>In the physical example, according to the FBI's "just this one iPhone" claim, one would reasonably expect that the company could then destroy the hypothetical master key as soon as it's used. This makes sense in a physical world, but the analogy breaks down completely in a digital world.
Why not? Can't apple just delete it?
>In the digital world, you can't guarantee that the key hasn't been copied, and you can't guarantee that destroying the "original instance" of the key destroys all others.
You can't do that in the physical world either. But you can be pretty damn certain that it isn't done.
>The custom OS that the FBI is asking Apple to build will also take development time, and likely take more than one person to develop, meaning that if there's a security breach during the OS's development, any number of intermediate builds may also be stolen during development, before the FBI can even access the particular phone in question.
Apple already takes this risk with every since iOS release.
Yes, but leaks of pre-release iOS software can't be installed on locked phones as a means of unlocking them, so the risk is not nearly the same.
If you really want to carry this analogy to term, fine, I'll concede that you can't be 100% sure that a physical key wasn't copied before you destroy it, but then you must take into consideration the complexity of manufacture and duplication - if the complexity of duplication is high, and you only make one, and guard it at all times, you can have a fairly high confidence (barring ridiculous film plots) that the key you're destroying is the only one.
With digital things, the complexity of duplication is beyond trivial. One copy leaks, and instantly there are tens of thousands, if not millions of copies in all corners of the internet. Physical objects simply do not behave this way.
Are you kidding? Law enforcement across the country wants to use this on thousands of phones.
Even if it were truly going to be used only on one phone, there's still a risk that the signed software gets out. That risk is exponentially increased when you realize that Apple will be required to retain this software for responses to law enforcement requests indefinitely.
Why not? Can't apple just delete it?
>In the digital world, you can't guarantee that the key hasn't been copied, and you can't guarantee that destroying the "original instance" of the key destroys all others.
You can't do that in the physical world either. But you can be pretty damn certain that it isn't done.
>The custom OS that the FBI is asking Apple to build will also take development time, and likely take more than one person to develop, meaning that if there's a security breach during the OS's development, any number of intermediate builds may also be stolen during development, before the FBI can even access the particular phone in question.
Apple already takes this risk with every since iOS release.