Apple CEO Tim Cook: FBI's Backdoor Would Be 'Software Equivalent of Cancer'

[997440]

Fbi is the real terrorist

I understand the frustration with the government overreach that's happened over the past couple hundred years. And yes, there is occasional malfeasance committed within any law enforcement agency, in general, but not everyone in the FBI is a bogeyman. They're mostly honorable people who value the Constitution and the rule-of-law.

Their job qua job demands they use all lawful means available to further their investigation. If they ignored the possible evidence that may exist on an encrypted device without any effort to explore it, they'd be derelict. They can't wait for prospective legislation and continued legal uncertainty. At some point, the question of if a legal precedent applied (or a new one need be created) to this order to Apple (or other co.), was going to be adjudicated. Apple and law enforcement/justice were well aware of this. It was not a question of if, but of when.

 

[sudo1996]

And do you think the cpu is just sitting there dead for 80ms? Do you think that some screen refresh logic, or some reinitialization code, or anything else for that matter might be interleaved within that delay period?

Have you ever written any operating system code?

There's probably just a timer sitting on top of the OS. I don't see what there is to interleave. No, I've never written an OS. I've learned how they work. The CPU and screen don't need any special configuration to implement a password guess delay. That stuff is all a layer below.

I mean, sure, if they intentionally put in a layer of "security through obscurity" by implementing a convoluted password attempt delay that involves special instructions to the CPU and making sure no one employee knows enough of the codebase to disable it, it could be tougher. That's hard to do. There are so many things along the way that would have to be tamper-proof.
[doublepost=1456431339][/doublepost]

Nope. That's not how it works. The encryption key is generated from the password. Without the password or encryption key, you can't decrypt the data. The only way to create a new password would be to decrypt the data and re-encrypt it with a new encryption key generated from the new password.

They can encrypt your password with the security questions and unlock your password using the questions then use the password to decrypt the data. That's just an example. I don't know if that's exactly how they'd do it. But sure, there are ways to secure an account with multiple different and equally privileged auth methods. They can make the encryption key require any combination of credentials they want.

 

[CalWizrd]

There's probably just a timer sitting on top of the OS. I don't see what there is to interleave. No, I've never written an OS. I've learned how they work. The CPU and screen don't need any special configuration to implement a password guess delay. That stuff is all a layer below.
[doublepost=1456431339][/doublepost]
They can encrypt your password with the security questions and unlock your password using the questions then use the password to decrypt the data. That's just an example. I don't know if that's exactly how they'd do it. But sure, there are ways to secure an account with multiple different and equally privileged auth methods. They can make the encryption key require any combination of credentials they want.

Oh, OK. You've convinced me.

 

[rdlink]

It's because it's Apple, if it was someone with less brand value like Samsung or Blackberry, it would just be another filler news article.

But I am happy it's Apple. Because they have the resources and resolve to fight this, and the issue will not go to the back pages of the paper.

 

[pat500000]

I understand the frustration with the government overreach that's happened over the past couple hundred years. And yes, there is occasional malfeasance committed within any law enforcement agency, in general, but not everyone in the FBI is a bogeyman. They're mostly honorable people who value the Constitution and the rule-of-law.

Their job qua job demands they use all lawful means available to further their investigation. If they ignored the possible evidence that may exist on an encrypted device without any effort to explore it, they'd be derelict. They can't wait for prospective legislation and continued legal uncertainty. At some point, the question of if a legal precedent applied (or a new one need be created) to this order to Apple (or other co.), was going to be adjudicated. Apple and law enforcement/justice were well aware of this. It was not a question of if, but of when.

I understand that there are small percentage of being bad "apple." If they want evidence of any sort...they will need to find other ways. Having back access is weapon that could be used abusively. It's basically human nature to want to have too much power...and by demanding to get that access spells trouble.

It's almost like saying..."give me the code for nuclear missile....i'll make sure to watch it for you." The next day "oh you made me mad...i'm gonna bomb you/ or i'm gonna make some money by selling this." I can't trust people's emotion because..human have this greed/power hunger personality.

 

[rdlink]

I think the delay is actually not a security feature. You can't turn on the delay on its own, just the "wipe after 10 attempts". The delay is there so that some idiot cannot go and erase your phone by tapping in the wrong passcode 10 times in a row as a "prank". If you left your phone unwatched but locked, I cannot erase it in a minute, but it takes me over two hours.

So, a security feature then.

You're not thinking clearly about the way a brute force attack works. The 10 password wipe thing of course keeps the brute force attack from having unlimited attacks. The delay keeps the attacker from being able to have the passwords entered at the speed of a modern computer.

 

[Larry-K]

No one says you have to answer the questions honestly! How secure they are is up to you.

Q: What's your dog's name?
A: dfadio4898ht78dd)gjjgGG

Does he/she respond to that at the dog park?

 

[Quu]

The only logic loophole in your whole analysis -- you are assuming FBI, or one judge's one-time decision, as the law.

1. The lawyers and everyone in the related business bend the real meanings of the laws all the time.
2. There had been a lot of mistakes made during law creation, there are laws outdated and need modification from time to time, there had been many occasions laws being misinterpreted.
3. Laws are written in human language, and human languages often carry ambiguity, that's why courts debates are necessary.

Just one person in one law enforcement entity said something, doesn't make it golden doctrines no one could challenge.

I'm talking about something Tim Cook said, not a law enforcement entity or a lawyer for Apple or anything like that.

Tim Cook said previously he and the other Apple executives would have to be carted out of Apple HQ before they put a backdoor in their products.

But now, in this ABC interview he says that Apple has to follow the law whatever the end result of the litigation may be. Meaning he would give the order to create the backdoor instead of being carted out of Apple HQ like he said previously if at the end of this litigation Apple lose and are court ordered to make the backdoor.

 

[markgpearse]

Mr. Cook needs to provide the US Government the same access he provides the Chinese and The Soviets.

 

[gnasher729]

So I still find myself confused on this... Forgive me - I'm too lazy to read all 200 posts so far.. so if this has already been answered earlier.. Just give me a post #..

But is Cook refusing to unlock this ONE PHONE so we can get info on these terrorist bast**ds? If so - then he's being stupid. Or is the issue that for the FBI to get at the data.. they'd need some 'global hack method' that could give the government access to ALL our phones. I have read conflicting data on this that still has me confused. We can't be so blind and afraid of surveillance to make up something the FBI isn't asking for. If they want access to this "ONE PHONE" - Cook should definitely unlock it or he's placing all Americans in danger.. BUT - if the ONLY way to give the FBI what they want will affect ALL of us - then I agree Cook shouldn't do it. And please don't give the 'slippery slope' analysis.. It's not about that at all..

Confused? Understandable.

First, Cook isn't "placing all Americans in danger". The terrorist, after shooting 14 people, removed a hard drive from his computer which has disappeared. He has completely smashed up two phones that he owned. We can guess that he did that to destroy evidence. He didn't touch his iPhone. If there was anything incriminating on it, you'd think he would have destroyed that as well. The phone in question was his works phone. The guy went to work every day of the week. If you have a computer, two phones, and a works phone, would you put anything incriminating on your works phone? When your employer could at any time ask you for the phone back? I wouldn't, and nor would you. It would all be on my computer or on my own phone. It is in my opinion most likely that there is nothing of any value on that phone.

Next, Apple has put security features on its phone that make it impossible to breach for any hacker, if you turn these features on. That's there for your protection. You are probably not in danger from the police or some secret service, but you are at danger from criminals. There are people claiming they have nothing to hide, but I bet there are things on your phone that would allow a clever criminal to steal money from you. But there _are_ people who are in a more difficult situation than you are. Army personnel. Undercover police. Politicians. People who _have_ something to hide and could be blackmailed. All these people would be at severe risk without these security features.

The FBI wants Apple to create a "firmware update" that removes enough of the security features so the FBI can hack into that phone. Only Apple can create that firmware update (that's another security feature; your iPhone won't accept any firmware updates unless they are created by Apple). But once that firmware update is installed, it can be stolen from that phone and installed on any other iPhones. There's nothing that protects the firmware from being stolen. The FBI has already 12 phones lined up. Another police force has 175 phones. With those numbers, it's not a possibility that the firmware update gets out, it's a certainty. Once it's out, it will be sold on to the highest bidder. And the second and third highest bidder. And everybody can hack into your phone if they can lay their hands on it.

Unbreakable security has a huge advantage and a huge disadvantage. The advantage that the bad guys can't break the good guys' security. The disadvantage that the good guys can't break the bad guys' security. Experts say that overall unbreakable security is an advantage for national security; it's more important to keep the good guys' secrets safe.
[doublepost=1456434846][/doublepost]

Again, for Apple to reset the password, they would need to hold the key. Same as any other company the allows for password resets on encrypted data.

They are said to be looking at options. The problem that they have is that there are going to be a whole lot of angry people that lose all of their pictures because they forgot their password.

At some time there was a report that 45% of all help requests from Mac customers to Apple were about people turning on FileVault and forgetting their password. "Nobody, including Apple, can break your security" also means "nobody, including Apple, can tell you your password if you forget it".
[doublepost=1456435128][/doublepost]

So, a security feature then.

You're not thinking clearly about the way a brute force attack works. The 10 password wipe thing of course keeps the brute force attack from having unlimited attacks. The delay keeps the attacker from being able to have the passwords entered at the speed of a modern computer.

You didn't get it. You can't turn on the delay on its own, only together with the 10 password limit. If the attacker could enter passwords "at the speed of a modern computer", the only difference is that they would reach the limit and erase the phone within a second instead of over two hours. Not really much of a difference really. But there is a huge difference if someone grabs your phone from you _with the intent to erase it_. You don't want someone erasing your phone within ten seconds by typing in ten passcodes quickly.
[doublepost=1456435350][/doublepost]

It's true. See my follow up post.

I doubt that is the number one rule considering almost all popular sites allow you recover your account password should you forget it. That requires that they are holding the key (or not encrypting.)

Nobody can recover your password. They usually send you an email (to your registered email address) that lets you enter a _new_ password. That's why the FBI messed up when the changed the iCloud password with a password reset. They don't know the old password, nobody can find out what it is, so they can't change the iCloud password back to allow the phone to make backups.

 

[BaldiMac]

Nobody can recover your password. They usually send you an email (to your registered email address) that lets you enter a _new_ password. That's why the FBI messed up when the changed the iCloud password with a password reset. They don't know the old password, nobody can find out what it is, so they can't change the iCloud password back to allow the phone to make backups.

Correct. Sorry. I made that more clear in a follow up post. I meant "reset" instead of "recover".

 

[sdz]

What?

Cancer doesn't spread through contact (or any other reason). HIV does.

on a cellular level cancer spread also through contact with DNA.
Homophobia also spreads by contacting many illiterate people.

 

[Z400Racer37]

Yup. We have the power to squash this quickly and completely, but it goes against Obama's view of the USA. In his eyes were a colonial power that needs to be brought down and rendered less powerful because he only sees us as abusive to the world. To send our forces out to influence other nations goes against his ideology. He cant use US power to fix problems, if he did, that would put us in a position of authority in the world and he doesn't want that. He wants us powerless to act or influence. He doesn't believe in our values.

Mostly agreed, Egalitarianism is prolific in today's culture, but it has been prolific for many decades now. Actually a bit over a century or so... Most directly relevant is when Iranians raided our embassy and took our diplomats and civilians hostage for over a year, and we did nothing. That was so emboldening to these people, and gave them immense hope that their ideology could take hold. I mean, they just took on the United States of America, the most formidable force in the history of this Earth.... and won. Jimmy Carter, and Ronald Regan were absolutely pathetic in their response to these events, and our foreign policy has taken a massive nose dive ever since. Bush's occupation of Iraq was also completely pathetic, and failed to even come close to addressing the real core of what caused 9/11, the Islamic Revolution, and failed to attack the countries which were really at the root of what happened, Iran, and Saudi Arabia. Instead he sucked up to them. And so did Obama. Our leaders are pathetic, but they're a function of our voting. It's going to take a real educational shift in morality, and what we as citizens consider to be moral, to save this country from destroying itself.

If you never served then thanks for your "opinion " about doing battle but I would point out that this isn't Call of Duty. Tough talk and swagger how quaint

1. I fail to see how one can't think logically without first getting shot at, or how the two are logically associated.

2. I don't see any logic in those statements, just a bunch of floating hyperbole.

Can you cite a single instance in world history where an idea was 'crushed'? You cannot win a war against these folks, if we go in with our big military they will simply disappear until we leave, and while we are there they will use guerrilla warfare to harass and kill our troops.

This statement assumes that an idea cannot make sense, work, or be practical, unless it has already occurred in history, which obviously doesn't make any sense. All things have to happen for the first time at some point in history, but for the purposes of this discussion, there are in fact historical examples of this happening.

1. We 'crushed' Imperial Japan in WWII, firebombing their major cities to the ground, and nuking two of them. And the thugs we're up against now are nothing compared to what the Japanese were back then. Not only were their soldiers more committed to their cause, but they have formidable productive capacity. The enemy were fighting now doesn't produce a single thing. They're almost completely primitive savages. Anything they have, they stole, or bought with money which they got by selling things that they stole. They're completely pathetic, and yet, here they still linger. 45 years later.

2. Germany, same war, same tactics, minus the nukes.

3. Guerilla warfare requires the compliance of local communities, in hiding the fighters, and their supplies. If you flatten a city, and point to the individuals who remain, and say "Look. You see that? You want that to happen to you? You either give us your insurgents, or you'll end up exactly like that, you have 12 hours." then they will have 2 options; Hand them over, or die. Either way, they stop.

 

[NewdestinyX]

The FBI wants Apple to create a "firmware update" that removes enough of the security features so the FBI can hack into that phone. Only Apple can create that firmware update (that's another security feature; your iPhone won't accept any firmware updates unless they are created by Apple). But once that firmware update is installed, it can be stolen from that phone and installed on any other iPhones. There's nothing that protects the firmware from being stolen. The FBI has already 12 phones lined up. Another police force has 175 phones. With those numbers, it's not a possibility that the firmware update gets out, it's a certainty. Once it's out, it will be sold on to the highest bidder. And the second and third highest bidder. And everybody can hack into your phone if they can lay their hands on it.

This ^^ is the part I need to deem totally speculative. Your not the first one to say it.. but I've found no 'hard evidence' anywhere that what you're saying, the a + b = c aspect of it, that's verifiable.

The apologists for the FBI side of the argument say 'we (the FBI) don't want a whole new firmware'.. "We only want to unlock certain phones from the full wipe trigger". They say to Apple, "give us a UTILITY" to access only these phones.. Cook says back -- "the ONLY way to do that would be to change the firmware..." The FBI says back.. "not according to our experts".. So it's a stalemate..

The problem is - the stalemate could cause more loss of life - so that's why I'm frustrated with Cook on this. I get that he didn't get to be at the top of the most profitable company "on the planet" by being stupid.. But I think Cook has more 'politics' wrapped up in this than we'd like to accept. He's allowing the whole 'government spying on me thing' to be the main focus of all this. And that's unfortunate.

 

[Unami]

yes tim, probably not all cancer patients have heard your "sitting down is the new cancer"-analogy, so there's always a new opportunity to disrespect the rest of them. way to go.
[doublepost=1456437975][/doublepost]

What?

Cancer doesn't spread through contact (or any other reason). HIV does.

not true - it depends on the type of cancer. see: https://en.m.wikipedia.org/wiki/Cervical_cancer - fourth-most common cause of cancer; spread through contact (via a virus) in 90% of all cases.
(technically, it's only the cause of the cancer that spreads, but on the same page, it's also not the spreading HIV virus, that kill's you, but some illness, enabled by aids, that was caused by HIV )

but you're right, it's a stupid, stupid analogy. a friend of mine, who has cancer too, was pretty pissed because of the "sitting down is the new cancer" comment. and i think it's quite a difference between having someone lost to cancer in the family (which is pretty common, because cancer is responsible for about 25% of all deaths - sort of a natural cause of death, if you think about it that way), or having it yourself.

 

[BaldiMac]

He's allowing the whole 'government spying on me thing' to be the main focus of all this. And that's unfortunate.

What would you like the main focus to be?

 

[NewdestinyX]

What would you like the main focus to be?

Safety from terrorism. I'm only too happy to "maybe" give up some of my privacy for that to be accomplished.

 

[satcomer]

This whole news story about Apple against the FBI reminds me of the Lavabit episode. Clearly the FBI is using high profile cases to make computer/phone encryption history!

 

[Unami]

Safety from terrorism. I'm only too happy to "maybe" give up some of my privacy for that to be accomplished.

sure, but you'd have to give up all of it, if you really want to be safe from non-state-terrorism (as in: a state that spys on you 100% of the time could be called a terrorist state). the san bernadino shootings would not have been prevented by after-the-fact forensic evidence gathering, nor do they look like they could have been prevented by any other forensic techniques (e.g. searching the phone of another terrorist, connected to them. looks like they were just your usual homegrown fanatic citizens).

i'm always amazed at the assumed relation between terror and surveilance/security theatre. we had lots (more than we have now) of terror and violent deaths in the 70ies here in europe - then in the 80ies and 90ies we still had not that much security theatre at airports, mass surveilance, etc. but terror decreased. now there's increasing surveilance, but the number of terror incidents have only gone up in the last few years. still, no worries, on a historical scale, worldwide violence seems to fluctuate periodically - we're on a relative high right now. "relative" in context of a general, worldwide decrease of violent deaths. luckily it's still a far cry from previous heights.

still, not to confuse cause and correlation, but if you really want to make a connection between terrorism and surveilance, it seems that they are part of the same bad, and not opposing forces. it's usually the repressive regimes that create terrorism.

 

[Larry-K]

Safety from terrorism. I'm only too happy to "maybe" give up some of my privacy for that to be accomplished.

Please list the direct effects of "Terrorism" that you need relief from.

Since you're more likely to win the lottery, I presume you're wealthy as well.

 

[BaldiMac]

Safety from terrorism. I'm only too happy to "maybe" give up some of my privacy for that to be accomplished.

Hah! How do you expect this one phone to make you safe from terrorism? As Cook argued, this is about compromising the security of hundreds of millions of iPhone users on the off chance that maybe, possibly there is new information on the phone that will connect to unknown plots or terrorists.

Encryption also saves lives. Privacy saves lives. And they protect a lot of other things as well. If you want to be safe from terrorism, you would need to accept the end of the constitution. Military rule, curfews, unlimited access to everyone's thoughts and communications.

But then, those things would probably inspire more terrorists.

 

[Larry-K]

3. Guerilla warfare requires the compliance of local communities, in hiding the fighters, and their supplies. If you flatten a city, and point to the individuals who remain, and say "Look. You see that? You want that to happen to you? You either give us your insurgents, or you'll end up exactly like that, you have 12 hours." then they will have 2 options; Hand them over, or die. Either way, they stop.

Tough talk, I guess all you need is a gun and a watch to stop terrorism.

Have at it, killer.

 

[Cartaphilus]

Yup. We have the power to squash this quickly and completely, but it goes against Obama's view of the USA. In his eyes were a colonial power that needs to be brought down and rendered less powerful because he only sees us as abusive to the world. To send our forces out to influence other nations goes against his ideology. He cant use US power to fix problems, if he did, that would put us in a position of authority in the world and he doesn't want that. He wants us powerless to act or influence. He doesn't believe in our values.

What an interesting point of view! You say the President of the United States, twice elected by a substantial majority of American voters, doesn't believe in the values of those who elected him?! Remember, he ran against militaristic John McCain and Mitt Romney, and a majority of American voters thought in each case that Obama's values more closely resembled their own. It seems apparent that you don't embrace the value of democratic elections, the single central value of the American form of government. It is you who is un-American and out of step with your countrymen, not the duly elected leader of the United States.

Stop listening to rabble-rousers who have made themselves rich by pandering to...well, rabble.

 

[Larry-K]

What an interesting point of view! You say the President of the United States, twice elected by a substantial majority of American voters, doesn't believe in the values of those who elected him?! Remember, he ran against militaristic John McCain and Mitt Romney, and a majority of American voters thought in each case that Obama's values more closely resembled their own. It seems apparent that you don't embrace the value of democratic elections, the single central value of the American form of government. It is you who is un-American and out of step with your countrymen, not the duly elected leader of the United States.

Stop listening to rabble-rousers who have made themselves rich by pandering to...well, rabble.

I just want to know what "Our Values" are? Nice to have a reference point.

 

[Cartaphilus]

Everyone is above the government when the make unlawful judgements. It's your duty as a citizen. Heck every jury is above the law and has the power to nullify any case before them if they find law is wrong or doesn't apply.

No, jurors do not have the right to nullify a law. Jurors take a solemn oath to follow the law as the judge charges them. Any juror who violates that oath is a traitor to the ideals of his country and is subject to punishment. A juror who advocates nullification in the jury room will be removed from the jury by the judge. We live in a nation of laws, not of men, and the law is determined and interpreted by those learned in the law. The duty of a juror is to determine the relative credibility of witnesses, to weigh the facts, and to apply to those facts the law the judge gives them.

We really need to teach civics in our schools again. The depth of ignorance, readily exploited by demagogues, is a danger to the American way of life.
[doublepost=1456444201][/doublepost]

I just want to know what "Our Values" are? Nice to have a reference point.

I don't know all the values held by a majority of Americans, nor was it necessary to know them to refute the statement that President Obama does not share the values of those who voted for him.