about privacy. It's about serving a legal warrant.
More importantly, according to those who claim the code will leak, it's really about whether or not Apple can be trusted to keep a special version inside their labs.
Last edited:
Of course, those are not even close to the same kind of leak.
When has a version of iOS ever leaked from Apple engineers onto the public's devices? And this would be on just devices inside a secure Apple lab where extra special care would be taken.
Just to be clear:
The code itself is easy to write, especially for anyone at Apple with access to iOS source code. Turning off the login attempt counter checks is just a matter of returning okay in a few places. Probably some of those who have written jailbreak code could do it as well.
What's far more important is the signing keys. Without those, you cannot install the modified code into the secure enclave. (Although, since the device in question is a 5C, there is no secure enclave, so it's even easier to update the security code.)
But WITH the keys, you can do anything. And Apple keeps both the source code AND the keys now. Why are we not unsafe already?
Note also that there have constantly been holes in iOS that could've allowed outsiders to install key loggers, etc. There is no such thing as perfect security as long as there is a passcode or fingerprint or any way in for the user... and you have to have that
We ARE unsafe already. All digital systems are inherently unsafe. Hence why people in information security always operate under that assumption that eventually someone WILL get in.
What we should not be doing is deliberately making (or forcing a company to make) software that makes us more unsafe on purpose. That's just extremely foolish.
Also, there's nothing stopping Apple from changing their signing keys should they be leaked.
Changing them means any and all iPhones prior to the change can no longer receive OTA updates without being physically changed by Apple.
Fwiw, their warranty and support are also above the industry average, and so is overall customer satisfaction.
I didn't call the FBI, I went to their office: 2030 SW 145th Avenue, Miramar, FL 33027
I waited for an hour, got introduced by two agents, went to a room, told the story for an hour, submitted everything printed and left back to my job.
Count me in on total, unbreakable encryption even though I know it makes it more difficult to eliminate the bad guys. I count myself as a super enemy of Islam and America's growing fascist left so I understand the downside of great unbreakable encryption. Some departments in the US government should be feared almost as much as the overseas bad guys are.
And yet Apple still engages on the fact "We cannot help you unlock a phone" if u loose access to a passcode..
All you gotta do is Turn on FileVault 2 on a late model Mac OS, the dialog even *asks* if u want to store the recover key with Apple, as safeguards, and *on request* will provide it to you after verifying identify over the phone.
If that is how Apple thinks this is how "secure" they are, i'd like to know what would their definition of in-secure be. Really. there needs to be compromises. Otherwise people will scream in terror, when they can't get access to stuff.. (at the moment it seems Apple does this in "patches") where they need to retrieve in appropriate situations like on OS X FileVault..
I only hope Apple treads lightly with where they go with icloud.
Actually, far more important than that, is the requested ability by the Government (FBI/DOJ in this case) to force a private 3rd party to build something unique that currently does not exist.
That, is the single most disturbing aspect of this warrant.
Yup - they're having tea and scones on the reg.
Comments like these coming from someone with a Marine badge and all the Apple products you own just doesn't make sense. Are you really that daft or are you trying to incite something?
Millions > than the 100's of bad. Basically you're saying it's better to open it all up just to "get" a few hundred people. Yeah no. Isis will continue to be ISIS. Pedophiles will still be pedophiles. Murders will still happen. Shootings will still take place. Access to a phone won't stop it. It may only help put them behind bars.
Humans will still be humans. With or without technology.
You entire post didn't make sense.. You don't have absolute freedoms in the constitution.. Get over your hippie self, you're not that important
[doublepost=1458229326][/doublepost]
Terrible example, the government can always get in your house at some point.. The constitution doesn't give you ABSOLUTE freedoms. I give you will never understand that..
[doublepost=1458229563][/doublepost]
Just because you think it's "EASY" to get a warrant doesn't make the constitution obsolete. If you want to make the 4th amendment more solid than make another amendment. Don't act like the current amendments gives you ABOLUTE freedoms to do anything you like
[doublepost=1458229699][/doublepost]
This is the Constitution doesn't give you absolute freedoms so stop protecting criminals arguments ( or your criminal self)
I never said it did. Nice straw man though.
You clearly do not understand the situation or implications.
Digital security is not like home security. Searching a home with a warrant doesn't put other homes at greater risk of burgulary.
Designing a digital system to allow govt access does as it WILL be exploited.
The government DOES NOT get to put innocent people at risk or trample their rights to try to catch a few bad guys. It's pretty simple.
Educate yourself on how information security works and how it's not like securing a house. Then you might understand.
It's pretty clear from your numerous postings on this topic that its YOU who doesn't understand. If I had to take a shot of tequila for every wrong statement you've made about the scope and requirements of government searches in general and the facts of this case in particular, I'd be drunk by post #2.
You need to educate yourself about the law and the 4th Amendment, as well as the particular facts of the FBI's request, because you clearly do not understand their request. You continue to take absolutist stands against ANY government searching EVER, completely ignoring that the government has to meet very strict requirements of probable cause, particularized thing to be searched, and have it OK'ed by a judge. Plus the fact that Apple will be doing the access in a secured facility under lock and key, NOT the government. The government is not putting innocent people at risk, and neither is Apple by way of their assistance. Your phone, my phone, your mistress's phone, your boy-toy's phone, they are all going to be safe and sound. Only the bad guys' phones will be at risk. Please stop spreading FUD.
Nice straw man. I'm not against the government searching. Never said that. You're trying to misrepresent my position.
I'm against the government forcing Apple to build something that will put other people at risk.
This whole "being done in Apple's secure facility" is a bunch of nonsense. That doesn't mean anything. Tools like this have been built by other companies in the past (including by Microsoft) and they inevitably leaked. Look how "great" Apple is at keeping their "secrets" under lock and key. (Anyone remember the iPhone prototype in the bar situation?)
I'm a network admin. I deal with trying to secure digital infrastructure on a daily basis. I know exactly what the FBI is requesting. They want Apple to build and sign a modified version of iOS that bypasses 1) the mechanism that wipes the device private key after 10 failed passcode attempts, 2) the delay that happens after 5+ wrong passcode attempts, and 3) to be able to use a computer attached to the lightning port so they can attempt to programmatically brute force the passcode at the one per ~80ms limits of the 5c's hardware. Then they want to use DFU mode to load this custom firmware on to attempt to brute force the passcode.
But this isn't even about this one iPhone. Officials have even admitted there likely isn't anything on there. This is all about precedence. They want to set the precedent that it's okay for the court to order a company to build something they don't want to do, so they can use that precedent in the future to force a real backdoor. They're just using this case because the "terrorism" boogeyman gets Americans all worked up and ready to bend over. That's why they're doing it publicly with this case instead of just going to the NSA to hack that phone. They don't give a damn about the data on it, they want the precedent so later they can ask for a court ordered backdoor.
It's extremely foolish to think this is only about one phone. In information security it's standard procedure to always assume that a system will eventually get hacked or a vulnerability will always get leaked. That's another reason why this is such a bad idea.
Even more so, if the government were to force Apple and other manufacturers to build in back doors, people who actually had anything to hide would just switch to different software that is still secure. Android is open source, and it's not the only open source mobile OS out there. You could download and compile your own custom android build with whatever open source crypto library you wanted. And then all the "bad guys" still have encrypted phones than can't be read while normal people are at higher risk of identity and data theft.
Like you all say, if you outlaw guns, only the bad guys will have them. It's the same thing here.
This case would open Pandora's box and would be a nightmare for anyone in my industry. Not to mention it would kill the competitiveness and innovation of American tech companies around the world.
Pandora's box needs to stay closed.
And I'm assuming no one ever called you back, and nothing happened.
I'd feel better if they'd at least take the db I had with all the credit card numbers and maybe contact the banks or something.. but nope.. nadda.. More important things to deal with I guess, like trying to get Apple to do their job.