Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
President Obama: 'You Cannot Take an Absolutist View' on Encryption Issue
- Thread starter MacRumors
- Start date
- Sort by reaction score
Welcome to the world-wide dictatorship, everybody. Hold on tight, it's going to be an ugly ride.
Well, then we've been doomed since at least Reagan, I wouldn't get too upset over it.
I'll bet your leaders call India for Tech support just like everyone else.
Snowden never cracked any codes, the data was not secure and he had easy access too it. What the government was doing was illegal. People have a right to privacy.
Look at it this way, if the NSA could not keep it's own secrets secure how will they keep our secrets secure?
Not entirely correct; their security might not have been brilliant, yet Snowden still shared their "secrets" but that's ok, their secrets were bad secrets and they shouldn't be allowed to keep bad secrets.
Let me ask you this, had Snowden broken into their fully encrypted files because he acquired a back door would that have right or wrong?
I will counter your hypothetical with another. What if someone in the government has access to our encryption keys with the clearance of a Snowden, and leaks that data to say, the internet. Who can we trust with super secret data and not have to worry about them spilling the beans.
If the encryption was good he never would have gotten in.
That's pretty much THE option Apple has been given by this court order. It still requires significant effort on Apple's part to develop the code that will override this setting, and to test it thoroughly to be sure their solution doesn't brick the phone permanently, or trigger the safety so that the decryption key gets deleted.
I guess if they do brick the phone, they can do a factory reset and then restore it from the latest iCloud backup...
Now, this phone is secured by only a four-digit passcode. We know this presumably because when they swipe right, they see four blanks in the passcode entry screen. My phone is also secured with four digits. It's convenient and easy to remember. I don't worry so much about someone brute force trying to guess the code because the iPhone locks after several wrong attempts. My nephew tries sometimes. He brings the phone to me after the phone is locked. At three years old, he's not much of a threat.
If Apple is forced to comply, and removes the delay (and the "erase phone after ten wrong tries" option) it won't take too long for the FBI to go through all 10000 possibilities. At one try per second, that would be less than 10,000 seconds.
We already know that the DOJ has more phones waiting in the wings for Apple to do this same trick to. But do we know whether all of them have 4-digit passcodes. Apple's default length for passcodes is 6 digits now. That would take 100 times as long, or 1,000,000 seconds (more than eleven and a half 24-hour days). And Apple also has an option for longer alphanumeric passcodes. It would take decades for the FBI to try all the possibilities. Whatever data was on the phone would probably be useless by then.
If Apple loses this case, don't you think real criminals are going to start using the alphanumeric passcode option on their phones? I'm thinking I will go to alphanumeric, and I'm more worried about my nephew getting in and accidentally deleting an important email or calendar appointment than I am about the FBI.
With criminals (and innocent people who might happen to be accused of crimes) using stronger passcodes, this method is going to have limited usefulness for the FBI/DOJ. On top of that, Apple has already strengthened the security on their iPhones. Any iOS device that has a fingerprint reader has the code for delaying after a certain number of bad attempts moved to the "Secure Element" chip where the fingerprint data is stored. A mere iOS update couldn't override that code.
Future iPhones may not allow updating the iOS using DFU mode without entering the current passcode, so loading a new OS to allow guessing the passcode won't be possible unless you already know the passcode.
The point of all of this is to make the iPhone less hackable.
So if this is not going to work on newer iPhones, or when the user has chosen to use a stronger passcode, why is Apple fighting this one case? It's because if Apple can get the courts to agree with them that making the iPhone more hackable is not a Constitutional request that the government can make of Apple, then they'll be better positioned to resist future requests from the government to make the iPhone more hackable.
They're still going to fight those future requests, which will be asking Apple to do more and more to get around the bigger and bigger roadblocks Apple has put in place to keep out cyberterrorists, identity thieves, and spies. But a win in the beginning will be a precedent Apple can point to in future cases.
It's not even about being aware or unaware of something. When it comes to a political figure, people on this page and others have proven time again their inability to stay on topic.
There's a lot to hate about trump too, but some of the mud slinginf and bickering that happened on the MR article thread about him calling out Apple were equally off topic and misplaced. Not a dozen posts above his one Reagan name has made it into play!
I can count on MR members to be extremely vocal about politics almost irregardless of the actual topic as well as constantly give terrible analogies regarding automobiles. These two things go I know to be true. Lol.
I read his comments as "The government is entitled to keep things from you but not the other way around, it is for your own good". Scary stuff. Although I suspect that's the view on both sides of the political spectrum over there. If I was voting for a candidate at the moment I'd vote for whoever had the brains to realise that being able to break into normal and low level people's phones won't protect you from anything as the real hardcore criminals will just use devices they can add further encryption too. Won't be hard to do especially on Android devices.
Both hypotheticals are interesting, but does knowing the government secrets were bad justify the means? That being since we found out they were bad, it seems ok to have had access to them?
By this prognosis, we could assume everything that is not encrypted is fair game and should be in the public domain?
...who were killed by the pilots. THE PILOTS!!
So why can't I take 150ml of water onto a plane?
Standard Kiwi responseWell as a Kiwi, you have my deepest sympathies. But they do say admitting you have a problem is the first step. There is hope for you yet
so can a pair of pliers from home depot.
really, everyone's got a false sense of entitlement when it comes to privacy. you don't already got it. so don't keep expecting it.
And also a false sense of safety. We assume that the TSA and the government have our best interests in mind. It just takes a few bad apples to ruin the whole process.
Unluckily someone else referred to, sometimes, as the "inconvenient Idiot" has....
Really? you don't think at all that checking people's bags and persons don't at least deter some people who would otherwise have carried a gun? It may not stop the mastermind terrorist who knows how to get around the security checks, but I'm sure smaller and lesser evil doers have thought twice or thrice.
Would you rather we have no security at airports and just let people go in with whatever?? serious question.
And how many weapons has the TSA allowed on planes, how many depressed pilots have been stopped? Or unauthorized employees in the cargo hold?
I understand airport security, but sometimes its an overkill. They check you like 3-4 times not to mention all the visas and background checks (international flights).
As for encryption. Governments just have to face it, you can't stop encryption. Terrorist/Criminals who want to communicate can and will and you can't stop them. So all these efforts, time, and money spent tracking people online is just going to waste.
They monitor a 100m people just in case maybe just maybe they will catch that 1 guy.
As for encryption. Governments just have to face it, you can't stop encryption. Terrorist/Criminals who want to communicate can and will and you can't stop them. So all these efforts, time, and money spent tracking people online is just going to waste.
They monitor a 100m people just in case maybe just maybe they will catch that 1 guy.
If you use your brain you could realize that actually... they are not! Sorry but I have to be that blunt to see if you can get it.
The fact of the matter is that impenetrable encryption now exists. Whether or not it comes installed on the phone by default is irrelevant to those who want to do harm. They'll just use added on encryption to hide their trails. The only ones hurt by legislating our phones to be less secure are innocent people.
The one compromise I can imagine partially resolving this impasse is:
A) On Apple's side, requiring a fingerprint be registered to encrypt the device. A passcode protected device would not be encrypted.
B) On the government's side, changing laws to allow a judge to force a suspect to provide their fingerprint to unlock an encrypted device.
So in the case of a suspected pedophile for example, detectives would obtain the device and a judge would issue a warrant forcing the suspect to provide their fingerprint. A stolen phone would not be vulnerable because they wouldn't have the fingerprint. This would not be a remote hacking vulnerability because it would require physical presence of both the device and the finger print. Those not using a fingerprint would be opting into a less secure device.
The one compromise I can imagine partially resolving this impasse is:
A) On Apple's side, requiring a fingerprint be registered to encrypt the device. A passcode protected device would not be encrypted.
B) On the government's side, changing laws to allow a judge to force a suspect to provide their fingerprint to unlock an encrypted device.
So in the case of a suspected pedophile for example, detectives would obtain the device and a judge would issue a warrant forcing the suspect to provide their fingerprint. A stolen phone would not be vulnerable because they wouldn't have the fingerprint. This would not be a remote hacking vulnerability because it would require physical presence of both the device and the finger print. Those not using a fingerprint would be opting into a less secure device.
