One thing I hope can be clarified: Is the FBI asking Apple to patch iOS on this one device, one time only (in a way that can not be reused) ... or are they asking Apple to provide a "reusable" patch / modification that allows future devices to be accessed?
I think their argument is fourfold: one, it provides precedent (which isn't a reason in itself, really) and two is that they fear this could be reverse engineered by baddies in order to make the phones of others' less secure, three it proves to third parties it can be done and so either someone will take it upon themselves to do or someone [Big market] will require Apple to do the same --which I think will happen regardless and four it's a good business tactic [strategically, it's tough to know what a big emerging market might demand from Apple]
> they fear this could be reverse engineered by baddies in order to make the phones of others' less secure
But isn't the procedure already pretty straightforward and well known?
1) Make a build of iOS which has the pin timeout feature disabled.
2) Sign that with Apple's private key.
3) Flash onto the iPhone.
That's more or less it, right?
What's keeping the general public safe isn't some sort of secret or obscure procedure. The general public's safety is in Apple keeping that private key private. And the FBI isn't asking for their private key, they're just asking that Apple use it in private, just like they normally do when they push out normal updates.
The specific patch the FBI is asking for is a way to be able to run a mechanized brute force attack on the pin for the phone without triggering the auto-erase.
This would require a new OS to be installed in a way that bypasses what I imagine are merely software blocks to installing OSes (it sounds like if they have possession of the device, they can install the OS to it).
This is a technique and a technique can certainly be replicated. Only problem is next time, Apple can't say, "this is an unprecedented step, and very burden-some," which actually turns out to be a legal basis.
Why would Apple not voluntarily comply? They should not need to be compelled here. They should be eager to assisting this investigation.
This isn't them taking a stand in some sort of NSA spying case, as much as Apple fanboys seem to think that's what's happening here. They're refusing to lift a finger in an investigation of mass murder.
> Part of Tim Cook's argument was once they release the patch into the wild, it could be reused in other cases
This is a common (and completely understandable) misunderstanding of the relevant paragraph:
"Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. ...
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. ...
The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. ..." [0]
Notice how the first sentence of the last paragraph talks about "this tool". "The tool" is the specific version of iOS that the FBI wants Apple to make that would only run on the phone that it wants to unlock.
Notice how the third sentence talks about "the technique". The change in terminology isn't accidental. "The technique" is "the act of demonstrating that Apple can create (and can be ordered to create) a backdoored version of iOS that bypasses tamper protection features of iOS".
The particular software that Apple would create can surely trivially be restricted to run on only a single iPhone. Unless there's a way to make iPhones run unsigned OS code without wiping the device, the only way that the image that Apple provides the FBI could be modified to run on a different iPhone is if someone got a hold of Apple's code signing keys. [1]
The problem to which Cook refers to is -therefore- not that there's a risk that someone might steal the image Apple provides to the FBI and use it to pwn more phones... it's that the government will do as it always does and keep coming back over and over and over again, demanding that Apple produce yet another image that unlocks yet another single phone of interest, regardless of whether or not they expect that the data on that phone will be particularly crucial to their case.
I expect that this would be disastrous for Apple's reputation. It certainly would not be good for society as a whole.
On the one hand, I can see how denying the government's request would be good for the industry and society. On the other hand, if the courts ultimately asserted that the FBI's request is legal and proper, it might spur Apple (and other similar companies) to ensure that the parts of their devices that handle device encryption and unlocking were not upgradable by any means... making generation of software to bypass features of those parts next to impossible.
OTOH, such an assertion would leave software-only privacy software (like Signal, GPG, WhatsApp, et. al.) in a really bad spot.
Apple used to help the FBI get into iPhones all the time and it didn't destroy their reputation.
> A law enforcement source in the San Francisco Bay Area has confirmed to CNET that Apple has for at least three years helped police to bypass the lock code, typically four digits long, on iPhones seized during criminal investigations.
That story's relatively old now, and it's only recently that Apple has taken such an aggressive public stance on encryption and privacy. It's willfully ignorant to pretend that the Snowden revelations didn't change market realities in this area.
Precedents are a cop out for critical thinking. Sure, they seem to have their uses, like when it guarantees victory for the righteous. However, it seems more likely it's being used as a 'they did it, so can we!' excuse.
It's one thing if you use it as a starting point for discourse, it's another when you use it to beat down the opposition with what amounts to childish antics dressed up in a suit and tie.
"One thing I hope can be clarified: Is the FBI asking Apple to patch iOS on this one device, one time only (in a way that can not be reused)"
This must be weasel-word day. The FBI is asking for patch, hypothetically just for this phone. But only in this post have I seen anyone imagine "a way that can not be reused" since the point raised stated by the parent article is that such a patch could inherently be reused.
If all Apple produces is a signed update (with logic that activates it only if it's the right IMEI) then it's not useful to anyone hacking any other phone. The software can't be modified to work on them without Apple's cooperation, since any modification breaks the signature and you don't have Apple's signing keys.
I think in this case they are saying it would only target this one IMEI, not that the method cannot be recycled. Apple's argument is that this could "leak out" and allow mischief.
That's all window dressing. Once you compel the creation of software through a novel use of the all writs act, that opens the door to even more burdensome demands. Can decrypt an i-device with Secure Enclave? Build a new chip for us!
