Eddy Cue Fears Surveillance State if FBI Wins iPhone Unlock Case

[Thunderhawks]

We have to have the best of both worlds. We have to have the FBI getting their access for protection purposes, but also a way that keeps the devices secure for everybody.

Please start writing that software now!

And, good luck.
[doublepost=1457641344][/doublepost]

You seem to be implying that this system with weakened security would be installed on every iPhone (or hard drive or file system) on the planet. That is NOT the case, but if it was I would agree with you wholeheartedly.

You may understand the tech, but you do not understand the law. The government is asking for a special OS to be developed and installed on specific phones, each of which have gone through the regular 4th amendment legal hurdles and protections of obtaining a warrant for inspection by a neutral judge. And that special OS would be maintained as proprietary by Apple, not the government. Nobody is asking Apple to weaken security on ALL iPhones. Apple can and should continue to develop strengthened encryption algorithms and protocols, but they also have to be able to comply with legal search warrants in order to assist the government in solving crimes. Developing a specialized OS that Apple maintains under their control and use only when the government has obtained a legal search warrant signed by a judge seems like a reasonable compromise.

Not so. It requires more than 1 person to write it and a few more will have the knowledge .
That is already more than dangerous.
Human behavior let us know time and time again, that people for whatever reason leak secrets.

Plus Apple is not in the hacking and police business. If they were there would be a long line (already is) and a separate department needed.
Plus, if USA forces Apple to do that all other countries can too.

Might as well close the business.

 

[robbyx]

Just open the phone. Don't they know how to build good software for situations like this?

I'm all for privacy and encryption, but I think this case is getting out of hand and has become extremely distorted in the media. Apple's stance (and that of many other tech companies supporting Apple) on this issue is going to lead to government-mandated backdoors and the battle will be lost. Apple should be proactive and recognize that there is a legitimate need to occasionally decrypt a device in support of law enforcement efforts. They should design a system that makes this possible so that the government doesn't have to step in and force a backdoor on everyone.

The way this case is presented by Apple and the media makes it seem like unlocking this iPhone will lead to mass surveillance. This is ridiculous. Decrypting an encrypted device is not remotely the same thing as mass surveillance and government monitoring all communications, etc. I'm adamantly opposed to that sort of thing. But I have no problem with the idea of Apple possessing a tool that can decrypt a phone when presented with a legitimate search warrant. Law enforcement brings the phone to Cupertino. Tim, Jony, and Eddy all gather in a room together, have their retinas scanned and the phone is decrypted. Law enforcement takes the decrypted phone back with them. At no point does law enforcement have access to the decrypt tool, the source code, or anything else. The ONLY way the phone gets decrypted is if it travels to Cupertino. Without some sort of authentication from multiple Apple execs, the decrypt tool can't be used.

There are ways to provide the public with 99.99999% security and still allow for decrypting if required. The religion of privacy is becoming a bit absurd.

 

[Jess13]

It already is a surveillance state, and that is because Obama’s continued and expanded Bush’s illegal spying crimes worse than what Bush did, while protecting persons involved in 9/11 [28 pages] same way Bush had, 9/11 being the reason for the surveillance state. At least we have Apple fighting.

 

[robbyx]

You seem to be implying that this system with weakened security would be installed on every iPhone (or hard drive or file system) on the planet. That is NOT the case, but if it was I would agree with you wholeheartedly.

You may understand the tech, but you do not understand the law. The government is asking for a special OS to be developed and installed on specific phones, each of which have gone through the regular 4th amendment legal hurdles and protections of obtaining a warrant for inspection by a neutral judge. And that special OS would be maintained as proprietary by Apple, not the government. Nobody is asking Apple to weaken security on ALL iPhones. Apple can and should continue to develop strengthened encryption algorithms and protocols, but they also have to be able to comply with legal search warrants in order to assist the government in solving crimes. Developing a specialized OS that Apple maintains under their control and use only when the government has obtained a legal search warrant signed by a judge seems like a reasonable compromise.

Agree 100%. And the reality is, if Apple doesn't do this, there will be legislation and ALL encryption will be weakened. The tech industry has an opportunity now to do the right thing and come up with a reasonable compromise. If they don't, we most certainly will see lawmakers with virtually no understanding of technology draft legislation that weakens security for everyone.

 

[JM]

Agree 100%. And the reality is, if Apple doesn't do this, there will be legislation and ALL encryption will be weakened. The tech industry has an opportunity now to do the right thing and come up with a reasonable compromise. If they don't, we most certainly will see lawmakers with virtually no understanding of technology draft legislation that weakens security for everyone.

Maybe there is a technical compromise out there, but right now most coding experts agree that a compromise is not possible.

It's all (weaken encryption/make it easier for hackers to steal data) -or- nothing (strengthen encryption/keep as is to thwart data loss/theft of tech users)

I guess it does come down to the right to privacy and one's stance on it: "I've got nothing to hide, open it up" or "h*** no! My privacy!"

Perhaps a problem in this fight is that everyone does not agree that Apple breaking encryption/hacking/making special iOS will make it easier for bad guys to get into encrypted "good" data (secrets, etc).

 

[robbyx]

Not so. It requires more than 1 person to write it and a few more will have the knowledge .
That is already more than dangerous.
Human behavior let us know time and time again, that people for whatever reason leak secrets.

True, but Apple has already said that developing such a tool is possible and could be accomplished in a relatively short amount of time. It stands to reason that programmers at Apple already know how to do this. So they already have the knowledge, whether they've put it into code or not.

Plus Apple is not in the hacking and police business. If they were there would be a long line (already is) and a separate department needed.
Plus, if USA forces Apple to do that all other countries can too.

So you're fine with Apple providing tools to enable crime and simply washing their hands of all responsibility? Nice. I applaud Apple's efforts to allow me to secure my data. I'm adamantly against government surveillance. But decrypting a phone when presented with a legitimate warrant is not surveillance. Apple could design future versions of iOS to make this possible. They could design it in such a way that the likelihood of the decrypt tool being stolen is almost zero. They could make an effort to balance privacy and the law enforcement needs. Instead they are fighting a losing fight and almost guaranteeing that dumb dumb elected officials who don't understand technology at all will step in and create laws that compromise security for everyone.

And you're 100% right about other countries. I mean, for all we know, a decrypt tool already exists and is being used in China today, but Apple isn't admitting to it because the Chinese won't let them. Do you really think Apple would take such a principled stand in China? Heck no. They care too much about the Chinese market to let privacy get in the way.
[doublepost=1457643530][/doublepost]

Maybe there is a technical compromise out there, but right now most coding experts agree that a compromise is not possible.

It's all (weaken encryption/make it easier for hackers to steal data) -or- nothing (strengthen encryption/keep as is to thwart data loss/theft of tech users)

I guess it does come down to the right to privacy and one's stance on it: "I've got nothing to hide, open it up" or "h*** no! My privacy!"

Perhaps a problem in this fight is that everyone does not agree that Apple breaking encryption/hacking/making special iOS will make it easier for bad guys to get into encrypted "good" data (secrets, etc).

Keep in mind, though, that you must be in physical possession of the phone to decrypt it. We're not talking about hacking your cloud data or something. Apple has already admitting that it COULD build such a tool very quickly. I appreciate the concern about such a tool being released "into the wild", but I also have faith that a company like Apple or Google or Microsoft could secure such a tool to the point that the chance of it being released is infinitesimally small. I would never support Apple handing over the master key to the government, but I wouldn't have a problem with Apple possessing the ability to unlock an iPhone under the strictest controls. I'd much rather accept the very small possibility that such a tool could be stolen and released into the wild over the inevitable legislation that will weaken security for everyone if Apple continues to fight this fight. They might even win this round in court. But long term, this issue isn't going away and we're going to see lawmakers get involved and I'm much more afraid of that.

Finally, there's no "right to privacy", certainly not in the Constitution. If the cops show up at your house with a search warrant, you don't get to deny them entry because of your (non-existent) "right to privacy." This case is really no different.

 

[tentales]

No. You're forgetting the human element in this.

If a specialized iOS is made, even for one device, it has the chance of being stolen, sold by employee, whatever, from Apple.

Just because Apple has control of this "special" iOS, doesn't mean it won't ever leak through theft of disgruntled employee sale. it now exists and it has a chance of going into the wild, and that is what Apple and many tech companies want to avoid.

If I may: Nobel regrets inventing dynamite. But once it got out, it killed many. Point: once something bad is made, there's no going back.

Or Einstein/Rutherford/Oppenheimer involvement in killing a 1/4 million innocent civilians.

It always comes down to "the ends justify the means" discussion.
Hawks vs Doves. Both sides end up being naive, but realization occurs only after the fact.
There will never be absolute peace nor will " the man" ever succeed in completely controlling other men (or women, b4 u go all P.C. on me)

On topic, you hawks here siding with the FBI on this seem to think that total surveillance will bring us all absolute security ? It's a fallacy and a charade.

As such, the government will probably win this and then proceed to ban AES-256 and other strong encryption for "public" use. Coz, what's the point of breaking into a terrorist's smartphone if the secret documents on it are already encrypted ?

Does anybody think that criminals aren't already using secure messaging ? Regardless of whether companies are compelled to create backdoors ?

So is this the end of GnuPG ?

 

[kdarling]

So your position is that if Apple considers the request from the government to be illegal, then Apple should speak up.

Sure, but at this point, Apple is complaining about POSSIBLE FUTURE requests. They're bringing up boogeyman scenarios that have not occurred.

Plus, if USA forces Apple to do that all other countries can too.

They can do that now. Other countries do not have to wait on the US.

 

[tentales]

They could design it in such a way that the likelihood of the decrypt tool being stolen is almost zero.

That's what the Enigma inventor thought to.

 

[robbyx]

On topic, you hawks here siding with the FBI on this seem to think that total surveillance will bring us all absolute security ? It's a fallacy and a charade.

Don't conflate decrypting a device with mass surveillance. The FBI isn't asking for "total surveillance". They are asking for ONE device to be unlocked. I'm not suggesting we aren't on the the precipice of the slippery slope here, but it's this kind of FUD that confuses the issue.

As such, the government will probably win this and then proceed to ban AES-256 and other strong encryption for "public" use. Coz, what's the point of breaking into a terrorist's smartphone if the secret documents on it are already encrypted ?

Does anybody think that criminals aren't already using secure messaging ? Regardless of whether companies are compelled to create backdoors ?

Terrorism is, of course, the sensational argument, and you're probably right about them using secure messaging, etc. But there are plenty of other less dramatic scenarios where being able to unlock the phone could be helpful in a legitimate law enforcement investigation. It's about striking a balance. If Apple came up with a fair compromise on this issue, there would be no need for government intervention. But as it stands now, I agree with you. Government will (eventually) win this, whether it's this case or something in the future, and all security will be compromised in a far more extreme way.
[doublepost=1457644719][/doublepost]

That's what the Enigma inventor thought to.

Except that Apple has already stated that it could build this tool in a few weeks. So they already know how to do it.

 

[tentales]

Don't conflate decrypting a device with mass surveillance. The FBI isn't asking for "total surveillance". They are asking for ONE device to be unlocked.

Wow, just wow. smh.

 

[robbyx]

Wow, just wow. smh.

I know, right? I'm pretty amazed too that people can't see the difference between unlocking a single device in a controlled environment without handing the government the keys to the kingdom...and mass surveillance hysteria.

 

[JamesPDX]

Fine words from Cue.

Both he and Cook are rehabilitating themselves after the travesties they have committed in the past few year without the guiding hand of Father Jobs.

I'm flabbergasted that the devil has entered so many in government, and pray that he is cast out by our Saviour, Jesus Christ. I may disagree with many of Cook's decisions, but on this crucial matter, may he fight the good fight.

JC just texted me: "I'm staying out of it. You do it: That's why I gave you Free Will."

 

[subsonix]

And the reality is, if Apple doesn't do this, there will be legislation and ALL encryption will be weakened. The tech industry

Not at all, current crypto standards are open so anyone with the right knowledge can implement AES or RSA for example. AES is the successor to DES which was developed secretly by IBM and came with a weakened export graded version. On the contrary AES was developed in the open in a process that took several years (I believe the winning bid and current AES was made by two Belgians).

 

[robbyx]

Not at all, current crypto standards are open so anyone with the right knowledge can implement AES or RSA for example. AES is the successor to DES which was developed secretly by IBM and came with a weakened export graded version. On the contrary AES was developed in the open in a process that took several years (I believe the winning bid and current AES was made by two Belgians).

What does that have to do with anything?

If the government passes legislation that requires some sort of weakening of encryption or mandatory back door, then yes, security is weakened for everyone. Has nothing to do with who developed what.

 

[JamesPDX]

Agree 100%. And the reality is, if Apple doesn't do this, there will be legislation and ALL encryption will be weakened. The tech industry has an opportunity now to do the right thing and come up with a reasonable compromise. If they don't, we most certainly will see lawmakers with virtually no understanding of technology draft legislation that weakens security for everyone.

So the take away here is that Apple needs to shift attention away from watches, cars, and emoticons and throw some major IT engineering towards OS and iOS security?

PS: The 2012 Mac Pro would never have allowed this!

 

[subsonix]

What does that have to do with anything?

If the government passes legislation that requires some sort of weakening of encryption or mandatory back door, then yes, security is weakened for everyone. Has nothing to do with who developed what.

Obviously that the genie is out of the bottle. While you can legislate certain products, how about maths and open source software, what does it mean to export something on the Internet etc.

 

[robbyx]

Obviously that the genie is out of the bottle. While you can legislate certain products, how about maths and open source software, what does it mean to export something on the Internet etc.

The genie is already out of the bottle. Apple has already said that it can write the unlock software in a few weeks. That means it's already possible to do what the FBI wants. No one is suggesting that Apple export this tool or hand it over to the government or put it on the Internet. Sorry, I just don't understand your point.

 

[JM]

Sure, but at this point, Apple is complaining about POSSIBLE FUTURE requests. They're bringing up boogeyman scenarios that have not occurred.



They can do that now. Other countries do not have to wait on the US.

Ahh, Apple using FUD, too. You're right.......

Okay. Fair enough. What's more plausible though? Nuclear bomb, missing child, terrorist shooting; or mass wire tapping and bad guy hacking and spying on cellphone users?

I think it's more plausible that the worse scenario is a less secure operating system (used by both good and bad people), than the FUD scenarios dreamt up by 24 writers.

Thoughts?

Edit: not necessarily "plausible", but "happens more often" or "do the most damage to the country/individuals"

 

[subsonix]

Sorry, I just don't understand your point.

The part I quoted from you suggested that ALL encryption would be weakened as a result of Apple losing this case.

 

[robbyx]

So the take away here is that Apple needs to shift attention away from watches, cars, and emoticons and throw some major IT engineering towards OS and iOS security?

I'd say they've already done a pretty incredible job with iOS and OS security! The take away, in my opinion, is Apple (and other tech industry players) need to come up with a compromise that balances privacy and law enforcement interests. If they don't, lawmakers will step in. And when that happens, I am 100% certain that whatever lawmakers force upon the tech industry will be far far worse (from a security/privacy standpoint) than whatever the tech industry creates on their own.
[doublepost=1457646321][/doublepost]

The part I quoted from you suggested that ALL encryption would be weakened as a result of Apple losing this case.

Sorry, perhaps I wasn't clear. From a big picture perspective, I'm concerned about lawmakers forcing requirements on tech companies. That, in my opinion, will lead to a weakening of security/privacy for everyone that will be far worse than if tech companies are proactive and develop systems to accommodate legitimate law enforcement requests.
[doublepost=1457646610][/doublepost]

Okay. Fair enough. What's more plausible though? Nuclear bomb, missing child, terrorist shooting; or mass wire tapping and bad guy hacking and spying on cellphone users?

This isn't about mass wire tapping or bad guy hacking and spying on cell phone users. That's FUD. This is about Apple possessing a tool in Cupertino that can decrypt a phone when presented with a legal search warrant. Not a phone over the Internet that gets hacked. Not a back door so the government can monitor your cat video watching habits.

 

[kdarling]

Okay. Fair enough. What's more plausible though? Nuclear bomb, missing child, terrorist shooting; or mass wire tapping and bad guy hacking and spying on cellphone users?

I think it's more plausible that the worse scenario is a less secure operating system (used by both good and bad people), than the FUD scenarios dreamt up by 24 writers.

Thoughts?

Sir, I won't disagree with you about which are the more plausible scenarios... if such a tool were let out along with Apple signing tools, which I don't think would happen.

I will disagree that the worse scenario is the case of a less secure OS.

For one thing, we've had such OSes for a long time, iOS included. In fact, a lot of this feels like Apple desperately handwaving to direct attention away from the fact that people jailbreak iOS, that updates constantly fix buffer overruns that are iOS security holes, and that the fingerprint sensor is wide open to fake finger attacks.

For another, people getting hacked is nothing compared to personal injuries or national attacks.

Do we have to tread carefully? Yes. But I think we have to tread the path, instead of pulling into a turtle shell. Just as with any other warrant, there have to be checks, but at the same time, we cannot throw out warrant powers altogether.

 

[JM]

Sir, I won't disagree with you about which are the more plausible scenarios... if such a tool were let out along with Apple signing tools, which I don't think would happen.

I will disagree that the worse scenario is the case of a less secure OS.

For one thing, we've had such OSes for a long time, iOS included. In fact, a lot of this feels like Apple desperately handwaving to direct attention away from the fact that people jailbreak iOS, that updates constantly fix buffer overruns that are iOS security holes, and that the fingerprint sensor is wide open to fake finger attacks.

For another, people getting hacked is nothing compared to personal injuries or national attacks.

Do we have to tread carefully? Yes. But I think we have to tread the path, instead of pulling into a turtle shell. Just as with any other warrant, there have to be checks, but at the same time, we cannot throw out warrant powers altogether.

Thanks for responses.

Do you not believe then that it's possible that this coveted piece of potential software would leak out or get stolen? Rendering a huge hole in the security of devices?

I think I may be understanding your and others' point of view...But its validity completely rests on the security of a company.

 

[doelcm82]

Agree 100%. And the reality is, if Apple doesn't do this, there will be legislation and ALL encryption will be weakened. The tech industry has an opportunity now to do the right thing and come up with a reasonable compromise. If they don't, we most certainly will see lawmakers with virtually no understanding of technology draft legislation that weakens security for everyone.

That's not a reality, just a possible outcome. If Apple wins this current case in court then it will only help them when they resist whatever laws get passed. If the courts say that Apple can't be compelled to develop a hack into it's own operating system, they'll be likely to side with Apple on a future case where the government wants Apple to install spyware on all its devices.

 

[zioxide]

Just open the phone. Don't they know how to build good software for situations like this?

If that was possible, every cryptography expert on the planet wouldn't be telling you it isn't.