Either way, on the surface, I’m quite pleased by this development.
In a world ruled by "chaotic evil", even "lawful neutral" is culpable.
"In order for evil to flourish, all that is required is for good people to do nothing."
When you remove government actors from industry, except where absolutely needed (e.g., preventing monopoly) this becomes the default modus operandi.
China has 8 different agencies involved in food regulation.
A government that doesn’t allow its subjects to express freedom of speech to its citizens is not “light” in anything.
The dangerousness of items produced in China is a symbol of the corruptability of the monopolization of power by government, underscored by the fact that business in mainland China starts with payoffs to local government officials.
Meanwhile, in Florida, where people are free to package up food items for sale with no license of any kind and no commercial kitchen (up to a certain volume), I don’t hear about many cases of people receiving brain damage from lead poisoning after eating cookies from their local coffee shop.
People that don’t have a foot on their neck are typically not evil by default, because they don’t have to be in order to just survive. That’s why things just work here in the US.
People accustomed to oppressive control just don’t understand these things.
It is, in a way, a powder that produces babies. Larger babies, anyway.
And by the way, the legend about Gerber baby food in Africa is reportedly bullshit.
Simple desire for profit drove adding melamine to milk formula for babies. In that melamine cost less than milk powder. And that it reacted like proteins in the simple test that was commonly used.
Melamine is (C-N)3 in a ring, with NH2 on each of the carbons. And all amino acids have C-NH2 on one end. Thus the name. I gather that the test scored all C-NH2 moieties. So each melamine molecule looks like three amino acids, and contains less other stuff than amino acids on average. Making it a very efficient adulterant.
Unless you're conflating 'removing government actors' as completely removing the justice system and law enforcement? Which are two things which libertarians are very much in support of being government responsibility...Smaller government != no government.
Of course there are costs to any system of regulation, but most consumer regulation is there to prevent companies doing things some of them absolutely did. Busses in London used to have “no spitting” signs. Now they don’t. Why the change?
In general you regulate because hard earned experience shows you have to, not because you just feel like it. If regulations become unnecessary, ok it’s time to revisit it, but managing this stuff is what we elect people for.
The US was mostly a libertarian's paradise from 1850-1950. It didn't work. Federal agencies and government regulations were created because the courts were unable to adequately respond to ongoing problems. The proximate cause of death for libertarianism was the sequence of massive bank panics and depressions leading up to the final "Great Depression" in 1929, but there were many causes across wide-ranging areas of society.
To give just one example: The FDA was created (and later strengthened) in response to a long succession of disasters where well-established drug companies added known toxic (or lethal!) chemicals to their drugs, then placed them on the market without testing. Thousands of people were killed.
No legal decision can bring back the dead.
Most of these companies already had reputations to protect and judgements against them were expensive. Yet they continued to screw up royally.
We've tried libertarianism. It simply doesn't work. It has never worked. It will never work. It is always less efficient to force millions of consumers to extensively research every aspect of the products they buy, then seek redress in the courts after suffering injury. It will always be a net win to set basic safety standards (for established product categories) and force manufacturers to follow the standards.
If you're a rich oligarch who hates paying taxes then libertarianism is a convenient excuse to shrink government (regulations = expense) and/or foist as much of the tax burden onto others as possible.
Libertarianism is also attractive to people who have grown up in a sheltered society and so see regulations and standards as unnecessary restraints. They don't have any basis for comparison.
It's similar to anti-vaxxers: Vaccines were so successful that whole generations have grown up without watching their kids or friends die and be crippled by disease, so they don't value vaccines any more than they value oxygen in the air.
For that matter it is the same as the current Boomer generation's FYGM attitude: growing up in a post-war boom when the effective wage was ~$18/hr and college cost 1/4 as much of course it was easy to work part time while getting your degree. And with a growing population and society of course there will be plenty of jobs waiting for you. Like oxygen in the air or water in the sea such conditions are completely beneath their notice and thus later generations "must" be lazy moochers and "of course" they should just "work hard like I did".
Sometimes I think humans really are doomed. As a society every time we get a good thing going we completely forget the toil, blood, sweat, and tears required to get there.
While I somewhat agree and don't consider myself a libertarian, I'm much more of Thomas Sowell supply-side economics fiscal conservative and social liberal, I believe this smug, self-righteous tone, littered with broad absolute dismissives, ("We've tried libertarianism. It simply doesn't work") through-out your post perfectly typifies the problem with US tribal politics, especially the left-leaning sort.
You could easily change the wording and throw in some similar greatly over-simplfied examples, and you could say "We tried socialism and it completely failed", as a dismissal for modern big-government liberalism. Which is ridiculous and unhelpful.
These endless trite left vs right debates on the internet always seem to pigeonhole unique and complex historical moments (with distinct geography, historial circumstance, economic situations, cultural differences, broad incentives, birth rates, technological differences, etc, etc) into some ideal fantasy governments that never really existed or even marginally fit into the molds of ideologies being questioned.
I mean... even scale is a huge difference maker. I believe smaller country's governments function far better (see: Canada, Scandinavia). As do "early-stage" countries in the growth stage after being up-ended. To apply some generic economic political system broadly across every country, big or small, financially stable or not, old population, cultural work, etc) is not a interesting or helpful as people seem to think.
Example: I love hear people explain how "Iceland nationalized banks and look how great it worked", meanwhile Iceland has a total population of a small US city, 0.01% the size of the US.
So it's entirely possible you're right. A more pure form of libertarianism, which may have worked well in the past when the country was 5% the size with immature industry, is likely going to be a disaster if it was imposed today. That doesn't mean it's not a good or superior model more fundamentally as a guiding force when shaping current polcy, or even within the larger system in thousands of isolated situations (such as schooling for example). Nor does it mean it wouldn't be ideal for a different culturally or smaller or geographically distinct group of people or for certain states within a heavily federated system.
So then I had an idea for a "single focus president". This would be someone who is entirealy indifferent to everything except the one focus area they call out in their campaign e.g. healthcare. It's not that progress wouldn't be made in other areas it would just be entirely congressional and judicial. Once the president addresses their focus issue, they step down. There are probably anecdotes of how we've tried similar things and failed, but I know I would be open to considering a campaign on those type of grounds.
But I agree all of this is great if I only have to pay <$5K yearly but not so much otherwise. Not to mention having to emigrate to cancel "the services". That sucks too.
And, the great depression was a direct result of government and bank collusion. The Federal Reserve tightened the money supply exactly after the market crashed. Take the federal government, which sanctioned the federal reserve, out of the picture, and you have a much smaller crash that weeds out all the idiots who fell for the securities fraud perpetrated by the Shenandoah Corporation, which precipitated the crash in the first place.
In fact, get rid of the federal reserve banking system that was created by the federal government in 1913, and you don’t have any of the major crashes in the ensuing 95 years.
Go one step further and remove the federal government’s control over the money supply in general and you have a system of multiple currencies, all controlled by their constituent markets, many backed by silver and/or gold. and you don’t have a nationwide gold seizure by the federal government in 1933, whereupon our distributed sovereign wealth was gifted to internationalist bankers. You have instead a wealthy population of the descendants of the colonialists that conquered this country for us.
They don’t really teach this kind of stuff in stated-funded “school”, now do they?
Combined crypto currency market capitalization is currently nearing 1% of the market capitalization of the entire planet.
IOW, great thesis.
They can’t do much about China. But they can get away with a lot in other countries.
I need that to change, or where I see Apple's products heading is not going to be what I'm hoping. What I'm hoping: Apple devices become the computer. Totally secure. The only one that can access the information on it is myself with no exceptions. This device (watch, phone, glasses whatever) would carry every possible detail about myself and my life on it, making it the perfect form of digital identification. Accepted at hospitals, accepted as a drivers license, accepted at banks, accepted as a log in for websites. It doesn't need to provide identification if I don't want it to. But if I do, then there is a mathematical certainty that I am who I am claiming to be, and no one can claim otherwise.
As for what I want Apple to be as a company, if their devices become the theoretical vault where I am the only one with the key, it wouldn't matter if they remain on my side or not. They fulfill the role of design and engineering, not data hoarder, and wouldn't be able to change that even if they wanted to. At least that is the image that they have been pushing recently.
Indeed, the whole "going dark" vs privacy debate mostly misses the point.
> The heightened tension produced by the introduction of encryption by default into an environment where terrorism has magnified the need for efficient law enforcement access (surveillance) supported by a newly-expanded CALEA framework is often framed as a contest between privacy and security. It is, however, more accurately framed as a security issue on both sides, one side which integrates traditional privacy concerns with the growing focus upon cybersecurity ... The cybersecurity and, incidentally, pro-privacy position rejects exceptional access as a dangerous fiction that would, among other things, create new attack surfaces, rendering networks more vulnerable to every form of predation, from financial crime and IP theft to cyber espionage, ultimately generating unacceptable risks to our national and economic security.
Having said all that. . . I'm not sure that the rights of criminals' privacy outweigh the rights of citizens to be protected by law enforcement. I wish there was a clear way for law enforcement to act on behalf of citizens without such risk of corruption/abuse.
This is why it is impossible to sacrifice phone security for "criminals" while keeping the rest of us safe.
Valid point on how we let law enforcement do its job. The other aspect of Apple's success here is timing. We don't trust government or law enforcement as much as we used to, and a new balance has to be found, perhaps by lawmakers who have foresight of both technology and human rights.
Just to be clear Apple does give information to the government, but they stopped short of unlocking devices for the government. I see this as a very big important precedent.
This is not the CIA hacking into Kim Un Iphone in North Korea, this is local cops using these advance surveillance tools on US civilians.
> Each file is broken into chunks and encrypted by iCloud using AES-128 and a key derived from each chunk’s contents that utilizes SHA-256. The keys and the file’s metadata are stored by Apple in the user’s iCloud account. The encrypted chunks of the file are stored, without any user-identifying information, using third-party storage services, such as S3 and Google Cloud Platform.
https://www.apple.com/business/docs/iOS_Security_Guide.pdf (page 56)
Unless you live in China, in which case Apple and the Chinese government hold the keys.
Unless you some evidence to the contrary ?
Not exactly an ideal arrangement, but it was likely that or switch off iCloud in China, or pull out of China completely. Which to be fair Google actually did.
We suspect it may have happened. But nobody actually knows.
These are security schemes that do not enhance the user’s privacy.
It’s cool that some companies are security conscious enough to do this, but for the user’s privacy remember that ... if it’s not end to end encrypted, it doesn’t matter for privacy, just for security and those two notions are very different ;-)
Everything isn't end-to-end encrypted, is that what you are talking about?
Control (Command) + F and there's no mention of Azure anymore.
I’ll take upfront and honest at the issue of more limited and expensive any day.
However, with Google, the End User is almost never the customer.
It’s a overly simplified statement and misleads any serious conversation on the related topics!
Google isn't different from a TV station. You as a user are a customer and pay Google by consuming the ads they present you in various products.
NPR is mostly not funded (even indirectly) by taxes, and has both actual targeted advertising on their own and platform (for digital properties), and “underwriting spots” from sponsors on its broadcasts, that while regulated more than traditional advertising and are, and have been acknowledged by NPR to be, a form of advertising by the sponsors driven by the same factors and concerns that drive traditional advertising.
Sorry if I sound like a broken record . I don't own an iOS device at the moment. I would love to get an iPad but it kind of sucks that I can't compile and run my own apps.
 Previously on HN https://news.ycombinator.com/item?id=16993157
(S)he implies that your friend’s phone being compromised will leak data about you (email address, physical address, birth date, mails you sent, etc)
I pretty much opertate from the point of view that anything I send in an email or text is public, and temper what I write accordingly.
I've started referring to software developers (like myself) with intentional irony as "mutant lizard people" after hearing one too many times how a particular OS/tool/programming language needs to be designed "for humans" (i.e, n00bs with no prior exposure to it).
I’ve written a couple personal apps that sync with health kit data collected from my Apple Watch and nutrition apps to help me track things in a way that is useful for my fitness goals. In 2016-2017 I used these apps to put on 30 lbs and stay relatively lean but I’ve never wanted to publish them in the app store. I don’t pay for any developer program. Just need to download some (free) developer tools / SDK for XCode, build the source, and put it on my phone. The install is tethered, but afterwards it stays there until I delete it. Restarting the phone doesn’t delete the app either. Only time I needed to re-install was when my 5s crapped out and I had to get a new phone.
Edit: Disregard my comment. I clicked the link and understand the context of your comment now. Still, if you want to code and deploy your own apps you can do it but there are conditions.
You don't need to pay to deploy to your own devices these days.
Would I be happier if I could get a phone with the equivalent of BIOS and nothing else and vet and install my own software? You bet. If nothing else, I'd not have to install all those Play ____ apps I never use. But given the choices available, Apple is a bad one.
You can get a free developer account that lets you develop and run your own programs since a couple of years.
I don’t know what you’re getting on about with ASICS, but I guess you may just need to accept being in a niche market segment.
Almost like Apple has probably evaluated the business case of an open ecosystem low margin low cost phone, and then immediately went back to printing money.
Of course, they're miserable little devices, but they are technically smartphones that technically run android.
I love the phrase "printing money". It's time proven. But it just occurred to me that it doesn't do Apple justice.
Apple's free cash flow for the trailing 12 months was $44.6 Billion. That's 446 million $100 banknotes. How many printing presses does it take to print that many bills? How many sheets of cotton/linen paper?
Apple's financial numbers are astounding.
Apple started to assist chinese government and used their walled garden to ban all their users from using secure communications and VPNs. As soon as actual dollars are on the line Apple just like other corporations chooses dollars. I'd be vary of trusting them too much.
Still, your point above stands: a company as large as Apple or Google has too many individuals with their own personal interests for "trustworthy" to really be a meaningful term. I trust Apple mobile phones much more than Google mobile phones, but, for instance, I trust Google laptops much more than I trust Apple laptops. I am sure there are good people working on all four products, but for some reason Apple's mobile phone division and Google's laptop division have consistently put out better products.
From the same vein that "we're not Google's customers", neither are those Chinese users using a VPN. By leaving China, they're cut off from Chinese businesses who could pay to advertise.
Apple laptops and Android phones are much weaker on all of these fronts.
I don't have a good explanation for why this is so. I think there may not be a good one, other than that complex engineering organizations are very random systems with tons of inputs and changing engineering culture is very hard, and people early in both the Chromebook and iOS projects were able to set and maintain the right culture, and people in the Android and Mac projects (despite being skilled people who care about security!) weren't able to pull it off, essentially by random chance.
Even "999999!" would be hard to guess if the domain space is unbounded.
A snippet from that article:
iOS estimated passcode cracking times (assumes random decimal passcode + an exploit that breaks SEP throttling):
4 digits: ~13min worst (~6.5avg)
6 digits: ~22.2hrs worst (~11.1avg)
8 digits: ~92.5days worst (~46avg)
10 digits: ~9259days worst (~4629avg)
The passcode is 'entangled' with a per-device 'UID' that only exists in silicon, not accessible by any firmware.
It seems that the current GrayKey attacks are closer to ~1s/guess.
My last post on the topic: https://news.ycombinator.com/item?id=16833802
 Page 15 https://www.apple.com/business/docs/iOS_Security_Guide.pdf
I'm not sure how GrayKey bypasses this...
If you're in a position where you know bad guys with guns are coming, you can just power the phone down.
If you know they're coming but don't have much time, or you're unsure, you just thwack the power button a few times.
If you don't know they're coming, you're kind of screwed, but then again you would be anyways.
Snoopy spouse seems like a far more believable user of forced biometric unlocking (e.g. capturing your fingerprint for TouchID while you sleep).
This is a new feature, that logically disables the USB port after 7 days without unlocking.
Let me know if I'm missing something, but I get no change in Device Manager/dmesg when plugging my phone in, indicating no data connection to me. It would appear the entire data connection is disabled until a mode is picked.
What Apple is doing is _additionally_ disabling the USB port on an even lower level. Currently, the port could still exchange data if it were tricked or hacked, but disabling the port on a controller level will prevent accessing the device entirely.
Or at least that's the theory. Since it can obviously be reconnected after entering a passcode, there are conceivably ways to get it to open up. But that will have to be tested.
Apple's own guide doesn't seem to indicate any form of interaction is needed to enable that interface. That interface is what's attacked by devices like GreyKey if I'm not mistaken. Android devices when not manually unlocked and toggled present no such interface.
But what this article is talking about is after 7 days of not being unlocked, iOS 11.4 won't even enable the data channel on USB, which means computers with lockdown records still can't talk to it, and presumably devices like GreyKey can't compromise the device.
1. It protects the store monopoly by guaranteeing the device will only ever load signed code from Apple. This is a huge financial incentive for Apple to invest engineering time into it.
2. Tim Cook has successfully recast the lockdown as a user privacy issue and is winning in the court of public opinion on the matter. Again, another huge financial incentive as it is something Android cannot deliver on.
3. There are real consequences to enabling the wishes of US law enforcement that I firmly believe the executives at Apple do not want to open that pandora's box. Our government may truly want to solve real crimes, and this may frustrate them, but there are governments who very concretely want that same power to lock up opposition voices and witch hunts.
I would be much more impressed if they allowed users to wholesale disable all non-charging functionality.
I just wish there was some way they could also play fair with their tax responsibilities. Rather than having the EU force their hand and showing the Irish deal to be illegal for example.
Granted the governments that enter into such deals (or refuse to fix the loop holes) are also part of the problem.
Considering the pile of cash they sit on if anyone can set a good example it's Apple.
Law enforcement could get this before 1 week (NSA) or force the company to add a backdoor (FBI)
This is more likely about reducing the market for stolen phones.
other companies do this kind of thing also. again, they just aren’t in the news cycle.
then there’s yahoo.
This has been well covered in the press as part of the NSA story. To the extent that the belief Apple getting more coverage is true, it’s because most people know tech companies protect themselves but Apple’s moves affect millions of people who otherwise would not have the resources to do so.
they should have a setting to disable it almost immediately.
I almost never us the data connection on my iPhone usb except for headphones, yet another downside of losing the audio jack :)
>entirely within the US
Court documents are only public in the US if the government wants them public.
Could be a cool feature for the privacy concerned crowd.
Not only that, on my Nexus 5x, I have to manually switch from charging mode to data transfer mode every time (the setting doesn't stick).
Unless I've misunderstood the significance of this change, Android actually provides much more security since you can't download files off a locked phone, not even within 7 days.
The trouble is, this is still a data path that has been opened via USB. This new change disables the data path altogether and just allows charging via the USB power pins only - like its a USB battery or USB fan, simply power and nothing else. Which is pretty neat.
By the way they don’t use the same pins as USB of course because they have their own connectors. And disabling access to the audio dongle while the device is locked wouldn’t make sense.
On top of that, since iOS 11 (or maybe 10), trusting a USB device requires the passcode by default, so even having your phone ripped out of your hands unlocked does not lead to the ability to take a USB backup directly anymore.
I haven't looked into this so I apologize if it's an easily answered question but... is this (MDM/ADC) something an individual can do for their own devices? I know it can be done at the organizational level for, e.g., employer-owned devices, but how hard is this for Joe Blow to set up for, say, his kids' iPads and iPhones?
A few warnings:
1 - Changing an iOS device to "Supervised" will wipe it (so you can't supervise someone else's device and data).
2 - Backing up iOS devices over USB after requires that you keep the keypair, and makes restoring to new devices much more complicated. I would not recommend relying on USB backups if using this method unless you play around and understand it well.
3 - Be sure you set the profile to be removable only by wiping the device, or using Device Configurator, otherwise, the profile could be deleted to enable USB.
4 - One could wipe the keys completely to be sure that NO machine has USB access to the phone, meaning it would need to be restored to factory defaults for USB to work again.
(Granted, my strict needs could be met with one of TI's sub-$0.50 microcontrollers and a seven-segment display since they're "make phone calls" and "generate two-factor authentication codes")
If all you need is enough to run a TOTP app, you could get a dumb phone with a $10 token but you could also make an honest comparison with the $350 iPhone SE or $450 iPhone 6S rather than comparing the iPhone X/8 to devices which weren’t intended to compete with current generation flagship models.
Android handset makers just manufacture the handset. Google provides the OS, and the underlying services for the Android ecosystem.
Apple bears both the cost of handset manufacturing, and the entirety of costs for the smartphone's ecosystem. That cost is reflected in the price, making the markup less "insane."
The Chinese handset makers in question may provide their own software, but it's typically considered "bloatware" and no where near the quality of software that Google provides.
police departments go to a judge more often
That would certainly be the go to test for many I suspect, a tried and tested hack from days of old, brought into modern times.
7 days still seems much higher than necessary.
This also removes the last obvious channel for exploits. Sometimes there have been jailbreaks/unlocks which just need physical access to the lightning port, but those wouldn’t work after 7 days now.
In 11.04, if you leave a phone locked for greater than 7 days, you would need the unlock PIN in order to connect any headphones.
Obviously, Apple would recognize the device as an audio device, and it would be automatically added, but the connection wouldn't even be established until you entered your PIN.
If this file was recovered from a victim's computer, forensic software can sue it to bypass the prompt. According to the article, however there is now also a 7-day expiration on these cryptographic keypairs.
That typo gave me a good laugh
>To improve security, for a locked iOS device to communicate with USB accessories you must connect an accessory via lightning connector to the device while unlocked – or enter your device passcode while connected – at least once a week
"accessories" makes me think it's a "regular" connection, not the recovery one.
What exactly happens after the 7 days? My girlfriend's iPad got blocked on vacation (bluetooth keyboard in a bag causing random inputs). To get it fixed, we needed to connect to a computer. Would this mean that if you don't get to a computer within 7 days it would be essentially be bricked?
edit: so in your case, perhaps yes, you would have been hooped.
What happens in the scenario of a consumer having an old iOS device sitting around, they forget the passcode, but now can't reset it using iTunes?
So in order to un-brick an old device sitting around, you put it into DFU mode (the key combination varies from device to device) and restore it that way.
Of course you don't ever get your data back, but that's totally the expected behaviour.
I have always thought (though without any source) that they re-flashed the iPhone by putting it into the DFU mode (and tricking the iPhone bootloader into accepting their key) and then just brute force the key.
To answer your scenario though, you can always reboot a "locked-down" iPhone into Recovery mode or DFU mode and wipe the device without being able to recover the data.
But still leaves the window wide open to sneak-and-peek to mirror the drive of a matchbook left in a hotel room, and then later acquire the phone.
So better than keeping the old behaviour which was obviously broken, I guess?
MacBooks have full disk encryption so you’d have to break that, too, but since we’re talking movie plots rather than real-world risks for most people take a moment to think about what else they could do with physical access: install a camera to record passwords, drug your water glass, or simply have someone demand you unlock it or else. If you’re Jason Bourne you need more than a consumer OS gives you out of the box.
Now, we don't know how the greylock stuff works (afaik) - so maybe this will harden phones against imaging with such tools. And maybe not.
I actually have a hard time seeing how this is: "aimed squarely at police". If you're picket up at a demonstration or traffic stop - is it really that common that they won't get to your phone in 7 days? They're only allowed to hold you for 48 hours or so anyway?
Don't get me wrong 7 is better than forever - but I'd like to see it made available as a user setting; eg never / 30 seconds etc.
As for this not being available on Android; my impression was that given an encrypted, locked, Android phone with pin/pw lock and debugging disabled - you'd need to unlock before being able to access phone data via USB?
Now if debugging is activated, I believe a "trusted computer" (anyone who holds the keys) can gain access even if the screen is locked?
Think about that from the perspective of a security threat model: what are the odds that your disgruntled spouse has access to your computer and knows your laptop password, but doesn't know your phone password? This is an extremely hard problem to solve since they have all kinds of sensitive information and access.
> I actually have a hard time seeing how this is: "aimed squarely at police". If you're picket up at a demonstration or traffic stop - is it really that common that they won't get to your phone in 7 days? They're only allowed to hold you for 48 hours or so anyway?
What they're allowed to do and what they actually do are not necessarily the same. This prevents the case where, say, they've seized phones but haven't legally compelled the users to unlock them since it means that if an exploit is discovered in the future it won't be usable against any devices which were stolen/seized more than a week earlier.
It would also make it hard to do something like seize a bunch of protesters phones and then attempt to obtain the keys from each person's trusted home computer which would take more time to do at any significant scale.
It's not a huge game changer but it adds a layer of hardening against certain attacks. Given the limited downside, that seems like a good thing.
Well, you might not have a password for your desktop - but might have a pin for your phone.
Or maybe it isn't your spouse, but your kid; they might share the computer - but not access to the phone?
<ed: i don't really disagree, but I also struggle with the 7 days (and not quite in the "perfect is the enemy of good"-sense:
Either way, I'm not sure I understand how 7 days make sense (seems too long, still).
Seems like either it should be ~14 hours to a day (sync at home every evening) - or it should be: phone has to be unlocked.
If law enforcement wants to bypass this, the obvious approach would be to just remove the battery (to remove power from any internal RTC chip) and put the device in a Faraday cage (to block external time signals like GPS and the cell network). Then the shutdown clock would literally stop ticking until they turn it on again.
Sure, this might not stop the NSA of FBI, but if it limits the threat vector to 3 letter agencies, it is still a win.
Police departments use Faraday bags to isolate the communications of a device once they take it into custody. I assume they do this to prevent RemoteWipe() commands from running from external entities to preserve evidence.
Might this constitute 'tampering with evidence'?
that it needs a trusted measurement of the current time.
So you test ~7days runtime or external clock says you've gone > 7days. Lock on either condition. You can mess with the latter as you say, but not the former. Well I suppose you can de-power the device but that doesn't really help you either. Am I missing something?
so perhaps the only point of this "band-aid fix" is that if the user hasn't connected his iPhone to his computer for 7 days (i'm guessing most non-tech people rarely connect their phones to their computer), the chances are greatly increased that the lightning port is already disabled once it's captured by law enforcement/whoever.
“To improve security, for a locked iOS device to communicate with USB accessories you must connect an accessory via lightning connector to the device while unlocked – or enter your device passcode while connected – at least once a week.”
Because the quote says "enter your device passcode while connected"
= the device has to be connected while entering the pin.