How does Apple’s supposed anti-conservative bias matter?
Since you insist, we’re going to leave this key in this back door, but we promise never to enter this way without a warrant. Never, ever, ever. (Belchers Albert, CC-BY-SA 3.0)
The software that the FBI wants Apple to write so as to install it on an iPhone is commonly described as a “backdoor”, but really it’s more of a sliding window. A backdoor is a system currently in place that allows someone with knowledge of the backdoor to open it. What the FBI is complaining about is that Apple hasn’t built a backdoor into the iPhones they sell. And they’ve made it very difficult to guess an unknown password, because, potentially, after ten guesses the phone will erase all of its data—and even if the erase functionality is turned off, subsequent guesses take more and more time. And because the data is encrypted using the password, the data can’t be gotten out in any way other than knowing or guessing that password.
The FBI wants Apple to build a window that they can slide into place, allowing the FBI to keep trying passwords until they guess the right one, without slowing down and with no fear of erasing the data.1
If the iPhone has a 4-digit password, they’ll be able to guess the password in several minutes to several hours, depending on how quickly the sliding window lets them try new ones. If it has a 6-digit password, it might take several days.2
I see a lot of commenters on conservative blogs saying that if this were a Christian baker or a tea party member, Apple would turn over the iPhone’s key without even requiring a warrant.
This is an important point. It isn’t just that we don’t trust the government or Apple to keep the sliding window safe. It is that we don’t trust the motives of future governments or future Apple employees.
Currently, those who think Apple would “turn over the key” if it were a conservative are wrong. Apple can’t do it because Apple designed their phones so that even Apple cannot hack them. They don’t have the capability, because they haven’t yet built the capability, even to brute-force the passwords by trying every possible one.
But if they build the tool the FBI wants them to build, they will have the capability.
This is true of any backdoor that anyone puts into their system. It’s why some NSA employees spy on their lovers. It’s why your CIO asks members of your company’s IT department to read an employee’s private email when they check their mail on company time.
Because they can. Because they’ve built the mechanisms that make it possible, it becomes inevitable that they will be used in ways they shouldn’t. Neither Apple nor the government are a single individual. They are, instead, made up of many individuals, and any one of those individuals can be flawed.
Maybe Tim Cook would use this backdoor against conservatives; maybe he wouldn’t3. But there’s no guarantee that a successor wouldn’t, once the backdoor has been created.
Further, someone trying to social engineer an Apple employee into getting them into someone else’s phone can, today, legitimately be told “it doesn’t matter how sad your story is, we literally cannot do this. If you don’t know your password, there’s no way to find it.”
After this backdoor is built, the answer changes to, “we refuse to try running our tool on your phone.” It’s not hard to imagine a harasser successfully concocting a sad enough story to trick an Apple employee into opening up their ex-wife’s phone, or opening up a celebrity’s phone, or opening up a witness’s phone.
Even if you can trust Apple’s security to keep the backdoor safe, and the government’s word that they will not require Apple to hand the backdoor over once Apple creates it—very dangerous assumptions—there are still very good reasons for not wanting Apple to build it in the first place. This is especially true if you think they have or could have a bias against some groups of people.
There’s another issue, too: the phone was not the terrorist’s main phone, it was his employer’s phone. His employer was the San Bernardino County Department of Public Health. If they had been using Apple’s Enterprise Deployment program, they could have co-secured the phone, allowing them to reset the phone’s password at any time. For a government agency, this is extremely important because it is necessary for adhering to various Public Records laws. But as far as I can tell, they didn’t do this for reasons I cannot find in any source.
↑I’m assuming about a half-second to a second per try. Also, if it’s an alphanumeric password, even this tool probably won’t guess the password unless it’s very short, but chances are it isn’t an alphanumeric password, because few people want to type in a long password on a crowded keyboard on a phone-sized device.
↑I think he wouldn’t, or I wouldn’t be a conservative Christian holding stock in the company.
↑
- Boeing bosses spy on workers: Andrew James
- “One such team, dubbed ‘enterprise’ investigators, has permission to read the private e-mails of employees, follow them and collect video footage or photos of them. Investigators can also secretly watch employee computer screens in real time and reproduce every keystroke a worker makes, the Seattle P-I has learned.”
- iOS Enterprise Deployment Overview at Apple Computer
- “When a device is managed, an MDM server can perform a wide variety of administrative commands, including changing configuration settings automatically without user interaction, locking or wiping a device remotely, or clearing the passcode lock so users can reset forgotten passwords.”
- NSA: Some used spying power on lovers: Evan Perez at CNN
- “The National Security Agency’s internal watchdog detailed a dozen instances in the past decade in which its employees intentionally misused the agency’s surveillance power, in some cases to snoop on their love interests.”
- Should Apple enable exes to access their ex-spouse’s iPad?
- Chris Matyszczyk wants Apple to just believe someone who says their spouse died, and give access to their iPad, then claims that this is how everything else, from house titles to bank accounts work. Unfortunately, he’s not far off there.
More Apple
- Apple’s FiVe Minute Crush
- Between 1984 and 2024, Apple’s advertising has gone from ridiculing 1984 to being 1984.
- Apple’s spinning mirror: exploiting children for dictatorships
- Apple has decided on “child porn” as the root password to disable privacy on their phones. But the system they’re using appears to be mostly worthless at detecting the exploitation of children, and very useful for detecting dissent from authoritarian governments.
- We have met the enemy, and he is our carrier
- If you want a phone that works as well as your Macintosh, you need a network that works as well as the Internet.
- Stephen Fry on iPhone killers
- “You’re only on this planet once—do something extraordinary, imaginative and inspiring. That’s the difference, ultimately.”
- The Ringtone Racket
- John Gruber adds his 99 cents to the iTunes ringtone debate, and comes to the same conclusion: Apple is losing its battle for the hearts and minds of consumers. It might make more money in the short-term, but it faces a significant chance of becoming just another company in the long-term.
- 19 more pages with the topic Apple, and other related pages
More FBI
- Hillary Clinton’s lost decade: 2012 concussion destroy’s candidate’s memory
- The Democratic candidate for president blamed a 2012 concussion for her inability to remember what is and is not classified information, and how classified information should be handled, despite a decade of training on congressional committees and at the State Department.
More iPhone
- Apple’s spinning mirror: exploiting children for dictatorships
- Apple has decided on “child porn” as the root password to disable privacy on their phones. But the system they’re using appears to be mostly worthless at detecting the exploitation of children, and very useful for detecting dissent from authoritarian governments.
- Another reason to keep Flash off the iPhone
- I don’t know what Czerniak’s position is about Flash on the iPhone; I hope he’s against it, because if his opinions about Flash on Snow Leopard gain any traction, Flash will never be on any mobile device.
- iPhone review process squeezes out another one
- Apple’s iPhone review process has now rejected the English language for being objectionable.
- Eucalyptus, revisited
- Eucalyptus is a great replacement for the paperback, not so great at using the fact that it’s a computer. But if you enjoy classics, I highly recommend it; it’s a beautiful e-reader for your iPhone/iPod Touch.
- Apple censors Kama Sutra
- Apple denied the beautiful e-reader Eucalyptus because it lets you search the web and find classics works of pornography… like the Kama Sutra. They’ve rejected the app because… you might use it to read Victorian porn.
More security
- On education, the left is mired in the fifties
- Why don’t schools have locked doors? Because when it comes to education, especially K-12, the left, as in so many things, is mired in the distant industrialized assembly-line past.
- Should Apple enable exes to access their ex-spouse’s iPad?
- Chris Matyszczyk wants Apple to just believe someone who says their spouse died, and give access to their iPad, then claims that this is how everything else, from house titles to bank accounts work. Unfortunately, he’s not far off there.
- Form validation with in_array in PHP
- When validating form input, you often will use an array of valid responses. Watch out if some of those valid responses are integers!
- The last four digits of your social security number
- The last four digits of your social security number are the least guessable part of your SSN.
More social engineering
- Security is hard, and 2FA is not the answer
- Is 2-factor authentication the magic bullet in security? Not unless we solve the real problem, which is that people always take the easy way out—and that includes service providers.
- Allow men to impersonate exes, transgender activists say
- Some transgender activists want banks to reduce the security on bank accounts, enabling abusive exes to access their victims’ bank accounts.
Remember: Trump reassures crowd after assassination attempt fails. (read more…)