> Should governments be able to access information at all or should they be blind, that's essentially what we are talking about
Actually it is not what we're talking about, because they're not blind, they can use usual means of inquiry, and the technology. How comes already there are no firearm firing sound detectors, or remote-controlled drones with tasers in major streets to react instantly, ect...? There are ways to act which don't strip citizens from their power, as information nowadays is power.
A handful of people died because they lacked this power, and this will always be the case that people will die because of their lack of power, no matter what they have.
At the end of the day, there is 7 billions people, and only one world, one humanity, one future, so protecting the people from the government is more important than protecting the people from the people, at least as long as it stays manageable.
Every month, the world gets more peaceful, and more educated, we just didn't always have the internet flashlight. Making such a backdoor, it's another leak to oligarchy, because security and corporations can ally and spy the rest into uncompetitiveness. Ect... I will worry when I see blood on the street.
"protecting the people from the government is more important than protecting the people from the people, at least as long as it stays manageable."
This is fundamental, and this point needs more airtime than it gets. Terrorism is a real threat. It is a challenge that our institutions are struggling to deal with. But the threat that it poses is tiny compared to the threat of powerful government, a troll that goes back to the beginning of civilisation. We must not let the focus on terrorism distract us into relinquishing defenses against the greater threat of powerful government.
Advances in technology make privacy more important than it has ever been. Without privacy, there is vast opportunity for government to reach deep into our lives in the name of enforcement.
Government of the people has an obligation to find ways to combat terrorism that are compatible with the controls we need on government. If we don't hold the line on privacy, government will increasingly shift us towards serfdom.
I would add that much of the supposed non-government threat we face, at least in the case of terrorism, was actually created and continues to be sustained by government policies.
Government has gotten us all involved in an endless war of attrition in which the average person has almost nothing to gain and everything to lose. If the priority was really to keep the population safe, things would be handled very differently.
It's not that simple. Terrorism or violence can happen anywhere and not be precipitated by any externalities.
People can conspire, people can be crazy, or unhinged. Columbine, for example. And even if we accept that terrorism is a reaction, they exist in many countries and would inflict more harm if they could. Terrorism is not a thing which only threatens the US, it exists in Europe, Africa, Asia, the middle east, etc.
But yes people will have to come to terms with how to deal with the issue of privacy (secrecy) vs openness (accessibility) How it's managed will change over time, surely.
Terrorism is dwarfed by gang violence and drug violence in the US in term of casualties. Terrorism is like the buzz of a mosquito. The psychological impact is disproportionate to the actual impact and law enforcement agencies are exploiting this buzz. They are labeling any controversial law "anti-terrorist", presenting any controversial case as an "anti-terrorist" case, etc... We should not over-react the other way but we should simply tell them "no". In a free country, two individuals should be able to have a private conversation without the State listening and recording.
What proof is there that terrorists are trying to secure nuclear weapons? How would they smuggle it unnoticed across the world? Why would they want to target the city you live in?
These questions must be weighted by each person for him or herself. I've chosen for some nicer car insurance. I still don't have nuclear terrorism insurance. I still sleep well at night after working in defense in this area and having friends working on these very issues.
You use that word, acquire. You mean steal. The idea that a terrorist organization is going to manufacture nuclear weapons is ridiculous.
But the solution to "someone might steal a nuclear weapon" is not "spy on everybody in the world" -- the solution is to secure the nuclear weapons. Which is a thing governments do that nobody is objecting to and that has nothing to do with mass surveillance.
Sorry, didn't mean to suggest tacit approval for carte blanche government surveillance. I'm just implying that just because terrorism has a low death toll now, doesn't mean that it will [since terrorists are seeking to exact as much damage as possible]
The fear is, once they have their hooks into us, there's no getting out. We could easily settle into a dystopian oligarchy or whatever and never be able to get out. This kind of surveillance is a new thing in the world.
Government has gotten us all involved in an endless war of attrition in which the average person has almost nothing to gain and everything to lose.
After WWII, the US government and foreign policy got reconfigured in such a way as to assure the United States could defend itself from a nuclear superpower and to have access to the resources to re-fight World War II.
The original goal in all of the above was to keep the population safe. Things have evolved a little since then, however.
I don't think the ultimate aim is serfdom, but it would be a form of abuse. Perfect enforcement of an enormous body of law would tend to punish creative people, as the only way to avoid triggering a large number of rules is to form strong, proven habits and keep to them. Constant vigilance is antithetical to either daydreaming or experimentation. It wouldn't be serfdom for the people who's personalities are compatible with routine and continuity and conformity; it would be incredibly painful for the rest.
It is quite sad that we've reached a point where technology could empower us to lift up the state of humanity, but we're deploying it in a way to keep humanity in subservience of the state. Of course... there is no such thing as a government; it is just people oppressing other people[0]
Terrorism is broadly defined as using threats and violence to coerce a civilian population for political purposes... when the government grants itself the right to indefinitely detain dissidents and declares that its own territory is a battlefield (NDAA 2012) and authorizes itself to deploy propaganda domestically (NDAA 2013), and does things like threaten economic collapse and martial law if the citizens won't pay $1 trillion with no accountability (TARP bailouts)... who are the real terrorists under that definition?
The meaning I derive from that statement is that terms like "government" and "the state" refer to things that do not exist in the collection of mass, energy, and quantum whatevers that we call "the universe"... they are simply concepts in the minds of people, and are not capable of interacting with "the universe" except through the people in whose minds they exist.
Thus it is never "the government" oppressing people... it is people oppressing people. Similarly it is never "the government" helping people... it is only people helping people.
The moral and/or ethical implications of this concept are significant, as it "pierces the veil" of the idea that the actors are somehow absolved from their actions because they are in the name of "the government".
That's actually incredible idea for community hacker project.
Create loads of dirt cheap shotspotters with https://nurdspace.nl/ESP8266 plant them in your neighborhood. Make them report to community site so false positives could be eliminated by considering only simultaneous detection from nearby sensors.
Playing devil's advocate to your last comment. There are a lot of people in the world that DO see blood on the street, every single day. Does the fact you come from a country that doesn't out weigh their experience? I agree with a lot of your other points, but if you want to be true to them then it shouldn't matter even if you see blood on your own street. Even if you become the minority that is to die. You're just one more human in humanity... we all are.
Further to that you need to be able to say the same thing when it is your family that may die, or your child.
<<Actually it is not what we're talking about, because they're not blind, they can use usual means of inquiry, and the technology. How comes already there are no firearm firing sound detectors, or remote-controlled drones with tasers in major streets to react instantly, ect...? There are ways to act which don't strip citizens from their power, as information nowadays is power.>>
That's actually exactly what we are talking about. The police's job is to enforce the law, and as technology changes, they need to adapt, the same way firearms now have serial numbers, and they collect DNA samples / fingerprints (all of which have met similar resistance before they became a broadly adopted technology, and are also open to abuse).
It's totally fine to have a rational discussion of where, as a society, we want to draw a line, but let's please keep our own rhetoric in check - there are lots of scenarios (outside the high visibility of this case) where, with proper legal controls, enabling the police to be able to access someone's phone is the equivalent of a traditional search order that allows the police to enter someone's premises and search for evidence.
The point is the government is already not respecting the rule of law with all the 'secret FISA court' stuff nor does their foreign policy seem capable of making us safer. I am loathe to give them more weapons against activists, politicians, journalist and the discontented when they have greatly earned our distrust.
Even if the "Searching X is like searching Y" were true which it rarely is, the issue is that "proper legal controls" don't get executed. Even in the traditional realm.
Once we have transparency and controls in place to make sure traditional laws are being used properly we can begin a careful deliberation on expanding those laws.
Let's not play dumb. If we (me included) get our way and have perfect digital security, it WILL make it harder or impossible for law enforcement to do proper police work. Criminals will be able to do all business and communication with 100% privacy from spying.
Let's debate honestly about what we think is acceptable. I honestly don't know, but I think perfect security is a mathematical inevitability, so I guess I'm more on the side of figuring out how to live with it.
> Criminals will be able to do all business and communication with 100% privacy from spying.
No.
Do you know how the police normally operate? There is a victim who comes to the police and says "these people committed a crime" and the police go investigate. They get a warrant based on the victim's testimony/evidence. They plant a bug in the suspect's home/office/car. They send undercover officers to infiltrate the organization. They interview witnesses and find other victims.
All of which can be done regardless of whether they can read your iPhone, which people didn't even have 15 years ago. And a video bug can capture you entering your PIN into your iPhone before they arrest you and confiscate it, so there is also that.
People always bring up the idea that they didn't have this capability until recently as if that bolsters your position. Since criminals didn't have this capability 15 years ago they couldn't use it to hide criminal activity. How does that make your case? "Regular old police work" has become less effective because it will find less evidence. If criminals are sufficiently on top of their shit, they can be very hard to catch indeed.
I mean, why draw the line here? Bugs and taps were new at one point. Why not say "police used to get things done without these newfangled spy devices, so why should we allow it now?" I would say a bug or tap is actually very invasive, but as long as a warrant is required, it doesn't seem so bad.
> Since criminals didn't have this capability 15 years ago they couldn't use it to hide criminal activity.
The difference with an iPhone is not that it hides criminal activity but that it records it to begin with. There was no default recording of the content of communications. What loss have the police suffered that the information is now stored but unreadable when it was previously not stored at all?
> I mean, why draw the line here?
Because there is a difference between the police being allowed to do something and everyone else being obligated to facilitate it.
> "They are not asking for some general thing, they are asking for a particular case."
Was hoping Gates would be less naive in thinking this legal precedent has anything to do with this specific case which has close to 0% chance of providing any real-world information and more to do with the fact that this tragedy is used as political theatre and being exploited for maximum PR and political influence.
> "Should governments be able to access information at all or should they be blind, that's essentially what we are talking about"
Given the US Govt is coming from a position of no trust who've shown a willingness to over reach and break the law whilst continuing to deceive and mislead the public - US citizens have every right to privacy that's insulated from the Government: http://blog.easydns.org/2016/02/22/the-us-government-has-no-...
Yes, this is very naive. They're actually asking for a forensic instrument - asserting that it is for a one-time use is absurd on the face of it. The most thorough deconstruction of this argument I've seen is here: http://www.zdziarski.com/blog/?p=5645
That analysis is very informative about how forensic instruments are validated, but that procedure would only apply for information that the FBI hopes to present as evidence in a court. The assailants in this attack are dead, so there's nobody to prosecute (unless accomplices are found).
It seems like in this case the FBI wants to sift through the phone for leads into other potential terrorists, and they want to establish the precedent that no manufacturer should be allowed to add true unbreakable encryption to some device in the future, encryption that would preclude even what they are asking of Apple now.
Whether they have a right to that information in this particular situation, under current laws, even for the purposes of preventing terrorism, is a matter for the courts (probably the Supreme Court) to decide.
Whether Americans have a right to use personal strong encryption will have to be legislated by Congress, not by the bluster and propaganda of the FBI, Apple, and the tech industry.
His point is not about this particular case. He's saying that it has to do with a particular case, i.e. that the FBI is not asking that Apple install a backdoor on every iPhone.
Yes but that's not what's going to court - the FBI are asserting that they have a blanket power to request Apple to hack their own product. It's a matter of law, not specific to this case and the outcome will set a landmark legal precedent.
So BillG is really wrong to state otherwise. Matters of law are never just about a single case.
If the FBI simply wanted into this specific phone there exist companies that will do it, right now.
Even high-end hardware security modules are not rated against a competent attacker with unlimited resources, in physical control of the module, who can attack it destructively.
In fact, they must largely know there isn't any really important evidence on the phone so they have time to play these games.
<<Was hoping Gates would be less naive in thinking this legal precedent has anything to do with this specific case which has close to 0% chance of providing any real-world information and more to do with the fact that this tragedy is used as political theatre and being exploited for maximum PR and political influence.>>
Regardless of the merit of the case, I think it's pretty inappropriate that you are calling BillG naive. You really think that somehow you have more insight into the situation than BillG, who has access to pretty much any resource and source of information?
> Regardless of the merit of the case, I think it's pretty inappropriate that you are calling BillG naive.
Actions speak louder than words, I don't care who you are. In this case his words are adding to the dangerous narrative the US Govt wants this debate to be framed on: exploiting a tragic case of terrorism to unlock the legal precedent with 175 other phones waiting in the wings:
If he's not naive, he's been actively complicit as part of the "Old Microsoft" (before security of user data affected their global Azure business model) who was more than happy to provide what ever access they could to the NSA which saw "Outlook.com encryption unlocked even before official launch" and "Skype worked to enable Prism collection of video calls":
To play the devil's advocate, LE can get a court order to search your house, your car, your file folder, tap your phone, and so on, and that's viewed as fair by most people, since there are some checks and balances: they have to convince a judge (we're not talking about the secret NSA court stuff), and have to stick to some rules when they do it.
Why should they not be able to search phones on a case by case basis, with a court order?
That's something reasonable people are going to ask.
Edit: This is a pretty good analysis of why turning over a tool to the FBI is a terrible idea: http://www.zdziarski.com/blog/?p=5645 - but the FBI is saying they don't want that. The guy in the blog disagrees.
Let's say they meant what they said and everything stays inside Apple. Why shouldn't a court be able to order a search?
> Let's say they meant what they said and everything stays inside Apple. Why shouldn't a court be able to order a search?
It should be more than clear by now they're not asking for a single iPhone's data - (the iPhone data in this case is useless). They're asking for Apple to create a new version of iOS (i.e. that doesn't yet exist) that weakens their own security protections to provide a backdoor allowing the FBI to hack into the iPhone themselves, which a) sets a legal precedent, b) allows them to keep going back to Apple crack new phones c) gives them access to software with a back door they can study and reverse engineer.
The FBI have carefully chosen this case to go public on (specifically denying Apple's request to have the case sealed) precisely because out of all its pending court orders to unlock iPhone's, this is the one that stands the best chance to gain political and public influence necessary to set the legal precedent.
Once set, it will compel Technology companies to create tools to weaken their own security, using their own resources against them, forcing them to include themselves as an Adversary who they need to protect their customers data from. Not to mention if Apple is forced to concede to the US Govt, it will be forced to concede to other governments as well. China have previously demanded to have a master key for all electronics sold in China which they had to back down from due to political and public pressure, if Apple concedes to the US Govt other governments will undoubtedly be demanding the same.
He says it's BS, but it's kind of his word against theirs. Presumably, if the FBI says one thing and then asks for another, Apple could get the court to put a stop to it.
Like others have mentioned, Apple already have a way to get into any phone, and so far have kept it safe.
The frustrating thing about all of this is the blatant misuse of terminology by the media.
London resident. 7/7 killed 50 people and injured 700. Ten years have passed. The Troubles were worse.
'Terror' isn't a thing. It doesn't exist. 'Terrorism', does not exist. The real terrorists are the media companies and politicians that attempt to instill terror in the populace.
They try to craft this image of a world to be feared, with danger lying around every corner. Look around you. It's more dangerous for me to eat a Mars bar than it is for me to ride the London Underground, for fuck's sake.
There is a lot of evidence that terrorist groups are incredibly ineffective. Not just recent attacks in the US, but statistics world wide and through all of history. Gwern wrote a detailed essay on how incompetent terrorist groups are: http://www.gwern.net/Terrorism%20is%20not%20Effective
>9/11, the crowning incident of terrorism in those centuries, was equaled by just 29 days of car accidents in the US - and 9/11 was only accidentally that successful! 9/11 is also a sterling example of the availability bias: besides it, how many attacks could the best informed Western citizen name? Perhaps a score, on a good day, if they have a good memory; inasmuch as the MIPT database records >19,000 just 1968-2004, it’s clear that terrifyingly exceptional terrorist attacks are just that. Remarkably, it seems that it is unusual for terrorist attacks to injure even a single person; the MIPT database puts the number of such attacks at 35% of all attacks. Certainly the post-9/11 record would seem to indicate it was a fluke...
>Many terrorist organizations keep very detailed financial records (consider the troves of data seized from Al-Qaeda-in-Iraq, from Bin Laden’s safehouse, or Al Qaeda’s insistence on receipts), with little trust of underlings, suggesting far less ideological devotion than commonly believed & serious principal-agent problems. Stories about terrorist incompetence are legion and the topic is now played for laughs (eg. the 2010 movie Four Lions), prompting columnists to tell us to ignore all the incompetence and continue to be afraid.
OTOH, when in response, governments spend trillions invading other countries, killing 10's of thousands of innocent civilians, spending 100's of billions spying on its own citizens, and passing totalitarian laws to peek into the most private of peoples possessions, and bodies, then yes, terrorism is effective.
You're assuming that what the terrorists want is to e.g. have the US invade Iraq. You're assuming the terrorists want anything in particular, instead of being irrational criminally insane crackpots.
Unless by "the terrorists" you mean the people who make money when governments and people overreact to terrorism. For them it seems quite effective. But presumably they aren't the ones actually carrying out the attacks, they're just the ones exploiting the loss of human life to gain filthy lucre.
This is the thing right here. We should be expending more energy having a discussion on what constitutes real terrorism. It seems terrorism has become an excuse to bleed money from the general populace to fund initiatives to build police forces into local military units. It also seems that the media constantly spews the word "terrorism" for anything they believe they can monetize by drawing in viewers. To date, there have only been a small number of events that I can honestly say were terrorism, and besides 9/11, everything else has been at the low end of the scale.
(Fear for) 'Terrorism' is the Swiss knife of government/law enforcement. They can use it to justify/enforce ANY policy they would normally not be able to.
"Terrorism is an invention through which any two armed people can take over an entire industry, namely television, with the eager cooperation of its owners."
Tv is a cool medium of which requires participation. If the audience (public) are not "put on" to terrorism, that is not participating, the the power of idea will cease (and the secondary effects like the issue raised here).
So if government took a hands off approach to terrorism, opened our borders, let anyone fly on our planes, there wouldn't be an increase in terrorism? Is that what you're saying?
I'm saying that if the UK had open borders, we would be a better country.
I'm saying that if we could get on planes without spending hours in security, we'd be a better country.
I'm saying that your 'terrorism' is a farce. I don't believe in your 'terrorism'. Your 'terrorism' is an excuse to block good in the world, and to further evil, and I've had enough of it.
I'm saying that your actions, under the guise of preventing 'terrorism', have caused more terror. Your warnings to citizens to watch out - terror. Your pat downs at airports - terror. Your encryption laws - terror.
I am anti-empire, and anti-security theater as they come. But to say that all borders should be open, with absolutely no intelligence gathering and no consideration of massive migrant flows... this is one of the most blatantly child-like thoughts I've seen expressed here. There is a big gap between "Stop taking off shoes at the airport; stop launching drone strikes on weddings" and "No problems would arise from completely free movement between the vastly different cultures of east and west".
Why does somebody always have to go from one extreme to another...are you saying just if the government can't have access to all things in our private lives and spy on us in every manner then they are unable to provide any protecting and security on the borders, planes, and elsewhere?
Airlines don't just let anybody in. They care about not losing planes too. I'd say they have best information to balance out convenience of travel with safety.
This response really disappoints me. That seemed like he completely deflected the question and didn't answer. Im sure he measured his words carefully so that he wouldn't have to answer the inevitable, "will microsoft provide the same kinds of privacy protection as apple?"
Of course they won't. It doesn't even make sense to ask them for this. Microsoft serves the government. The contracts they get from this are a large part of their revenue.
Mr Gates reiterated his view that the issue came down to a debate about whether governments can get at data they use to protect citizens.
"Should governments be able to access information at all or should they be blind, that's essentially what we are talking about," he told the BBC.
Actually, the debate is whether the government should be allowed to force you to create something that does not exist.
I was under the impression Bill Gates does not speak for MS anymore. He doesn't work there and it would be horribly unprofessional to make promises on behalf of the current CEO.
>> Mr Gates said the case was similar to the requests regularly made to phone companies and banks for information.
No. This is a request to create something to gain access. If it were simply an information request I doubt Apple would complain much. AFAICT Apple got tired of secret requests to provide access to user information, so made things so they can not comply. To be clear, the authorities can still get a court order to gain access to your phone. They just need to compel the user to provide the access. That's hard in this case because the user is dead, but none of that is really whats at play here and I think Bill G should know better.
I kind of wonder if billg doesn't want the FBI bringing up all the previous work that Microsoft has done installing backdoors in their products for the US Government:
This is how it sounds to me. I think it is naive to assume Mr. Gates' character is so one-dimensional. He is a critical thinker; I'm sure he realizes the dichotomy he presents is BS. He wants to protect his legacy.
Mr. Cook, on the other hand, I truly feel is using this issue for a little free (minus legal fees) publicity, and to tell the FBI not to make such a big, public stink if they want cooperation. Like a contract negotiation.
It's easy to believe in someone who says what we want to hear, but necessary to question their motivations.
The debate has been ongoing since the Snowden leak, and even before that among people who were aware of the disclosures by William Binney, Thomas Drake, et al. Unfortunately, the general public has shown that they really don't care at all.
Tech and government people tend to have strong opinions one way or the other, but the "debate" has mostly failed since the broader public couldn't care less, except maybe defaults to "(do|don't) trust your President," depending on whether their chosen political tribe is currently in office.
I think many people do not understand. What seems obvious for us may be difficult to grasp even for programmers. Almost 20 years ago, I have received the virus "I love you" in my mail box. For me, it was obvious it was a virus and that it was "safe" to save it on disk and open it using notepad as long as I did not double click on it. I was very surprised that for most of my colleagues, it was far from obvious. I am not against giving powers to police, but for me, giving a backdoor is completely unacceptable.
People understand they're being spied on and feel powerless to do anything about it. Huge source them feeling powerless about it is that they do not understand how to respond to the matter using technology. That said, not understanding how something works does not mean they don't understand what is going on. If history is any measure of the future, they are right to be afraid and wary of saying anything.
I believe that people who know more fear more. And those who don't know simply aren't able to identify the threat well enough to take action. For now, the threat is relatively abstract (some dark agency somewhere maybe has access to some amount of computery things and might stalk me or whatever). And by the time the threat evolves into men with guns in their living room, it won't be associated with the current info wars. Assuming, of course, that true history remains accessible...
There's nothing "more" to know, people do not like being spied on and no one would sign-up to have someone watch their home if that meant everything they said was being monitored. People understand and are afraid to say something for fear that it will come back to haunt them.
I think your perspective is a valid one. However, I don't think everyone realizes they are actually being spied on or to what extent. The media says one thing (not always the same thing) and government denies it. I believe to many people that's enough controversy to avoid thinking too much about it.
And to pre-empt any argument that I may be too faithless about people's natural proclivity to protect themselves, consider something as as epic and clear-cut as climate change. I can't think of a better example of something so threatening to society yet so popularly disregarded.
I have the impression that the biggest problem is that these issues are not intuitively approachable anymore.
We have very similar issues with computer security. The majority of people have a totally different skillset and simply can't grasp these things. This is probably only getting worse as the technology behind our interfaces is getting increasingly unintuitive.
On the extreme end of this separation in our culture of specialists we may need a fundamentally new framework for trust.
And maybe it's these the trust issues causing all these nonsensical surveillance ideas at the moment — to get "more control".
Image what happens if AI robots are roaming the earth, causing all kinds of post-humanity questions, and nobody really understands what the fuck is going on anymore.
The future is probably both horrifying and glorious :D
You posit a very challenging idea. How does one create a "framework for trust" when experts can't effectively communicate their valid ideas because educating the masses is impractical or impossible?
Perhaps the goal is to re-establish trust in expertise. Something I believe has been eroded over many decades by talking heads and overly confident imposters.
How do you teach someone to recognize truth, even when they cannot verify it for themselves?
Or, gasp, not every person, even really well informed people, agrees with you. Not everyone sees this as a slippery slope. Not everyone thinks the FBI could later argue this is the same thing as built-in backdoors in software. Maybe we don't even think this is an overreaction to terrorism, bit instead a reasonable way to collect leads for any serious crime. Some people may even make the mental analogy of a small code change to any other simple assistance.
Or everyone who disagrees with you is dumb or a shill. Sounds like real sound reasoning.
"Not everyone who disagrees with you is wrong" sounds philosophically deep until you realize that in practice the people most commonly resorting that argument are climate change sceptics and flat earthers.
Because if there was a better argument than that to be made then that is the argument they would be making instead of resorting to the thing that can be used to justify anything.
All I've seen is people asserting there is a slippery slope, or that a dangerous precedent will be set. It's on you, not me, to make a case. And you completely missed the point, which is that it's possible for smart well informed people to disagree with you. Maybe you should come up with a convincing reason I should fear this FBI request instead of jumping straight to "you must be ignorant".
That's just the same thing as before. "I'm right because and therefore I don't have to prove anything" is not a convincing argument. You're the one wanting to require and prohibit things.
> And you completely missed the point, which is that it's possible for smart well informed people to disagree with you.
That isn't a point, it's an abstract statement that applies equally to anything. Don't tell me how smart you are, convince me why I'm wrong.
> Maybe you should come up with a convincing reason I should fear this FBI request instead of jumping straight to "you must be ignorant".
Because the precedent is what matters. Nobody objects to the FBI having access to this phone, the objection is to the FBI being able to force someone else to help them do it.
What happens when Apple makes an iPhone they themselves can't hack and then the FBI points to this precedent and says "we order you to hack this"? If they're allowed to say no then this case is totally irrelevant to both sides and will only happen once, because from here out that is exactly what would happen. But if the FBI can point to this precedent and nobody will be allowed to refuse then it would be a prohibition on making a secure device. Which is the thing to be feared.
Bill is no fool so he must be taking this side of the debate for tactical reasons - e.g. Microsofts huge contracts with the government, or perhaps something to do with his Foundation and keeping the govt sweet, or perhaps to do with Microsofts installation of back doors in the past. I suspect he has been leaned on to enter the debate. Not defending him, just trying to figure out whats going on here.
After a number of years using the same tactics, your tactics become you. Gates has been so thoroughly embedded for so long that being on the side of government and capital is not a tactic, it's just what he does.
Isn't the difference, whether they knew their victims? If you target certain people, its murder. If you target innocent (unrelated to the murderer) victims or don't target at all, that's terrorism?
Can someone who really knows it, please explain one thing for me? I've heard different statements and don't know which one is correct.
Can Apple - in theory - unlock that phone?
Is it
a) Unless there's a defect in HSM module (Secure Enclave) that allows the key extraction (like SEM data forensics or whatever), Apple just can't unlock the phone, because it's outside of their control.
I mean, I can readily imagine a system where encryption key is completely unknown to the OS, OS doesn't have any access (or has a write-only access using public key encryption) to the user data while the phone is locked, and encryption is performed by a tamper-resistant hardware, that won't do anything without a correct secret (passphrase) and HSM will irreparably erase key material after 10 failures (which is the behavior hard-coded into silicon).
or
b) Apple technically can unlock the phone by doing an OS update with a specially crafted insecure OS, but doesn't wants to do so, because it would create a bad precedent. I.e. the HSM isn't absolute and can be forced to disclose the key (or accept brute-force attacks) by the OS.
To put it simply: in theory, can Apple defeat their own security - if they would really want to - or not?
This seems to be a common question and I've seen it answered incorrectly a number of times.
The simple answer is that Apple has the key to sign software that will run on iPhone boot, AND Secure Enclave boot. Neither technically require the phone to be unlocked, and SE updates do not (currently) wipe secrets.
Lots of talk about 5c vs 5S onward phones, but Apple can remove bruteforce protections from all iPhones currently on the market.
The answer is B (though they can only update the software to remove bruteforce protections in this case).
(That said, I firmly believe that won't be the case for long)
So to clarify my understanding... i-whatevers have some sort of "trusted computing" bootloader or something... so can only boot a digitally signed version of the OS.
So even if the FBI dumped the firmware from the phone and found just the right branch instructions to flip to disable the time delay and data erasure... they couldn't deploy the firmware because it wouldn't boot.
Is that generally what the issue is? And if it is... wouldn't that mean that Apple is 100% correct in saying that creating such a firmware would allow "law enforcement" to do this to any phone in their possession (since they could install the same firmware on other Apple devices?)
Yes except the FBI wants to send the phone to Apple to do the hack and remotely access it so the firmware never leaves the building.
Apple's claim is that this 1) may be abused by authorities through subsequent requests and 2) is too dangerous to create because "cyber criminals" will try to hack them and steal it.
Abuse is definitely a concern, although one would hope that could be resolved through democratic oversight, rather than shutting down the ability of law enforcement to obtain digital records under most circumstances.
But as for the concern about getting hacked, I wonder if Apple is being a bit coy. They already possess the private signing key. That's already a super valuable secret that would allow criminals to install their own malcode. That danger already exists. It would be harder if the hacker also had to hack the firmware, but probably not harder than hacking Apple to get the private key in the first place.
The private signing key can and should be stored only offline. It's presumably only used when new OS updates need to be signed, and as a result it's fine to require manual intervention during that process.
By contrast, putting a device with the modified firmware on the network and allowing it to be accessed remotely makes it a much easier target than the private signing key. A compromise still isn't likely, mind you, but that's a pretty damn attractive target.
That's a good point about the private key never even touching a network.
Here's a thought: if the crack firmware does leak, and Apple becomes aware of it, could they just push out an OS update that rotates the signing key? That should effectively disable it, once updated.
What I'm getting at is this seems more about resisting government abuse / repressive regimes than technical infeasibility of limiting it to authorized users.
Depending on how it was done, they might still have to go through Apple.
But China/Iran/Russia/whereever could say: "You did it for the FBI, so you need to do it for us, too."
And the FBI could say: "You did it in that last case, so you need to do it in these other cases too."
And every local podunk sheriff in any jurisdiction could do the same thing, and there would be no end to Apple having to fight these things or do this work.
Not to mention that its customers would start getting harmed in countries where leaks of your private information can lead to your death.
That's not an argument against legal search and seizure.
If Apple doesn't want to be in that position, they shouldn't have put themselves in that position by retaining and requiring full control over devices via platform-level DRM.
The FBI is saying Apple should create a version of their firmware that only works on this specific device. I'm not sure if that's possible, though - if whatever ID they're checking can be spoofed on another device, they'd have a backdoor for all devices.
> i-whatevers have some sort of "trusted computing" bootloader or something... so can only boot a digitally signed version of the OS.
Yes.
> So even if the FBI dumped the firmware from the phone and found just the right branch instructions to flip to disable the time delay and data erasure... they couldn't deploy the firmware because it wouldn't boot.
Correct.
> Wouldn't that mean that Apple is 100% correct in saying that creating such a firmware would allow "law enforcement" to do this to any phone in their possession.
Only Apple knows the answer to this with 100% certainty.
It's (b) but they can't unlock the phone. They can make it easier to perform a brute force passcode attack against the device. The method to do this would be to restore the phone with a modified (and obviously signed) version of iOS that bypasses the passcode failsafes: such as wiping the data after 10 failed retries, and the exponentially increasing password retry delay.
The hardware imposes a limit of ~80ms on password attempts due to the nature of the hashing computations. So a four digit passcode could be brute forced in a maximum of 15 minutes if Apple were to install a purposefully hindered version of iOS on the device.
The failsafes as I understand it (from recent reading here) also include the inability to programmatically attempt login. As shipped, they will only accept such attempts from user input (keypad UI or fingerprint scanner).
Yes, someone with Apple's signing key can write new firmware to the device which disables the auto-wipe and PIN retry lockout features, which is what the Feds are asking for. Apple has never argued that it is impossible for this phone hardware with this OS version, which is why they're (correctly IMO) arguing that it would set incredibly bad precedent for a court to force Apple to create a tool to destroy their own security.
On a 6s that is not correctly(not sure with the 5c). Apple cannot just access a 6s. They have to use the password to get in, just like you, me, the fbi and everyone else does. Apple can only remove some of the things that makes guessing the password harder.
I wonder if his talk is just because of competition they have with apple or not. In my opinion he could just look at the problem more realistically and saying the monitoring should be in control of some judicial system that is different than current (return true) by default.
Also it is laughable that some people were saying these monitorings are going to be limited to terror act law.
Remember Government vs. MS case, where MS ultimately got what many people called a "slap on the wrist" [1]
I have nothing but a conjectures here, however, I always believed MS made a deal with the Government to give them a backdoor in exchange for far lesser settlement [2]
So I'm not surprised for Gates position here. It's mainly to justify his and MS earlier decision to give into the government's requests.
The real danger will be the actual coming threat.
Instead of their much trumpeted 'manufactured' stooge plots, our incompetent spies seem to be unable to effectively stop real battle hardened death zealots - despite near total surveillance.
Jails are surveilled in a panopticon way but rife with drugs and crime - so mass surveillance is demonstrably ineffective there.
The other worry is the nagging doubt that the fears of government are their political opponents rather than enemies of the state - our fears are not aligned with theirs.
That our political and surveillance classes are interested in power not our safety is continually evidenced by the horrifying way they use they blood of their own citizens to try to justify more political power.
Q.V. the recent attempt to link the crypto debate with the Paris atrocities or the invasion of Iraq.
So much of this conflict is manufactured by seeming negligence, the conveniently blind eye.
For instance: locking up a young disaffected drug dealer with the number 2 recruiter for Al Quaeda at the time (in France). Locked in the same jail cell together, a few years later the young recruit, recruits others and shoots a cartoonist.
In Bitter lake, Adam Curtis posits that Daesh/ ISIS was the product of a super jail in Iraq and much of the ground support of the conflict is from the local who initally supported their liberators but lost due to endless Whitehall red tape about compensation for farmers.
http://www.bbc.co.uk/iplayer/episode/p02gyz6b/adam-curtis-bi...
This is always framed as a conflict between the government and "the people" but it's every bit as much a conflict between the government and a handful of hundred-billion-dollar megacorporations. Some of these entities are going to benefit from having enormous quantities of data at their disposal, it's just a question of which ones.
Zuckerberg's sort of aloof reaction to Apple's plight is telling. If it were really about citizens' rights then he would be every bit as outraged as when the FBI orders Facebook to hand data over.
Bill Gates is an influential person and his opinion matters to many people. Some media outlets seem to claim he sided with the FBI. He denies this. It seems to me that he is trying to say that there is a way for Apple to decrypt the phone without providing a backdoor. What's interesting in my opinion is how these so-called independent media outlets are (deliberately?) misinterpreting his words to use the authority of Bill Gates to influence public opinion. I am not saying this is a move by the FBI, but ...
The real issue is that they are after more than one phone. The DOJ is after twelve others according to the WSJ and the NY DA has 175 phones he needs unlocked.
It is just the tip of the iceberg and it won't be long before someone pushes legislation through Congress mandating a back door or and end to encrypted devices being allowed on US cellular networks
Better yet, they are beginning to the story that the next terror attack will be on Cook's shoulders.
I propose to have a smart solution with encryption. For example you could give half of the access key to the local government (maybe 1/4 to courts and 1/4 to police force), other half to Apple. If both parties believe on the case, they unlock the phone. Maybe we can also include the international court.
Bill is the world's richest person. If he wants the government to backdoor us all in the name of terrorism I want the one to his wealth. It's not just the government access that's at stake but all the other people (i.e. criminals, other govs) who will use that access to take whatever they want.
Just as gates is trumping on about how it's an isolated special request for data from his competitor Apple the FBI just requested data unlocking from another 6 phones...
Here's a simple, troubling aspect. The U.S. Government and state governments (and, I'm sure, foreign governments) increasingly seek to purchase private data for mining, and to sell their data for revenue.
The former is used particularly to make an end-run around legal restrictions placed on their own data gathering. And to create a firewall against oversight, with the activities of concern taking place in private entities not subject to public oversight.
The latter is... well, many things, but it is particularly a political expedience; when you face opposition raising revenue directly, instead sell off some portion of the public good, as quietly as possible. (Remember, for example, state departments of motor vehicles (DMV) trying to launch plans to sell drivers' data, including photos, a few years back?)
And, with the "revolving door" and ongoing sweetheart relationships between private and public positions and power brokers, there is also a large incentive of private and personal profit now driving this, as well.
So. Government data collection is no longer really nor just government data collection. It is increasingly -- or, increasingly dominant and pervasive -- a collusion between extant powers for their own purposes.
I don't want to be locked out of insurance, a job, etc. because my "profile" doesn't score high enough, or I friended the "wrong" person on Facebook. Nor do I want this to happen to others.
In biology, advanced species exhibit increasing levels of autonomy from "the herd." Our species and culture needs to keep that in mind and the foster it; there is strength in diversity. And that is predicated on some autonomy and privacy. The ability and freedom to differentiate and to find new modes, new optimizations. And to find the simple happiness that fosters greater productivity, not to mention a better personal life.
As an analogy, no one feels particularly comfortable with someone "staring over their shoulder" constantly -- particularly with a critical or condescending attitude.
A happy life does not involve Big Brother guiding, constraining, and homogenizing your every step.
Can a government order a corporation to make a new product using considerable resources for the governments use.
What if an African government didn't like you giving out mosquito nets and said: no - you go to your factory and make us 10,000 nets and give the nets to the government, so we can give give it to our politicans and then if they so desire they can give it to the people so the government looks like a hero. Here's a court order making it so.
I wonder how safe the internal apple devs are that could build what the FBI is demanding. If the FBI can identify them, they might "disappear" if the FBI doesn't get their way from Apple.
But nah, our government would never do that, right? Only China and Russia, etc. Wish I really believed that.
“I hope that we have that debate so that the safeguards are built and so people do not opt — and this will be country by country — [to say] it is better that the government does not have access to any information,” he said.
WOW now this explains why Windows is so easy exploit and fatal security flaws were built in so that Bill could help his county. Seriously, this is a terrible justification it is a shame that he actually feels this is an appropriate response. Too bad he is that out of touch now.
Or MS already has custom-made backdoors for governments, and forcing Apple to put them in too would take away Apple's superior positioning when it inevitably gets leaked that MS has been doing this for a long time.
Wow, Bill Gates has an enormous financial incentive to diss on Apple over privacy in order to deflect privacy concerns away from Windows 10.
I found it disturbing that the corporate media covers this story with mentioning Gate's conflict of interest. We had General Electric (GE) News Network (also known as MSNBC) on all morning, they covered this story a lot, and never mentioned the conflict of interest.
Actually it is not what we're talking about, because they're not blind, they can use usual means of inquiry, and the technology. How comes already there are no firearm firing sound detectors, or remote-controlled drones with tasers in major streets to react instantly, ect...? There are ways to act which don't strip citizens from their power, as information nowadays is power.
A handful of people died because they lacked this power, and this will always be the case that people will die because of their lack of power, no matter what they have.
At the end of the day, there is 7 billions people, and only one world, one humanity, one future, so protecting the people from the government is more important than protecting the people from the people, at least as long as it stays manageable.
Every month, the world gets more peaceful, and more educated, we just didn't always have the internet flashlight. Making such a backdoor, it's another leak to oligarchy, because security and corporations can ally and spy the rest into uncompetitiveness. Ect... I will worry when I see blood on the street.