Hacker News new | past | comments | ask | show | jobs | submit login
Apple Encryption Engineers, If Ordered to Unlock iPhone, Might Resist (nytimes.com)
468 points by IBM on March 17, 2016 | hide | past | favorite | 359 comments



Taking this further down the rabbit hole:

Suppose that only about 5 people can do what the FBI wants done. Suppose all 5 refuse, to the point of quitting Apple. Does the FBI now compel them to return to Apple and write the software or go to jail?

And what if one of those engineers says that he doesn't actually know how to do it; Apple only thought he could, but he actually can't. Now we get into territory of proving competency and capability.


They could be fined hundreds of thousands daily for refusing to act. We recently found out this happened to Yahoo in 2008 [1] via the FISA court. Apple shareholders wouldn't like that.

I'm pretty sure Tim Cook and his lawyer mean it when they say they will comply with the law. Apple engineers need not worry so much about quitting their jobs over this. If I were there I would stick with Tim Cook. Consider,

If Apple loses this case, this becomes a gigantic public debate where we scramble to enact legislation that removes this power from the government.

If Apple wins this case, and the government pursues anti-encryption laws, this becomes a gigantic public debate.

If the case is delayed for 2 years and goes to the supreme court, this becomes a gigantic public debate.

Regardless, since this is in the public sphere, whether-or-not-we-put-back-doors-in-phones is going to become a gigantic public debate.

The only way it doesn't become a big debate is if Obama comes out and says he's been informed on the issue and now realizes encryption in our phones is, on balance, a good thing.

[1] http://www.theguardian.com/world/2014/sep/11/yahoo-nsa-lawsu...


> this becomes a gigantic public debate where we scramble to enact legislation that removes this power from the government.

No such thing will happen. The public will forget this ever happened, and politicians will do nothing to prevent the government from doing this again.


Well, my tech-illiterate grandfather knows about this debate, and all he can understand is that the FBI has a terrorist's phone and Apple is obstructing their investigation.

He thought encryption was something we could easily ban, and he's a civil engineer. I walked him through it mathematically, then gave examples until he understood, but not everyone has a technical background.

We are losing because we aren't presenting an alternative public narrative.

We must educate the public on the necessity of strong encryption to the modern economy, and the danger of backdoors. Even getting them to imagine how the Soviets would have used this technology is usually enough to get the greatest generation and the boomers to at least think.

We won against the Clipper chip, munitions classifications, export grade encryption, 96-bit maximum key sizes, and SOPA.

We can win here.


The problem is people have a hard time of wrapping their head around the idea that an encryption backdoor, once created, is at extreme risk of being leaked to others and can not be contained.

This is something that I find is hard to explain to nontechnical people because it isn't intuitive of our understanding of the real world.

E.g. "If a bank can keep my money from being stolen, then surely you can keep this backdoor from being stolen, so stop complaining and just do it already!" -- As Trump would probably say when ordering it done, echoing the sentiments of many.


Point to TSA locks and the New York City master keys. Both systems are similar enough to encryption backdoors, and both systems have already been compromised.

NYC: http://daringfireball.net/linked/2016/03/12/new-york-1620 TSA: http://www.engadget.com/2015/09/11/tsa-master-baggage-keys-3...


It was 56-bit maximum key size btw.


And before that 40-bit RC2 and RC4 were the strength that was easily exportable, which was laughable.


I don't plan to let that happen. Do you?

I'll fight this as long as it's under discussion. Talk to your friends and family, contact your representatives and let them know you care.

If we as technologists, the only ones who understand the tech side of things, are silent, then yes this defeatist attitude will win.

We need not be silent.


My friends and family have largely disowned me as a "Terrorist sympathiser" over this and other similar matters - convincing arguments based in fact and logic are nothing in the face of loud and blustery arguments - if it was said on TV, or by a politician, it must be true. This holds in the minds of most.


> contact your representatives and let them know you care.

Unless you have a lot of money, your representatives don't care.

It seems like the only way to make progress is to support stronger encryption, with less of a possibility of engineering backdoors.


You may enjoy This American Life's episode on "Take the Money and Run for Office" [1]

> Dick Durbin: I think most Americans would be shocked-- not surprised, but shocked-- if they knew how much time a United States senator spends raising money. And how much time we spend talking about raising money, and thinking about raising money, and planning to raise money. And, you know, going off on little retreats and conjuring up new ideas on how to raise money. [2]

...

> Barney Frank: If the voters have a position, the votes will kick money's rear end any time. I've never met a politician-- I've been in the legislative bodies for 40 years now-- who, choosing between a significant opinion in his or her district and a number of campaign contributors, doesn't go with the district. [2]

The point is, if they are voted out they lose their jobs and income, therefore they must listen to voters. I'm not saying I support super PACs or anything, but I find it comforting to know that if we come together on something then we do have a role in the democratic process that is stronger than money.

[1] http://www.thisamericanlife.org/radio-archives/episode/461/t...

[2] http://www.thisamericanlife.org/radio-archives/episode/461/t...


So is there a super PAC that supports the agenda of encryption as a right? If not, should we make one?


We are! Sort of. Not a money-raising PAC, but rather a campaign to educate people about encryption in ways that are understandable by non-techies. A few of us plan to make a website and a fun campaign name. If you're interested in being involved, send me an email at stillastudent on google's email service.

Or make your own campaign. The more, the merrier.

There is also the EFF, and an organization called Fight for the Future which is currently running a campaign called Save Security. I'm in touch with both about working together. Tech companies will also lobby for stuff themselves. I'm not sure whether the likes of Facebook, Google and Apple are coordinating on this issue yet or not.

My thought is to do this campaign at zero cost and on donated developer time. I don't plan to register as a 501(c)3 or take donations. I'm hoping Obama changes his mind and there is no need for a campaign. But, if that doesn't happen, I hope we can present the facts to non-techies and share some reasonable arguments techies can use when talking with friends or family, or when contacting representatives. I've read a lot of good arguments online. I think it's just a matter of putting them in one referable location, and making them relatable to non-techies.


If that's not a propaganda piece, it's still anecdotal.


This is not true; there are any number of studies and interviews which have shown that elected representatives will only act in favor of donors if the voters are silent or supportive. No congressman or senator will ignore dozens of letters and phonecalls (, though there has been some debate as to the utility of e-mails).


I don't see why the myth persists. If money really did speak so loudly, Jeb! would already have clinched the GOP nomination.


Apple has $38 Billion in liquid assets [1]. Facebook has $18 Billion [2]. Amazon has $20 Billion [3]. Alphabet (fka Google) has $73 Billion [4]. Microsoft has $102 Billion [5]. In the last quarter of 2015, the largest companies by market capitalization were Apple, Alphabet, and Microsoft [6].

All of the companies I've mentioned have filed or joined in an Amicus Curiae brief in support of Apple [7]. If money mattered more than voters, then congress would have already passed a bill to satisfy the wishes of America's most financially successful company.

Why haven't they? Because money can only buy advertising and campaign staff. It can't buy votes and votes are what keep them in office.

[1] https://ycharts.com/companies/AAPL/cash_on_hand

[2] https://ycharts.com/companies/FB/cash_on_hand

[3] https://ycharts.com/companies/AMZN/cash_on_hand

[4] https://ycharts.com/companies/GOOG/cash_on_hand

[5] https://ycharts.com/companies/MSFT/cash_on_hand

[6] https://en.wikipedia.org/wiki/List_of_public_corporations_by...

[7] http://www.apple.com/pr/library/2016/03/03Amicus-Briefs-in-S...


Another take on this issue is that the FBI and NSA have a strong opposing interest. While they may not lobby in the same sense as Apple etc., they do represent law enforcement, which is an enormously powerful lobby in the US. So all those private companies are on one side, sure, but US law enforcement is on the other, and that's quite a fight (and one that law enforcement has been winning for a long time now).


But what is it that makes law enforcement a more powerful lobby? The average cop with several years of experience makes significantly less than an engineer straight out of college.


Unfortunately, any technological progress is hostage to public policy.

Unless the voting public starts valuing their privacy more, the government can simply legislate around stronger crypto.

They can mandate key escrow, ban encryption altogether, or be old fashioned about it and send letters demanding you hand over the private key. Don't like it? Go to jail.


I hate to break this to you, but the majority of people no longer remember the name Snowden. Give it 6 months and this will be such old news that you'll sound like a nut trying to get the majority of people to care about it.

The window of opportunity is short, and closing every day.


Oh, they remember the name Snowden, in the same way as their alter egos remember the name Goldstein. Snowden the great traitor, the demagogue, the terror-sympathiser, the subject of the five minutes hate.


I'm with you there


Most "technologists" who talk about this don't really understand the tech side of this thing.


You are absolutely correct.

I remember being told that I was paranoid when I had concerns about CALEA. I was worried that it would be used for purposes other than warrant-backed monitoring of actual criminals and criminal suspects.

Here we are, 20 years later and even though there's no evidence that things are quite as bad as I feared, it's certainly much more invasive than we were told it would be.

Even the most controversial and contentious of issues are quickly forgotten or mis-remembered by the public.

This IS the last stand on this front. If Apple loses, we all lose.


I completely agree. In fact there is already a mechanism for doing what they want done, generally. They get a search warrant, they get a judge to compel a suspect to unlock his phone, refusal results in jail time for contempt of court. There is prior law for all of that. Nobody seems to care that we are talking about doing the search without the judiciary. This is all purely for fishing. Either fishing or they believe that there are all these real life episodes of 24 being played out, which isn't true.


I'm not seeing any sort of "gigantic public debate." Sure, it looks that way from within our tech bubble, but let's be real: the overwhelming majority of people in the United States do not give a shit and could not care less. And among the remaining small minority, encryption is way down on the list of issues they care about and choose to spend time and mental energy on.

Further complicating things is the fact that this is a complex topic and most people (including almost all lawmakers and law enforcement agencies) are too ignorant to understand the important nuances, and they have no interest in changing that because, frankly, encryption is hard.


> too ignorant to understand the important nuance

Lindsey Graham came around. Sam Harris changed his point of view after a fairly combative initial stance against technologists.

We will never know if we can inform the public unless we try. There are some good analogies out there supporting encryption. Use them. I recommend the one from Sam Harris' third video on the subject. There is also the whack-a-mole argument.

Honestly, the biggest thing standing in the way of the public being informed is not the unwillingness of the public to listen. It's the technologists' unwillingness to try to educate them.

I understand your trepidation. In life, we scientists are often ignored. But sometimes we are right and I do feel if we push hard here we can figure out ways to reach people.


The technologists are constantly ignored by the populace, and major news outlets have been braying about this for years, Snowden being the most recent gigantic newsworthy event where it was in-arguably shown the united states spies on us way more than it lets on, and we should choose encryption if we value our privacy.

What is the outcome of this major revelation? Much of the public thinks no different than before in regards to government spying or encryption, and security practices are not fundamentally different even after years of media advertising what happened. Many people don't even know the significance of Snowden.

We should definitely push harder for the correct stance on encryption but I cant help and think your hope is a bit pollyannish.

How many interviews did Tim Cook give again? How many news outlets brayed this at the top of their lungs? https://www.google.com/search?q=new+york+times+apple+fbi&ie=...


Snowden and the NSA dragnet are a bit more abstract than a personal right to encryption on a device in ones ownership.


How so? To me, dragnet surveillance is a lot easier to explain and conceptualize to non-techies than personal encryption. And I use encryption on all my devices (except my android phone, it's still running 4.x)


One aspect is the difference in opponent. Until recently most people thought NSA-level surveillance only applied if you were a national security threat like Osama Bin Laden.

In this case we're talking about the FBI wanting access for regular police cases. That touches way closer to reality for many.


> I cant help and think your hope is a bit pollyannish.

See, it's words like pollyannish that we shouldn't be using when engaging the public. Only kidding. But I did need to look that one up. Thanks for making me think about it. I'd say it describes me well.

If you think that is a worthless way to look at the world, then that is my problem right? What skin is it off your back?

Regardless of whether you see good in other people or not, the fact is people can and do learn about things and change their points of view. You can't point to an uninformed mass and say they are incapable of learning. En masse, yeah I agree, we can't flip a switch, but that's the way it should be. People have their own brains and should use them. We just need to present the facts about encryption in a manner that is clear for non-techies. I think there are a lot of ways to do that. If you aren't up for it, that is your decision and I support you in that.


What was sam harris's point of view?


Oh his is great! I couldn't summarize it sufficiently.

Basically, he did a complete 180.

You should listen to both his first [1] and third [2] podcast on the subject. In the first one he really lambasted supporters of encryption, and in the third he changed his view completely.

He quotes a good analogy here [3] and concludes his thoughts with a final opinion here [4]

I don't fault him for his first podcast. He came up with a reasonable point of view given the facts he understood. And when presented with new information, he changed his mind.

[1] https://www.youtube.com/watch?v=ZQAmlVFjJ9k

[2] https://youtu.be/9HK4IBscfMQ

[3] https://youtu.be/9HK4IBscfMQ?t=2m33s

[4] https://youtu.be/9HK4IBscfMQ?t=4m50s


Thank you! Can you also link the second podcast?

Edit

Here it is: https://www.youtube.com/watch?v=Yp6IhjK75oE


[flagged]


We ban accounts that comment like this, so please don't comment like this. Instead, comment if you have something civil and substantive to say, and not if you don't.


Not at all. I'm saying the opposite.


When you look at how well protected Americans health records are, and how judges have said a search of your person doesn't extend to your phone, I think you are entirely wrong to suggest this doesn't extend beyond the tech industry.


You're correct as everything is dependent on the tech industry. That's part of why this is such an important fight for Apple, because it directly effects just about any industry that requires privacy these days.


It doesn't even seem like "gigantic public debate" among the technological groups. There is very minimal amount of actual debating happening.


Exactly.

People are already aware. It's being covered in all forms of media, across all demographics. Awareness and understanding are wildly different concepts. People are aware, they just don't understand. The public can't be properly educated in the matter, because it's so nebulous and complex that it requires dedication to understand it. That goes for most of the issues we face as a society.


That's so defeatist. How do you know unless you try? You are the one with the knowledge. Try!


No, its acknowledgement that sometimes the few are left to defend the rights of many. This is how it works in a lot of areas. If Apple loses this round, our best hope is they push this debate to the SCOTUS and set the proper precedent there. Educating the masses isn't going to change much, as we have no say in the current system.

Think about this: Do you think the President, or any of the candidates, know much of anything about technology? Do you think they understand the intricacies of encryption? Would they even be able to name standard cypher suites? No, because that's not part of their education or job function. They rely on the few, their advisors, just like they do with most major issues.

I've seen your comments on this story, more power to you for wanting to start a grassroots education movement. I've also seen you muddy the waters with making comments about anti-encryption laws; this is an extremist fabrication on your part and not part of the actual current issues. As I've said elsewhere, directly in response to you, the outcome may be similar but the approach is completely different. If you manipulate outrage to reach your desired goal, you're just as bad as they are. You could've taken the time to read my other comments about this before declaring me defeatist, but instead you jumped to conclusions based on a small sampling; is this what your education is about?


Do you think the President, or any of the candidates, know much of anything about technology? Do you think they understand the intricacies of encryption? Would they even be able to name standard cypher suites? No, because that's not part of their education or job function. They rely on the few, their advisors, just like they do with most major issues.

How far down the advisor and lackey chain do you need to go before you get to someone who does understand the intricacies of encryption? Can name the standard cipher suites? Because I bet none of the advisers to the candidates or POTUS know those things either. This is not any of their jobs either.


Which is the larger concept I'm trying not to expound on too much.

Complete government reform and transparency are what is needed to correct most of the huge problems our world faces. Who has the ear of the king, can they be trusted, are they qualified, who has their ear, etc.


> If Apple loses this round, our best hope is they push this debate to the SCOTUS

[editing what I wrote, I missed something you said]

I believe our best hope is to start informing the public about encryption so that when more laws about encryption start appearing, then they are knowledgeable enough to let their representatives know how they feel about it. The idea is to inform enough so that the government is unable to spread FUD and an alarmist view that we will be safer when US phones have back doors. Because we won't. Other encryption tools exist that are not governable by the US.

[end edit]

> Think about this: Do you think the President, or any of the candidates, know much of anything about technology?

No. I've been thinking this for 8 years since patent trolls started becoming a nuisance. I'm happy to see we now have a couple of computer science graduates as representatives, including Ted Lieu who has been pretty vocal on this DOJ vs. Apple case.

> because that's not part of their education or job function

Hmm. They're supposed to have advisors or lobbyists for this. My argument is, in part, tech is missing a sufficient amount of those in the White House and DC. There can and should be more.

> I've seen your comments on this story, more power to you for wanting to start a grassroots education movement. I've also seen you muddy the waters with making comments about anti-encryption laws; this is an extremist fabrication on your part and not part of the actual current issues. As I've said elsewhere, directly in response to you, the outcome may be similar but the approach is completely different. If you manipulate outrage to reach your desired goal, you're just as bad as they are. You could've taken the time to read my other comments about this before declaring me defeatist, but instead you jumped to conclusions based on a small sampling; is this what your education is about?

Sorry hold up a moment here. Since when is providing facts muddying the waters? In most of my comments I'm citing sources directly. I also welcome debate. There literally are laws on the table at the state level in NY and CA that would require phone manufacturers to only sell phones that are decryptable when they are sold. Is it muddying the waters to call these anti-encryption bills? What would you call them?

I certainly wouldn't call what I wrote extremist.

I'm sorry if you're offended by what I wrote. I have no control over that. You are the one claiming the populace can't be educated. I have difficulty seeing how a person who clearly benefited from some form of education growing up can stand by this particular viewpoint. However, I do respect your opinion, and I apologize if I missed some of your remarks and mischaracterized your position. HN doesn't have any notification system for comments, so I probably miss some. I can't be expected to read every comment from one user before I respond to one of their comments can I? Please feel free to email me if you would like to discuss it further, or I can talk on the phone.

I'm not trying to manipulate anybody. I'm saying, let's put facts on the table and let people decide for themselves. If some people choose to ignore the facts, that's fine. If some technologists don't want to participate in sharing the facts, that's fine. But what's wrong with encouraging technologists to try? Again I welcome criticism of any of the words I write. If I'm being biased in some way I want to know about it, because if I appear biased here on HN then it will be more obvious to the layperson.


Shortish response here. You didn't offend me, man, and I don't stand in opposition to your ideals. What bothers me is that you're advocating public education whilst providing inaccurate narrative. You, yourself, have suggested education through analogies; that in and of itself demonstrates that the concept is too complex for proper education. You have to simplify it, which belies and confuses the depth of the topic. No, that's not anti-encryption law. Anti-encryption would mean there is no encryption, which will never happen; instead it tries to force backdoor encryption which could have a similar effect but is not the same thing. This is the fallacy of trying to simplify the concepts for the masses, and a byproduct of our modern media and information dissemination.

The narrative you've put forth is: "They're trying to remove encryption entirely so we aren't safe." when in reality it's "They're trying to backdoor our encryption, which makes us feel safe even though we aren't". The former conveys an obvious threat, while the latter conveys a much deeper and nebulous threat. I have to explain this concept to you, and we're both invested in the industry and the technologies involved; Do you think grandma is going to be aware of it, understand it, and take meaningful action? Considering the long and continuing overreach of TSA/DHS/FBI/NSA, the odds are slim. That sucks, but it's a reality. Your narrative wasn't an intentional manipulation, but an accident due to inaccuracies and misrepresentations; all too often the people on the other side do it intentionally.

I agree there can and should be more educated people responsible for legislation in the government, but that's part of a larger problem; The need for complete reform and transparency. The system in its entirety is broken and ineffectual and that's not likely to change any time soon. While we vote for a candidate, we elect a cabinet we usually don't even know about until the election is over. Think about that for a second. Now add in the fact that modern law enforcement will break rules first before being eventually regulated. The FBI and NSA have learned to follow the curve we've been using for years: Technology and innovation outpace regulation. This is just one tiny aspect of the overall complexity of this one single problem.

I would say it's not that technologists don't want to participate, it's that we have learned to direct our focus and energy to where it has the most impact; or realize that we don't have control to exert and choose to support those that do.

You, sir, keep being awesome and do what you feel is right. Just make sure you don't oversimplify massive problems for the sake of spreading awareness. That leads to people starting fights with misinformation; drugs are bad, muslims are terrorists, poor people are lazy, etc, etc.


Thank you for challenging my thoughts on the subject. I'll consider what you write here as we come up with messaging. I agree with characterizing the situation as pro/anti back door rather than pro/anti encryption.

Note that this is still an analogy. For better or for worse, analogies are used often in education. They're not the whole picture but they are a tool or gateway to other knowledge, if you will.

Anyway thanks again and I look forward to more critical feedback from you should we get a site off the ground. I can't say I'll necessarily agree but I will try to read and consider what you write.


> They could be fined hundreds of thousands daily for refusing to act.

Apple's revenue is $658 million per day (2015), not sure if they care too much about "hundreds of thousands".


The feds threatened Yahoo with a fine of $250,000/day, _doubling every week_. It doesn't take long for that to become astronomical.

https://www.washingtonpost.com/news/the-switch/wp/2014/09/15...


How does the government merely name a number out of thin air and the company now has to pay it? Can the government just declare the moon to be their property tomorrow? How would they enforce the delivery of these funds?


At its core, the government can enforce arbitrary declarations because they have the ability to use force against those who don't comply - ie; they control the prisons, the police and the armies.

"Political power grows out of the barrel of a gun" - Mao Zedong


At the same time, there are numerous historical examples of non-violent non-compliance nullifying that power. For example, when the Danish just refused to help the Nazis to isolate, persecute and exterminate Jews in their country, the Nazis weren't actually able to do all that much to change that.

People at Apple just refusing to assist the government is, in a way, the government's worst nightmare: it shows just how little power they actually have.

Some weak forms of political power grow out of the barrel of a gun. True power grows from the consent and support of the governed. Withdraw that consent, and the gun is shown to be a pitifully ineffective tool of government. Maybe this is a historical lesson we need to re-learn.


Or to put it another way:

"You don't really own anything that you couldn't carry at a dead sprint while firing an AK-47 over your shoulder."


I dunno, it seems a bit like saying the dollar has value because of the gold in Fort Knox. Possibly it was once true, and it provides a pleasing sense of solidity to an intangible thing, but the scary reality is that it's largely down to social convention. If enough people rejected the legitimacy of government wholesale, its power would evaporate and brute force would not restore it.


As Max Weber would say, the government has a monopoly on the legitimate use of physical violence.


That's not a very insightful definition because it pushes the question to what is "legitimate".


Some governments may claim such a monopoly, but in the most parts of the USA, at least, private citizens have not completely delegated their right of self-defence through physical violence.


> How does the government merely name a number out of thin air and the company now has to pay it?

Presumably it is not a random number, but is calculated based on factors like the company's revenue. A $250k fine would kill most small businesses. Google/Apple could pay it indefinitely without breaking a sweat. So it makes sense to me that the fine has a very wide range depending on the situation.

> Can the government just declare the moon to be their property tomorrow?

No. The United Nations Outer Space Treaty prevents nations from claiming the moon as territory (although the US could withdraw from this treaty, wait one year, and then claim the moon).

> How would they enforce the delivery of these funds?

The same way they enforce collection of taxes. Bank accounts can be frozen, property can be seized, perhaps corporate leaders could be arrested for brazenly ignoring an order to pay.


Haven't there been situations in which government fines can increase exponentially? If something like that applied to Apple it could drive them to bankruptcy very quickly. In theory at least; not sure if the government would actually do that.


revenue != profits.

Will people please stop quoting revenue figures for things like this.


Their profits are still in the dozens of millions, per day. Will people please stop splitting hairs?


1 order of magnitude difference isn't my definition of splitting hairs


Apple has quarter trillion dollars of cash on hand. Without calculating interest or expected value, at 100k a day, Apple could hold out for over a millennium.

I'm sure Apple has a legal army gaming out each one of these scenarios.


> Apple could hold out for over a millennium.

No, it doesn't work that way (see the post from dolske 7 hours ago):

https://news.ycombinator.com/item?id=11310214

Under these rules in only a few months all the money would be gone.


My point was that Apple swings a big stick in this argument.


$250B can buy a lot of members of congress.


Your nativity on how "criminal justice" and law enforcement works is kinda astounding to me.

If a judge orders an injunction against these citizens and they don't comply, he won't fine them, he will jail them, which is an incredible hardship, esp. against people not used to the prison industrial complex and its dehumanizing effects.

Perhaps sitting in jail for weeks or months will endure these guys to the IT masses as martyrs-to-the-cause, but I would fully expect them to cave after a little while.


Can the court order you to do something you don't know how?

If you can show these people would know how to do it, then it must be common enough knowledge that the courts could find someone else.

If it is highly specialized knowledge that only these people might even know, then you can't prove that they do know how to do it.

Either way, you can't justify forcing them to do it. And it is if we are even fine with slavery to begin with, which I'm not.


I think he meant Apple will be fined. The engineers, if directly ordered by the court to "fix" [0] the software will be charged with contempt of court, and jailed.

[1] I mean this in the sense of to deal with or correct a problem, and also to influence the result by improper or illegal methods


That's when it gets interesting.

Creating code is not like being compelled to testify. Is the DoJ going to have a prosecutor ask them "Now what would be the next line of code?" until they get a working tool?

The coders have an excellent case against them being jailed. The government has already stated their fallback position - that they want Apple's source code and signing keys. Apple will probably at that point secure their signing keys and code, perhaps by moving them offshore.

It will be interesting to see if some defense contractor can make head or tail of Apple's code, build system, etc. That could be a comedy I'd pay to watch.


The developers need to talk to their own lawyer about the future. If they stay at Apple, the firm might pay for their legal costs. But if they leave, they'll have to pay their lawyers themselves. Even if someone like the EFF comes in to defend them pro-bono, they're going to be out of work and un-hireable (no company is going to take on that potential liability).


There is good evidence that public debate is starting to turn. Senator Lindsay Graham, a national security hawk, is beginning to state reservations with the FBI's strategy. That's a big deal: https://youtu.be/zsjZ2r9Ygzw?t=14m30s


"They could be fined hundreds of thousands daily for refusing to act. We recently found out this happened to Yahoo in 2008 [1] via the FISA court. Apple shareholders wouldn't like that."

How does that work if say someone resigned some months before the events of the terrorist attack from Apple? And they still refuse to work for Apple? There's no legal obligation for me to work for Apple or anybody in the US Constitution. All I got to do is pay taxes where applicable. Taxes don't include writing software for a random agency.


What if Apple moves their HQ out of the country...


There is no place to go.

We need to fix here because we actually have a shot of fixing it here.


Iceland with its pirate political party, and it still belongs to the European Economic Area, or Ireland, which has a growing tech sector, and it is part of the EU. Ireland is a tax-haven too. The U.S. government complains about Apple's tax havens, but the revenue lost by this move in jobs, and money in the U.S. is quite a bargaining chip.


Julian Assange set up shop outside of the US, now he lives in the basement of an office building.


Julian Assange isn't an American citizen, so why would he have ever "set up shop" in America?


I made my point less clear by trying to be concise. I just meant that in a lot of ways the influence of the United States isn't limited by its borders.


If they charged Apple a million dollars a day... They could just pay indefinitely and still be in a comfortable financial position...

The expense may actually prove valuable as their willingness to "pay the cost of defiance" might make them seem more appealing to customers and increase the value of their products.


> If they charged Apple a million dollars a day... They could just pay indefinitely

It doesn't work that way:

"dolske 7 hours ago: The feds threatened Yahoo with a fine of $250,000/day, _doubling every week_. It doesn't take long for that to become astronomical."

In just 26 weeks it's 16 trillions per day if I calculated right.


I doubt they could be fined. The government can not force someone to continue to be an employee of a company.

Please cite me an example of somebody who hasn't broke the law being forced to work against their will for months to do something as an employee.


This is actually very simple. The state can just harass them into compliance. Tools at the state's disposal include but are not limited to:

#Legal:

* Judge orders them to comply, if they refuse they can be considered to be in contempt and incarcerated for a de facto arbitrary period of time at the judge's discretion (vide https://en.wikipedia.org/wiki/H._Beatty_Chadwick incarcerated for contempt for 14 years just because the judge suspected he had funds that apparently he didn't have, also Terrell Geiger http://articles.chicagotribune.com/2011-10-07/news/ct-met-lo...)

* Civil forfeiture. The state can just de facto steal every single item those people have and leave them unable to fight that in court (not that it would make much difference)

* Involuntary commitment. They can just be committed into a psychiatric institution where they can be drugged against their will and even tortured. This can be extended to an arbitrarily long period of time

* They can have their children taken away

* IRS can just accuse them of an astronomical tax debt, take all of their possessions and leave them effectively unable to get legal representation (not that it would make much difference)

#"Illegal":

* Just detain them in a secret facility and do with them as they dam well please

TLDR: The state does with you what it damn well pleases and there's nothing you can really do about it. Granted this usually doesn't happen but that's just because the stakes usually aren't that high.


What?

Yes, a judge could hold them in contempt and jail them for some time. That's the only legal option.

It's possible they could seize some assets as part of the contempt charge, but there are already plenty of legal groups that would jump at the opportunity to represent them pro bono.

The other suggestions you offer are, to be blunt, those of a conspiracy nut.


> Yes, a judge could hold them in contempt and jail them for some time.

Not some time, there's no limit. It can be extended arbitrarily.

All the others points I made in the legal section are indeed legal and have been used in the past though they are indeed unusual.


For the time limit, yes and no. Jailing someone who is held in contempt is done as a coercive measure. If the need for the person to do something passes, they can't continue to be held. Could they theoretically be held for 20 years? Sure. But that type of action is extremely rare and isn't likely to happen here.

The FBI can't take away the person's children. --Even if he's put in jail, the other parent would retain custody. The FBI would have to convince social services to remove the children from the home, and family court judges aren't overly likely to go along with that.

The FBI could potentially convince a psychiatrist to have a person involuntarily committed for a short time for observation, but they can't force any doctor or hospital to put the people on drugs or otherwise force some form of treatment on them if there's not diagnosis of mental illness.

The FBI doesn't get to tell the IRS to make claims about a person owing an astronomical sum. I suppose they could fabricate evidence and give it to the IRS, but then the individuals responsible would be performing illegal actions and risk being sent to prison themselves. Most members of the law enforcement community are decent people and aren't willing to do that type of stuff.


> But that type of action is extremely rare and isn't likely to happen here.

Given the importance of the situation it seems it is very likely it is going to happen just here. It's up to the judge(s).

>and family court judges aren't overly likely to go along with that.

It's up to the judge(s).

>The FBI could potentially convince a psychiatrist...

This is just redirecting pressure to a different person, keep doing it until you find that someone who will buckle.

> Most members of the law enforcement community are decent people and aren't willing to do that type of stuff.

Just like above, most are honest, but you only need one that isn't.

If you think all of those are impossible by the US government, take a look at you know where, where torture doesn't happen, and no-one was prosecuted for torture that didn't happen.


Exactly, it's this kind of nuance people so often miss.

Black and white thinking. The government does something you disagree with, so suddenly now it's natural to expect them to wield literally every tool of state power against you to make that happen.

The government, after all, is not a singular entity. Its made up of many checks and balances and institutions that often act in disagreement with one another.


It is legal to accuse someone of an astronomical tax debt and take their assets, I do not believe it would be considered legal for the IRS to make that accusation without papers showing the work they used to arrive at the accusation, and it would not be considered a valid chain of reasoning 'because the FBI asked us to'.

This, and other techniques you describe, have been used by the FBI in the past but as far as I know only against the relatively powerless. It seems silly to think the FBI would do it in this case.

If the FBI started doing that to employees or ex-employees I suspect Apple would leave the U.S.


This is spot on, and this is why bulk surveillance is so dangerous. It would not surprise me to know that the FBI has already started following/spying, and tasked the NSA to electronically monitor key Apple representatives and their lawyers. If they can find anything shady, they can then use that of individuals to try and use that as leverage.

The key point here is that if the USG find a way to force Apple and Apple engineers to do this work then the government, by default, they must have too much power.


> If they can find anything shady

This is always better but they don't even need to find it. That's just a bonus.

They can just fabricate it. Assange is still in effective house arrest because someone apparently was a victim of "sex by surprise".


Oh please. He did something wrong under Swedish law. That's pretty obvious. Of course he is still there in his little room because of dirty politics. I am sure he would have taken a fine or whatever in Sweden if he were not afraid of being extradited to the US.


> The state can just harass them into compliance.

If that were actually implementable against large powerful corporations universally, we would not have had a bailout after the derivatives bomb. As it is, not even the ratings agencies got nicked.


What? No. More than half of those things cannot be done in this case. You're being paranoid.


They'll go to jail. That's the cost of resistance in a totalitarian society.


You do go to jail, usually just court house holding, for contempt of court.

That doesn't mean your due process rights disappear. You can challenge the warrant and the applicability of the All Writs Act all the way to SCOTUS. You can even still file a writ of Habeas Corpus.

You can even say that you forgot how to make the modifications. The onus is on the DOJ to prove you haven't. Awfully hard to prove what's in a man's head.

You could even argue that there's potential criminal liability (e.g. state wiretap laws) in your assistance, and invoke the Fifth Amendment. It's also awfully hard to prove that a man has definitively not committed a crime.

Best and most commonly, you can convince the judge that as a matter of conscience there is no amount of time in jail that will convince you to comply with the court's order. Thus holding you in custody serves no judicial purpose, and you are free to go.

This may be one where going to jail out of protest is necessary. I say that as someone who faced felony charges that were wholly fabricated, and was offered deal after deal, but I told them I would never take any deal because it wasn't right. I've never forgotten the look I got in response on the prosecutor's face.

I've got a feeling, however, that the FBI has made a grave PR mistake here. People have such a personal connection to Apple. A huge portion of the powerful population holds considers their iPhones their most significant inanimate posession.

Holding the makers of these devices indefinitely in a jail cell, without trial, might finally connect the American populace to the fact that they have just witnessed the largest scandal since... probably post-Vietnam.

This is a moment that where history turns on the decisions of a few. And people have been known to sacrifice far more than time in U.S. prison for ideals far less worthy.

If the warrant is upheld, it will be a very individual decision whether to comply.

Resistance has power, even under far more hostile governments than ours.

I'd like to think I wouldn't. But truly I don't think anyone can really know that until it's real.

--------

If anybody from Apple happens to read this:

You are already naked. There is no reason not to follow your heart. - Jobs


Solzhenitsyn had a good one, on similar lines:

You only have power over people as long as you don't take everything away from them. But when you've robbed a man of everything, he's no longer in your power - he's free again.


Anybody who actually went to jail for conscientiously objecting to this would be making one of the smartest moves possible in their career. They'll go down in the history books, their jail time will be minimal, and they will be a celebrity / employable in the security community for decades.


History is written by the victors, and you assume that we will win.

An equally likely outcome is that we lose, they end up known in the future in the same light as Guido Fawkes - you know, that guy who fought for freedom of religious association and an end to oppression based on your flavour of christianity some three hundred years ago, who we still get children to burn in effigy every year.

Or more likely they're completely forgotten and ignored, and our grandchildren can't even imagine a world in which your boss doesn't know your most intimate personal details, for the word "private" no longer exists.


Most of the world recognizes the Guy Fawkes mask as the symbol of Anonymous now.

In fact, I'd say the Nov. 5 plot immortalized his ideas and spread them far wider than their original audience and circumstance.

I'd say the gunpowder treason is far from being forgot.


Ah, but do you remember "Burn him in a tub of tar, burn him like a blazing star, burn his body from his head, then we'll say ol' pope is dead, hurrah hurrah hurrah"?

Everything is viewed through the lens of relativism, of course, but history has repeatedly shown that great men are viewed as villains, villains as great men, and very little of what you "know" is in any way actual. This reality is as fabricated as a film.


I remember him, and his goals. (Guy Fawkes may not have been the best example.)


We don't live in a totalitarian society.

We live in a society which is governed on the idea of the Rule of Law.

Big difference.


Soviet Russia was "governed on the idea of the Rule of Law".

North Korea is "governed on the idea of the Rule of Law".

Germany and Italy were "governed on the idea of the Rule of Law" in the 30's.

Franco's Spain was "governed on the idea of the Rule of Law".

Shall I go on?


No they were not...none of the examples you gave were democratic Republics that were based on the Rule of Law, so I'm not sure what's to discuss here.

Comparing the US today with Soviet Russia under Stalin or NK under Kim is so ill-informed its impossible to process.


North Korea is known as "The Democratic People's Republic of Korea". All of the others listed self-identified as democratic nations in the respective periods I refer to. In the USSR, the Communist party was "elected" time and time again, in "democratic" elections. They had a "mandate from the people".

To completely disregard any comparison because "they're bad and we're good" is so dogmatic and jingoistic it's impossible to process.

Edit: And I see in a parallel comment you say re: the US justice system "They (the courts and prosecutors) Do What They Want"

Would you really quantify that as the rule of law, or as arbitrary rule?


And to try and stretch a comparison simply because they have the word "Democratic" in their name is so ignorant of reality that it's impossible to process.


> Would you really quantify that as the rule of law, or as arbitrary rule?

It's somewhat arbitrary within a pretty solid framework, if you want my opinion.

My OP and this thread was about macro-level rule of law, my other comment was micro-level obviously.

No one is talking about "bad and good" here, I'm just saying you cannot compare them as you have attempted to do, as the fundamental differences defy equivalence.


totalitarian

>of or relating to a system of government that is centralized and dictatorial and requires complete subservience to the state.

When the rule of law says obey or else, then it is totalitarian. You can't just point at some other government and say "But they are worse."


does the FBI now compel them to return to Apple and write the software or go to jail?

I can't imagine any way in hell that would fly. The only remotely conceivable path to doing something like that would be to have Congress implement a draft, and draft them into the military. Anything else would almost certainly violate the 13th and/or 10th Amendments to the Constitution. And the draft thing is probably a stretch as well, especially in the absence of a declaration of war.

Then again, I never put it past the US government to try anything, no matter how illegal it is.


I sure can, and fully expect it to eventually happen, unfortunately.

The sad part is, As Tim Cook said, all this will do is push the bad guys to use an encryption app from somewhere else.

I have a good deal of experience in the US criminal justice system, and the one thing everyone I've met and done time with inside the system, from bank robbers to drug dealers to murderers say is, in the end, "They (the courts and prosecutors) Do What They Want"

In fact its such a common saying, its almost a running joke inside.


Unless you can afford good lawyers to put on a good defense. Then you get a Netflix show.


These Apple engineers will probably be able to afford pretty good lawyers. Heck, some good ones might offer to do this pro-bono, just because it could be a reputation / career maker.


Yes I will agree to that, no doubt, and its a very good point.

I was definitely talking at the Public Defender level.


You're in the territory of outright slavery. That would be a new low on all fronts.


There seem to be a whole bunch of people waving around odd ideas.

The idea that this would be a new low is ridiculous if one takes the time to consider conscription.

If you don't like that the government can coerce you (conscription, work in jail, contempt of court, eminent domain, etc) then rally against those laws, rather than the court using established powers


> There seem to be a whole bunch of people waving around odd ideas.

No, it's not an 'odd idea'. The fact that the government can coerce you has lots of limits placed on it. Conscription and the draft have been abolished in most places in the developed world, contempt of court may get you jailed but will not - and can not - be used to force you to create something and eminent domain can only be used to take something away from you.

So yes, this would be a new low, it would mean that ordinary citizens that have broken no laws can be forced to create something that does not currently exist against their express desire (and maybe even against their capability, how do you even begin to check if someone should be able to do something).

It would definitely be a new low.

All the things you pulled into it have nothing to do with the matter at hand, those are other things that you may or may not agree with but they are not the same as being ordered by a judge to perform a job that you have no desire to if you yourself are not guilty of breaking any laws. It would be an abuse of power that to me is unprecedented in any modern society.


    > Conscription and the draft have been abolished in
    > most places in the developed world
But not America, the topic under discussion, so what's your point?

    > contempt of court may get you jailed but will not -
    > and can not - be used to force you to create something
That is factually incorrect. There are plenty of counter-examples. One I can remember getting plenty of news coverage is:

http://www.nbcnews.com/id/17598441/ns/us_news-weird_news/t/m...

    > eminent domain can only be used to take something away
    > from you
... it was given as an example of coercive power of governments.

    > it would mean that ordinary citizens that have broken no
    > laws can be forced to create something that does not
    > currently exist against their express desire
Only if you ignore conscription, which is alive and well in the US (Selective Service), and the counter-examples where contempt of court is used to compel people to "create" something.


The US uses an all-volunteer force. Selective service is a back-up plan that has not been used.

> That is factually incorrect. There are plenty of counter-examples. One I can remember getting plenty of news coverage is: > http://www.nbcnews.com/id/17598441/ns/us_news-weird_news/t/m...

It's in 'weird news' for a reason, it's not there because this is the normal state of things. Yes, there are idiot judges, and yes, the system is broken to the point where you have no recourse. But to use that as examples to prove that the whole system is broken is reaching.

> Only if you ignore conscription, which is alive and well in the US (Selective Service), and the counter-examples where contempt of court is used to compel people to "create" something.

Neither of which prove that you could use either of those mechanisms to make a computer programmer create a piece of software, which was 'the topic under discussion', so what's your point?

That the US is a crazy country? That some judges are crazy? That you ought to place some checks on Judges power? Or that you actually feel that any of the examples above would be enough to prove to any person reading this that a judge will order a person (not Apple, the company) to create some intellectual property or be jailed if they don't?


I wasn't sure at first, but now I think you're being actively dishonest to try and ...? Who knows.

    > Selective service is a back-up plan that has not been
    > used
Right. Except for WW1, WW2, Korea and Vietnam, which drafted collectively 15m people, when has it ever been used? Either you knew that, and lied, or you didn't know that, and decided to speak authoritively on the point anyway. It would have taken you 10 seconds with Google to know either way.

    > It's in 'weird news' for a reason, it's not there
    > because this is the normal state of things
Right, because the Apple case is run-of-the-mill? The Apple case is "the normal state of things"?

You said it was a new low for the courts. It's not even close. That's my point. You're twisting yourself and your words in circles.


> I wasn't sure at first, but now I think you're being actively dishonest to try and ...? Who knows.

That's all in your mind I'm afraid.

> Right. Except for WW1, WW2, Korea and Vietnam, which drafted collectively 15m people, when has it ever been used?

Yes, they were drafted. And since then the draft has been abolished and the US is at present operating an all volunteer force. Nobody got drafted into Iraq or Afghanistan.

That they can re-instate it does not change anything to the fact that right now the US does not have a draft. If you don't like the situation the way it is right now you have the following options:

(1) you can resist if a draft is re-instated, and you'll probably end up in a lot of trouble (I did this and got away with it (not in the US)) but it is possible to resist

(2) you can leave the country

(3) you can give up and get shot at for someone else's reasons

> Right, because the Apple case is run-of-the-mill? The Apple case is "the normal state of things"?

No, the Apple case is very much in the public eye and Apple is a very wealthy company. The courts may see fit to compel Apple to do this but if the employees resign I don't see how the courts are going to conscript them back into working for Apple, and so far nothing you've shown has made me change my mind on that.

> You said it was a new low for the courts. It's not even close. That's my point. You're twisting yourself and your words in circles.

No, I said it would be a new low.

If you feel that these other things are already below that then that's your right but for me there is a huge difference.

Anyway, I'm kind of tired of your personal attacks so I'll let this rest. Bye.


    >>> Selective service is a back-up plan that has not been
    >>> used

    >> Except for WW1, WW2, Korea and Vietnam

    > Yes, they were drafted
That's because Selective Service "is a back-up plan that has not been used" is a falsehood.

    > And since then the draft has been abolished
"the draft" has not been abolished any more than "war is over". The specific drafts for each conflict are finished because the conflicts are finished. The US retains the right to draft its citizens in law, and it (in contrast to many other states) actively maintains a whole government agency just for that, and remains the right to prosecute - to this day - 18 year old men who don't sign up. In more than half of US States, when you get a driving license, you are registered explicitly as eligible for military service.

    > Nobody got drafted into Iraq or Afghanistan
https://en.wikipedia.org/wiki/Stop-loss_policy

    > If you feel that these other things are already below that
Do I think your country compelling you to kill people is lower than your country compelling you to patch a binary? I guess I do, on account of not being deranged.


My country can no more compel me to kill people than that it can compel me to write software.


- people have protested extensively when there was a draft - as far as I understand, unlike in Russia or some place you actually aren't forced to work in jail. It's voluntary - they do it because they get paid and get extra benefits - no eminent domain would be pretty insane... you wouldn't have highways or railways etc. without it... since it's been abused in the past - but it has it's place

Forcing people to work for the court does seems like a weird thing though. The whole "contempt of court" is a bit arbitrary (like you can be jailed indefinitely .. based on the decision of just a judge?) and just hasn't really been abused till now


    > people have protested extensively when there was a
    > draft
I agree. But so what? It's a criminal offense to not register with the Selective Service System to this day, a system that exists primarily to facilitate conscription.

    > as far as I understand [snip]
The 13th amendment explicitly allows for slavery for convicted criminals, and that's the basis for jail work. Wikipedia has an article about "Penal labor in the United States".

    > no eminent domain would be pretty insane
I agree, but I also think that about "no conscription" and "no contempt of court". I have no strong feelings either way on penal labour. I think the US Court compelling a company to do something is probably a right the court already has, but that's sort of what Apple's case is about, right?

    > Forcing people to work for the court does
    > seems like a weird thing though
And this brings me back to the original point. In the context of conscription, penal labour, corporate personhood, eminent domain, and all the rest of the circus, it doesn't seem especially weird to me. It seems like a rarely used but existing right.

What it's absolutely not is some kind of "new low".


> just hasn't really been abused till now

It has been abused, plenty of times. But not in the manner the OP suggests.


Lavabit's amicus brief explicitly argues that interpreting the All Writs Act the way the government is trying to interpret it is prohibited by the Thirteenth Amendment.


I think Lavabit wasn't about All Writs, rather it was a simple pen/trace order?

Lavabit's problem was that they actually had access to the data, so they were capable of providing records and they didn't provide them. Then pen/trace laws require cloud email providers to provide this data to LE upon authorized request, and case law does not really support payment for hours expended to implement any data collection solution.

Demanding the SSL key in order to plug in their own packet capture (and we must presume appropriate filtering, yeah right) was a -- 'if you can't give us realtime feeds, we can get one ourself'.

So overall I think there are a lot of stark differences between Lavabit and Apple's case, thankfully. Apple is on much stronger legal footing. The corollary is iCloud and Apple has long since provided everything they had there, and there was no question they were required to do it.


It looks like Lavabit filed an amicus/"friend of the court" brief in the Apple case: http://techcrunch.com/2016/03/07/apple-vs-fbi-lavabit-warns-...

Despite the differences in the two cases, it makes sense that Lavabit would want to help defend Apple's position.


As nice as it is to have the guy stand up for Apple I don't think that from a practical point of view there is anything that he could say that would make a difference.


I'm not a lawyer, but as I understand US courts from reading Groklaw and HN and Wikipedia, the arguments put forward in friend-of-the-court briefs can still be helpful to judges who may want to rule a certain way, but don't know all of the possible arguments they could use.

There's only so much time they and their staff have to do research, so members of an industry and their legal representatives can contribute if the judges are on the fence or just looking for arguments.


Yes, that's what I meant, sorry for not writing clearly. The amicus curiae brief they wrote is http://images.apple.com/pr/pdf/Lavabit.pdf

Page 16 is the Thirteenth Amendment argument.


It's debatable that slavery was ever actually abolished - it was just formalised, given a new brand, and life went on. If you are the subject of a state, you do not have any rights beyond those which they choose to grant you - and their ultimate backstop and means of control is the threat of violence against the person. It is illegal to be stateless - you must be the possession of a state.

Now consider how slavery is defined. The slave-owners just got bigger.


There are several factors that must be satisfied for the AWA to apply, even in the FBIs interpretations.

One of them is that they have to be closely connected to the case. The arguments for Apple not being far removed are that they license the software, that they designed created and sold the phone, and so on. Most of the don't apply to the individual engineers, so they probably can't be compelled even if the court finds that Apple can.

Another is that it can be too burdensome, and part of the burdensome analysis is if it is "offensive" to them. Considering they quit their jobs over this the court would almost certainly find that it was too burdensome, even if the court doesn't find it is too burdensome to compel Apple.


Well, if you can draft people to go over to Vietnam and be shot at by the NVA...


I just mentioned how this could be interpreted as a draft to my mother who grew up watching the Vietnam draft, and she immediately brought up an interesting question: "Can you be a conscientious objector?"

Given that nobody is being put in a position where they might have to use deadly force, the usual pacifist or religious arguments don't apply. While suspect it would be hard to extend the concept to the orders given to Apple, the fact that the engineers involved would even consider resignation make it clear how strongly they object to the order.


> the usual pacifist or religious arguments don't apply

Unless they are atheist/agnostic and claim that this is a core belief for them. Not every atheist/agnostic is outspoken nor do they all share the same beliefs. It would be interesting to force the courts to make a judgement on the differences between the moral tenants atheists/agnostics follow and that of established religions.


>> Not every atheist/agnostic is outspoken nor do they all share the same beliefs

If you only consider the subset of security related/conscious programmers they're fairly outspoken and on these particular issues they're probably more orthodox than comparable religious constituencies are on organized violence for which there have been pacifist exemptions. I'm not familiar with the law regarding conscientious objection (it's late, now I have my tangent reading for tomorrow) but I'd presume the first amendment would require that a secular philosophical objection would have to be as equally valid as a religiously motivated one?


> a secular philosophical objection would have to be as equally valid as a religiously motivated one?

That's correct, which is why I mentioned "pacifist or religious arguments". Various types of pacifist arguments have been recognized in the past, of both religious and secular origins.

From the Selective Service[1]:

    WHO QUALIFIES?

    Beliefs which qualify a registrant for CO status may be religious in nature,
    but don't have to be. Beliefs may be moral or ethical; however, a man’s reasons
    for not wanting to participate in a war must not be based on politics, expediency,
    or self-interest. In general, the man’s lifestyle prior to making his claim must
    reflect his current claims.
While religious tests are generally banned, the government can scrutinize the veracity of a claim. I would be very difficult convince a judge that you legitimately believe something if you don't have at least some kind of verifiable history or you regularly engage in behavior that is contradictory with that belief.

It's worth pointing out that being a conscientious objector doesn't necessarily excuse you from having to work for the government; as mentioned in [1], there are "alternate services" available for people that object to the usual draft.

I have no idea how any of this would apply to objecting to creating mass security vulnerabilities. It almost certainly requires a test case and judicial ruling.

[1] https://www.sss.gov/consobj


I'm not saying I'm a conscientious objector, but I write a whole lotta bugs under stress conditions. This may take a while ...


You need to prove your conscientious objections to a court. Unless you've got an existing history of privacy activism, that's going to be a challenge.


If you have spent your career improving privacy software.... this is going to be easy. It's a bit like worrying about establishing your religious bona fides if you're a bishop.


    > It's a bit like worrying about establishing your 
    > religious bona fides if you're a bishop
I have created a whole lot of software for money. None of it gives any insight in to my conscience.

A better example would be trying to establish religious bona fides as a result of being a carpenter who makes church pews.


To beat the analogy to death, only if people came to church primarily for the pews. The reason every bishop would have religious bona fides is because the job inherently requires the conviction. You wouldn't be a security researcher/engineer if you didn't believe in building secure systems. A web developer might be a carpenter in the analogy, sure they might be religious, but it's not inherent in their job.


I don't think you can 'conscientiously object' to any law you want, so no.

Though I probably would anyway.

- I'd like to think. It's hard to really know.


But that wasn't relying on the All Writs Act. I.e. "because the court wants you to do X and there's no specific rule that says whether you can force someone to do X"


Or, lets say they complete the task... and it doesn't work. Then what?


Then they explain why it doesn't work to a judge and the judge decides if it doesn't work for a good reason or if it doesn't work because someone intentionally screwed it up.

If it was for a good reason then welp. Sometimes shit doesn't work. Oh well.

If they intentionally screwed it up then they could be found in contempt of court and fined and/or jailed.

In either case the would be asked to try again if that was feasible.


But how would a judge have the technical know-how to make that determination? If the answer is to have security experts listen in an make the call, would that even be legal since one of the requirements is to allow Apple to keep this in-house for fear of leaking said code? One last final question, if they do force the engineers to come in and explain themselves over and over to the government's satisfaction, that will increase the time commitment from key members of Apple. At what point would the questioning push the original request into "unreasonable burden" territory which would counter the All Writs' Act's own requirement?


Our legal system is asked to make findings of fact all the time on technical matters. This would be just like any of the rest of those. Witnesses could be questioned. Expert testimony could be delivered. Etc.

I understand that it's a common viewpoint on HN that the courts are ill equipped to make these determinations. Personally I think that viewpoint is vastly overstated, but that's a debate for another day.

As to your question about "unreasonable burden", Apple made something like 50 billion dollars in profit last year. The burden is going to have to get pretty high before it starts to get unreasonable. A couple of hours (or dozens of hours, or hundreds of hours) isn't going to even begin to get there.


> As to your question about "unreasonable burden", Apple made something like 50 billion dollars in profit last year. The burden is going to have to get pretty high before it starts to get unreasonable. A couple of hours (or dozens of hours, or hundreds of hours) isn't going to even begin to get there.

Does this mean that "unreasonable burden" is relative? That just seems really weird to me that such a vague clause would be allowed in law. Like who makes that call? (honestly trying to understand the laws here)

Edit: Also consider that pulling off key engineers to do something completely unrelated to helping the company means time away from trying to stay ahead of competition. 1 month is already a huge amount of time when you're trying to stay ahead in one of the most competitive markets (mobiles). Also, a couple hours in court doesn't factor in time away from the office, travel time, and the additional cognitive burden of being in court. This also assumes the court schedules things in a manner that works within Apple's internal schedules. To me, this just sounds like a huge burden to any company in the mobile market.

> I understand that it's a common viewpoint on HN that the courts are ill equipped to make these determinations. Personally I think that viewpoint is vastly overstated, but that's a debate for another day.

I never said the courts were ill equipped to make those determinations. I said a judge wouldn't be able to do it because... well... that's not their expertise. To restate my question more clearly (I hope), how can you safely bring in security experts without compromising the case and guarantees that the courts would be allowing Apple?


> Does this mean that "unreasonable burden" is relative?

Yes, "unreasonable burden" SHOULD be relative. Not all tasks take the same amount of time.

An example I can use is a future court case that involves the safety of rockets transporting people to Mars. It becomes immediately obvious that any investigation and changes a court may demand would cost a large amount of money in such an expensive field.

It doesn't make sense for there to be a strict, absolute cap on burden, say $100000. Sure, that's the salary of an Apple engineer for the better part of the year, or several year's salary for people in other fields, but it's also a fraction of cost of a single rocket component and a tiny portion of the budget of a rocket launch for a company putting rockets into space.


I don't mean relative based on the task cause that is obvious. I mean relative based on financial situation. Take two hypothetical companies, one with huge amounts of cash reserves, and another that is just a startup with no cash reserves. The government takes both to court over the same situation as Apple. The same task ends up requiring the same large sum of money and 1 months time from each company. Obviously this could really hurt the startup and while it'll hurt the larger company, it won't be as big of a burden.

Does the "unreasonable burden" mean something different in this case? Who makes the call as to when this crosses the line? Something just doesn't feel logically right to me if this line moves at the whim of the current decider (judge? jury? someone else?) despite being an identical request with identical financial impact (just relatively different). There has to be some sort of guideline definition for "unreasonable" somewhere, right?


>But how would a judge have the technical know-how to make that determination?

They would ask a jury of people not sly enough to get out of jury duty (maybe with one or two people who are there because they want to do their civil duty). It will not be your peers, but it will be your peers as the government determines.


Two words: Underhanded C


Apple absolutely needs to comply with the FBI's request.

And then give the same capabilities to the governments of every country they do business in.

Our politicians might actually fight for our interests in digital privacy/security if theirs is directly threatened by the governments of China, Iran, North Korea, and Russia.

If our government needs this to do lawful search and seizure, so do all these others.

I'm tired of our gov acting like they're above reproach and somehow more deserving than any other naive government. History has shown they can't protect us from terrorists 100% of the time, and it shouldn't come at the expense of our civil liberties - at the expense of the principles and detracting from the identity of what makes us American. They can't even protect the information of people who elect to share their privacy with the gov (OPM breach/leak of which I was a victim). They shouldn't have the ability to violate the security of [realistically] billions of phones. It's absurdly overreaching and a massive abuse of the authority we "give" them.

Caveat: Not complying and this other plan of action would both upset stockholders.


There's really no question here. If the engineers refuse to comply with the court order the court can hold them in contempt. This means possible fines or jail time.

This is old territory, really. Courts have been ordering people to do things under the All Writs Act (including skilled labor) since it was first enacted more than 200 years ago. (The government's brief has some examples, starting on page 17. http://www.wired.com/wp-content/uploads/2016/03/2016.03.10-1...)

If an employee claimed he or she did not have the skills to comply with he order then, yes, there could be some sort of hearing to determine whether this was true. But establishing the requisite level of competence probably would not be as hard as you think.


""Suppose that only about 5 people can do what the FBI wants done."

Maybe 5 people now can do that, but give a smart programmer (I'm sure Apple has more than a bunch of those) source code and I'm sure he will figure how to do what government requests in max few weeks time. It's not a rocket science.


I'm a pretty decent engineer. Give me the source code and I guarantee that the first month will be almost entirely figuring out what it does and where it does it. IOS is a and complex system. There will be a LOT of source code. Just figuring out which parts actually matter will be a challenge.

Add in that I'm probably not super enthusiastic about the task and that month could end up being two months. And the end result due to unfamiliarity and stress has a non-zero chance of messing up and accidentally wiping the phone anyway. Notice I didn't use quotes there. You would need some significant qa resources to ensure that I didn't mess anything up.

Or maybe I'm wrong and there is a clearly marked single easy place to make all the changes that Apple has requested to make and there are already unit tests that verify it does something it wasn't originally designed to do. Then sure a few weeks time is all it will take. But Apple estimated 6 months for trained familiar engineers. Anyone else and we could be looking at close to a year.


What if now developers start quitting en-mass. Developers refuse to join apple because they would be required to do something morally objectionable to them.

Ah who am I kidding, there's always a dude willing to give away his baby's kidney for money. Systems that screw people over are built by humans.


I don't know how that would work. The filing compels Apple to follow the order, and doesn't name any engineers.


Or, lets say they 'accidentally' brick the phone whilst completing the said task. Then what?


If a password is considered testimony and protected by the 5th Amendment, software also appears to be testimony and covered by the same. If not, then software is just speech and protected by the 1st Amendment. Not speaking is then a valid choice seeing as to how this is not testimony and one is not compelled to speak by the court. But this is just theoretical...


Since corporations are people, they should be able to plead the 5th as well.


Sure, but in this case Apple isn't being accused of anything so the 5th amendment doesn't apply.


"nor shall be compelled in any criminal case to be a witness against himself" (https://www.law.cornell.edu/wex/fifth_amendment)

This is a criminal case, however. It would apply to real people, but likely does not apply to corporations regardless of rulings treating corporations as people for other purpose. I imagine the Apple lawyers would have had it as part of their defense strategy if it did.


No one is asking Apple to testify against itself.


they could likely force Apple to hire the engineers required even to the point of designated engineers of the government's choosing. The damage that would be done to Apple worldwide would be inestimable


There are a lot more than 5 people who can do what the FBI wants done. Your hypothetical doesn't really seem all that relevant.


I'm not sure you understand the word 'hypothetical'. The point is to explore the idea.


So, what's next? Does the government round up coders they think are capable and force them to program?


My point is that there is no need to round up anyone. There are plenty of coders who are happy to do the job in return for a fair salary.


No matter what happens in this case, to the individual engineers or to Apple, the problem runs much deeper:

- Government power and rights > individual power and rights. - Mass surveillance of their own people. - Constitution consistently ignored. - Civil liberties viewed as an annoyance. - Militarized police force. - Secret court systems that "OKs" any government action. - Mainstream media little more than an arm of government propaganda. - Whistleblowers treated like criminals. - Indefinite detention laws ready to be used for any reason. - Can justify any action in the name of "national security". - Political class rules all.

We have a word for this type of government but but no one is talking about it yet. Whatever the outcome to Apple, a government like this will try again and find other ways to do what they want.


>We have a word for this type of government but but no one is talking about it yet.

What is the word to describe what we now have in the US?


keep-telling-yourself-that-ocracy


Plutocracy?


I honestly feel that engineers need not fall on their swords over this. The decision is up to them, of course. But ultimately, shareholders would expect someone to comply with the court order should the DOJ win. Note that Yahoo was threatened with daily fines of $250,000 for failing to comply in a FISA court case in 2008, and we only just learned this in 2014 [1].

I don't think we would live in a forced back door world for too long. After another 2, 4, or 8 years, we will eventually realize that giving the government a back door to the iPhone did not give it a back door to the myriad of other encrypted communications tools out there. Terrorists will find other ways to hide their communications.

I really don't want to see Apple lose this case, or any sort of anti-encryption bill. I also wouldn't want to see someone throw away working at Apple over it. Apple can maintain its integrity by complying with the law as it has publicly stated. Engineers can remain true to an employer they respect knowing said employer did everything they could to resist the government. There aren't many great employers out there like this. Don't take it for granted.

That's just my 2c.

[1] http://www.theguardian.com/world/2014/sep/11/yahoo-nsa-lawsu...


> I don't think we would live in a forced back door world for too long. After another 2, 4, or 8 years, we will eventually realize that giving the government a back door to the iPhone did not give it a back door to the myriad of other encrypted communications tools out there. Terrorists will find other ways to hide their communications.

I'm going to disagree with you here. Didn't we think, back in 2001, that we'd only have to live with pat-downs on every plane flight for so long? That the government would eventually realize that terrorists couldn't hijack planes once passengers knew that the proper response was to storm the cockpit rather than waiting for the usual ransom demand to be acquiesced to? That the terrorists would find other ways to cause terror?

If the US Government gets what it wants with this case they will use it as a wedge to permanently deny us any semblance of electronic privacy. You will get to choose between using paper and having some random police officer [1] decide that it's time for you to go down and he's absolutely sure he can find something you've done wrong [2].

This move is one of the last things standing in the way of that future. Apple's engineers are threatening to destroy one of the most successful, profitable organized entities in human history in protest. A sort of technological mutually assured destruction. I hope their threat works, and that they don't have to follow through on it, and that if they do, their statement is understood.

[1] https://www.washingtonpost.com/news/the-watch/wp/2016/03/10/... [2] https://en.wikipedia.org/wiki/Parallel_construction


> I'm going to disagree with you here. Didn't we think, back in 2001, that we'd only have to live with pat-downs on every plane flight for so long? That the government would eventually realize that terrorists couldn't hijack planes once passengers knew that the proper response was to storm the cockpit rather than waiting for the usual ransom demand to be acquiesced to? That the terrorists would find other ways to cause terror?

Thank you for bringing this into the picture.

The thing is that once you give up a bit of your liberty to the state, you never get it back.

The TSA is an abomination. You can basically shred the whole Bill of Rights as soon as you step into an airport.

> You will get to choose between using paper and having some random police officer [1] decide that it's time for you to go down and he's absolutely sure he can find something you've done wrong [2].

"Show me the man and I'll show you the crime."


> The TSA is an abomination.

And the shoe and underwear bombers were some kind of geniuses. "Hey, his putting a failed bomb in his shoe made all the Americans take off their shoes in aiports. I wonder what would happen if I put one in my underwear?"

The guy who convinced TSA to confiscate my 12oz bottle of shampoo because I hadn't poured it into 4 3oz bottles, then put them in a Ziplock bag, also deserves a prize.


The TSA is an abomination. I will not set foot in US for fear of them. The most important conferences in my business are in US and a few customers have already requested my consulting, but there's no way I travel to US.


Same here, though, truth be told Schiphol is now just as bad as many American airports.


> Didn't we think, back in 2001, that we'd only have to live with pat-downs on every plane flight for so long? That the government would eventually realize that terrorists couldn't hijack planes once passengers knew that the proper response was to storm the cockpit rather than waiting for the usual ransom demand to be acquiesced to?

It's interesting to note that passengers figured out about storming the cockpit was the way to go on 9/11 itself, literally an hour and eleven minutes after the first plane hit the World Trade Centre. They clearly knew that the old "wait out for ransom" no longer applied.

https://en.wikipedia.org/wiki/United_Airlines_Flight_93


> You will get to choose between using paper [...]

Let's give imagination a run:

After 10 years of FBI cases where child molesters and terrorist houses were raided only to find they were able to shred evidence last minute, the FBI decided that they don't have time, energy, money and will-power to sit down all day long and play with 10,000 pages-long paper puzzles.

Therefore they asked congress to pass a law where every company selling shredding machines will attach a little tiny camera to their device. Upon shredding, a photo will be taken of what you shred. This photo will be obviously securely transferred and stored in FBI vault, just in case, locked with each shredder's individual key until proper Court gives a warrant to give out encryption key and decrypt photos of documents that have been previously destroyed.

There you have it!

And don't get me started on 2030, where we will be able to read and print out people's thoughts...


Ok. You've succeeded in scaring me. Thanks.


You make great points. I'm not 100% sure about what will happen if Apple loses this case, or if Congress manages to pass anti-encryption laws in 2016.

All the more reason to educate the public now about how encryption works.


How exactly are they supposed to permanently remove all semblance of privacy? Short of infiltrating popular open source projects in plain view and proving the (potentially) unprovable, I don't see how this is possible.


Like this: http://arstechnica.com/information-technology/2016/03/tp-lin...

If they can't quite do that, then they bring back the whole "export-grade cryptography" thing, except they call it "terrorist-grade cryptography" this time around. Then they start monitoring every crypto-capable open-source project's responsible disclosure system. When they see a vulnerability good enough to subvert that open-source project, they shut down that project before the bug can be fixed. And then they suppress all knowledge of the bug.

Or they infiltrate popular open-source projects in plain view. Wouldn't be hard at all to get that one bug they need in some peripherally relevant subsystem that nevertheless breaks the entire thing.


You're assuming that the government is hyper-competent. I'm not so sure. There are an awful lot of cooks in that kitchen, so to speak. Eventually, it'd leak that they're purposely sabotaging open-source projects. Not that that possibility might stop them from trying, but it'd certainly hamper recruiting efforts considering the people best able to do the sabotage are the ones likely to be contributing to the projects in the first place. And even if they can start forcing tech companies to take actions that hamper their own security, the best cooperation they can hope for would be a grudging one at best. It'd be like getting involved in a land war in Asia.

Look at the fight against child pornography. Tech companies dedicate a lot of resources to fighting child pornography and working with the FBI to help prosecute offenders and NCMEC to help identify the children being exploited. Even with the active and enthusiastic support of the tech community, it's an uphill battle. How much more difficult would that fight be without that support?

Point being, if governments can't make child pornography--something everyone is against--go away, how likely is it that they'll be able to make a dent against encryption?


"Child pornography". Any pornographic depiction of a person deemed 17 years old is child pornography. It needs not be a photo, it could be a drawing. If the origin of the picture is unknown, I assume any picture of a young-looking 25 years old person could be assumed child pornography during an investigation. As horrible as actual unconsented pornography is, which I frankly condemn, I still take it with a grain of salt when I'm told "This CEO has child pornography on his computer".


"Then they start monitoring every crypto-capable open-source project's responsible disclosure system. When they see a vulnerability good enough to subvert that open-source project, they shut down that project before the bug can be fixed. And then they suppress all knowledge of the bug."

...to exploit it? seriously?

i'm not saying it's impossible or unlikely, it just sounds like 1. it's a tremendous amount of work 2. it still doesn't actually solve the problem


I know, I know, the idea is incomplete, it needs some tweaks and refinement. It's just there to demonstrate the kind of power, freedom, and creativity we should be expecting to be pointed at crypto-capable open-source projects in the future we're looking at.

As for it being a tremendous amount of work: First, I'd guess that, given the infrastructure they already have, they could probably pull it off with a few dozen people. It's not bigger than, say, Reddit (78 employees?!). Second, have you seen how much effort they're putting into the kind of thing? They already have server cabinets throughout the US that read most of American's internet. IIRC they managed to stick a black box between Google's datacenters that could snoop on people's email while it was flying back and forth between their distributed storage system. Just imagine how much money, physical access, and and reverse-engineering those things took. And not only that, but that was theoretically GCHQ that did them, not the NSA! Foreign soil!

Seriously. The right mindset here isn't that it's "too much effort" or that it "doesn't work that way". We're dealing with something that has in the past demonstrated the ability to do these kinds of things. If you want a good set of tools for getting into the right state of mind for this, we should be treating it sort of like a hostile superintelligence, not any kind of bureaucracy.


> infiltrating popular open source projects

As PHK pointed out, the NSA (and other large SIGINT agencies) obviously already have some amount of influence on popular free and open source software.

If anybody find this at all surprising, watch PHK's "Operation Orchestra"[1] asap.

[1] https://archive.fosdem.org/2014/schedule/event/nsa_operation...


They can always go the FCC route and enforce a lock down on any general computing device sold within the border; Submit your source code to our automated build and signing service or your software will simply not run.

Remember that all that is required is that the majority of people comply.


They can make refusal to decrypt a federal felony.


As it already is in some cases in the United Kingdom. Granted, their freedom of speech protections aren't as great as ours, but if Congress really wanted to, what's to stop them from making a Consitutional ammendment that declares encryption keys as not being protected under the Fifth Ammendment?



> engineers need not fall on their swords

I would quibble with this characterization. Security engineers may well improve their employment prospects and professional visibility by publicly demonstrating that they are unwilling to do work that is counter to the mission of securing systems. It seems likely to me that this sort of highly public gesture would be personally profitable, rather than a net sacrifice.


Ultimately the decision is up to those engineers. I'm just sharing my opinion. I've left former employers on moral grounds and later realized I could've resolved those differences within myself and effected change in ways other than quitting.

Quitting doesn't save Apple. Does it help your job prospects as a security engineer? I'm not so sure about that either, but then again I'm not a security employer.

Hypothetically, if I were, then as an employer I might be more interested in the guy who stuck it out working with the government at Apple. He'd be able to give me a heads up on what conversations are like with the government and what the government might be able to impose on my business.


> Quitting doesn't save Apple

Well, it kind of does. Right now we're approaching Poe's law with the use of AWA to compel the writing of code, but we're still just barely in the realm of keep-a-straight-face-defensible (largely because the bulk of the population is less tech literate than is ideal). If even a few of Apple's key security engineers quit at the same time, then it becomes very easy for Apple to make the case that they literally cannot do what is asked anytime soon (how long for a new team to cold boot with a new codebase whose domain is cryptography and no one around to provide guidance/tribal knowledge?). In any sane universe this would show that the request has crossed the line into overly burdensome. It is very hard to justify massive penalties to incentivize compliance with something that Apple may or may not be able to do anytime soon [0].

So that would basically leave them the option of stopping the insanity or going after the individual engineers and compelling them, which opens up a whole other heap of lunacy which might have to get resolved before Apple would again be on the hook for action.

If the court then decides that it will compel the individual engineers who are now no longer Apple employees to work.... They're forcing labor from unwilling non-criminal citizens (13th?); they're compelling code, which is speech, and compelling association between the engineers and Apple who would presumably need to be compelled to rehire them because you can't make someone work for free (double 1st); as someone has mentioned they could institute a draft (??) but I'm sure there would be legal contest regarding conscripting specific individuals against their will and this would require the cooperation of congress, the military, the NSA, and it still wouldn't get them the thing they actually want which is precedent.

[0] From wikipedia: "the [fined] party is said to "hold the keys" to his or her own cell" which justifies the lack of a trial for civil contempt fines. If you cannot comply, you lack the ability to escape the fines, you are not receiving due process. I think this little corner of the law might actually be the bulwark that makes zero knowledge systems legally safe as well, though if you have an auto-update system you still would need the code-is-speech, cannot-compel-speech protections to round this out.


> Hypothetically, if I were, then as an employer I might be more interested in the guy who stuck it out working with the government at Apple.

One of the principal drivers of the positive effect on career prospects is the publicity this sort of public gesture would generate. Sure, all else being equal, many may prefer the engineer that sticks with the company. But all else is not equal. This particular gesture would generate a lot of publicity tied to the engineers eligibility for hire. Sticking with the company ends the story and would not likely garner nearly the same level of personal publicity, if any.

I'm not making any sort of value judgement as to whether this would be an ethically good or bad thing for an Apple security engineer to do. I just don't think they will really be risking much because enough people will view it as an attractive public display of personal integrity that s/he would have her/his pick of jobs. It would also be an ideal opportunity to launch a security consultancy.

The move isn't completely devoid of personal risk, but the risk seems to be overwhelmed by the opportunities that it would generate in my estimation. That is to say, it would be a good bet, and far from a true self sacrifice.


> I don't think we would live in a forced back door world for too long. After another 2, 4, or 8 years, we will eventually realize that giving the government a back door to the iPhone did not give it a back door to the myriad of other encrypted communications tools out there. Terrorists will find other ways to hide their communications.

So you really think the government will have gathered all that power, only to readily hand it back?


Well, eventually people will realize they can just download an encrypted communications tool right?

I'm not 100% sure about what happens after 2/4/8 years. That scenario also relies on a really informed public to fight back and care.

This is why I and a few other engineers are forming a grassroots campaign to support encryption. If you'd like to get involved, send me an email at stillastudent on google's email service


Sure, they can, but this entire case is about precedent. If Apple can't win this kind of fight, what do you think will happen to the developers of those encrypted communications tools; or encryption products across the board.

Remember Truecrypt, Hushmail, Lavabit, etc? Too small to fight back.

That's why so much rests in the outcome of the fight with Apple.


Ah, but once encryption is outlawed, only outlaws will have encryption. At which point anyone sending or receiving encrypted data that the feds can't decrypt is automatically guilty of a crime, and should be apprehended.

Of course, if you have nothing to hide from your friendly government agency, you have nothing to fear!


Yea, we can all blame someone else. I like this, "not my job to uphold the constitution", "its the courts fault for letting it get here", "its the politicians fault for going a long with this", "its the peoples fault for voting for them".

The fact is, if nobody stands up for this, do you really think anyone is going to stand up and try to take away the back door to the iphone and get away with it?

Do you really believe they will stop there?


I hear you. The point is we can stand up for it here and now.

This case isn't over. There are a lot of good things about the US. I believe our commitment to freedom of speech is stronger than elsewhere. This case is strongly testing that belief. And, according to the ACLU, it will be at least two years before this court reaches the supreme court [1]. There is a lot of time to educate the public on the facts about the case and how the technology in their pockets works.

There are multiple examples of public figures changing their minds when presented with evidence. Lindsey Graham and Sam Harris are two.

I and a few other developers are forming a grassroots campaign around this. If you'd like to get involved, whether you're a developer or not, shoot me an email at stillastudent on google's email service

[1] http://www.usnews.com/news/articles/2016-03-04/apple-and-the...


When has Lindsey Graham changed his mind? His Senate homepage still has this statement on it:

".@tim_cook Our nation is at war & this Iphone was used to kill Americans. Protect our homeland, not terrorists. Please cooperate with @FBI."

https://twitter.com/GrahamBlog/status/700348813807063040 http://www.lgraham.senate.gov/public/index.cfm/


Around March 10 when he questioned Attorney General Loretta Lynch at a DOJ budget review hearing [1]

The video is 6 minutes and worth watching. It sounds like he is still forming his whole opinion. He certainly has changed his view from his initial comments. He's now calling for the debate to be held in Congress via passage of new laws.

[1] https://youtu.be/uk4hYAwCdhU?t=1m44s


Thank you for that, that is not something I was expecting to see.


Engineers refusing to do the work might be counter-productive. It'd allow the FBI and its supporters to change the narrative to one potentially more favorable to them. Instead of a debate about encryption and privacy, they'd try to change it to a debate about respecting the courts that plays right into the "law and order" mindset. I don't know how it'd play out, but I'd hate to give the government yet another advantage, however slim it might be.

That said, there's probably one benefit to being forced to do the work: the engineers involved will be extremely motivated to stick it to the government by designing systems that can't be circumvented like this again. "Too bad, so sad - we can't do that any more. We're very, very sorry for the inconvenience."


> by designing systems that can't be circumvented like this again. "Too bad, so sad - we can't do that any more. We're very, very sorry for the inconvenience."

But that's exactly why this case is so, so critical. FBI is fishing for a precedent that will make designing these types of systems explicitly illegal. Apple is well aware of this strategy, which is why they've chosen to take their stand here, as unpleasant as the PR ramifications may be.


That's actually a separate, but related, issue. Right now, the courts are weighing whether the FBI can force the creation of a modified OS largely because (a) it's possible to do so with how existing iPhones are engineered, and (b) it wouldn't drastically inconvenience Apple to do so in light of their resources. If they get a favorable ruling, they have a precedent they'll try and use to gain access to other phones in their possession. But that really only applies to phones where it's possible to do so right now. If they can't do the same for future phones, the precedent is moot.

The court isn't ruling on whether Apple has the right to modify their systems to prevent this strategy in the future. No matter how the court decides, it won't affect how Apple can design future devices. If the FBI were to ask for a ruling like that, they'd either lose or it'd be overturned on appeal. Something like that, where the government is actively telling manufacturers how they can and cannot design their products, could really only come from a new law instead of trying to backdoor it through the courts.

I don't doubt that the government would love a tool like that, but it'd be aggressively challenged as an unprecedented expansion of federal power if it was ever signed into law. And that's iffy; a law like that would jeopardize overseas sales for tech companies even more than the NSA's actions already have. They'd have no choice but to pour an incredible sum of money into lobbying efforts, major PR campaigns, and campaign donations to fight it politically and hit back hard against any politicians who supported such a law.


You're right, I mispoke.


No worries. But I do think you're right, that sort of situation would absolutely be a long-term dream for the government. When companies take steps to further lock down their devices, there's probably a pretty decent chance that someone is going to get a very not-so-bright idea and try to run with it.

I don't think it'd succeed for the reasons above, but when the alternative is nothing, dumb ideas can look awfully good to people at first. If there's one thing that's come out of all the publicity over the FBI's request, it's that every criminal and terrorist in the world now knows to turn off their iCloud backups. It was obvious before, but never so publicized. Oops? Unintended consequences.


Indeed.

Let's say Apple is forced to bake a back door into their devices.

Criminals and people who care about privacy will use their own encryption tech (they probably do anyway) and life goes on for them.

Eventually the govt's backdoor is abused or cracked. The people grow fretful. A truly secure device from somewhere outside the US gains market traction. The US tech industry's shrieks gather volume.

The govt realises the game is up and allows Apple devices to be secured again.

This issue is not one that demands that anyone fall on their sword. Even if the govt gets its way, no-one will be killed or even harmed. Eventually the natural order of things will be restored.


> Let's say Apple is forced to bake a back door into their devices.

Why would another government allow the selling of a device with a know (not just suspected) backdoor for the US government? Sounds like a great opportunity to boost local companies.

I would expect some serious repercussions on foreign market sales.

also, we're still paying for v-chips.


There are no terrorists. It's a fiction imposed upon the American people by a government with a power trip.


That assertion is patently absurd. There are absolutely people and organized groups who perpetrate horrible acts solely to terrorize others. They are not some 'fiction' created by a 'power tripping' government. However, the risk that these people present to the world, at this point, does not merit sacrificing economic and civil liberties in their entirety to combat them. Rather, the dilemma is in determining an acceptable amount of liberty to sacrifice for safety, and vice versa.


Of course it is absurd; it was meant to be. It is also absurd the amount of money the US Govt is spending every year fighting a "War on Terrorism" when I am much more likely to die falling off my couch.


Yes, +1. The world is not black and white. We need to make tradeoffs.


There definitely are terrorists. We spend a lot of money every year perpetuating wars to ensure that there will always be people willing to commit acts of terrorism against our country.


That's a little over 91 million in fines over a year. Apple has over 200 billion in cash on hand. They can ride those fines for quite awhile.

Also, there won't be any anti-encryption laws. The risk is backdoor encryption across the board, which could have very similar outcome but isn't what's at stake here.


>They can ride those fines for quite awhile.

They could, but they're still a publicly traded company. I wouldn't hold it against a board that wasn't OK with spending $250,000 a day on a principle, but I'd be mad as hell at the people collecting the fine.


I agree, but they could let those fines stack up while waiting for their turn at the SCOTUS. They definitely wouldn't hold out forever, but they can hold out for long enough if need be.


an engineering strike sounds powerful.

might take a few years of striking though.


Back in the days of the PalmV I was aghast at the terrible "technique" they used to store the user password to unlock the device. I was young and very stupid, but I pushed through proper, for that time, handling of the password.

With a court order, LE asked to unlock a device, and I was able to do it, did it and they sent me a letter of thanks which I still might have somewhere. I remember being happy to help, it was a drug case, drugs are bad mmmmkay.

In thinking about it I'm embarrassed at my younger self, but also cognizant that anyone familiar with the art could break it. It was a terrible, reversible scheme. After I pushed through the change to store the password I was confident that it could not be reversed and that it was "safe" and that I could no longer break it.

If they had suggested removing the other safeguards e.g. allowing any number of tries, etc. That would be this Apple situation and I really hope my younger self would have had the sense to plead "ignorance," refuse or whatever because my principles have not changed that much, and I am 100% on Apple's side on this issue.


Interesting parallel with Lavabit pointed out at the end of the article. Would the DOJ be willing to risk shutting down the biggest and most profitable corporation on earth over this?


The DOJ couldn't shut down apple. Apple has $200,000,000,000 in cash and marketable securities. DOJ's budget is only 27 billion. That's a lot of lawyer time. It's a huge waste of money, but there it is.

Way less likely, but Apple could move HQ to another country. And take their secret source code and keys with them.


I wonder if there's any advantage for Apple to form their own sovereign nation to operate out of. They are already richer than many existing countries. Can't they just buy out a Singapore-sized island somewhere?


You know, cyberpunk fiction always theorized that corporations would buy their own sovereignty for economic advantage or removing pesky laws against child labor, the first amendment, or slavery. I never expected them to do it in pure, honest self-defense.


I've always thought of Singapore as the "Apple" of countries. Incredibly modern, clean, organised, and well-presented. But run according to very strict rules, like banning chewing gum entirely, and $500 fines for littering.


Funny how a lot of Americans think banning chewing gum is oppressive but don't realize the similarity in the USA entirely banning Kinder Surprise eggs.

Lots of arbitrary stuff is banned in a lot of countries. Singapore just thought the littering cons of gum outweighed the pros.

Note that stuff like nicotine gum and other "therapeutic" chewing gum is still allowed, they just don't allow the candy that leads to littering.

And honestly looking around in a lot of cities where the entirety of downtown is slowly growing into a white blob composed of little individual pieces of squashed chewing gum I don't blame them.


> looking around in a lot of cities where the entirety of downtown is slowly growing into a white blob composed of little individual pieces of squashed chewing gum

Gum wall in Seattle, case in point.


If this becomes a thing, the world is going to run out of islands faster than companies can buy them to evade totalitarian governments.


This is getting really off topic but this is a potential solution: https://www.quora.com/If-someone-were-to-build-an-artificial...

And there's only a handful of companies large enough to do this: http://www.businessinsider.com/25-corporations-bigger-tan-co...


Not if the sovereign state of Applestan starts offering attractive lease options


There's probably no advantage; to do business in the U.S., a company must comport with U.S. laws. If Apple moved their HQ to the Sovereign Island of SteveJobistan, they would still have to follow U.S. court orders if they wanted to sell products to Americans within the borders of the U.S.


But would the U.S. populace put up with not being able to buy Apple devices at all? That starts sounding like restriction on free trade to the average American which is something they are much more likely to stand against as the government couldn't leverage fear to make the populace go against their own interests.


Stopping the sale of Apple devices and temporarily disabling US iPhones would probably be the singular most socially impacting event in recent history. If you want people to revolt, take their favourite toy away and blame the government.


Would Apple's shareholders put up with Apple not being able to sell into the U.S. market?

We're getting into "kill the company to make a point" territory, which is probably not realistic however we might imagine they do it.

Whatever leverage Apple has over the federal government will come from the millions of citizens who are customers, shareholders, developers, fans, employees, etc. They can activate those people just as well from Cupertino as they can from their own island.



Some have suggested Apple use its massive cash reserves to bail out Greece.


Couldn't the government just ban sales from that country (i.e. Apple). They have done that for Cuba, so why not for a company , country I mean, that "supports terrorism".



Perhaps Apple, Inc. could become a subsidiary of Apple's Irish operations.


The US government would respond by banning all iOS devices


And most of the US government's phones suddenly turn into expensive bricks.

I'm not sure whether a company should be 'too big to govern', but it is on occasion hilarious.


It's not that it's too big to govern, it's that they're too big to fail. Publicly traded, employment footprint, market penetration; too big to fail. The impact of any action that would kill Apple here would also destroy the economy. Never happen.


Which is probably a very good way to cause at least minor riots.


I believe when the government twisted Yahoo's hand and they put up a fight, Yahoo was given a fine that increased exponentially every day they didn't comply.

Yahoo would have owed the US gov. a sum equivalent to the GDP by the end of a month.


Yes, $250,000 per day [1]. And that was in 2008 in FISA court. We only just learned about it in 2014.

Who knows if the FBI's request carries as much as the NSA's. Probably not. Former NSA Director Michael Hayden confirms it was easier for him to get things done than the FBI [2]

[1] http://www.theguardian.com/world/2014/sep/11/yahoo-nsa-lawsu...

[2] https://youtu.be/_ESGBPmf0mc?t=45m9s


If the engineers got fired or quit their jobs what could be done then I wonder?


Apple HR to security engineer: "You're fired! The color of your hair is all wrong!" (Yes, you can do this in California)

Security engineer: "Meep?"

HR: "That's right. Oh, and here, since you were such a great employee (up until we noticed your hair, anyway), have this extremely generous dollar amount severance package. Maybe if your hair is a different color someday we'll hire you back."

:

Apple to FBI: "We have no one with the expertise to work on this. Golly, sorry about that."

Is the FBI then going to make a grab for source code, signing keys, and conscript people to do the work?


> Is the FBI then going to make a grab for source code, signing keys, and conscript people to do the work?

I think it's become clear that they'd at least try.


Interesting. A draft targeting software engineers to forcibly enlist them in the government's "war on encryption".

What kind of dystopia are we living in again?


Not a draft. As we've seen in Snowden, there are tons of engineers who support the security state and will volunteer to serve.


I don't think this could happen without enabling legislation.

The U.S. military draft required passage of the Selective Service Act [1] Something similar would be required before Apple's coders could be forced to carry out court orders directed at Apple, the corporation. Even in these times (so far!) I think this wouldn't happen.

[1] https://en.wikipedia.org/wiki/Selective_Service_Act_of_1917


Unfortunately I'm sure there are at least a few engineers with the expertise necessary who would happily agree to work with the FBI (for whatever reason.)


Maybe engineers with military history.


Is the FBI then going to make a grab for source code, signing keys, and conscript people to do the work?

No, they're going to grab for source code, signing keys, and _pay_ people to do the work. There are lots of competent engineers out there, and not all of them share your politics (and some that do might be willing to reconsider it for a sufficiently large dollar amount).

Hell there are probably engineers working at the NSA right now who would easily do it as part of their day to day job if you just handed them the keys and source code.


If they have the source, documentation, and signing keys, they don't have to conscript anyone. They can have one of their people do it, or hire a non-Apple engineer with low morals who is willing to do it.


At-will employment does not extend to firing people in order to not comply with a court order.


HR to security engineer: "You're quitting? That's a shame. Um . . . Tim Cook has a beach house he wouldn't mind you using for a while. Can you walk his dog?"

My point is, the individuals won't suffer.


When you get a lawful court order, you comply with it. To do otherwise would result in massive fines and quite possibly executives being criminally charged. If the Apple security engineers want to quit on principle, then it truly would be on principle; there is absolutely no way Apple's legal department would allow them to ever be rehired or offered any compensation/gifts beyond a standard severance package. If engineers did quit, Apple would be forced to (at great expense) temporarily hire other people with comparable expertise in order to comply with the order.

That said, Apple security engineers probably would land on their feet.


But "great expense" enters into the all-writs test. That would have to be re-examined.


I'm not sure Apple could be fined if its relevant employees took individual decisions that resulted in Apple's inability to comply with the court's order.

Apple doesn't have the ability to compel an individual's conduct. The court's order applies to Apple, not to named individuals. Given that, I don't see a legal basis for fines, executive criminal charges, etc.

I think there's a lot of power in the hands of a few employees (and potential replacements) here. It'll be interesting to see what they decide to do.


They could certainly be fined, charged with obstruction of justice/contempt of court etc, if Apple gave monetary or other incentives to its employees to make said decisions, as the commenter I was responding to was suggesting.


What about good references? What about "Okay, we understand, but we'll gladly have you back (with a signing bonus) when this blows over?"

A court order doesn't extend to Apple being required to be a dick to its ex-employees.

(And yeah, if any of you folks want a job, there are a zillion people on HN happy to talk, I'm sure)


"You're quitting? And leaving a hard technical division of the most financially successful and popular tech product of its generation? And your only recourse is the Silicon Valley job market? ... ... We'll miss you but I'm sure you'll land on your feet."


Impossible to know without the actual employment documents, but also curious if the DoJ could be considered a tortfeasor for disrupting an employment contract in that case.


My guess would be that some stretch of sovereign immunity [1] would shield DoJ.

[1] https://en.wikipedia.org/wiki/Sovereign_immunity


After those engineers quit, Apple should hire a bunch of terrible engineers with impressive resumes (bonus if they used to work for the FBI) and put them to work on this.


I'm not sure this approach will work now that the Government has pushed the fight public.


Could you provide a reference to this? I don't recall what you're referring to.



No, because it's a publicly traded company. Apple's size, value, and market penetration are a few of the reasons why the feds didn't go the NSL route. This is one ugly fight, but if they went the NSL route Apple could finally disprove their constitutional validity; DOJ would neeeeeever want to put that on the table.


Yeah, they believe they can get whatever they want. They won't care about the implications of their demands.


I don't think Apple shareholders will go along with shuttering the company, nor will they lose all that many customers over the outcome where they produce a bypass.

(If Apple can't resist the government request, neither can anyone else, only the crankiest of people will punish them for being the test case.)


My guess: yes.


Question, does Apple employ any engineers that are not US citizens? Or are telecommute workers living in other countries? If so and they were one of the key engineers, what would happen if they refused? What type of international laws would come into play here?


The answer is yes on all counts. Apple has engineers in many different countries.

To take your question in a completely different way, China could compel their Apple manufacturing staff to install a back-doored chip into Apple devices on the production line. Seems reasonable if the US government is asking for a software back door into all phones.


> China could compel their Apple manufacturing staff to install a back-doored chip into Apple devices on the production line. Seems reasonable if the US government is asking for a software back door into all phones.

Wouldn't that be opening a whole different can of international worms? In this hypothetical,

- Is China doing this with or without Apple's knowledge?

- If not, then it's a very very different situation than the US. I wouldn't equate them at all in such a case.

- If so, then Apple presumably would openly fight this and could even move all of their production outside of China as an extreme last resort. Against the US government, they don't have such a last resort situation since the company is based in the US. And unless every essential employee is a non-US citizen, then Apple has no such last resort. Hence why I am asking my original question of what international laws come into play here?


> - Is China doing this with or without Apple's knowledge?

In this hypothetical, sure. The Chinese govt orders Apple to install a backdoor chip on the production line.

> - If so, then Apple presumably would openly fight this and could even move all of their production outside of China as an extreme last resort.

Moving their production doesn't seem to be more or less difficult than moving their corporate HQ.


Production lines can be moved to other factories at great cost, but the labor is replaceable. Convincing your entire US living (mostly citizens) engineering staff to live/work outside the US would be much harder. You can have them telecommute but there is no way that the company would run anywhere near as well as it did prior.

Unless there is something in US law that says you can reincorporate outside the US, keep an office in the US, and yet somehow be excluded from US jurisdiction. Cause from what I understand, if you have an office in some country, you are bound to those laws to some degree.


Even putting the engineers in the position to have to make a choice to resist means that you damage their career prospects whichever way they choose. To be known as 'that guy' who {supported a corrupt government/supported terrorism} polarizes future job choices. There's no real upside. As someone asked to do this, I'd be asking for all future earnings up front from the FBI, so the economic worth of this is really 8 or 9 figures.


If you are one of the very few encryption engineers at apple that can do this, you are already one of their highest paid employees, and also one of the most sought after in the entire realm of tech. Quitting over this is likely to drive your value up even higher.

The FBI when it compels people to do things, pays nothing to have them do it. That's the power of the law.


The FBI when it compels people to do things, pays nothing to have them do it.

I'm pretty sure the FBI/Government has stated they will compensate Apple/any external consultants for their time at their usual rate.


It may be time for that hippocratic oath for engineers idea to become a reality. I'd take it and live by it.


The ACM has a code of ethics that I like a lot:

http://www.acm.org/about/code-of-ethics/

Nothing is stopping you from just affirming yourself to live by them without paying the dues, if you want.


Alternately you can affirm the "never compromise cryptography" code of ethics, which I just made up and which is exactly what the name says.


This is very much a case of civil disobedience. Non-violent struggle is a surprisingly effective tactic.

As Gandhi states:

>You can chain me, you can torture me, you can even destroy this body, but you will never imprison my mind.


>You can chain me, you can torture me, you can even destroy this body, but you will never imprison my mind.

He said that in the 20th century. Imprisoning the mind is the province of the 21st century. Both governments and pseudo-"activists" now seek to do this by leveraging the Internet.


All it will take to "imprison the mind" is convincing enough people to use a system that gives positive reinforcement when your friends act "correctly". Normal social behavior will do the rest. China (with Tencent) is already trying this, and Facebook has at least explored this area[2].

[1] https://www.youtube.com/watch?v=lHcTKWiZ8sI

[2] https://consumerist.com/2015/08/05/facebook-patent-would-all...


Ghandi got away with his stunts because because he was up against the British, and they had comparatively okay ethics. Try that shit on someone who's actually bad and at best you'll just end up digging your own grave at gunpoint, then being "shot while escaping".

While publicly the U.S. government probably wants to keep on the good side of popular opinion, they've proved time and again that in private they have little to no compunction about doing "whatever it takes" to get their way.


>okay ethics

Let millions starve in manmade famine, massacres, 200 years of resource theft...


But not "listen to your complaint, laugh, shoot you in the face, set fire to your children."

Bad things happened under their rule but they weren't actively evil in the same league as so many regimes. If you think British rule was the worst thing that could happen to a place you're pretty sheltered.


They can fine you to poverty.


Meh. The FBI has already suggested that it might request the code signing certificate and the full source tree. With those in hand, I'd expect the NSA programmers could get this done in a few months.


> With those in hand, I'd expect the NSA programmers could get this done in a few months.

The NSA increasingly is not a room full of mathematicians, but an IT outsourcing customer. But in neither case would they be very competent at creating a variant of iOS that doesn't touch flash memory and enables brute-forcing the PIN.


This case is bad ground for arguments against backdoors.

The government doesn't want a backdoor. They want Apple to remove barriers slowing and limiting the number of guesses at the key. If the key were longer, those barriers wouldn't be needed. So this isn't about strong encryption, without backdoors. It's about some sort of right to short, memorizable keys, and technical barriers protecting them.

Now maybe we have such rights. (I don't think so, I do think we have a right to strong encryption and strong keys.) But that's a very different argument than "backdoors are bad". If Apple's case is "no backdoors", they make that argument look not like a technical argument but a preference to not comply with a warrant. Non-technical people could easily get the idea that technical people say "no backdoors" when they just don't agree with the government's ability to execute warrants, and that all the technical arguments about real security are mumbo jumbo to avoid obeying laws they don't care for.

Using strong encryption with phones is a usability issue. If the phone were somehow protected by a strong key, Apple could easily comply with this order and the government still could't read the phone. But they haven't figured out how a user can deploy a strong key in some usable fashion. Well, that's obviously a challenge to phone data privacy. I expect it is solvable. And it is much less an issue in contexts like desktops and laptops.

But we have a right to encryption. We don't have a right to usability. Claiming the two are the same weakens the case to the right we do have.


> “It’s an independent culture and a rebellious one,” said Jean-Louis Gassée, a venture capitalist who was once an engineering manager at Apple. “If the government tries to compel testimony or action from these engineers, good luck with that.”

Funny to see Jean-Louis's name out of the blue again. He was the creator of BeOS back in the days.


He still blogs about Apple at http://www.mondaynote.com/


I wonder if Apple would finance their legal fees if they resisted, or would that be considered some sort of encouragement?

It might very well help public appeal if there was a person resisting the government compared to a large corporation.

Then again, if they get to the point of ordering Apple to break their security seems like they already lost the case at that point.


> It might very well help public appeal if there was a person resisting the government compared to a large corporation.

I was thinking that too, but then I reflected on the anti-Apple opinions I've seen in this case (mostly from a small subset of my Facebook friends). My fear is that it would actually do the opposite - it would give a face to the "spoiled" and "liberal nutjob" Silicon Valley nerds who "want to help terrorists." I hope I'm wrong...


For example if the engineer in question was an unattractive male, perhaps also a minority, someone with weird hobbies etc.


What legal fees? It's Apple Inc which bears responsibility in this case, not individual employees. As the article suggests:

> if the engineers refused to write the code, rather than outright quit, “then I think that the court would be much more likely to find Apple in contempt,”


If Apple continues to resist, the FBI will simply take the source code and signing keys and hand them over to some contractor to do the work. Is that better? Apple's source code and signing keys in the FBI's hands?


It would be better to push the FBI into that position, yes. Make them steal that property at gun point, literally. Force them to show up at Apple HQ, with SWAT teams, threatening to murder innocent, unarmed engineers in the streets. Make sure every news source available is there to witness and broadcast it live.

Why force it? To drop all pretext of what this really is, and reveal the US Government's actions as being that of the fascist monster it has become. After all, we've got the US military directly, intentionally spying on everything Americans do electronically. We're probably two or three steps or 'events' away from our first Caesar attempting to take permanent executive power. It's going to get a lot worse yet, just look how far they've come in a mere 15 years in their power grab. It's better to just stop pretending, here and now, regarding what's really happening.

It would be the Tiananmen Square for privacy in America.


> We're probably two or three steps or 'events' away from our first Caesar attempting to take permanent executive power.

Or a single election. Hitler gained initial power democratically, after all.


I'm amazed to think that in only a short number of years the work that has been done at Apple R&D in the US might have to go off shore because of our own government...


Guess what happens if the FBI wins this, and Apple is forced to comply, and actually does decrypt this one phone, and probably later on hundreds or thousands of other iPhone 5 phones. Guess what: Apple will make the system so secure that this can never happen again.

This whole discussion has led me to reconsider the much too expensive iPhones, and my next phone might very well be an iPhone 6 or newer.


If your adversary is a well funded government agency you need to do a lot more than buy an iPhone.

If you're still alive when "they" want information they'll just extraordinarily rendition you and torture you. Or they'll implement laws like UK RIPA which require you to make available the unencrypted version when asked by a court. Or they'll install covert surveillance equipment.


It would be funny if a bug was introduced that became known that instead of being an exploit was a patch to the backdoor.


What sort of decryption task would even be needed if ? Suppose Apple can update the phone signed backdoored update, the DOJ order never asked for decryption, only a way to bruteforce the phone.


How do we know this isn't all fake? That the FBI doesn't already have access to iPhones, and just wants people to feel safe (from them)?


Independent of the outcome of this case, maybe it is time for Apple to leave their current jurisdiction. I heard Island is lovely this time of the year.


Surely the moral responsibility of a manager ordering such work done is just as great as that of an Engineer carrying it out. So why is the debate entirely about the Engineers refusing to do the work, and nobody is talking about managers refusing to give the order?

I'm not saying that anyone should refuse, I think that's a foolish idea and as has been pointed out the Government has many tools and sanctions available it can use to compel compliance. I just find the current debate somewhat blinkered.


The manager can easily be replaced by hundreds of others working at Apple. The engineers not.


I actually just asked this question in another thread 2 days ago. Really interested in how it would play out from a legal standpoint.


Id love to see the people behind healthcare.gov tell Apple employees that they were moving too slow.


Apple's poor org structure is a blessing in this case:

Apple said in court filings last month that it would take from six to 10 engineers up to a month to meet the government’s demands. However, because Apple is so compartmentalized, the challenge of building what the company described as “GovtOS” would be substantially complicated if key employees refused to do the work.


What exactly does Apple need to crack the iPhone? A bunch of signing keys?


the EPIC quote comparing backdoorization for a security dev to euthanasia for a doctor is weirdly confusing; it flips the script on personal freedoms.


It compares it to forcing a doctor to do an euthanasia. If you want to kill yourself, don't force me to do it, find someone who will willingly do it.


and I for one would stand by them for doing so.


Son, go to your room!

But I don't want to go to my room!

Son, go to your room!

Mommy, what would happen if on the way to my room I ran into a pack of wild dogs in the hallway blocking my path? Would I still have to go to my room?


We detached this subthread from https://news.ycombinator.com/item?id=11309007 and marked it off-topic.


It's off topic to point out that bringing up an extreme hypothetical as a reason to not do something is pretty bad defense?

Really?


I'm guessing you don't have children? My seven year old asks EXACTLY this type of hypothetical question.


And is it a useful discussion when they ask this type of question?

Or is it a transparent and poor attempt to get out of going to their room?

(Incidentally, I have an 8 month old son. So, yes, I've got a few years before I get to have conversations like this.)


The way we feel out the boundaries of a restriction is not infrequently to imagine an extreme but not impossible scenario and ask if the restriction would apply. People who fail to do this (especially when creating new restrictions <hello most everyone in Congress>) often end up very unpleasantly surprised down the line.

So, the reply to the last question in your mother/child conversation is likely: "No. You would not be required to do so. However, there are presently no known obstructions between you and the door to your room. Go to your room now, lest I find you in contempt of Mother.".

Simple, right? Right.

So, make your commentary more productive in the future, please. :)


If you'll look back upthread you'll see that my first comment very much mirrors your "presently no known obstructions" rebuttal.


I guess "upthread" is this [0]? If it is, there's a critical part of my comment that you left off in your comment; namely the part of the comment where the speaker addresses the hypothetical posed. This is a part that I included in my hypothetical Mother's Response:

> "No. You would not be required to do so. However, there are presently no known obstructions between you and the door to your room. Go to your room now, lest I find you in contempt of Mother."

Your comment omitted the explanation -thus ignoring the hypothetical- and went directly to analysis of the situation as it currently is.

Context is everything, and the person to whom you were speaking was not likely a child and wasn't asking a series of hypothetical questions in order to put off some unpleasant task. Therefore, the lack of explanation in your comment makes it substantially different from mine and -because it lacks the useful components- not really productive. :)

[0] https://news.ycombinator.com/item?id=11308789


Congratulations. It's a fun ride.

Who knows if it's transparent...children's brains function in a completely different universe sometimes.


[flagged]


Is that something you think every person must aspire to be?


No, I just find the "hackernews pedant" shtick to be banal, tiresome, and very played-out.


You all understand, right, that Apple is going to lose this fight. I'm sure the smart players, including Apple, are already planning for the eventuality. There is no right to have close source software.


Dear FBI, why bother Apple? Just hire Chinese or Korean engineers[1] to crack it! They know more backdoors than Apple does.

[1] http://blog.trendmicro.com/pwn2own-day-1-recap/


I bet none of these engineers have spent a single night in jail. All it would take would be for a judge to send a single one to jail for the weekend, and they'd be happy to quickly bang out whatever the government wanted as soon as possible on Monday morning.

The sentiment is nice, but I doubt the government is worried in the slightest. The government is all powerful and can be whatever it wants, lest we forget.


How could they be ordered to do anything if they are no longer employed by Apple? Resigning is a pretty powerful statement, being compelled to work for an employer you no longer want to work for is orders of magnitude worse than anything else suggested in this whole sordid saga to date.

Compelling a company to produce a product is bad enough, let's not add treating people like chattel on top of it.


A Judge can issue an Order saying whatever they hell he or she wants.

A Judge can order you to leave work and sit on a Federal Grand Jury for 36 months.

A Judge can order an innocent bystander to testify or sit in jail until he agrees to do so.

Employment status has nothing to do with anything. Just because you quit the police department doesn't mean you don't have to cooperate with a federal investigation or anything that a Judge orders you to do during that trial, from the grand jury phase up to and through sentencing.

I so often agree with the general sentiment of HN posters but the lack of understanding around basic civics is disheartening.


> All it would take would be for a judge to send a single one to jail for the weekend

On what grounds? None of them have broken the law and the order, should it come about, would be for Apple to perform this work, not specific employees (or, if they resign, ex-employees). What would be the route for the government to compel specific individuals – who do not own or control Apple's code or data, and individually are not the only people who can perform this work – to do this?


1) Judge rules that Apple must disclose the information.

2) Judge issues a subpoena to an employee that another employee has said is capable of retrieving the information.

"Do you have the capability to retrieve this PIN number?"

"Yes, your honor."

"Will you do so?"

"No, your honor."

"I find you in contempt. Lock this gentleman up."


> "Do you have the capability to retrieve this PIN number?"

The answer to this question is no, since the person would be no longer employed by Apple, would not possess the source code, and would not possess the signing key.

Even if you assumed that the court could force Apple to disclose these items to somebody who is now a third-party, it may be the case that there isn't any person who is capable of doing this. Are the same people at Apple responsible for code signing and writing the code necessary to do this?


> > "Do you have the capability to retrieve this PIN number?"

> The answer to this question is no

Doesn't matter. All the judge needs is to notice in your face that you do have that capability.

Don't believe me? Look at this case:

http://articles.chicagotribune.com/2011-10-07/news/ct-met-lo...

According to the judge:

"What I saw in his face was just defiance. He was not going to testify in this double homicide case because he wasn't going to testify. That's all there was to it. So I saw pure scorn for the judicial system in the defendant's face."

Because the judge didn't like his face he gets 20 years for contempt.

20 years!


Doesn't matter. The Judge merely collects all the pieces and then Orders them to work together.

If it reaches anything approaching this point (it won't) stopping it basically requires an individual to commit to doing the work then sabotaging the device when presented with it.

That's the act of civil disobedience. And you can expect to spend more than a night in jail should you grow the balls to do it.


Meh. I've spent time in jail after getting picked up at a protest. All charges eventually dropped. Knowing you're there for the right reasons, with strong outside support makes a huge difference. I'd gladly take some jail time on a fight like this.


> All charges eventually dropped

Care to say what were the charges originally?


Charges were pretty ridiculous actually. Everyone got disorderly conduct, and something about carrying weapons ('sharpened sticks', aka protest signs, which, in fact, I wasn't).

It was an excellent lesson in how arbitrary and asymmetric the criminal justice system is. The police are basically free to make shot up on the police reports, and it was only because we had so many people with identical reports with egregious mistakes that we were able to fight them on the charges.


I mean, you can always resign. The government can't force you to work for a company. The court order is against Apple, not individual engineers.

I'm sure there'd be a GoFundMe up within minutes that would collect enough money to cover the salaries of a few engineers while the court battle plays out. Afterward, go back to work for Apple.


And this threat right here is exactly why encryption is so important.


And yet we need people to be this bold.


Yes, but with their democratic votes or public stances, rather than internal business decisions... (since the former is presumably more impactful.)


"Apple Encryption Engineers, If Ordered to Unlock iPhone, Might Resist"

Um... no. Perhaps until they get a whiff of a professional, um, "motivator" in the guise of an FBI agent or carefully-chosen warden. Some of you guys crack under the pressure of solving a C++ warning. The guy who upvotes every "Ten things about being an Introvert" post at HN will last precisely ten seconds when presented with that reality.

I admire a good hunger strike every now and then but this case has been mismanaged by both sides. Slippery slopes and domino theories but really -- you're gonna rot in jail versus coughing up a pin code to protect the privacy of a dead terrorist? This could have been narrowed, should have been narrowed, and an anonymous post card with four digits on it could end the standoff. And that's the way it's always been done. Apple seems ignorant of this reality and they are going to pay a dear price for their position -- even before they incur the cost of forcing employees into an ethical rat trap.


Downvotes aside, looks like the anonymous postcard showed up right on cue: http://www.nytimes.com/2016/03/22/technology/apple-fbi-heari...

Apple shouldn't have been surprised by this. They will however pay a dear price for the posturing. And they will have wasted valuable public sentiment when the government tries again, which it will.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: