

Apple’s dangerous game, part 2 - postmeta
http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/09/22/apples-dangerous-game-part-2-the-strongest-counterargument/

======
antimagic
Good grief. I would have thought that it was blindingly obvious that if
"Apple" can access information on a phone, that means that some _employees_ of
Apple can also do so, and I doubt very much that control of that access is as
tight as I for one would wish it to be. Closing the backdoor is a win purely
on that basis.

Add into that the large question marks over FISA's legitimacy as a court (
[https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveilla...](https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act#Criticism)
), and the potential for illegitimate use of the backdoor becomes decidedly
alarming.

My way of thinking is to compare a potential backdoor to what would happen if
the backdoor doesn't exist. You get a warrant, and now you use the warrant to
try and compel the accused to reveal the passcode to their phone. The accused
refuses. Now what? Two possibilities: 1) the defendant is protected by the 5th
Amendment, and can refuse to answer on the grounds that it may incriminate. If
this is how the law goes, then any attempt to backdoor the phone is
essentially an attempted end run around the 5th amendment. 2) The courts
decide that this does not infringe on the 5th, and is instead covered better
by the provisions for warrant-based search as provided for in the 4th
amendment. In this case, the courts already have well-established remedies for
refusal to acquiesce to a search, which should be used. Again, the backdoor is
unnecessary.

~~~
twoodfin
_the defendant is protected by the 5th Amendment, and can refuse to answer on
the grounds that it may incriminate. If this is how the law goes, then any
attempt to backdoor the phone is essentially an attempted end run around the
5th amendment._

I'm pretty sure that's not how the 5th Amendment works: Just because your
protection against self-incrimination allows you to withhold potential
evidence doesn't imply that the government can't attempt to acquire that
evidence themselves through other means.

You can refuse to answer questions like "What's written in your diary entry
for the night of the murder?" or "Where did you hide your diary?". The police
can still get a warrant to search your house for your diary and read it.

------
junto
When I first read part 1, I was slightly annoyed that such a prominent lawyer
would take such an approach.

I have to say I must now applaud Orin Kerr, for taking the time to take the
opposing arguments into account, and for publishing those reflections in
somewhat of an apology. It is rare that a lawyer is prepared to reconsider
their position, especially so objectively and publicly.

~~~
akmiller
He deserves no such applause. The fact that he recanted his position so
quickly shows that he literally put no research/effort into his initial
article that was published not just on a small personal blog, but on the
Washington Post's website. It is completely irresponsible of a man of his
intelligence/qualifications to post something like that to a major news
organizations website.

 __edit: If down-voting I 'd like to know why as I'm not saying anything
inflammatory. Please don't down-vote for disagreeing as that's not what down-
voting is for!

~~~
PeterWhittaker
The author is (apparently) an expert in his field (the law). He is not an
expert in our field (technology, broadly speaking), and certainly not an
expert in my field (security, broadly speaking).

He wrote a post based on legal considerations and upon his domain knowledge.
One of the interesting things about domain knowledge, or, more to the point,
lack thereof, is that without any, one cannot know the exact extent of one's
ignorance of other domains.

I am not going to go so far as to assert the author was heretofore unfamiliar
with the concept of a zero-day exploit, though it seems likely, but I would
suggest that the author is now at least notionally familiar with the concept -
and has written quite a good, clear follow-up article devoid of our jargon
(which is easily among the worst of the several domains I've been exposed to
over the years) indicating exactly and precisely why he reconsidered his
position.

THIS IS HOW KNOWLEDGE WORKS. Forgive the caps, but they are appropriate in
this case. If we waited for everyone to know everything we think relevant
before they wrote anything at all, all we would have written would be recipes.
And pornography.

A domain expert wrote a reasoned piece based on their domain knowledge. Others
helpfully directed that expert to domains relevant to the piece. The domain
expert then (quite speedily, I think) absorbed just enough of that domain's
knowledge to draw and state reasonable conclusions.

This is also how the law works, which is why it is so maddeningly slow
sometimes.

Editorial or "meta" notes: I upvoted because I don't believe in downvoting (I
often upvote downvoted comments for this reason) - but I believe you were
downvoted because you were lazy and chose to post _ad hominem_ comments
without due consideration.

~~~
phaus
>The author is (apparently) an expert in his field (the law). He is not an
expert in our field (technology, broadly speaking), and certainly not an
expert in my field (security, broadly speaking).

He markets himself as an expert on computer law. He also brags about working
on a government panel that studied privacy and other security related topics.

You cannot be an expert on computer law if you lack the context that is
provided by a basic understanding of privacy / network security issues.

The man is an incompetent fraud at best. Shortsighted and technologically
ignorant people acquiring authority is a large part of the reason the United
States' computer laws are terrible.

We aren't talking about a complex issue that requires domain specific
knowledge, this guy was genuinely surprised that a backdoor designed for admin
access could be used by those with malicious intent. If he really cared about
justice, he would hand over his license to practice and refrain from talking
while there are adults in the room.

------
chvid
I don't get why this is turned into some big political/philosophical
discussion.

If the government wants a backdoor and it wants Apple to open up iPhones based
on court orders then the government needs to make a law explictly ordering
Apple and similar to provide this service.

There is a parallel in my opinion in the legaslation for telecommunication
companies in many western countries requiring them to log their users activity
and when a court and in some cases just the police requires it, give them the
data. For a national telco this is major cost; just in Denmark it was
estimated by the former telemonopoly TDC to be in tune of 20 mio usd per year.

No company bears that sort of expense out of morals/patriotics.

Secondly other countries than the US may be interested in requiring this
feature of the phones sold in their jurisdiction.

~~~
eevilspock
> _" If the government wants a backdoor and it wants Apple to open up iPhones
> based on court orders then the government needs to make a law explictly
> ordering Apple and similar to provide this service."_

If such legislation passes Congress and fails to be ruled unconstitutional,
1984 was just 30 years late.

Big Brother is Watching You

WAR (on terror) IS PEACE

FREEDOM (privacy) IS SLAVERY

IGNORANCE (gag orders) IS STRENGTH

(and Apple's 1984 superbowl ad takes on a suddenly literal meaning)

~~~
hahainternet
> If such legislation passes Congress and fails to be ruled unconstitutional,
> 1984 was just 30 years late.

What rot.

------
jeswin
The naïveté in the articles was a surprise to me. If Orin Kerr, professor of
law and scholar in internet crime and surveillance, is enlightened* by the
suggestion "If Apple can decrypt, so can others", how much would the average
lawmaker or judge know?

Keep things like encryption out of regulation; because it can't be.

* edit: was "amused", which was incorrect.

~~~
fulafel
By my reading he took it seriously, what do you mean by amused?

~~~
jeswin
Sorry my bad, language issues. I meant "fascinated, by the idea". What would
be a good word here?

~~~
patio11
I think "enlightened" might be the word you're looking for. It means both that
the hypothetical conveys new information to him and that, as a result of the
new information, he comes to a new (and improved) understanding of the larger
picture.

The sentence doesn't strike me as 100% native phrasing with that substitution,
by the way, but it would be clearly comprehensible.

~~~
jeswin
Enlightened is indeed what I was looking for. Thank you.

------
GuiA
The guy doesn't really understand how encryption and cryptography and infosec
work, making the whole article very laborious to read and quite misguided.

Weep for the future of our world governments, which will be shaped by people
like this.

~~~
arjunnarayan
Before we start tossing about accusations against "this guy", let's take a
step back to recognize the following simple facts:

1\. The author is Orin Kerr, a nationally recognized Law professor, and co-
blogger at the single most influential Law blog - the Volokh conspiracy.

2\. His highest cited academic paper (421 cites, which is a lot in law world)
is titled "The fourth amendment and new technologies: constitutional myths and
the case for caution", so this is literally his domain of expertise, so maybe
you might want to acknowledge the possibility that he knows what he is talking
about.

3\. He _actually changed his mind_ based on additional evidence that was
presented to him in the form of counterarguments. Given how rarely this
happens, anybody capable of doing this in a public forum automatically gets
+10 Respect points from me.

4\. He has a technical background, as timsally pointed out, including
mechanical engineering degrees. Now if he has such trouble grappling with the
subtleties of cryptography and security threat models, maybe that is also
partially our fault as security practitioners. We should acknowledge that.

5\. I am aware that this all sounds like an elaborate appeal to authority, but
given the cavalier way people are criticizing the author (as opposed to his
arguments), I thought these facts should be stated.

~~~
GuiA
That's great. While I read his articles, I didn't bother to read the name of
the author because the validity of a reasoning should be independent of who
wrote it. Reading his original article just gave me a headache for the reasons
cited in my first comment.

I will agree fully with you on 3), and partially on 5) (only partially,
because on one hand I agree with the premise, but otoh if you're in a position
of authority your job is precisely to understand despite potentially poor
communication from other experts).

(I'm also not sure what my "accusations" are.)

~~~
arjunnarayan
I apologize. I wasn't really replying to you, but also to many of the comments
on this story that have been more insulting to Orin Kerr. E.g. "It is
completely irresponsible of a man of his intelligence/qualifications to post
something", "He still sounds like a government key escrow apologist,", "you
should lose your fucking license to practice law.", "Sounds like an apologist
and a shill for the entitlement mentality".

I disagree with your sentiment that we should weep for the future of our world
governments. I think things are slowly changing around in the right direction,
and a lot of that is thanks to people like Orin Kerr who are capable of
changing their minds when presented with hard evidence.

------
fulafel
He still sounds like a government key escrow apologist, just with a newfound
appreciation of third party misuse of the mechanisms.

But I guess it's a good start that he acknowledges there can be "net public
benefits" that outweigh the wiretapping benefits, maybe at some point he will
start appreciating protection against the security state as well.

------
netcan
The world is getting very squirrely. I feel like when we are talking about
privacy, security, rights and such we are awkwardly working with metaphors
that are struggling to maintain a logical relationship with the world as it is
now and as it will be going forward.

Realistically, a great part of my conversations and hence and great part of my
thoughts are digital, therefore aggregated, analyzed, stored, distributed,
vulnerable and everything else that comes with digital information.

The spies, the cops, the criminals, the banks, the entrepreneurs are all
treating it as a resources they can tap into.

~~~
disjointrevelry
Welcome to the watering hole.

------
jburwell
The government does not have a right to wiretap, and citizens are not
obligated to make their property searchable by the government. The ease with
which the government has been able to wiretap and search computers was a side
effect of technological immaturity not a design intention. Heck, one can think
of wiretapping as one of the first hacks of the phone system.

As the numerous recent data breaches have demonstrated, we need to build
systems as securely as possible. Allowing anyone besides the key owner access
to the data requires that the system be made fundamentally less secure. We
have presumption of innonocence in the USA which means I am assumed to be a
Good Guy (tm) until the government proves otherwise by due process of law.
Furthermore, a citizen's desire not to disclose information to the government
is not ns indication of guilt (5th amendment). The author of this these
editorials either forgets or misunderstands these rights -- accepting the
argument that everyone should surrender their privacy rights if they nothing
hide. Living in a free society requires citizens take some degree of personal
risk.

------
wvenable
While reading this article, one real world metaphor kept coming to mind for
me: a safe. That's really what the iPhone is; it is personal information
stored behind a combination lock.

Are safe manufacturers required to provide back doors to safes for government
searches? Is there any analogy to this in the real world?

------
ctdonath
Among other interpretations, I'm seeing this as a continuation/expansion of
one of Apple's axioms: "No comment." Whatever steps they can take to
facilitate not saying any more than they have to about anything is a self-
imposed imperative. By expanding implementation of encryption they can avoid
compulsion (legal or social) to get embroiled in users' activities and have no
reason, even no way, to comment on dubious legal or moral activities of
others.

The data services involved exist, from Apple's perspective, solely to entrench
users in the ecosystem and thus sell ever more hardware. Implementing robust
encryption prevents entanglement in anything beyond that objective goal.

------
the8472
The whole premise of the argument strikes me as odd. Users always had the
option of running a phone OS that does not send the keys to the kingdom to the
mothership.

Desktop operating systems similarly provide such tools either out of the box
(e.g. bitlocker, filevault, dm-crypt) or through 3rd party applications (e.g.
truecrypt).

Apple's old security model may have been convenient for law enforcment
agencies, but that does not mean that they are entitled to this convenience,
i.e. that it is reasonable to demand that this security model is the only one
offered to users.

So Apple merely switched to a different model that other systems were already
providing out-of-the-box.

------
cyphunk
The argument about criminals going dark with crypto is just fear bating and
FUD. The criminals you "really" want to worry about are already dark. The only
people iOS8 protects are your standard domestic criminals, which if they
hadn't already learned how to use crypto trust me --- they likely leak like a
sieve through many other vectors (web mail, pc's, ISP, etc).

What we should be debating is job security for domestic police. Because if we
do not put user-centric-crypto in everything one day police will loose their
jobs to robots and algorithms. Well, at least this argument is only _as
absurd_ as the authors FUD.

------
phaus
How is it that three of the best schools in the country churned out a computer
crime lawyer that knows so little about computers? If you go around calling
yourself an expert in computer law when you are clearly a layman in the
subject of general computing, you should lose your fucking license to practice
law.

------
gkoz
Does the threat of unauthorized remote access affect the public interest
balance much? It shouldn't be impacted by encryption.

------
vfclists
Sounds like an apologist and a shill for the entitlement mentality which seems
to afflict the entertainment, security, and law enforcement industrial
complexes.

Their sense of ENTITLEMENT is ENORMOUS.

"We are ENTITLED to YOUR PRIVATE DATA."

------
Htsthbjig
I think is it very naive to believe that the States(any State) side with your
interest.

In fact, the biggest crimes against humanity had been come from the state:
Stalin, Hitler, Pol Pot. They are responsible for tens of millions of dead
people, torture, kidnappings or rape and they were the heads of the State.

Hitler or Mussolini came from democracies.

If Apple could access ANY of their devices, they have to tell the NSA how they
do it, thanks to "Patriot Act".

This means the gobertment could AUTOMATICALLY access any device, they don't
need to ask anybody, only as a pantomime for justifying what they already
know.

This is too dangerous, democracy means that power could change if it does not
serve the public interest, but people in power want to remain in power by any
means.

~~~
vacri
The biggest benefactors to humanity also come from the state: outlawing
slavery, implementing universal healthcare, providing law and order,
underwriting transportation networks.

Knee-jerk fearmongering about the government doesn't help anyone.

~~~
chernevik
Wariness of the potential abuse of power is no more paranoid than following
proper technique handling a sharp kitchen knife.

~~~
snowwrestler
Yes but extending your analogy, the knife is sharp. I totally agree that the
government needs careful watching, but I disagree that we should totally fear
all government. A government without power would be like using a butter
knife...you probably won't cut yourself, but you'll also have a lot of trouble
cooking.

~~~
McDoku
That explanation deserves a slow clap. An upvote is simply not enough.

------
dang
Part 1:
[https://news.ycombinator.com/item?id=8349006](https://news.ycombinator.com/item?id=8349006)

------
gress
Jeff Bezos's newspaper publishes a legalistic piece impugning Apple.

Who is surprised?

