
Cook: 'This Is Not What Should Be Happening in This Country' - mattingly23
https://www.onthewire.io/cook-this-is-not-what-should-be-happening-in-this-country/
======
KMag
The thing I think should be emphasized is that while the majority of the
people may now trust the FBI, the NSA, and the US Government in general to do
the right thing, this is the same FBI that just a generation ago investigated
Dr. Martin Luther King, Jr. as a <strike>terrorist</strike> communist and
apparently tried blackmailing him into committing suicide[0]. (The communist
threat at that time filled the same place in the American psyche as does the
terrorist threat today.) The NSA recently spied on their congressional
oversight committee. Without strong controls on government investigative
powers, we're just one Herbert Hoover away from a completely unchecked and out
of control security apparatus.

It's not about trusting the American government to do the right thing. It's
about trusting this government and all future American governments to do the
right thing.

EDIT: Also, at least one legal expert estimates that the average American
accidentally commits three felonies per day, meaning that most of us are
mistaken when we think we don't have anything to hide.[1]

[0]
[https://en.wikipedia.org/wiki/COINTELPRO](https://en.wikipedia.org/wiki/COINTELPRO)

[1]
[https://en.wikipedia.org/wiki/Harvey_A._Silverglate](https://en.wikipedia.org/wiki/Harvey_A._Silverglate)

~~~
rhino369
>It's not about trusting the American government to do the right thing. It's
about trusting this government and all future American governments to do the
right thing.

But you don't have to trust the FBI or today or tomorrow. The court order
doesn't require the FBI have access to the modified software.

Apple doesn't have to trust the FBI at all.

~~~
outworlder
What's preventing them (or other government organization) from issuing a
second court order to obtain the software?

~~~
rhino369
1) They'd still need the Apple signing key otherwise you can't update the
phone. The software, without the key, is totally useless.

2) The same thing that prevents the FBI from subpoenaing Apple's key. There
isn't a good legal basis for it. It's almost definitely unduly burdensome for
apple to give out their key.

If the FBI were to win a case like that, it doesn't matter what happens in
this situation.

------
zw123456
I think that if the government was asking gun manufacturers to install an
electronic lock on guns that would allow the FBI to disable any gun if the
suspected the person might be about to commit a terrorist act, there would be
a completely different reaction.

~~~
scrumper
Those things aren't really comparable. One is a pre-emptive action taken by
government before the commission of a crime, the other is a reactive
investigation tool. I also suspect your gun example might actually generate
more outrage at governmental overreach.

~~~
Johnny555
Software and hardware are fundamentally different so it's hard to find a close
analogy, but if Apple creates this tool (that can be applied to any phone (or
at least a large subset of their phones)), it's essentially the same as if the
decryption tool were present in every phone, even ones sold before the
commission of a crime.

The closest parallel I can think of is the Gun Microstamping law (which would
require that bullet casings be stamped with a mark identifying the gun it was
shot with). This has (as you might expect) generated a lot of controversy and
lawsuits.

[https://en.wikipedia.org/wiki/Microstamping](https://en.wikipedia.org/wiki/Microstamping)

~~~
martin-adams
>> but if Apple creates this tool (that can be applied to any phone (or at
least a large subset of their phones)), it's essentially the same as if the
decryption tool were present in every phone, even ones sold before the
commission of a crime.

This concept I find interesting. If Apple did have the _ability_ to create
this tool, then is there much of a difference?

I guess the difference is whether Apple were to give such a tool to the FBI,
rather than creating it, extracting the data and deleting the tool. But who is
to say that some clever individual can't create their own tool to achieve the
same thing.

Until Apple deliver on their desire to create phones you can't decrypt, I
would therefore consider all iphones vulnerable.

~~~
giovannibajo1
Third parties can't do anything because iPhones accept software only if signed
by Apple. So Apple is the only one that can create a software that lower its
protection level to allow for bruteforce.

And Apple can't decrypt the phone: it can remove the bruteforce counter and/or
exponential delay, both of which are paramount parts of the security
architecture that requires users to be able to unlock the phone using a
6-digit code (4-digits for non Touch ID phones like that in discussion), which
in turn is an important UX compromise to allow to reach the goal of having 90%
of 1B iOS devices with passcode lock activated.

Allowing for a remote bruteforce is basically undermining the whole security
architecture.

To make a phone that is not bruteforcable, you need to give up on the 6-digit
concept, which is already an option (I turned it on on my phone) but it's
strongly unlikely to gain widespread acceptance

~~~
martin-adams
Thank you, the bit I didn't appreciate was the signing of Apple's software to
do this. So yes, only Apple can (but wont) do this, thus making it secure
provided Apple don't or aren't forced to change their mind.

~~~
Johnny555
Once the government can force apple to create software against their will, why
do you think they won't also force Apple to hand over signing keys that will
let them target any phone they want? I don't see how the slippery slope can
end at one phone (and that slope is already sliding to encompass dozens of
phones - when it reaches hundreds or thousands of phones, the government is
going to decide that they need to be able to target phones on their own,
without Apple in the way)

------
elchief
I think the FBI might have made a mistake in picking a privacy fight with a
gay, middle-aged Alabaman who controls the (2nd) most valuable company on
Earth.

~~~
shostack
You forgot to add:

"and whose brand has taken a strong market stance on privacy and security."

I think people expect Microsoft and Google to cave given how cavalier they've
been with user data, particularly of late, so seeing them back this is a bit
two-faced.

However for Apple, this could have a significant impact on how their brand is
perceived in the market depending on how high of a priority the
"privacy/security" aspect is with their customer-base. They will fight this as
hard as they can because those dollars aren't just wasted legal costs, they
are building trust in the brand since they are putting their money where their
mouth is.

~~~
mmmBacon
Former Apple employee here. My impression is that Tim and other high level
management are really committed to user privacy in a very Jobsian way. It
isn't something that's being driven by some marketing person (although they
are clearly using it that way). Honestly, I doubt their business would suffer
if they caved. It's their philosophy. I saw it at all levels within the
company. I think their stance on user privacy is a natural outcome of the
need-to-know company culture within Apple.

~~~
shostack
Great point. And I think my comment may have implied more of a "this is a
marketing play" message than I intended.

Everything Apple has done over the past few years have really cemented their
stance on privacy/security as a top priority, even when it means sacrificing
some obvious revenue in the short-term.

A more accurate way to phrase this is I feel privacy and security are now a
part of Apple's DNA much like design has been historically. It isn't just what
the leadership stands for, it is what the company stands for. So when the
question arises internally of "how far do we fight this," I'm left with the
distinct impression that the immediate response is "as far as we need to in
order to win."

------
mc32
Rather this is what should be happening. Principals set forth their arguments,
congress steps in and sets the rules which then the courts interpret and
settle.

Government and manufacturer and service provider along with the constituency
coming to a decision on what should and should not be allowable.

As I understand it, the gov, is setting up a commission to investigate this
question, as it should [1].

As for mr Cook, I agree, what he speculates to should not happen, and as far
as I know is not happening. He's essentially setting up a strawperson argument
when he states: "If a court can ask us to write this software, think about
what else they could ask us to write. Maybe it’s an operating system for
surveillance, maybe the ability for law enforcement to turn on the camera."

[1][http://www.buzzfeed.com/hamzashaban/lawmakers-in-congress-
in...](http://www.buzzfeed.com/hamzashaban/lawmakers-in-congress-introduce-
bill-to-create-special-commi#)

~~~
facetube
No, the enforcement arms of the government should obey the law and leave
making laws to Congress and the constituency. CALEA specifically prohibits
government agents from ordering private companies to adopt "any specific
design of equipment, facilities, services, features, or system configuration".
Congress considered this authority and decided not to grant it to the police.

~~~
mc32
Precisely and this is what is beginning to happen. The congress is now taking
up the issue as it should[1]. Mr Cook on the other hand engages in speculation
to bolster his case --which is fine but he should also be called out on it.

[1][http://www.buzzfeed.com/hamzashaban/lawmakers-in-congress-
in...](http://www.buzzfeed.com/hamzashaban/lawmakers-in-congress-introduce-
bill-to-create-special-commi#)

~~~
kelnos
I think it's pretty obvious that Cook's statement is speculation. Why "call
him out" on it? I think his speculation is actually fairly plausible, but even
if I didn't, it's certainly not out of place there.

~~~
mc32
Because it's not all that different from people who speculate that data
valuable to the terrorism investigation is on that and other phones. Maybe
there is maybe there isn't, but we should not make policy based on
speculation.

We should leave policy to policymakers and courts as well of course as
constituents' input into the congress.

The question for people, congress and the courts is, should phones be
different from other mediums of communications as well as data repositories
where warrants cannot be executed to reveal or discover data in the course of
a criminal investigation. Will people, the congress and courts decide that
data should remain dark or can be revealed by court order. It's rather a basic
question.

------
headgasket
Conspiracy theory warning: might I ask, is there a remote possibility that
this is a coordinated attempt by both parties at making the world feel safe
about iOS, while this backdoor already exists? Like the allies and decrypted
enigma data during ww2, used only in strategic occasions to prevent suspicion?
Should we trust a closed-source handset?

~~~
studentrob
That would be quite a coordination. I doubt it, because the debate will inform
the public about encryption, and there are people watching Apple's moves here
who are prepared to call them out if they give anything but the best security
in future versions of the iPhone.

Personally I track the software Snowmen endorses and use that as a gauge. You
can google that and compare the security features of software out there. The
ones snowden uses are open source and have the most security features.

That doesn't say anything about Apple, but the idea that it is coordinated,
given Cook's private life and his stance on privacy, seems slim to me. Note
also that Apple was the last major company to be forceably joined into the
Prism program. They've always been resistant.

------
DAddYE
I now live in America but I know little about laws. Let's forget about Apple
and technology.

Let's say that the gunman had a safe in his apartment. FBI can't open it
without destroying its content.

FBI (like in others countries) can ask the Company who made the safe for help
to open it and that company should help them to do so at its best.

If that company is unable to open the safe, is it admissible (under the
current laws) to ask the Company to make a master key?

~~~
_rknLA
It's unclear if you're trolling, but assuming you're not, the analogy doesn't
work because digital things and physical things behave in fundamentally
different ways.

In the physical example, according to the FBI's "just this one iPhone" claim,
one would reasonably expect that the company could then destroy the
hypothetical master key as soon as it's used. This makes sense in a physical
world, but the analogy breaks down completely in a digital world. [Returning
your spider doesn't solve the
problem]([http://www.27bslash6.com/overdue.html](http://www.27bslash6.com/overdue.html)).

In the digital world, you can't guarantee that the key hasn't been copied, and
you can't guarantee that destroying the "original instance" of the key
destroys all others.

The custom OS that the FBI is asking Apple to build will also take development
time, and likely take more than one person to develop, meaning that if there's
a security breach during the OS's development, any number of intermediate
builds may also be stolen _during development_ , before the FBI can even
access the particular phone in question.

~~~
rhino369
>In the physical example, according to the FBI's "just this one iPhone" claim,
one would reasonably expect that the company could then destroy the
hypothetical master key as soon as it's used. This makes sense in a physical
world, but the analogy breaks down completely in a digital world.

Why not? Can't apple just delete it?

>In the digital world, you can't guarantee that the key hasn't been copied,
and you can't guarantee that destroying the "original instance" of the key
destroys all others.

You can't do that in the physical world either. But you can be pretty damn
certain that it isn't done.

>The custom OS that the FBI is asking Apple to build will also take
development time, and likely take more than one person to develop, meaning
that if there's a security breach during the OS's development, any number of
intermediate builds may also be stolen during development, before the FBI can
even access the particular phone in question.

Apple already takes this risk with every since iOS release.

~~~
_rknLA
Yes, but leaks of pre-release iOS software can't be installed on locked phones
as a means of unlocking them, so the risk is not nearly the same.

If you really want to carry this analogy to term, fine, I'll concede that you
can't be 100% sure that a physical key wasn't copied before you destroy it,
but then you must take into consideration the complexity of manufacture and
duplication - if the complexity of duplication is high, and you only make one,
and guard it at all times, you can have a fairly high confidence (barring
ridiculous film plots) that the key you're destroying is the only one.

With digital things, the complexity of duplication is beyond trivial. One copy
leaks, and instantly there are tens of thousands, if not millions of copies in
all corners of the internet. Physical objects simply do not behave this way.

------
zero6525
So far there is only one person in Silicon Vally who has completely nailed it:
[http://video.cnbc.com/gallery/?video=3000495767](http://video.cnbc.com/gallery/?video=3000495767)
(Scott McNealy on CNBC this week)

~~~
anonbanker
about ten years ago, Scott McNealy got in a lot of crap on slashdot for that
comment.

it sucks that he was right.

~~~
zero6525
Right, but the headline is not the main point of the interview.

------
stillsut
There's this man-on-the-street video where people at an organic vegetable
market are asked to sign a petition outlawing Di-Hydrogen Monoxide. Many do,
as they are advised it so corrosive that it cuts through rock!

I'm starting to think gov't spying is the techie's equivalent boogieman. I
fear this is born out of a shallow understanding of dystopian surveillance
state sci-fi.

Currently, law enforcement can already intercept your calls and emails - Yes
that means compelling your teleco provider with extra work. They can already
come into your house and take anything they want: read any document, open any
safe. All provided they have a court order. If they do any of this without a
court order then _they_ go to jail. And all the evidence collected illegally
gets thrown out from being used against you.

Because we have standards for what can be used as evidence in a trial, we
continue to have liberty, not because law enforcement has been kept in the
dark technologically speaking. In fact, it's some of the least technologically
advanced societies - like N. Korea and Afghanistan (under Taliban i.e. banned
music) that come to resemble sci-fi surveillance states.

Finally: your smartphone's logs, your DNA, public surveillance video are far
far far likelier to exonerate you if you're innocent than wrongfully convict
you. We're thinking about this issue all wrong and technology will continue to
play a role of helping the traditionally disenfranchised resist police over-
reach - think what portable cameras have done to police interactions already.

------
earlyadapter
Remember Steve Job's vision for Apple has always been a closed system end to
end... He was security minded before the net. It is a shame that the
government has taken the low road by trying this case in the court of public
opinion after they permanently locked themselves out of the iphone! The worse
part is using the grieving victim's families to make Apple look like the bad
guys. I kind of wish Job's was alive for this fight! Tim Cook can't say it,
but 14 people killed by some kooks vs millions of people's safety being
intentionally compromised is not a bargain. 14 people die in mass shooting
Damn near every month! What happened to good police work? Doesn't the NSA have
everyone's communication data on a server somewhere anyway? If the government
in the business of ordering businesses to work against their interest for the
sake of public safety, where is the court order for tobacco companies to
permanently stop selling cigarettes. Cigarettes kill hundreds of thousands of
people each year. Luckily Apple is sitting on enough cash to fight this... I
just hope their stock price and future aren't hurt by this deliberate attempt
to assassinate their brand.

~~~
studentrob
> the government has taken the low road by trying this case in the court of
> public opinion

But they're not.. They're trying the case in front of unelected justices. The
court of public opinion would be to create a law with Congress, and give us a
chance to elect people who will represent our views.

------
drawkbox
Security is a huge for advancement and social progress as well as business
secrecy for innovation and market timing.

This hits the broad political spectrum and I can't believe our War on Terror
has led us here. We now (legally somehow?) have internal systems that attack
our own freedoms much greater than any terror attack could, it is the
legislation after the fact that has taken our freedoms.

We are here now, where a company has to go public to get back to the old real
freedom ways of the Fourth Amendment, to be secure in your papers (data). That
was written for a reason at a time when people might try to take advantage of
powers to protect people. This is a frontline battle.

Thank you Apple, the new killer feature is security...

 _The right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures, shall not be violated,
and no Warrants shall issue, but upon probable cause, supported by Oath or
affirmation, and particularly describing the place to be searched, and the
persons or things to be seized._

------
narrowrail
Here's how I see it:

Unless congress is willing to outlaw the ability of Apple (or any OEM) to
securely architect their phone hardware such that it is _impossible_ for them
(the OEM) to be helpful to law enforcement, this issue will soon solve itself.
These OEMs simply do not want to be in the middle of these investigations.

------
staunch
Tim Cook has the future of technology on his side. His opposition is tilting
at windmills.

------
randiLee
It isn't a strawman, though. That's what they were trying to enforce.

------
studentrob
The article doesn't tell the complete story of Cook's position.

I would instead summarize by saying that Tim is not afraid to call out the
government on their lack of communication skills, and he admits his discomfort
of the position he is in.

Here are some relevant excerpts from the interview [1]

\----------------------

15:12

David Muir: You have talked to the President before on these issues [yes] of
privacy and security. Are you disappointed there wasn't more of a dialog with
the administration before this swift action from the justice department?

Tim Cook: Yes.

David Muir: You wish there was more done?

Tim Cook: Yes. And I think there should've been... We found out about the
filing from the press. And, I don't think that's the way it should be run. And
I don't think that something so important to this country should be handled in
this way.

\---------------------

26:00

David Muir: I'm curious Tim. Did you ever think that you would find yourself
at the center of such a crucial national debate?

Tim Cook: No. This is not a position that we would like to be in. It is a very
uncomfortable position. To oppose your government on something doesn't feel
good. And to oppose it on something where we are advocating for civil
liberties which they are supposed to protect, it is incredibly ironic. But
this is where we find ourselves. So for all of those people who want to have a
voice, but they're afraid, we are standing up. And we are standing up for our
customers because protecting them, we view, is our job. And I hope, and I
think, I'm very optimistic, I think we will come together. I don't know what
will happen. But I think we will come together and there will be one path
forward. The US always comes out of these things well. I feel very good that
the debate is going on. Even when people disagree with us, it is good that the
debate is happening. That's what makes this country so special.

David Muir: And for you, personally, has this been the biggest challenge in
being CEO of Apple that you've faced?

Tim Cook: I've faced a lot of challenges. But I've never felt, sort of the
government apparatus. And so yes I would say this is right up there. But it's
not my sole focus by any means. We're focused on making great products.

David Muir: ... Are you prepared to take this all the way to the supreme
court?

Tim Cook: We would be prepared to take this issue all the way, yes. Because I
think it's that important for America. This should not be decided court by
court by court. If you decide that it's okay to force a company to do
something that they think is bad for hundreds of millions of people. Then,
think about this for a minute. This case is an awful case. There is no worse
case than this case. But there may be a judge in a different district that
feels that this case should apply to a divorce case. There may be one in the
next state over that thinks it should apply to tax case. Another state over it
might apply to a robbery. And so you begin to say, wait a minute, this isn't
how this should happen. If there is going to be a law, then it should be done
out in the open for people so their voices are heard through their
representatives in congress.

David Weir: And if congress decided that there's this small category, this was
a terrorist's iPhone. If congress decided that, if the American people signed
off on that, you'd entertain it.

Tim Cook: Now let me be clear. At the end of the day, we have to follow the
law. Just like everybody else, we have to follow the law. What is going on
right now is we're having our voices be heard. And I would encourage everyone
who wants to have a voice and wants to have an opinion to make sure that their
voice is heard.

[1] [http://abcnews.go.com/WNT/video/exclusive-apple-ceo-tim-
cook...](http://abcnews.go.com/WNT/video/exclusive-apple-ceo-tim-cook-sits-
david-muir-37174976)

------
jMyles
If Tim Cook wants this not to happen in this country (or anywhere), then he
needs to ensure that future Apple products are sufficiently secure that he can
say, "there's nothing I do to help - this device cannot be broken into by any
method we know of."

~~~
dragonwriter
That doesn't actually prevent the government from issuing orders with dire
consequences for violation to manufacturers to break into devices on behalf of
the government, it just means that such orders will leave manufacturers no
choice but to accept the dire consequences -- and, if they can't, to stop
manufacturing devices that they can't break into.

~~~
jMyles
True.

But if you accept that evolution of the internet in this direction in
inevitable and a natural process of history, then this is like saying that
"there's nothing stopping the government from issuing orders that gravity be
temporarily disabled."

~~~
dragonwriter
> But if you accept that evolution of the internet in this direction in
> inevitable

I don't accept that the evolution of the internet in the direction of consumer
devices with manufacturer-unbreakable security is inevitable, _particularly_
in the face of governments actively punishing manufacturers for failing to
break into devices at the governments' demand.

In fact, I would argue that such an evolution is _quite_ evitable.

~~~
jMyles
We'll see. :-)

------
niels_olson
Do you think this would be happening if this was an IBM product and Cook was
in charge of IBM instead of Apple? I think the corporation itself brings out
some real politico-cultural prejudices in people.

~~~
studentrob
Different companies have different values which foster different cultures and
attract different people to work there. Apple's credo is think different. I've
no idea what IBM's was or if they were friendly with the government in their
heydays but it's an interesting question whether or not they were friendly
with the government back then on intelligence matters.

------
kingkawn
After the Arab spring does anyone believe that internet freedom will continue
as it did before anywhere?

------
samstave
Cook should play the card he has: Cook is known to be gay. What if "being gay"
was illegal and then the government wanted to "find all the gays and round
them up".

He should use that card as his last straw. THAT should help people understand
the nefariousness of this matter.

~~~
prawn
I imagine that the subset of people who are in the "save lives, stop helping
the terrorists" camp are generally not in the "worry about gay people under a
hypothetical future government" camp.

~~~
samstave
Hahaha I'm sure you're correct. Too back Tim Cook isn't Jewish.

------
jorgecurio
[https://www.youtube.com/watch?v=T4YtgA2jnu4](https://www.youtube.com/watch?v=T4YtgA2jnu4)

America is undergoing subversive actions by foreign government agent
influencing America's corporate elites.

------
samstave
The ABC interviewer is a fucking shill.

"Dont you think this phone could save lives??"

That guy is literally asking questions written by the USG.

It is completely transparent that ABC is shilling for the USG.

------
jobead
Apple to FBI: "Here's an ELI5 on how the All Writ's Act is supposed to work"

------
ricksplat
Hopefully Trump doesn't get into power and sends Tim to Guantanamo!

------
FrankyHollywood
I'm still not convinced Cook is right. This phone may very well contain
information which could save a lot of lives.

According to the article, the ballpark is 2 weeks of engineering, so it is
probably done in less time.

Why so quickly? Because the user used an extremely weak password.

Security is also the responsibility of the user, not only the tech companies.
If you are really concerned with your own privacy, than you shouldn't encrypt
your data with a 4 digit passphrase which is relatively easy to crack.

Considering the commited crime, and the relative ease of cracking the phone
I'm in favor of the FBI. As long as the firmware is not handed over to them,
but that should be possible I presume.

People worrying about Apple engineers smuggling the software outside should be
worried everyday. People with access to the codebase can do this probably
allready.

~~~
jacquesm
It obviously is not about this particular phone, but if you are still
convinced that is the case nothing I will say will make you move.

The real reason is the millions of other phones out there. If there was any
indication that this couple was acting as the vanguard of a large number of
others acting in a similar way what exactly do you think the chances are that
that data would be left on a phone when they took the effort of destroying
their other phone?

This is the prelude to a large number of fishing expeditions and it seems the
FBI made this particular effort possible by first _ordering_ a third party to
make it impossible to reach the data in any other way. If they actually cared
about that data you'd think they had contacted Apple right away about the best
possible way to get it out without bringing this to a head over a terrorist
case where lots of panicky people would make the wrong decision out of fear.

If you really are concerned about your privacy: don't store your important
stuff in a phone or a computer for that matter.

Ironically, terrorists on a suicide mission don't need ironclad encryption.
They just need to stay ahead of the law long enough to do their deed and to
make sure the data flows in only one direction through their organization
without leaving a source address for any transmissions. So for actual
terrorists that are even remotely looking at their operational security they
could be transmitting at the same level within their cell in plain text using
a few silly code words and you'd only know what they were up to when the
ambulances arrived.

~~~
FrankyHollywood
If I understand you correctly, you think the FBI deliberately got the phone in
a worse state, so there was a necessity to get new firmware?

~~~
jacquesm
No, I'm not saying that. I'm saying that they caused the situation to exist in
the first place, whether or not it is deliberate is anybody's guess at this
point in time.

