The FBI's refusal to detail the flaw will just add to the pile of miscommunications between technologists and the government. That hurts the government's ability to advance their own technological capabilities and understanding. Every day, they're getting better at shooting themselves in the foot and widening that communication gap.
I see nobody out there capable of bridging it. Not Tim Cook, not the EFF, not Obama, and certainly not the DOJ.
Bruce Schneier's previous coverage from 2015-07 [1] is what first got me interested and up to speed in the recent SB case. Even if Apple isn't demanding the FBI's method at this moment, I respect what Bruce has to say here.
It seems to me that Tim Cook and the FBI understand each other very well. They just don't care about the same things.
Former CIA and NSA Director Michael Hayden clearly understands the issues. I saw an interview where he stated that the FBI was correct to want access (it makes their job easier) and that we shouldn't give it to them (he understands that a backdoor will be used in ways other than intended). The point being that people on the government side aren't just naive, ignorant administrators.
I think the problem with a lot of national issues isn't the players lacking an understanding of the nuances, it's that people in general aren't very receptive to nuance. That makes it a losing strategy to try to address it.
Public officials answer to a different standard than private citizens who run companies. The oath of the FBI is not to make their own jobs easier. It is to maintain public security. If the Director of the FBI cannot do that effectively, then that is a blemish on the record of President Obama who appointed Comey.
There's a definite need for someone to step up and say that on balance, we are more secure without trying to guarantee government access to encrypted data, or vice versa. So far nobody has taken that high level view and been able to convince any of the early major players in this debate.
Lindsey Graham's statement during his questioning of Lynch is the closest we got to a high level player changing sides, demonstrating an understanding of both positions [1].
> The oath of the FBI is not to make their own jobs easier. It is to maintain public security.
Actually, this is their oath:
I [name] do solemnly swear (or affirm) that I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same; that I take this obligation freely, without any mental reservation or purpose of evasion; and that I will well and faithfully discharge the duties of the office on which I am about to enter. So help me God.
Their oath is to the Constitution, and the duties of their office are to investigate federal crimes. The Constitution does not mandate that they share everything they know, but neither does it make it as easy for them to do their jobs as they might like.
The Constitution includes certain rights which make it more difficult for them to investigate crimes than they would prefer; it is also silent in some areas which some of us might wish it spoke more loudly on.
If the Constitution is silent, that means it is prohibited.
The constitution is first and foremost a document outlining what the federal government is allowed to do. If it is not listed in the Constitution, then by design the government does not have the authority.
I think this has been lost, in part by the inclusion of the bill of rights, which where never intended to be an all inclusive lists of a persons rights.
The Congress shall have Power To lay and collect Taxes, Duties, Imposts and Excises, to pay the Debts and provide for the common Defence and general Welfare of the United States; but all Duties, Imposts and Excises shall be uniform throughout the United States;
That's some pretty broad power that is enumerated right there.
Actually it is not, unless you take it out of context like you have....
Allow me to Quote Jefferson...
"“[T]he laying of taxes is the power, and the general welfare the purpose for which the power is to be exercised. They [Congress] are not to lay taxes ad libitum for any purpose they please; but only to pay the debts or provide for the welfare of the Union. In like manner, they are not to do anything they please to provide for the general welfare, but only to lay taxes for that purpose"
Meaning to the founders that section was explicitly about collecting taxes and does not give wide over arching powers to legislate things about the "general welfare" of the population.
Ok, sub in that it would be a valuable tool in carrying out their mission for the making their job easier. The point is that it isn't extraordinary for law enforcement to want investigative powers.
If you watch some interviews with Michael Hayden, you'll see him saying just what you want, and I think someone who is a former director of both the CIA and NSA counts as a high level player. Autoplay video, but read the text:
> Ok, sub in that it would be a valuable tool in carrying out their mission for the making their job easier. The point is that it isn't extraordinary for law enforcement to want investigative powers.
Sure. Then I'd just circle back to my original point which is there is disagreement over how to keep the public safe. That's the cause of the problem, and we're missing someone who can bridge that communication gap.
> If you watch some interviews with Michael Hayden, you'll see him saying just what you want, and I think someone who is a former director of both the CIA and NSA counts as a high level player.
I've watched several. The one you cite is actually a bit old. In more recent interviews, he sides even more with Apple.
Hayden definitely brings a lot of credibility to Apple's side. Unfortunately he's not in a position to call a meeting between the tech industry and the DOJ plus Obama to settle their differences. In fact, nobody is except the public. The public will ultimately decide this through their voice and vote. If we sit back and do nothing, I imagine we would see backdoor legislation pass quickly. So far, we've been vocal enough to prevent Feinstein's bill from being released. Let's keep it that way and start pushing back against the DOJ. We can play offense too by asking the FBI to share its technique with Apple.
The FBI brought this to court and demanded, quite vehemently in their last brief [1], what they wanted. They chose to bypass the option of further discussing the issue with Apple outside of a court room. Whether you feel Apple or the FBI was being stubborn, that is not good communication.
In my opinion, the government needs to make some deposits into its emotional bank account with technologists to make up for the damage it has done.
I agree with you, and I think this will eventually lead to a world where governments are unable to exert meaningful influence on large corporations. We're already starting to get there; I have a feeling that if the supreme court had forced Apple to write a custom version of iOS that things could have gotten really messy very quickly -- there were rumors that Apple's entire iOS engineering team was ready to resign if the case went the wrong way. It's plausible to see a scenario where Apple says "You know what? Fuck it, we're based in Ireland now."
Ultimately, I don't think governments are designed to deal with corporations that make as much money as a company like Apple does. These companies are the size of governments -- if Apple decided it wanted to hire a bunch of mercenaries and take over a small country, it could probably do so (if it didn't mind getting embargoed by whoever was friendly to the country they took over).
I wouldn't be surprised to see corporate sovereignty become a big international issue in our lifetimes. International law is a huge grey area, and I expect companies to exploit that to their advantage to avoid enforcement actions by individual nations.
> It's plausible to see a scenario where Apple says "You know what? Fuck it, we're based in Ireland now."
Maybe, but I think you're putting the cart before the horse. We're not at that stage right now. Right now we can turn the tables on the FBI and demand they contribute back to our own ability to secure ourselves. It's not too tough to describe the issue to the general public.
The FBI would ordinarily help businesses identify security vulnerabilities in their products, such as a flaw in a bank vault, because it makes the public more safe to enable the bank to secure itself. Law enforcement regularly recommends certain bike locks, car systems (note their recent notification about remote exploits [1]), etc. over others. In this case, due to disagreement about how to keep the public safe, the FBI is refusing to cooperate with the general public who own iPhones.
> the FBI is refusing to cooperate with the general public who own iPhones.
Which I think is a perfectly rational thing for the FBI to do in the absence of a law stating that they must do so. I don't think it's the best thing for democracy, but if I were a senior-level FBI official, I'm trying to give my organization as many tools as I can get to do their job. He's a man with a small, narrowly defined scope: investigate crimes as effectively as possible. It's not his job to think of the repurcussions.
Which is why our current decade-long legislative deadlock is fucking killing us. The world today is nearly unrecognizable from the one in 2006 - and in the lack of leadership by Congress, the executive branch (which includes the FBI and most other non-military law enforcement agencies) has to step in and take control.
Really, the problem is that a lack of leadership from congress has created a power vacuum that Obama has been publicly very reluctant to fill. But the gap exists, and people in the executive branch under Obama have had no such qualms expanding their power into areas that Congress just hasn't addressed because they're too buy trying to defund Obamacare or ban abortions.
The people are the most powerful part of the legislative process in a democracy. They, and you, may have forgotten that by not voting and attempting to justify the positions taken by public officials who are sworn to protect the constitution.
> Which I think is a perfectly rational thing for the FBI to do in the absence of a law stating that they must do so. I don't think it's the best thing for democracy, but...
I've seen a lot of this "understanding" in the news and online. It is not how democracy works. We have the power, not them. We can literally vote them out of their jobs.
> These companies are the size of governments -- if Apple decided it wanted to hire a bunch of mercenaries and take over a small country, it could probably do so
Is this anything new though? I once heard the Dutch West India Company described as "Exxon Mobil with guns."
Apple has an enormous investment in their design team in Cupertino. It would be an enormous impact to their product development capability to start over somewhere else.
It's not enough to say "HQ is over here bro," court orders still work in California. Then again this whole All Writs effort to "build me a tool to help my investigation" seems to break new ground. Maybe it wouldn't even be enough to pack up and move all R&D out of the US (e.g. injunction on US sales until the foreign Apple company complies).
> Maybe it wouldn't even be enough to pack up and move all R&D out of the US (e.g. injunction on US sales until the foreign Apple company complies).
There are already state level bills proposing this in CA and NY [1]. Those bills would fine manufacturers $2,500 for every phone sold in those states that isn't capable of providing decrypted data. The language originally comes from a white paper by Manhattan DA Cyrus Vance. Feinstein-Burr are working on a similar federal bill which was supposed to be released late last year, then this month [2]. It has obviously been delayed by the public's response to the SB Apple case.
"Maybe it wouldn't even be enough to pack up and move all R&D out of the US (e.g. injunction on US sales until the foreign Apple company complies)."
That'd be an interesting possibility. Government, to U.S. consumers: "YOU are not allowed to buy the products you chose, because a foreign company refused to perform work for the U.S. Government." ...
The specific point of bridging is that technology corporations and the federal government should both care deeply about making consumer and corporate technology as secure as possible, given how much of the nation depends on it.
On paper, the right federal agency for this should be the Department of Homeland Security. In reality they have neither the technical expertise nor the political "juice" to compete with the intelligence and law enforcement agencies--who care much more about access than security.
Until this balance is corrected at the federal level, it's going to be a mess. On balance, the government essentially WANTS technology to be insecure right now, so that intelligence and law enforcement staff can do their jobs more easily.
The government isn't a single entity with a single goal. There already exist federal agencies with the goal of increasing security (see http://csrc.nist.gov/groups/ST/toolkit/), while others like the FBI have vested interest in increasing their powers of investigation. The executive branch has already made their stance clear, weakening encryption should not be the goal of any federal agency:
"We recommend that, regarding encryption, the US Government should:
(1) fully support and not undermine efforts to create encryption standards;
(2) not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and
(3) increase the use of encryption, and urge US companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage."
It just seems like federal folks working on security are currently outgunned by the federal folks working on access.
For example where were the pro-security quotes from NIST in all the FBI-Apple stories? I'm sort of kidding--obviously there weren't any--but the reality is that NIST can't stand up to the FBI and that's not their role anyway. They set standards not executive priorities.
If we think of the federal govt as a multi-armed see-saw, where points of view oppose one another from various agencies, then right now the arms in favor of access have a lot more "weight", so the overall system tilts toward them. This was visible in what the Presdient said at SXSW.
What do we see? Pro-encryption messages come from private groups, but pro-access messages come from federal executives. Why wasn't there a senior federal appointee telling Congress that hacking the iPhone was a bad idea? That the FBI had not fully considered all that consequences? Who would that be? The head of NIST?
> That hurts the government's ability to advance their own technological capabilities and understanding.
I take it that nobody in The White House uses an iPhone, or at least I hope not. Institutionalized ignorance to the degree of shooting oneself in the foot is concerning - far more concerning than the existence of this specific vulnerability.
I know I'm stating the obvious here but it needs to be stated: The White House is therefore completely okay with this weapon in, as one example, terrorists' hands. Is this a new war or terror strategy or something, placing weapons into the foes' hands?
I see nobody out there capable of bridging it. Not Tim Cook, not the EFF, not Obama, and certainly not the DOJ.
Bruce Schneier's previous coverage from 2015-07 [1] is what first got me interested and up to speed in the recent SB case. Even if Apple isn't demanding the FBI's method at this moment, I respect what Bruce has to say here.
[1] https://www.schneier.com/blog/archives/2015/07/back_doors_wo...