But in this case, it's protected by only a 4 digit PIN, which means there is no real protection against brute force once the 10 guess limit and time delays are removed. What happens next time when a bad guy uses a 15+ digit passphrase and the FBI can't brute force it? They will immediately demand that the encryption itself be backdoored, and we're back to the Clipper Chip debacle of the 90's. This is something they have already demanded.
Yes,
exactly.
What the FBI is asking for here is completely ineffective against any terrorist with the slightest sense of operational security. We know that this phone is using either a 4-digit or a 6-digit numeric passcode (otherwise the request to allow brute forcing would be completely meaningless because the FBI would have no hope of getting it in any reasonable amount of time). That is not what op-sec-aware people use. We know these terrorists were op-sec-aware as they thoroughly destroyed their private phones and laptops. It is possible they did something really stupid and ended up with data on this insecure work phone, but that is definitely grasping at straws.
In any case, since the FBI insisted on this being fought in the public courts, it is just more obvious to any and all terrorist organizations that you need to use a secure (long, mixed-case, etc) password on your devices. Then this crack can not be used.
Yet, the vast majority of people who think they have nothing to hide are using now-easily-cracked security. Voila: all the damage to net privacy, no benefit in investigative power against the stated targets.
On the other hand, the folks who tend to have less operational secuity are not the terrorists and child pornography rings, but low-level drug dealers. Unsurprisingly, the vast vast majority of applications of powers under the Patriot Act ended up being used against drug dealers rather than terrorists. Maybe that is a good thing. But, it definitely wasn't how the Patriot Act was sold. And it isn't how this is being sold, but it is definitely how it will be used. Why not sell it to us honestly? Maybe because you wouldn't have people agreeing as vehemently?
[doublepost=1456171257][/doublepost]
That is true, Apple did have the key prior to iOS8, and they do not have one now for iOS8 and 9. But doing that was Apple's choice. Some call it a "marketing strategy", some call it an increased level of privacy in a world where hacking is becoming more routine. But whatever you call it, that's where we are now.
With an update to its iOS software, Apple switched off its ability to retrieve data from its phones and tablets. By doing this, Apple tried to take itself out of the equation when law enforcement is looking for access to a phone. Essentially, the company could no longer fulfill a request because it was technically unable to do so. But the law surrounding searches, seizures and requests for assistance from law enforcement have not changed. Apple still must comply with those. And that's why the situation is what it is now. So yeah, in order to comply with legal requests, Apple will have to make a version of the iOS that can be accessed by law enforcement.
Remember, two years ago, nobody was making any of the current "sky is falling" arguments, and the iOS was less secure.
No.
Prior to iOS8, Apple did hold the key to on-phone data which was not otherwise protected. Now Apple only holds the key to iCloud backup data which is not otherwise protected.
Of particular note, Apple has decrypted all iCloud backups requested in this case.
What Apple has never done is bypass the on-device password to impersonate the user. It never did this prior to iOS8, and it is fighting to not be forced to do so now. Doing this releases account-encrypted and device-encrypted data such as iMessages and iCloud Keychain contents as well as numerous third-party data. There is investigative value in these pieces of data (unlikely to be so in this case, but in the more general case where this precedent would be applied). But, and this is the important thing: they have not previously been available. Making them available would set a new precedent.
[doublepost=1456171715][/doublepost]
If there is a legal court order why not? They can also get a search warrant for anyones house by court order and go through your underwear.
A legal search warrant issued in Beijing to search my underwear drawer would likely not end up being executed. Giving this power to the FBI means every nation in the world has it (or Apple faces severe trade sanctions under international law).
