That's nice. That means I can talk to you like an educated person using industry terminology.
A "Back Door" is a secret hack to allow someone direct entry into the system
No. Sorry Dio, but you're wrong. A back door in security parlance means a way to circumvent the protections afforded by the security in a device or software, usually for the purposes of monitoring, debugging, or administrative access. There's nothing secret about a back door. It takes about 30 seconds for me to scan a server or a piece of software to find a listening port or receptive API. Once that door is found, I immediately assume that the protections on that door are not as strong as the cryptographic safeguards in place on the device or in the code, and most back doors don't have additional protections such as DDoS prevention or brute force detection. That means I can take my time whittling away at it until it opens. Back doors are anything but secret.
So let's take a journey for a moment. I know this entire thing has been a pissing contest, but let's look at some facts. I posted an article earlier from Slate in 2014 where they discuss iOS 8 and the new methodology Apple applied to cryptography:
Is Apple Picking a Fight With the U.S. Government?
There are plenty of other articles out there discussing the exact same thing:
Apple can't unlock iOS 8 devices, even for police
Apple Won't Unlock iOS 8 Phones For The Police. Ever.
Apple tells judge it’s “impossible” to unlock a device running iOS 8 or higher
...and the list goes on.
If you read even one of those articles, you'll learn that Apple does not have the keys to each individual iPhone. They develop a proprietary algorithm to use, a salt and hash for cryptographic operations, and they deploy their software using unique markers in the hardware of each device to generate a cryptographically unique key using what's known as elliptic curve cryptography. The chances of generating the same key on two devices is statistically impossible (1 in a nondecillion). Even on the same device, the chances of generating the same key twice would require a quantum computer and 5-10 YEARS of time to complete. Remember, the only thing that Apple retains privately is their intellectual property: an algorithm, which have, time and time again, been determined to be as much the property of the corporation as any trade secret.
Apple's made it very public that if you mess up and your phone is wiped, they can't help you. This isn't shirking any sort of responsibility to provide a service to the customer. You can very easily shut off the functionality that wipes your phone! If anything, this is very American of Apple: they're placing the responsibility on the end user for their own device. Personal responsibility! Can you imagine?
Now, on to your request on the court filing... swordmaker has graciously provided you with numerous posts outlining the requests in the court filing. One of those requests was for Apple to design or develop a software recovery tool that would crack the protections on the device's EEPROM and unscramble the data in the user data partitions to allow the FBI access to everything. In order for this to happen, Apple would not only have to devote operating expenses in man hours/labor to develop the software (because it doesn't already exist), but they'd have to use their intellectual property to design that software, something they cannot be compelled to do by the law or otherwise. How a private entity uses their intellectual property is their business as long as it is within the confines of established law.
You should probably do some more reading on the entire subject. Apple did not have the means and had no obligation to provide access to that data. Matter of fact, if it wasn't for the hamhandedness of the FBI, the data might have been easier to recover. They confiscate computers all the time. Accessing those computers is usually pretty easy when all of the components are in one piece. If you brought me a hard drive and asked me to get data off of it, I can say with 90% or better certainty that I can recover your data. If the platters have come off their spindles or someone drilled through the casing, however, I don't care how much money or how many court orders you throw at me, that data is gone. There's no hope of recovery. In this case, the FBI lucked out and found an entity that hacked the phone and got them the data. What's funny about all of this is that in the end, we'll never know if any actionable intelligence was found, because I'd bet that there was nothing substantive on there to begin with.
Think about it: these aren't purse snatchers or petty criminals. These are trained terrorists. It doesn't take a summer at Quantico to learn that if an asset in your ring of trust is compromised, you destroy every trace of evidence of your connection with that person: phones, email accounts, computing devices, etc. You get a new identity. You move to a new location. Within days if not hours of the events in San Bernardino, any living associates of that asshat were off the radar. They could've decrypted that phone right then and there, and while they might've found a somewhat warm trail, there'd be more work for them. All of this was nothing but Kabuki theater, and I'd bet my bottom dollar that Apple's stock continues to rise as a result of their stalwart position on security and privacy, something I thought every liberty-loving American would value.
Great post. Thanks.
I think you are using a "Liberal" or broad interpretation of the word, while I am using a "Conservative" or narrow interpretation of the word. The Dictionary mostly supports my view, but it allows enough wiggleroom to barely sneak yours in.
Back doors are anything but secret.
They are usually secret. Of what value is a "back door" when everyone knows about it? If everyone uses it, it becomes a "front door."
If you read even one of those articles, you'll learn that Apple does not have the keys to each individual iPhone. They develop a proprietary algorithm to use, a salt and hash for cryptographic operations, and they deploy their software using unique markers in the hardware of each device to generate a cryptographically unique key using what's known as elliptic curve cryptography. The chances of generating the same key on two devices is statistically impossible (1 in a nondecillion). Even on the same device, the chances of generating the same key twice would require a quantum computer and 5-10 YEARS of time to complete. Remember, the only thing that Apple retains privately is their intellectual property: an algorithm, which have, time and time again, been determined to be as much the property of the corporation as any trade secret.
Okay. I'm not sure you are aware you are doing it, but there is a fallacious method of argument whereby a person makes numerous factual statements, but none of the statements actually support the argument they are advancing. Apple's cryptography methodology has nothing to do with this issue. They aren't modifying their cryptography. The proposal was that they would modify existing operating system code to
1. Remove the 10 tries limitation.
2. Remove the incremental time delays per try.
3. Allow password entry electronically at maximum speed. (said to be 80 ms.)
None of that touches on Apple's cryptography. An effort to introduce cryptography into the conversation seems to me to be an effort to distract from the real issue.
Apple's made it very public that if you mess up and your phone is wiped, they can't help you. This isn't shirking any sort of responsibility to provide a service to the customer. You can very easily shut off the functionality that wipes your phone! If anything, this is very American of Apple: they're placing the responsibility on the end user for their own device. Personal responsibility! Can you imagine?
Again, nothing to do with the salient point.
1. This phone was used by a criminal.
2. This phone was not the property of the said criminal, but is instead the property of San Bernadino county.
3.This phone may contain important information that might save future lives.
4. The effort on the part of Apple would be trivial.
5.Apple was balking at a valid search writ.
Now, on to your request on the court filing... swordmaker has graciously provided you with numerous posts outlining the requests in the court filing.
Swordmaker only provides information from that filing which is deliberately misleading. Swordmaker has been shot down so many times on his propaganda attempt that everyone is sick of reading more of his propaganda attempts.
DID YOU READ THE COURT FILING YOURSELF? That's all I asked you to do. Did you do it?
In it you will find a section that gives Apple complete control over everything. The section Swordmaker keeps quoting is superseded by that later portion which grants Apple the power to accomplish this goal in any manner they see fit. It's an open ended blank check.
Apple can keep custody of the phone at an Apple facility. Apple can keep custody of the modified operating system and can keep it from ever falling into FBI, or any other hands.
Find that section in the FBI filing and get back to me. Till you've looked at what the actual filing says, you are merely regurgitating Apple inc Propaganda.
Here is a portion of some relevant sections:
Apple's reasonable technical assistance may include, but is not limited to:
The SIF will be loaded on the SUBJECT DEVICE at either a government facility, or alternatively, at an Apple facility;
The Filing says Apple can control everything. Furthermore Apple could have requested clarification on this point if they had any doubts, but instead Apple chose to launch their Chicken Little, "The Sky is Falling!" act.
You and I are on the same page on this. Thanks for the great post.