Tim Cook: Apple Won't Create 'Backdoor' to Help FBI Access San Bernardino Shooter's iPhone

[RickInHouston]

Let's take a step back.

Why does Cook say, "We won't 'create a backdoor' for the FBI?" Why didn't he come out and say we won't give up user data?

Can't apple do that instead of creating a permanent backdoor in the software?

 

[techpr]

This is WHY I trust Apple. Security First!

 

[DEMinSoCAL]

Problem is once they get an open door, any good smart hacker can enter.

The misconception is the backdoor would be built into everyone's iPhone. It won't. Whatever process Apple does to bypass the password lock would remain property of Apple and only exist, securely, at Apple.

If you think that is not secure enough, then what about the possibility that someone at Apple, one of the programmers that works on the iOS team, hasn't built something like this already? Since everyone here is going so far out on the limb of possibilities, couldn't some rogue programmer have already built a tool or backdoor into the OS and makes it available for nefarious reasons? Surely it's possible...

 

[Sonmi451]

It's just too damaging to Apple.

The average user doesn't care.

Good to hear! Regardless of the circumstances, it would be a very dangerous precedent to set.

No it wouldn't. You're complying with a court order. Take it up with the law, not Apple.

Tim Cook is 100% right, and even more right when he says the FBI/Government will 'word this differently'.

It's a bad decision, and Apple will comply with the FBI requests eventually. Everyone wants privacy until terrorism is involved.

 

[ABC5S]

Hope you loose Tim Cook. My safety comes first

 

[digitalcuriosity]

Hope you loose Tim Cook. My safety comes first

You'r safety and mine don't mean anything to our Government, what they want is the ability to did into everyone private business. What do you really think is on that dead guys iPhone a call he made to the leader of ISIS?

 

[bitslap47]

...It's a bad decision, and Apple will comply with the FBI requests eventually. Everyone wants privacy until terrorism is involved.

Kind of smart if they are being chess players and are thinking ahead and assuming they will eventually lose the battle.

If/when forced to comply, Apple can simply say they were forced against their will. Clean hands in the eyes of (most of) the consumer(s).

 

[Binarymix]

The misconception is the backdoor would be built into everyone's iPhone. It won't. Whatever process Apple does to bypass the password lock would remain property of Apple and only exist, securely, at Apple.

If you think that is not secure enough, then what about the possibility that someone at Apple, one of the programmers that works on the iOS team, hasn't built something like this already? Since everyone here is going so far out on the limb of possibilities, couldn't some rogue programmer have already built a tool or backdoor into the OS and makes it available for nefarious reasons? Surely it's possible...

There currently isn't a backdoor. I don't think even apple can create one for this phone.

The FBI wants apple to create a new version of iOS that allows circumvention, this would have to be applicable to all iPhones going forward, else the current security measures wouldn't allow them to open any future iPhone without the circumvention already built in.

Someone posted a link about how the secure enclave, ram chips, and other pieces of hardware, plus the pin code all work together to make it nearly impossible to break the current encryption.


This is the point. It WILL affect all iPhones going forward.

 

[bitslap47]

Also, if there is a price on this, how long do you think it will be before a former Apple Employee capable of hacking something together contacts the FBI offering services in exchange for a mountain of money and amnesty against any suit Apple could bring against them?

 

[NT1440]

So if this is the concern, then leave the tech in the hands of Apple, design it so that the process is purposely lengthy and time-consuming, and ensure the FBI provide a warrant for each request to retrieve data. Just the process of requiring a warrant (the time paperwork in involved) will ensure that this is a rarely used strategy.

I don't think you understand this. Technologically, there is NO WAY to make a secure system that also has the ability to be tapped into. This is binary, there is no in between. If you make a backdoor, it can be cracked, then anyone with the technological means can use it.

 

[Act3]

Of course they will oppose it but that will not do any good once the US government gets their way and sways the court system into agreeing with the FBI.

 

[NT1440]

You're mixing two things here: 1) illegal access to private data without search warrant and 2) a perfectly reasonable request to open a phone to retrieve incriminating evidence.

The two are NOT linked and yet half the posters on here assume them to be.

And you intentionally missing the fact that there is no way to do number 2 without creating the means to do number 1 wholesale. I don't understand what is so hard to understand about his.

If you make the technological means to break the encryption, or provide a backdoor into it, it WILL be abused.

 

[caligurl]

Americans are watched everyday already. In public. On the roads. In buildings, restaurants, banks, shops, etc. Police cars have license plate scanners that records every cars license plate it sees and where it sees it. Pretty scary database, there, huh?

Personally, I don't have anything on my iPhone I don't want the government to see (or that they can't already see). I'm one of billions of people and I'm sure they have better things to do than look at my pictures and texts. If people have something to hide, there is usually a reason.

You just don't get it. It's not just about the government having this information for this one phone. It's about there then being a back door for EVERY phone that is out there.

Not to mention that the government has a history of NOT keeping peoples personal information secure!

 

[NT1440]

"They" who? If evidence is obtained illegally (without a warrant, for example) it's inadmissible in court. If such use is to keep another Boston bombing from happening then i'm all for it! Either way, it's a win-win...

You're assuming the information is going to be used in a court case.

"They" are the various intelligence and law enforcement agencies throughout the country that have been illegally spying on Americans (a violation of the constitution) without a warrant simply because they have the means to. I've posted that the NYPD (And Baltimore, LA, Chicago, etc) have been using Stingrays (fake cell towers that scoop up all communications from hundreds/thousands of devices at a time, indiscriminately) over 1,000 times without a warrant since 2008 alone.

http://arstechnica.com/tech-policy/...-over-1000-times-without-warrants-since-2008/

These aren't hypotheticals, these are what are currently happening in the USA.

We have built a a surveillance state for the world since 9/11, with nothing to stop it from being turned to spy on Americans as they continue to be shown to be doing.

 

[Designer Dale]

I don't think you understand this. Technologically, there is NO WAY to make a secure system that also has the ability to be tapped into. This is binary, there is no in between. If you make a backdoor, it can be cracked, then anyone with the technological means can use it.

I know you are referring to Spectrum, but I want to reaffirm this. The Master Key iOS is safe because it does not exist. Once it is written, it isn't safe. No matter who holds it.

Dale

 

[576316]

I have a feeling the FBI has been waiting for something like the San Bernardino situation to bring up a lawsuit against Apple. We have known for years (thanks Snowden) that that FBI has been frustrated with the security on the iPhone. Now they finally got their chance to force Apple to create a backdoor.

This will most likely end up being a Supreme Court court. From a business POV, I don't think Apple could ever comply with this demand. The bad publicity around "Apple creates backdoor for the FBI" could easily destroy their sales. I don't know if the FBI is going to fine Tim Cook or sentence him to prison, idk, but he really really cannot comply with this demand. It's just too damaging to Apple.

I imagine if it got to the point where Apple were being held at gun point in order to do this, Tim Cook would respectfully resign from his position in protest of what the government were doing. But I really don't think he'd let it get to that and the US government need to wake up and stop being so stupid.

 

[Kayan]

Sorry for my ignorance, but I'm confused: from one report I read that Apple stopped storing encryption keys back with iOS 8, hence they CANNOT (even if compelled by law) gain access to an iDevice. However, now the courts are ordering Apple to gain access....so what am I missing?
Can Apple still gain access without the encryption keys, it just might take them a while to develop algorithms to do so?

 

[Tom G.]

I stand 100% with Tim Cook on this. I do not trust any level of Government with any of my info or data. The government cannot even keep their own data secure, why should I trust them to keep mine secure.

Should the Feds win this one, and they might, then I see Apple doing one of two things:

1. As has been mentioned in an earlier post, have the Feds deliver the iPhone in question to Apple, and Apple will take it to one of their secure labs and unlock it in private, then return it to the Feds so they can have their fun.

2. Do it as the Feds want, but keep the method of how they did it to themselves, this way only Apple will know how to do it.

One problem with not obliging the government is that it encourages the Feds to research and develop their own software to unlock phones and encryption and then they have the key. If Apple does have to comply I'd feel better if Apple alone had the key.

 

[bitslap47]

Sorry for my ignorance, but I'm confused: from one report I read that Apple stopped storing encryption keys back with iOS 8, hence they CANNOT (even if compelled by law) gain access to an iDevice. However, now the courts are ordering Apple to gain access....so what am I missing?
Can Apple still gain access without the encryption keys, it just might take them a while to develop algorithms to do so?

The way I read it... they aren't asking for it to be decrypted. They want Apple to trick the phone into updating iOS, while locked, to a special version that allows them to brute force the pass-code without the phone erasing itself, or throttling the attempts by saying "Wait 5 minutes, Wait 10 Minutes, Wait 1 Hour" escalating after each bad attempt beyond 5 (or whatever it is set to) failed attempts.

 

[arggg14]

Could Apple just say "We tried, but can't figure it out" throw their hands up and be done? Or how about f*** you, we don't have the resources to work on a special OS to break our own encryption.

 

[Tom G.]

I do believe that Kayan is correct in post. Tim Cook has said before that Apple cannot gain access to a device.

 

[Oblivious.Robot]

My respect for Apple and Tim just increased, also binding myself and my family to future Apple products seems like the way to go for me.

Also, it's interesting as Apple does sell worldwide, if and if the USA government is able to force on a backdoor, can they possibly just bypass any Apple products security irregardless of the users country or jurisdiction?

Man I hope USA citizens do take a firm stand on this one, as someone who deeply admires their country, and uses their products but am rendered helpless as an outsider.

 

[zioxide]

So if this is the concern, then leave the tech in the hands of Apple, design it so that the process is purposely lengthy and time-consuming, and ensure the FBI provide a warrant for each request to retrieve data. Just the process of requiring a warrant (the time paperwork in involved) will ensure that this is a rarely used strategy.

No.

What you describe is impossible. If a backdoor is there, others will find it.

You wanna open up vulnerabilities on every iPhone in the world that could be used for illegal surveillance, hacks by rogue governments, identity theft, etc?

No thanks.

Sorry, but a few lives lost are not worth all of us giving up our right to maintaining security and privacy of our personal data.

If we want to save lives, we should be focusing on preventable causes, nor sacrificing our rights and privacy to catch a unicorn.

 

[DEMinSoCAL]

You just don't get it. It's not just about the government having this information for this one phone. It's about there then being a back door for EVERY phone that is out there.

Not to mention that the government has a history of NOT keeping peoples personal information secure!

It seems YOU don't get it. There doesn't have to be a "backdoor" in every iPhone to make this work for law enforcement. There just needs to be a way for Apple, when handed a warrant and an iPhone, to be able to upload code to the phone that bypasses the "10 try PIN lock". Then hand the phone back and let the FBI brute force the PIN , get in, and get their evidence, LEGALLY.

There are more ways than the imagination can think of for Apple to implement this securely and keep it to themselves. It doesn't have to be something the FBI or anyone physically gets to keep.

I'm not a programmer, but either something like this is IMPOSSIBLE to do (in which case why are we worrying), or if it is, it has probably already been thought of, developed, tested and is sitting in a secure, encrypted software vault at Apple.

 

[Rigby]

"They" who? If evidence is obtained illegally (without a warrant, for example) it's inadmissible in court.

Read this:

https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-laundering

If such use is to keep another Boston bombing from happening then i'm all for it! Either way, it's a win-win...

And yet, with all the broad surveillance powers they were given, Boston, Paris, San Bernadio etc. still happened. And there is no evidence whatsoever that weak encryption could have prevented any of them (in fact, the Paris terrorists are known to have communicated "in the open" using SMS, yet the usual suspects immediately demanded laws against strong encryption after the attacks).