
The US Government has no credibility to compel anybody to weaken security - StuntPope
http://blog.easydns.org/2016/02/22/the-us-government-has-no-credibility-to-compel-anybody-to-weaken-security/
======
mcculley
This is exactly how I feel about this. There would be an actual interesting
debate to be had about the powers of the state versus corporations versus the
rights of individuals to perfect end-to-end encryption if the state hadn't
been using warrantless wiretaps and National Security Letters for the last 15
years. As it is, the state has shown it can't be trusted with that power.

~~~
ktRolster
It's an old debate, and I think it can be summed up in a single sentence:

 _Government would be awesome if it worked right_

I would give the FBI everything if I trusted them. A monarchy/dictatorship
would be most efficient if there were a way to guarantee a good
monarch/benevolent dictator.

~~~
morgante
Madison said it best:

> If men were angels, no government would be necessary. If angels were to
> govern men, neither external nor internal controls on government would be
> necessary.

~~~
woodman
People are bad, therefore we need a government made up of people are bad...

~~~
dibujante
Well, yes. If you are bad, you want what's best for yourself. But if you know
that the other guy is bad, then you know he wants what's best for himself. So
you set up the rules of the game to ensure that he can't get what he wants
without you also getting what you want.

See the prisoner's dilemma. If both people are bad, they will have the worst
outcome. If either of them thinks the other is bad, then they will also be bad
in order to protect themselves. So the best outcome (you are bad, and they are
good) is impossible, because they know you're bad and will be bad themselves.

So two bad people have a good reason to write a law preventing them both from
being bad, because that's the best outcome they can get for themselves.

~~~
woodman
That is assuming rational self interested actors and equal cost/benefit. We
don't need to look very hard to find examples of irrationality and imbalanced
incentives. Also, how many times have you been exhorted to act against your
own interests and think of the children? The road to hell is paved with good
intentions.

~~~
dibujante
If these objections that you are raising were wrong, then we would live in a
utopia. You're right that people fall short, but I think the point still
stands that checks and balances can help overcome human unreliability, even if
every human involved is unreliable. Just look at democratic institutions
without checks and balances.

~~~
woodman
I'm actually a big fan of the competing interests concept, it is a very
eloquent solution. Where it goes off the rails though is the combination of
that concept and the involuntary surrender of individual sovereignty to the
very same people with whom your interests compete.

------
pdkl95
This is the key issue in this entire debate:

    
    
        [T]he Government has ... violated the trust of the American people [and] broken
        the law themselves by already conducting wholesale surveillance of the citizenry
        ...
        Thus, the number one issue, the issue that should preempt all other issues,
        is how the government regains it's credibility and re-establishes trust.
    

Far too many people - even here on HN - are taking about the government's
order to Apple in isolation. The common arguments by the government and its
supporters are based on the assumption that any action taken would be limited
to the current situation.

Except this isn't an isolated situation. The government has been fighting
against the free use of encryption for decades. Saying the order given to
Apple is limited to this single case is practically admitting ignorance
(willful or not) about:

* The investigation of Phil Zimmermann and the export of PGP as a a "munition"

* Bernstein v. United States

* The Clipper Chip (Skipjack) and other key escrow systems of the fist crypto war

* "Total Information Awareness" (w/ John Poindexter of the Iran–Contra affair)

* The beam splitter in room 641A of AT&T's facility at 611 Folsom St.

* The illegalities brought to light by Daniel Ellsberg, William Binney, Thomas Drake, Edward Snowden, and other patriots that kept their oath to defend the constitution.

* How many public security standards were ruined as part of BULLRUN and related programs.

* The recently-discovered use of "Stingray" devices ("IMSI-catchers") by the FBI.

* (I'll just stop the here - there are many other examples that should be included)

These actions clearly show a pattern of trying to gain backdoor access or
other surveillance capabilities. Yet some people suggest - usually without any
evidence - that the government should be _trusted_. What, specifically, has
the government been doing in the area of communication security that has
justified _any_ amount of trust? Actions are more important than promises.

It would be nice if this wasn't such an adversarial relationship.
Unfortunately, this _cold civil war_ we are in where the government treating
everyone as a potential criminal by default doesn't leave us with a lot of
options. Until we see real actions that regain some amount of the public's
trust, the _rational_ approach has to be to not trust the government at all.
To do otherwise is either ignorance of history or blind faith that the
government never lies.

~~~
vectorjohn
The government absolutely should not be trusted. That's why Apple shouldn't
give them a skeleton key to get into any phone, just the legally compelled
access for this specific phone. Apple can make that happen trivially. If the
government was telling Apple to make an actual backdoor for any phone, this
would be different.

Nobody (except the most unreasonable) has any problem with the FBI searching
property when they have a legal warrant. That's what is happening here. It's
the equivalent of asking a manager to open a storage unit. This specific case
is not anything like any of the examples you gave.

~~~
Lawtonfogle
>The government absolutely should not be trusted. That's why Apple shouldn't
give them a skeleton key to get into any phone, just the legally compelled
access for this specific phone.

You are still trusting that the legally compelled access is all good and
valid, ignoring rubber stamping by courts. Allowing access to this phone due
to a court order, when combined with a history of abuse by the courts, is as
good as any other skeleton key.

~~~
vectorjohn
Not at all. If they had a real skeleton key, they wouldn't need to get a
warrant.

Rubber stamping is a separate issue. If that's what people were worried about,
why would it be this case in particular getting everyones hackles raised?
Every warrant to search a house or a car should be questioned, but this case
isn't special.

~~~
mglinski
The government does not need a warrant to gain access to your information,
easily evidenced by mass surveillance of the world for the past 15 years. If
they really want something you have, they will just take it mobster style and
tell you to go fuck yourself. They don't have to charge you with a crime, they
can charge your property with a crime and force you to deal with a kafkaesque
process where your property is guilty until proven innocent by the people who
issued the very order to seize it. Information + Encryption is one of the only
things regular people have that is resistant to this process.

They do need a warrant for any information to not get laughed out a US court
though. This is the main reason they are going after the data this way,
because they want what they found and know wouldn't survive discovery to
eventually be admissible as legally obtained evidence. That and it will set a
nice precedent for them to deputize private persons and corporation into being
law enforcement when they just can't be asked to not fuck up one simple thing.

This is also not-coincidently a case likely to polarize people against Apple
with the old faithful _terrorists are coming to get you_ rhetoric. A most
slippery slope indeed, nearly guaranteeing that everyone who is supposed to be
checking the executive branch for overreach will just go along with them
wholesale.

------
smileysteve
To me, the more important aspect is the U.S.'s failures to maintain their own
data integrity.

* The OPM breach is a big part of this.

* Government domains without SPF or requiring TLS (for instance email)

* Social Security Numbers significantly insecure

* Secretary of State (GA) losing identities

~~~
pdkl95
* Storing NSA documents without proper (air-gaped) compartmentalization such that it was even possible for one person to access them in bulk.

~~~
philovivero
In the future, add the proper number of p's into "gapped." The term "air-
gaped" activates the neurons that cannot unsee goatse guy.

------
FreedomToCreate
Maybe Apple should have just stated that its impossible to create a backdoor
(the way actual encryption should be). But since we all know that its possible
to create one, the fact that there is an option will always spur debate.

The most important thing that the author mentions though is "How can the
government regain the trust of the people?".

~~~
Grishnakh
>The most important thing that the author mentions though is "How can the
government regain the trust of the people?".

Why should it? And do the people even distrust the government?

Just look at the Presidential candidates. All the Republicans left are totally
in favor of mass surveillance, and Hillary, the choice of mainstream
Democrats, of course is a big fan of ubiquitous surveillance. Face it, most of
the American public, except maybe the Millenials and Gen-Z, love the idea of
having the government spy on them all the time "for their safety".

~~~
Lawtonfogle
> Face it, most of the American public, except maybe the Millenials and Gen-Z,
> love the idea of having the government spy on them all the time "for their
> safety".

John Oliver did a show on this. It isn't that they are in favor of it, it is
that they don't understand the implications. They think the spying is limited
to just terrorist, not realizing that everything they do is being spied on.

~~~
jobu
That was a great episode - no one cared about Snowden or privacy until he
explained to them that it meant government officials could see every dick
picture they had sent or received.

~~~
philovivero
Does anyone have a link to that episode?

~~~
hfsktr
[https://www.youtube.com/watch?v=XEVlyP4_11M](https://www.youtube.com/watch?v=XEVlyP4_11M)

I assume this is the same episode everyone was talking about but it's the
Snowden one and the street interviews are pretty sad (as they always are).

------
Shivetya
I know there is incredible dislike for Rush by many in this community, however
his transcript today concerned the issue at hand and was very good. The reason
its important is because his audience is large and he actually did a good job
with the issue. Normally at the noon hour I simply turn off the radio but when
I heard the discussion that came up it was so engrossing that I listened to
the whole show.

tl;dr no matter what is claimed, if Apple writes this for this one phone it
will get out.

[http://www.rushlimbaugh.com/daily/2016/02/22/how_the_governm...](http://www.rushlimbaugh.com/daily/2016/02/22/how_the_government_bungled_the_handling_of_the_san_bernardino_iphone)

~~~
deelowe
Pretty good read. I wish more people in the media would learn a bit about this
stuff. He did a great job of keeping the callers in check when they through BS
elementary arguments at him like "well why don't they just hack it!"

------
redbeard0x0a
If I was the NSA, the Chinese Government or a hacker group, I would be working
really hard right now to get a foothold on the internal Apple network. To be
able to grab any and all data (code, emails, files, etc) from anywhere on the
network to try and capture the work that would be required to fulfill the
request of this court order.

Even if we could trust the US government, we shouldn't be forcing Apple to
create this 'master key' anyway. The problem is that anything that has been
created digitally cannot be destroyed after it is used. Once the tool is
created, we cannot put that genie back in the bottle.

~~~
rtpg
It's been covered a couple of times, but Apple is being asked to make a tool
that would check that the device ID is the same as the warranted device.
That's the essential part.

By having a device ID check (combined with digital signage), Apple _could_
publicly release the tool without fear of anything happening on any other
phone. Plus people couldn't modify it because that would break the signature.

~~~
swombat
Did you miss the bit where the DoJ has already declared it has hundreds of
other phones it will want cracked if Apple is willing to comply to this?

Also, if you think having a device ID check is going to do anything, you might
want to have a look at the cracks scene and what they do with your pitiful
attempts at DRM...

------
cortesoft
If Apple can do something that will unencrypt the phone, then obviously the
vulnerability is already present. How about Apple hacks the phone, then fixes
the vulnerability so they can't do it again in the future?

~~~
matheweis
The analysis I have read from those that understand the technicalities behind
it better than I do is that it is because the phone in question is a 5C.

e.g. Apple has already fixed the holes in the 6/6S; the concern here is the
use of all writs to compel them to unlock the 5C, and the Pandora's box that
doing so would open up.

~~~
tantalor
No, the devices with secure enclave (like 6/6S) are just as exploitable by the
phonemaker.

[https://www.techdirt.com/articles/20160218/10371233643/yes-b...](https://www.techdirt.com/articles/20160218/10371233643/yes-
backdoor-that-fbi-is-requesting-can-work-modern-iphones-too.shtml)

~~~
matheweis
Ugh, if Rob Graham and Bruce Schnier can't be used as a good source...

Sounds like Apple needs to update Secure Enclave so that updating wipes the
keys.

~~~
vectorjohn
Yep, exactly. If they did that, and the government was trying to somehow make
that illegal, or demand a real backdoor, then it would be time to get up in
arms. But that time is not yet.

------
yarper
The debate is fairly pointless, govt will do whatever they want anyway.

The vast majority of people just vote down predestined party lines, and swing
voters aren't all the bright educated people we like to think they are. It's
just a fact that half of all people are of below average intelligence.

Politicians should be a better than average cohort for intelligence, but
judging by the incomprehensible jabber they espouse on tech matters I doubt
it'll change anytime soon. They seem to spend most of their time trying to
dick each other over and make themselves look good rather than actually get
shit done.

~~~
rhizome
How do you figure the government has the ability to "do what they want" in
this case?

~~~
kelvin0
I don't think it's a surprise that it has often been the case that some
Elements in the gvmt are able to rationalize some objectives they have can
trump the 'laws' and other rules ordinary citizens would be held accountable
to. For example, The Patriot Act and other measures can be broad enough in
scope to allow interpretation which would have some elements think they are
invested with the power of spying on their own citizens living within the
borders of their country. That's just one example. Iran Contra is also another
one, and the list goes on ... The impetus for this type of rogue action will
always be present in the circles of power, to allow them to keep their
positions.

~~~
rhizome
I don't understand. If the government could do the programming to do it, they
would. That's what I'm asking: can the government really be doing "whatever it
wants" in this case? They seem a bit stymied by the whole PIN wipe thing.

------
rhino369
I totally agree the US government shouldn't compel anyone to weaken security
generally. So Apple shouldn't be forced to build in a backdoor into products
that are released for sale.

But this apple request is just exploiting a weakness that already exists. And
it would only be doing it on a single phone. And it would be do it pursuant to
a legal order by a US court.

Also, the US government only has zero credibility in the minds of hardcore
activists or extremists. The bulk of the America public trust the FBI to
investigate ISIS.

~~~
geographomics
I agree - this is the type of vulnerability that, assuming Apple is extremely
careful about protecting their signing key, is only exploitable by court order
or similar state request. This crypto implementation on iPhones and the like
isn't really designed to protect against that, it's really more to prevent the
common criminal from accessing your personal data. Apple already comply with
law enforcement requests to access iCloud backups and other such data, so
assisting with this passcode crack isn't really much of a stretch.

~~~
outworlder
> I agree - this is the type of vulnerability that, assuming Apple is
> extremely careful about protecting their signing key, is only exploitable by
> court order or similar state request.

Apple has been trying to prevent jailbreaking for years - they've always
failed, so I'm skeptical about this "only exploitable by court order" bit.
Determined people will find ways around the protections. Heck, it is even
possible that someone (think nation-states) has already found a way to
circumvent the passcode lock. This will only lower the barrier of entry.

~~~
geographomics
Jailbreaks address a different type of vulnerability - that of incorrectly
written code or poorly designed systems, that can lead to a privilege
escalation.

The vulnerability that the FBI are using is the ability of Apple to update the
iPhone with arbitrary code, provided it has been signed with their secret key.
It's an important feature, of course, but still a security vulnerability -
albeit an irrelevant one for the vast majority of iPhone users.

------
vacri
> _Ben Franklin 's observation that "those who would trade liberty for
> security deserve neither"_

It is an _opinion_ , not an _observation_ ('deserve' in particular is not an
observation). Just because someone famous said a thing doesn't make it true,
or even true-ish. If you want to be such a purist about Franklin's comment,
then abolish the police altogether; you'll rapidly see that Franklin's comment
is not meant to be read in such a purist way. Or to put it another way: where
do you draw the line with Franklin's comment?

The article then goes on to talk about gun rights for some reason, with the
usual canards thrown in, plus a bit of good ol' selective reporting: "gun
deaths are down by half in the past 25 years!", neatly ignoring that they're
measuring from the peak, not from the previous baseline. And the US homicide
rate is still nearly four times higher than most other western democracies...

~~~
dragonwriter
> > Ben Franklin's observation that "those who would trade liberty for
> security deserve neither"

> It is an opinion, not an observation* ('deserve' in particular is not an
> observation).

And the quote is both butchered here (the original is: "Those who would give
up essential Liberty, to purchase a little temporary Safety, deserve neither
Liberty nor Safety") and -- as it usually is -- applied poorly considering its
original context. [0]

[0] [http://www.npr.org/2015/03/02/390245038/ben-franklins-
famous...](http://www.npr.org/2015/03/02/390245038/ben-franklins-famous-
liberty-safety-quote-lost-its-context-in-21st-century)

~~~
vacri
Ah, thanks for that. I've seen the shortened version so often I'd come to
believe that was the actual quote. The longer version makes much more sense
and is far less absolutist.

------
hifier
I don't like this line of reasoning because it allows for a pro-surveillance
outcome if you change the statistics. At what threshold do you switch sides?
Ben Franklin is pretty clear and so is the constitution. We don't need to
argue on the government agency's terms because we win this argument hands down
on principal alone. Please don't weaken the argument.

------
newman314
Here's the thing. Governmental credibility should not be a factor.
Particularly in light of how things have and will continue to shift over time.

Clinton tried to push the Clippet chip through and failed. We can't just say
thing got better and now we should help weaken crypto because bad guys and now
the government has more credibility. Obviously, things swung back in the
opposite direction.

So the only safe solution is to build strong crypto always.

~~~
wlesieutre
The government having credibility _now_ wouldn't guarantee that this would be
a good idea forever going into the future.

But the fact that the government _already_ doesn't have any credibility on
privacy and data protection _is_ a factor. It means that this is already a bad
idea as of right now.

------
tn13
No governments around the world have any credibility defending the liberty of
its people.

------
autopov
Who's Tim Cooke?

~~~
emiliobumachar
CEO of apple.

~~~
autopov
That would be Tim Cook...

------
jwiley
I think what's being lost in the shuffle is Apple has no credibility in
claiming its protecting your privacy and security.

[http://money.cnn.com/2014/09/18/technology/security/apple-
pr...](http://money.cnn.com/2014/09/18/technology/security/apple-privacy/)

~~~
oldmanjay
That doesn't really seem to be related here.

One of the reasons I gave up on Slashdot was how people used any story as a
tangent to flog their unrelated hatred of some company. Please don't turn HN
into Slashdot.

~~~
jwiley
I'm sorry I gave you the impression I hate Apple, thats certainly not what I
intended.

One of the implicit ideas underlying Apple's arguments is that they are more
trustworthy than the government.

But theres a lot of evidence that they are not as strong on privacy as they
should be. Casting Apple, and private industry in general as privacy heros
does a disservice to those very valid concerns.

Heres an article from earlier this month:

[http://www.theguardian.com/money/2016/feb/05/error-53-apple-...](http://www.theguardian.com/money/2016/feb/05/error-53-apple-
iphone-software-update-handset-worthless-third-party-repair)
[http://www.forbes.com/sites/gordonkelly/2015/09/16/apple-
rel...](http://www.forbes.com/sites/gordonkelly/2015/09/16/apple-releases-
ios-9/)

~~~
oldmanjay
None of this gives me the impression that I should trust the government at
all, so why bother making the argument against Apple here? It doesn't
effectively rebut the article. It just comes off as axe-grinding.

