
Why Apple's fight with the FBI could have reverberations in China - peterkelly
http://www.latimes.com/business/technology/la-fi-tn-apple-global-privacy-20160219-story.html
======
tomschlick
The government caused all of this. First they collect the communications of
essentially the entire planet (including citizens) and now they act like a
victim when consumers want data privacy.

I feel like they are using this case as the poster child even though they
don't expect to actually get anything meaningful from the phone. Especially
since this was a work phone and the guy's personal phone had been destroyed
beyond repair. To me that says anything meaningful would have been on that
destroyed device.

~~~
txru
Devil's advocate: Consumer preferences or the fact that it was a work phone
don't matter, as long as a warrant has been attained.

This case is a constitutional matter from the beginning-- the Federal
government does possess the ability to search a citizen's belongings and
communications, given that it has a proper warrant. The Fourth Amendment
checks this power.

So, if a Federal judge has issued a warrant, and it is possible, even if
difficult, to serve that warrant, the government does have the authority to
make that material available to the court.

What I'm getting at is that encryption can make subpoenas and serving warrants
impossible for the courts, and that's something that I understand the
government being concerned about.

Could this be a power play to establish a precedent, and say the party
withholding is aiding terrorism? Probably. Despite that, I understand the
government's case.

~~~
bad_user
They are coercing companies into using their resources to produce software and
introduce backdoors that can hurt honest customers. And this will hurt
companies like Apple, since security is something they sell.

In regards to subpoenas, can the government read your mind? Should they be
able to? Well, our devices are an extension of our mind and if you make the
case that the government should have access, that's a slippery slope imho.

Furthermore, this will only work against small time criminals. Crime
syndicates on the other hand have the resources to acquire knowledge and
protect themselves. There's always the analogue loophole and some would argue
that such tactics do nothing but to misuse resources, instead of good old
detective work, ultimately hurting the honest taxpayers.

~~~
qiqing
On that note, if the government has a warrant, should they be allowed to use
EEG to get your phone's PIN code regardless of your consent?

[https://www.usenix.org/conference/usenixsecurity12/technical...](https://www.usenix.org/conference/usenixsecurity12/technical-
sessions/presentation/martinovic)

~~~
Crito
If the government has a warrant, should they be allowed to use a stethoscope
to get into your safe regardless of your consent?

I can't think of any possible reason they shouldn't...

~~~
khuey
Your analogy doesn't require compelling the participation of the safe
manufacturer.

The government has the phone, nobody is stopping them from hacking it.

~~~
Crito
My analogy does not, but neither does the hypothetical scenario it was a
response to.

> _" should they be allowed to use EEG to get your phone's PIN code regardless
> of your consent?"_

On the point of compelling labour, I question where Apple's sense of civic
responsibility is. They should be eager to help their community and provide
any assistance the FBI needs, _provided the FBI is acting legally_. They
should not need to be _compelled_ to help.

You can't compel Apple to have a sense of civic duty of course, but it sure is
disappointing that they lack one.

------
tracker1
I think the article's premise is right... whenever I see the U.S. Government
encroach like this, or try to undermine domestic security, I always want to
ask those Senators, and other government representatives if they'd be okay
with China, Russia, Iran and the like also having these tools... because they
rarely stay secret when they're created.

~~~
JoshTriplett
Those same government representatives don't see any problem with asymmetry
between governments, because of course a good American company should respect
the _American_ government (or more to the point, is subject to US
jurisdiction).

~~~
tracker1
It's not about the U.S. having tools other countries don't have.... when it
comes to something like this, if created, it's a matter of when they have
them.

Strong security is strong security... creating artificial back doors,
regardless of intent, weakens security... We already have a three letter
agency whose job it is to crack these things, why isn't the FBI making these
demands to the NSA to build?

------
teacup50
Or, China could acquire Apple's signing keys and/or source code through
espionage, and then unlock any device -- now, or at any point in the future.
We already know this occurs:

[http://www.nytimes.com/2010/04/20/technology/20google.html](http://www.nytimes.com/2010/04/20/technology/20google.html)

The backdoor already exists; Apple is just being forced to admit that they
designed their security (in this case, the security of the KDF-performing
hardware) around the idea that Apple can neither be coerced, corrupted, nor
compromised.

Pin numbers are weak passwords, and Apple built tamper-resistant hardware to
provide a physical solution to this inherent weakness in the keying process.
They also left a door open for themselves to subvert this physical solution in
the 5c, and also in later devices with Secure Enclave.

If they hadn't left that back door in place, then the FBI would have nothing
to ask for, and Apple wouldn't be an extremely high value target for
authorities in states like China. They did leave that door open, however, and
whether or not the FBI compels Apple to use it now limited bearing whatsoever
on the risk going forward.

~~~
criddell
What exactly is the back door that was left in place? Making the secure
enclave firmware writable?

~~~
teacup50
Correct; more specifically, leaving the KDF retry enforcement behavior
writable on locked devices, and in the case of secure enclave, possibly
exposing fingerprint-protected keys themselves to Apple-signed updated
firmware.

~~~
pcwalton
Do you have a source that confirms this? So far everything that I've seen,
including the story on Hacker News [1], indicates that we don't know whether
the Secure Enclave code can be updated without already knowing the key.

[1]: [https://www.mikeash.com/pyblog/friday-qa-2016-02-19-what-
is-...](https://www.mikeash.com/pyblog/friday-qa-2016-02-19-what-is-the-
secure-enclave.html)

~~~
criddell
This doesn't have a link to an Apple source, but it's a little more
information:

[https://www.techdirt.com/articles/20160218/10371233643/yes-b...](https://www.techdirt.com/articles/20160218/10371233643/yes-
backdoor-that-fbi-is-requesting-can-work-modern-iphones-too.shtml)

------
rrggrr
tl;dr - USGOV master access to Apple's encryption gives repressive regimes the
moral and political cover to publicly conduct the same surveillance they are
already doing, but also to make similar demands of US Manufacturers. It will
provide some competitive advantage to a hardware manufacturer from a country
who refuses to backdoor their equipment, but not in markets where decryption
keys will be required (eg. US)

------
rogeryu
Great to see that China requested Apple to prove that the US government could
not snoop data on their iPhones, while at the same time the US government is
scared that China gets encryption keys.

This sums it all up!

------
bawana
I thought Apple was an Irish company (like Google,Pfizer Tyco, etc all those
companies that have done tax inversions). How can they be compelled to follow
US law? Just because they have an office here?? What if they moved ALL THEIR
JOBS to Canada and Mexico? Would the CIA then have the right to engage them
because they were foreign? Would drones accidentally crash into their
headquarters? Or is the CIA going to start a campaign against Apple? This
looks a lot like cancer when the body attacks itself.

Though I agree with the sentiment that terrorist behavior is abhorrent, we
cannot allow the terrorists to win by succumbing to the pressures they create.
I understand the need for improved intelligence to predict and prevent future
incidents, and I think there is no better example for the value of human
intelligence (humint). Rather than engaging in the dirty business of scouring
everyone's dirty laundry, I think the gov should crowdsource this effort. The
gov's role should be in developing infrafrastructure, methods and plans on how
to assess, verify and value the information they receive-rather than pursue
the acquisition of data themselves. Ultimately it's still the same problem
they have with their own agents-how do you know the information you are
getting is true? Wasn't the search for WMDs in Iraq an example of unverified
intel acquired by our own agencies?

As Snowden pointed out, no one lives in a vacuum. The gov has the metadata of
every tel no and IP address that phone connected to. Those are probably much
lower hanging fruit. The individuals that own those devices may be couriers,
innocent bystanders or unrelated websites. But that is the job of the agency-
to rank these leads, pursue them and prosecute the highest risk ones.

------
mc32
No country needs another's precedent to proceed with their own laws based on
their own basic laws.

They are not "waiting to see how country X handles this". If they want to they
will. They have large enough markets to force or persuade companies to comply.
China is not waiting to see if the US will censor news outlets to see if they
can censor journalists. They'll just go do it. They'll do it like India did to
BBM a few years ago, if they so wish.

They don't need the imprimatur or precedent from anyone else.

~~~
glhaynes
Sure, technically, they can pass whatever laws they want as a sovereign
nation. This would make it less costly from a "political capital" standpoint,
though, and thus presumably more likely for them to do it. FTA:

 _The White House has told Beijing that it has major concerns about its new
counterterrorism law, a somewhat vague piece of legislation that may require
American companies to hand over encryption keys and provide backdoor access to
their computer systems.

“This is something that I’ve raised directly with President Xi,” President
Obama told Reuters last year. “We have made it very clear to them that this is
something they are going to have to change if they are to do business with the
United States.”

Those demands will be harder to make if the federal government succeeds in
getting Apple to give up its fight, according to one of the Senate’s leading
voices on technology policy._

~~~
mc32
That probably explains their acquiescing to American concerns about human
rights, torture, press and reproductive freedoms as well as their speedy
roughshod trials of dissidents and others.

I really don't see them persuaded by that logic. They'll do what they want to
do regardless so long as its impact on their economy is minimal.

------
micwawa
I gotta say, for someone who is very much pro-TPP, Ron Wyden seems suddenly
concerned about entities overseas using legal power to push around US
businesses.

------
SFjulie1
Argh I guessed the OP meant repercussion 1) unintented consequences and 2) re
emission of percursion ~= reverberation

While reverberation is kind of just the echo of a vibration.

~~~
spectralwarp
Reverberation: 2.b. An echolike force or effect; a repercussion:
Reverberations from the stock market crash were still being felt months later.

[http://www.thefreedictionary.com/reverberation](http://www.thefreedictionary.com/reverberation)

~~~
SFjulie1
I guess the unintended consequences rather than the physics matter.

Okay, it is a question of taste.

But my proposition works in more than one language (latin included). ;)

