End To End Encryption

I’ve been trying to figure out what I think about a bunch of things that keep cropping up. Yesterday it was ad blocking. Today it is end to end encryption. This community is really helpful to me. It is like having another set of colleagues to bounce ideas off of. So thank you for that.

Tim Cook wrote a public letter to Apple’s customers yesterday explaining his position on the San Bernadino shooter case.

He correctly states that “This moment calls for public discussion” and so hopefully that’s what we are going to do. I’d like to see our Presidential candidates start talking more about this too. It is one of the single most important issues that our society faces in the coming years.

He goes on to say that:

For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.

That is not an open and shut case to me.

Of course I’d like the contents of my iPhone to be out of reach of everyone other than me. But if that means the contents of the iPhones of child pornographers, sex slaverunners, narco gangsters, terrorists, and a host of other bad people are “none of our business” then that gives me pause.

I don’t think we can have it both ways. We have to choose one way or the other.

My partner Albert has written publicly on this issue and he comes out in favor of being public with our data and not going down a crypto “rat hole”. Here are some of his relevant posts on the topic:

Sept 2013

Jan 2014

Aug 2015

But many of the other folks at USV feel very differently and are more supportive of an end to end encryption world.

I lean in Albert’s direction. But I also see logic in the arguments that Tim Cook makes against opening up a back door to the iPhone.

So I am struggling with this issue this morning, and I imagine many others are too.

So let’s talk about it. What is your take on end to end encryption?


Comments (Archived):

  1. Richard

    Alexander Grahm Bell made the worlds first transcontinental telephone call 100 years ago. What effects would the announcement that every phone call would be archived and accessible by the govt have had on its success?

    1. SubstrateUndertow

      Historian’s wet dream 🙂

  2. Salt Shaker

    How important is it to protect the privacy of a murdering, dead terrorist, particularly when unlocking encrypted data–on a work, not private phone–has the potential to deter future or similar attacks by others? I understand Apple’s need and desire to protect its customer base and the public at large, but I don’t believe the same standards and rights of privacy apply to murdering, dead terrorists. There’s a big difference between operating on principle and operating w/ common sense. It’s fair game for us to kill terrorists but God forbid we should intrude on their contact lists and phone logs. Honestly, where’s the logic? Unfortunately, Apple’s non-compliance will lead to further Court rulings deciding if the right of privacy for terrorists, dead or alive, trumps public interest and safety. IMO, the Court of Common Sense has already ruled.

    1. Zachary Reiss-Davis

      The same standards HAVE to apply to murdering dead terrorists and any, or everyone else — there’s no magic way to say “we’ll have a backdoor around our encryption, but it’ll somehow not get used except against murdering dead terrorists” — if the security hole exists, it will be used.

      1. awaldstein

        Sure I get that.But i don’t believe that there is one rule for all.I live 2 blocks from the towers. Did I and do I believe that there was nothing that shouldn’t have been done to gather intelligence to track down the terrorists. Absolutely.

        1. LE

          I just saw it on TV and I feel the same way.

        2. thinkdisruptive

          This is crazy logic, and a slippery slope. You can use this ‘so-called’ common sense to justify absolutely any evil thing that a government wants to do, and as Stanley Milgram demonstrated in his “Obedience to Authority”, the majority of people will always support what their government says whether it’s right or wrong. You may feel this ‘rule’ will only be used to target terrorists, but I don’t believe that for a second — not in the U.S. and certainly not in most countries around the world.This is neither the only tool the government has, nor is it necessary. There were plenty of bread crumbs left by the San Bernadino terrorists before the event that didn’t require unencrypting and tearing apart my right to privacy — simply watching what they were doing and paying attention to the rather obvious clues and tweets. Can we not focus on that? This red herring has been created by the FBI to draw attention away from their prior ineptitude.Breaking encryption harms us all. You might as well pass a law that it is illegal to have a lock on your door, and anyone is permitted to walk through your house anytime they want. For me, this one isn’t even close, unless you believe that our entire system of jurisprudence and the principles it is based on (and the history of common law) are completely wrong. But, if you do believe that, then you have already implied that torture is also a legitimate means to gather information, harrassment and coercion of innocent citizens is permissable if it helps find terrorists (or anyone the government deems to be against their interests), suspension of private property rights can be justified for any purpose the government wants, and ultimately repressing all forms of dissent, because that also aids and abets terrorists. Sounds preposterous? All these are still commonplace around half of the planet, and this was the dominant way of thinking before the US was founded based on principles of individual liberty.The only way any rule of law works is if it is the same for all, and we all have the same protections against government abuse of our rights. Let our guard down, even a little, and you are only a few steps from Nazi Germany — a country of good people persuaded by twisted logic, repetition and belief in authority to perpetrate one of the worst-ever crimes against humanity.The attitude that you belie here, that “there was nothing that shouldn’t have been done to gather intelligence to track down the terrorists” suggests strongly that you are willing to subvert any and all rights whenever it suits your purpose to redress a crime against you. Civilization can’t work that way, and I’m pretty sure you would be among the first to complain if it was your rights being trampled based on the logic you’ve given here.

      2. LE

        if the security hole exists, it will be used.It’s not a security hole that is a red herring.It’s a carefully managed security exception (my words). If people are worried about this they should think a bit about all of the other potentially damaging things that are floating around out there of actual consequence like nuclear launch systems and the electrical grid.The backdoor is only usable by court order. Apple has (to repeat) the brains and the resources to make something like that happen.That said I got the impression from Tim Cook in his letter that he was somewhat worried about rogue operators at Apple leaking this info in a way that would allow others to exploit it. That is Apple’s problem to insure against, just like anyone working on highly sensitive government programs.

        1. pointsnfigures

          The 9/11 attackers were not American citizens. The San Bernardino attackers were.

          1. LE

            Means nothing to me actually. Has nothing to do with citizenship at all. Court order is a court order comply with it. Police request to help with solving a crime is a police request.I got a justice department request for some customer data for an investigation that they were doing. I complied with it promptly and never considered not doing so. T&C says “we will BOGU you have no rights” [1] . Didn’t matter to me who the target was, or what the reason was, or even if I really really legally had to. The government said “give us this data” in an official request with proper “you have to do this or else” language and I gave them what they wanted. They didn’t need the “or else” at all.[1] And then billed the government for the work it took to comply with the request. Which they paid about 3 months later iirc.

          2. thinkdisruptive

            “court order is a court order, comply with it”Wow. Absolute obedience to authority, right or wrong. Sounds like you’d be right there with Hitler, exterminating Jews, gypsies, homosexuals and other negative influences because the state said you should do it. I thought we had recognized the perils of such blind obedience.Tim absolutely is doing the right thing, and has the right to defy the FBI as an act of civil disobedience to draw attention to an over-reaching government. He may go to jail if he continues to stand on principle, and I would admire him all the more if he does.Back in the 1950s and 60s, there were a lot of court orders issued and laws that prescribed where black citizens were allowed to go, eat, etc. But for a large number of people defying those orders and laws, we’d still have a significant percentage of our populace subjected to discriminatory rules and regulations. Where do you draw the line on such absolutism?

        2. scottythebody

          This is not logical. “The backdoor is only usable by court order” Or by anyone who figures out how to use it. Court orders do not make something technically secure, only (potentially) legally sanctioned.

          1. LE

            The idea is to design it in a way that that can’t be done. This idea that everything and anything can always be hacked (in this type of scenario) is absurd. Of course Apple can design something with the appropriate safeguards and further I am proposing that only they have access to actually be able to do what is necessary, not to give it out to law enforcement like some fire marshall key.This is not open source software where anyone gets to review the code and hack away.And Apple saying now there is no backdoor doesn’t mean the device can’t be hacked anyway, just it hasn’t been done so far. Someone knowing that Apple can do this won’t make them work any harder or less hard on a independent approach.

          2. scottythebody

            I still lose you. The fact that it isn’t reviewed is also a strike against it. I get your idea, and I think you’re correct in that this could be designed to be very secure. But nothing cannot be hacked.The fact that there is no intentional back door definitely does not stop people from trying. In fact, the iOS/iPhone is the Holy Grail of exploits, with companies paying $1,000,000 for remote access zero day vulnerabilities. So if it’s there — even unannounced — they will find it.

        3. Pete Griffiths

          “It’s not a security hole that is a red herring.It’s a carefully managed security exception…”I respect you LE, but that sounds like BS to me.

          1. LE

            If managed correctly (and only under Apple’s control (at Apple Headquarters) similar to the FBI forensics lab and potentially with third party verification of actions) I still stand by “security exception”. Of course any wording that is used to change opinions or manipulate can be BS, I will agree with that.

  3. conorop

    I’ve always been under the notion of “I have nothing to hide, so poke at my data all you want.”I believe that any changes in open data need to be balanced by a strong checks and balances system. Innocent until proven guilty. A responsibility (or restrictions) to manage abuse of the newfound access.

    1. thinkdisruptive

      Anyone is free to permit their data to be freely shared, but you are not everyone. Lots of things should not be freely disclosed — bank balances, account numbers, unpublished phone numbers, passwords, how to access the nuclear bomb codes, etc., and despite your notion of having nothing to hide, I don’t wish my privacy to be violated because you don’t mind if yours is.

      1. conorop

        If you think publicly disclosing bank balances, account numbers, passwords etc are even remotely related to being comfortable with special access to data for national security, then we are not having the same conversation.

        1. thinkdisruptive

          Just responding to what you said, which is that you have nothing to hide, so poke at my data. Who decides what data deserves special access for “national security” reasons? You? The government behind closed doors?

          1. conorop

            I’m not suggesting I have the answers, but my starting point is that I want to help catch the bad guys. If, upon deep review, that it is determined that the lives of good, normal citizens are far too negatively impacted to prevent harm, I’m happy to change my mind.

          2. thinkdisruptive

            The bad guys are dead. The principles involved here are far more important that whatever data remains hidden, if any (the FBI hasn’t established that there actually is anything of value still hidden, and is trying to compel a private company to go on a probably fruitless fishing expedition). The only thing they really want is to use outrage over San Bernadino terrorists to force tech companies to invest enormous sums in breaking encryption, or to create the back doors they’ve been asking for all along. Neither of these things is an even remotely good idea.

  4. LE

    But many of the other folks at USV feel very differently and are more supportive of an end to end encryption world.Most likely younger and more liberal is my guess.

    1. fredwilson

      the oldest and the youngest actually

      1. LE

        Hmm, makes sense. Brad is a technologist [1].[1] The 2nd oldest partner (John) is an attorney. (Note that I had to do a search to figure out their ages..)

      2. thinkdisruptive

        I’m surprised the youngest are that smart, but the oldest have seen plenty of examples of how governments run roughshod over citizens rights and freely abuse whatever level of authority they are permitted. We wouldn’t have Miranda rights, which seem silly today, had police not routinely abused suspect’s rights to counsel (and which often led to railroading the wrong person to jail). We have examples today, with police bullying and over-reacting and drawing and firing weapons when dealing with black citizens (even when the police are themselves black). Every legitimate authority given to the government or its agents can and will be abused. History teaches us that pretty plainly. Some principles need to be absolute, even when there are exceptional cases that could be used to justify breaking the principle.Perhaps the problem is that those in the middle are too world weary, and have become “pragmatic”, willing to bend the rules for whatever they perceive as the right outcome. We let the young fight the wars of principle, and the old remind us of the tragedies and regrets that happen when we forget about principles (aka wisdom).

    2. Brandon Burns

      Contrary to popular belief, even young people and liberals can have respect for the 4th Amendment. 😛

      1. LE

        I put you in a different category Brandon. Because you actually work hard at what you do and are a professional and grown up.I will insert “naive” prior to “young”. And “been burned” prior to “liberal”.

  5. John Pasmore

    While we have a right to privacy, I don’t believe we have the right to permanently hide what a US Court declares is something that may have evidentiary value. We basically enter into an agreement the Government to be citizens of this Nation. This is certainly a new frontier, but there is a long history of privacy evaporating during threats — I think the US Government can prevail here with Apple. Technology still exists for an individual to encrypt data but for a corporation to do this en masse, without some key that a warrant can unlock is gray area Courts need to define.

  6. LIAD

    after having read the letter this morning, the frame below came into my head.1/ The 5th amendment protects citizens from being forced to disclose information they hold in their heads.2/ Computer devices are extensions of ourselves.3/ Citizens should be protected from being compelled to disclose information held on their computer devices.4/ QED Encryption is the digital equivalent of the 5th Amendment.

    1. ErikSchwartz

      Yeah, I lose you at point 2. I get the argument in theory.

      1. LIAD

        Rephrase your Honour.Computer devices are digital extensions of our heads.

        1. ErikSchwartz

          So is a written notebook. That is clearly subject to a warrant.

          1. pointsnfigures

            The Rand Paul solution.

          2. SubstrateUndertow

            A dynamic/processing pocket-super-computer/cloud-harvester is orders of magnitude closer to a bio-mind-extension than is a static notebook.Everything counts more in large organic amounts 🙂

    2. Salt Shaker

      Why is the Constitution treated as if it’s beyond reproach. Does anyone truly believe if it was drafted today the language would be identical or as definitive as originally written. Doubtful.

      1. andyswan

        Then amend it

        1. Salt Shaker

          Yeah, good luck w/ that.

    3. andyswan

      4th much more applicable.

      1. LIAD

        Sum total of my knowledge based on watching Suits and The Good Wife. Feel free to amend my motion as you see fit and resubmit to Court AVC

    4. Twain Twain

      4th Amendment is a uniquely US issue, though.How does the right not to disclose and be disclosed apply to other jurisdictions where Apple operates and sells its products?Notwithstanding this, I agree with your logic flow as it applies to Apple’s US consumers.

      1. pointsnfigures

        10th Amend might be interesting too. What if the Feds did nothing and individual states experimented?

        1. Twain Twain

          Exactly. One state sets a precedent, then it goes inter-state federal and then it becomes globally applied.Yet even at origins of whether individuals and companies have a right to privacy and non-disclosure, the question has to be about coherency and consistency.It may seem coherent to US govt to insist on backdoor because of a handful of extreme outliers but it can’t be consistently applied because the 99% majority are not terrorists, child pornographers and other bad people.And, unfortunately, they’re often only more widely identified as bad people after a horrific event they action.There should be ways to monitor bad people and prevent them from committing atrocities but those monitoring mechanisms should not invade the rights to privacy and non-disclosure of the rest of us.Technically, can this be factored in at device-level? Yes.But then do device manufacturers like Apple and Google become moral arbiters of who’s good or bad instead of the elected governments who are our mandated representatives of the good, moral, well-functioning society we’re voting for and who write the laws and run the prisons?

    5. LE

      Sorry Liad, not even close!

    6. Amar

      This conversation will take a different slant, if we had technology that can retrieve memory out of our head. We currently cannot. If you were the only living witness to a murder/act of terrorism and we had technology possible to retrieve that fragment of memory from your mind — i don’t think this discussion would be so black and white.Once something is possible and that “Something” aids greater good — we will always struggle with the trade off between individual rights and the cost to the greater good.

      1. SubstrateUndertow

        Giving new meaning to the “thought-police” and I suspect people would be a lot more resistance to mandated access !

    7. SubstrateUndertow

      Well framed !

  7. Zachary Reiss-Davis

    Here’s the thing: if you create a backdoor around encryption, you’ve opened pandora’s box, to use a cliche — or to use another, there’s no stuffing the genie back into the bottle, at lest not easily. I firmly believe that if we force technology companies to create backdoors for law enforcement to use in initial cases that seem completely reasonable, such as against a specific known terrorists, it will eventually be 1) used by the government in all sorts of ways and cases I personally don’t approve of, 2) be used by black-hat hackers for things like ransomware, blackmail, and so on, 3) be used by corporate espionage and similar white collar cases, and 4) be used by OTHER countries’ governments (China, Russia, Iran, you name it) in ways we should be REALLY squeamish about.On point (4), I don’t see how we can give this technology to the U.S. Government and expect China or Russia not to have, and use, it.

    1. fredwilson

      what do you think about the idea of a “two factor” back door that “DH” suggests in this comment thread?

      1. Martin otyeka

        Hi Fred,Apple’s position better imitates nature. You can’t access memory from a body/brain once the soul has left – So far humanity and civilization has survived with that fact. Therefore, we can live without Apple building a mechanism to compromise our smartphones data, the physical manifestation of our brains memory.

        1. JLM

          .You can, however, conduct an autopsy to determine the cause of death.The infamous University of Texas Tower shooter back in 1963 was found to have a massive tumor pressing on his brain. It helped to explain the crime of shooting so many people.It was a court ordered autopsy.The decision to conduct or not conduct an autopsy on Sup Ct Justice Scalia was made initially by a magistrate in Marfa, Texas.The family then could have ordered one but they passed based on his history of heart disease and other physical evidence acquired at the site.Opening that phone is an autopsy, no?JLMwww.themusingsofthebigredca…

        2. SubstrateUndertow

          Bingo !These emerging cyber tools are quickly becoming holographic body/brain extensions/ampifiers and to effectively function as such must mimic/retain the volitional/cognitive autonomy of the body/brain they so powerfully extend.Many might still think such abstractions to be very pedantic but they are quickly entering mass-culture as extremely visceral concrete realities.

      2. David Greydanus

        Crypto-godfather David Chaum recently suggested a 9 piece master key for his tor like mix network to be distributed amoungst an international counsel that could act as an intermediary between the government and the users.

      3. Zachary Reiss-Davis

        I think @darrenhaber:disqus and I were talking about two different things –With one factor, you have the question Should the government be able to access any of your data stored in the cloud (broadly defined) either with or without a warrant.Today, they don’t have to serve you with a search warrant; they can just ask the cloud host to read your mail, and that’s that, because you don’t “own” in a 4th amendment sense your emails stored in the cloud (warning: not a lawyer). I strongly believe that this should require a valid warrant, that you should be able to fight in court, like any other warrant.I’m largely fine with this, because it creates a transparent process for data access that is fairly hard to abuse, unlike the status quo.The second factor, of the physical device, is actually a bigger problem for me, because if you weaken security on the physical device ANYONE can abuse the situation that results — and thus I’ll go back to my original framing of “assuming that if you create this back door for the U.S. Government to use, how confident are you that other nation-states (Russia, Iran, whatever) won’t get access to it and use it and to do things I morally don’t agree with. That question is in addition to if you believe the U.S. government should be able to do this — I don’t think you can have it both ways.

        1. thinkdisruptive

          Better question: how confident are you that your own government won’t abuse it? Or that criminals won’t use it? it doesn’t require a “bad actor” to violate your privacy and abuse it, just a slippery slope.

      4. jason wright

        perhaps there’s a blockchain solution. distribute the second factor to twelve upstanding citizens, and let them decide in a court of law whether the reason for disclosure is valid or not.

        1. JLM

          .I was wondering how long it would take for the blockchain to suit up and break a sweat.Blockchain has the taint of Silk Road to overcome before it is vested and anointed. Bit of incense first.But, it does make sense.JLMwww.themusingsofthebigredca…

          1. curtissumpter

            Geez. What blog are you posting on?Disparaging a technology because of some criminals use of it?Wow.

          2. JLM

            .Isn’t that the gun control argument?I love the technology — blockchain — though I am no fan of bitcoin.Nonetheless, its abuse is a legitimate concern enunciated by its own most virulent supporters.JLMwww.themusingsofthebigredca…

          3. curtissumpter

            I’m not a big fan of gun control.I am a fan of jobs, financial access, and distributed stellar education.But even if I cede your point blockchain and encryption based technologies are not designed for the exclusive purpose of extinguishing life.

          4. JLM

            .Fair play but the Silk Road ended up with a few dead bodies and a life sentence. Kid grew up five miles from this keyboard. Sad.JLMwww.themusingsofthebigredca…

      5. thinkdisruptive

        Two factors, five factors, twenty factors. it doesn’t matter. A back door is a back door, and it will be used for outcomes far worse than not having whatever data the FBI thinks they might find. Breaking encryption is a bad idea.

    2. JLM

      .So, Zach, not to press you but you sound like a guy who thinks a private server in one’s basement might not be adequate to keep the Russian hacker bears at bay?What are you, a Republican?JKAgreeing more with you than you do with the guy in the mirror. Well played!JLMwww.themusingsofthebigredca…

      1. LE

        The other day you were talking about needing a computer expert to keep your computer safe from putin’s viruses? So I am not sure that you know enough seat of the pants about computer security to understand what is possible and what is not possible. I can assure you that this is not only possible but that it can be done.Also with regards to cancles email server, I don’t recall knowing much about the credentials of the people that set that up for her. It could have been an extremely knowledgeable person (or a team) or it could have been the local tech guy who just knew more than she did. It’s not like she put out a RFP I am guessing and had someone knowledgeable vet the “computer guy”.

        1. JLM

          .The first one involved — in the Chappaqua, NY basement — was a member of her St Dept staff who was “moonlighting”.When it came to be exposed, he suddenly reported the $5K he had been paid.He had set up the Clinton Foundation server and there is speculation that the Hillary St Dept server was actually the same server.It is “cankles.”JLMwww.themusingsofthebigredca…

          1. LE

            Did a search and it’s this guy Brian Pagliano.Just took a look at his linkedin:https://www.linkedin.com/in…This is not the linkedin of a heavy hitter IT guy. And the some of his career was spent managing others to actually do tasks. His actual skill is most likely in other areas not clinical.This is the place he worked at for the longest time:http://www.communityit.com/I deal with companies like that frequently. While I have no exact knowledge of how good they are, my take is, from the work that they do, they are not exactly world class in terms of this particular job. So it makes sense given Hillary and Bill’s knowledge that they wouldn’t even pick up on this. I could have easily deposed him (if he answered questions) to determine what he did ongoing to keep the box secure. Because you know it’s more than just setting it up. (Similar to airplane maintenance, eh?)I deal on a fairly regular basis with this type of tech person and have little confidence that they choose anywhere near the right tool for this job. (Once again that is my seat of the pants take given my particular expertise and information that is available for me to see on the fly..)

          2. JLM

            .Agreeing more with you than you do with yourself. There is nothing particularly smart about the Clinton’s approach to anything.”I was ducking sniper fire” is not the work of a genius. It is an inartful attempt to harvest the reflected glory of better men whose real lives takes them into danger on behalf of the nation. It is very small minded and petty.These are people who steal furniture from the White House and who set up Canadian false front charities to feed their own insatiable appetite for graft. The Canadian charity false front — which does not have to report individual donors — then solicits and receives enormous donations from sovereign nations, like Saudi Arabia, when Hillary is Sec of State and SA is seeking authority to buy weapons which must be approved by State.Obvious, ham handed, cheap.They are cheap and they are mean and they are grifters — who hire the same kind of folks to surround themselves with.JLMwww.themusingsofthebigredca…

          3. LE

            Other questions I have are:1) Explain the physical security of the server. Who has access to it in the house? Is it locked up or out somehow in the open (my guess is in the open).2) Explain the backup procedure. Where are the backups stored? 3) Along the lines of #2 are there offsite backups? Where are they kept? Where are they now? What happened to them?If there are no offsite backups then right off the top you know the level of the sysadmin. If there are offsite backups (as well as onsite ones) then what happened to those? Were those also destroyed?In the case of the questions above I would examine the actual people that would have had physical access to the server. (For the record I have operated email servers dating back to 1996 and still do..)

          4. JLM

            .Back in the day, a public company had to have a “disaster recovery plan” which entailed being able to survive a disaster at the site of your HQ and server locations.Initially, the SEC wanted companies to report on this in their 10K filings but that fell by the wayside. I can’t recall exactly why but when the SEC spawned the PCAOB it again became a big topic.This was well before the cloud.Companies thought of this as “off premises” backup but really it called for a complete duplicate of the installation.At this time, we had a largish accounting database with almost 150 wholly owned corporate subsidiaries (all flow through to the company’s GAAP FSs). We had three servers — Dellish $25K/each type installations.We had to hold 7 years of records and we did both digitally and on paper.Remember, no cloud.We took a belt, belt, belt, and suspenders approach with nightly backups, physical copies at fireproof vaults, a complete duplicate offsite installation.One day, I commanded a trial. It went so flawlessly that it took us about 20 minutes to figure out we were already running off the back up system.We had a consultant take a look at it and his only recommendation was to install Halon systems and to buy some really good fire extinguishers.Today, everything we did would be possible by using the cloud.At the time I said to a guy, “Hell, I want to burn the HQ down to demonstrate our backup system and disaster plan.”It did not make us a penny.BTW, when Amex was hit in the 9-11 attacks, their entire system went down and they were back up in 4 hours operating out of an installation in NY. My brother in law was the guy who made this happen.JLMwww.themusingsofthebigredca…

          5. LE

            Sun (not the computer company bought by Oracle) used to do that data recovery in our area. Was spun out of Sunoco Oil Company (hey this was before Amazon and AWS now that I think of it).Today, everything we did would be possible by using the cloud.Well yeah but that introduces other potential problems.Old story about backup tapes. Guy does backup every night at some company in Sweden or one of those cold countries. Puts the tapes on his heated seat while driving home. The seat erases them and they are worthless when they are needed. Hence always verify the backup tapes. This has been going around for years, I read it back in the 80’s. Would never happen today. Know why? [1][1] Because cars have advanced to where each seat has it’s own heater control!!!

    3. Brandon Burns

      You could say the same thing about breaking into the houses of people for whom authorities have a search warrant. If you were to say “once you start doing that” — not waiting for the criminal to let you in through the front door — that “you’ll never go back,” you’d probably see the weakness of the argument.We have the 4th Amendment for a reason. If a judge issues a warrant, authorities should get access to whatever was detailed in the warrant. And it is a civic obligation to not obstruct that process. Tim Cook’s stance is equivalent to a landlord refusing to let police, with a warrant, into a tenant’s apartment. It simply isn’t defensible under the Constitution of this country.

      1. LE


        1. Fabian Trück

          The problem with your comparison is that you cannot automate breaking into houses. But with technology you could easily code a program to collect the data in one step. We have seen various such programs thanks to Snowden

          1. JLM

            .Actually you can in the form of surveillance, external/internal surveillance video, listening, heat seeking infrared technology. Happens all the time.Requires the same court order, the kissing cousin of a search warrant. This warrant can be obtained in secret.BTW do you know that the NSA/FBI can use your desktop camera to listen and watch you right now?JLMwww.themusingsofthebigredca…

      2. nwwells

        But Apple isn’t my landlord. They’re the contractor that built my house. Are you saying that the contractor should build a secret entrance into every house in case the police want to get in?

        1. ErikSchwartz

          Read the EULA.Apple is your landlord.

          1. nwwells

            No, they aren’t.

          2. ErikSchwartz

            “(the Original iOS Software and iOS Software Updates are collectively referred to as the “iOS Software”) are licensed, not sold, to you by Apple Inc. (“Apple”) for use only under the terms of this License”You’re renter, not an owner. You own the molecules that make up the device, not the SW that runs on them.

          3. nwwells

            I know I don’t own the software. I license the software (at no cost) from Apple perpetually for the lifetime of the device. Does that sound more like ownership or rental to you? The point is, in the best of circumstances the analogy is misleading. It’s pithy, entertaining, and even fits your argument conveniently, but it’s a lie.In any case, what about freely licensed software? Apple caving on this would simply have two effects: (1) another terrorist would go to jail (of course he might be anyway), and (2) smart terrorists will stop using iOS devices. You can’t control everything and still have an open network. Unless you want to favor closing down the Internet or limiting it to just devices whose manufacturers have caved on privacy.

      3. allenrohner

        This analogy breaks down for several reasons:- Front doors are very easy to break down. There’s “only” property rights and procedure standing in the way. The lock on your door doesn’t actually keep criminals out. It’s a “tamper seal” to show your door was broken down. Encryption doesn’t work that way. The only way it’s effective is when it actually keeps people out.- It’s very obvious that the local police / FBI are breaking down your door, rather than the Chinese / Russians / Iranians. Cops have to actually show up at your door with squad cars and equipment. After the fact, it’s very obvious when your front door has been broken down. Encryption doesn’t work that way. Your encryption can potentially be broken over the internet, with no evidence left behind.- “Tim Cook’s stance is equivalent to a landlord refusing to let police, with a warrant, into a tenant’s apartment.” This implies that 1) Apple owns my phone and I rent from them, and 2) Apple can safely let the police into my only my apartment, and nobody else’s. Neither of those are true.

        1. Brandon Burns

          Don’t miss the point.This is not about the semantics of comparing encryption to physical keys, and phones to houses. This is about the fact that, by law, you can’t obstruct a search warrant. Plain and simple.The 4th Amendment is already in place for the protection of your privacy. We don’t need private sector technologists creating obstacles for authorities when it comes to fulfilling a lawfully issued warrant.

          1. rick gregory

            “This is not about the semantics of comparing encryption to physical keys, and phones to houses.”Uh, you used that analogy.

          2. curtissumpter

            If you oversimplify the issue by definition it’s very simple.There’s a reason why there are hundreds of comments.As a favor to the forum please explain the complexities.Simply repeating a simplistic argument about rules is unacceptable because it ignores ideas about mass privacy, potential governmental intrusion (US and non-US) and justice.US history is filled with laws that were simply “the rules” but were fundamentally unjust. US history is filled with people who obstructed those laws and are deemed heroes because of it.

          3. Brandon Burns

            Part of my argument is that the issue is more simple than a lot of people are making it out to be.Conflating encryption semantics with the 4th Amendment, I think, has no place here.And federal judges have already told Tim Cook the same thing.And I predict, if it gets all the way to SCOTUS, where their history on 4th Amendment cases is pretty consistent, that SCOTUS will tell Tim once again, along with everyone else, that it really is this simple:Warrant = access.

          4. Marcosardi

            It’s more complex than that. Once Apple accepts to help and goes out of its normal way of doing business to break into a phone, what will happen when a government outside the US will ask for the same thing?

          5. Brandon Burns

            Foreign governments have zero influence on the issuing of search warrants by the U.S. court system — so the answer is that absolutely nothing would happen.

          6. SubstrateUndertow

            Those countries have their own search warrant laws.The USA is not the world ! ! !So when other governments attempt to use there own local laws to access these new US-government-mandated-keys should Apple not comply with those locally valid laws ?Should Apple be forces to install a USA only backdoor in all its iPhones sold around the world ? Bye bye Apple viability.Maybe Apple should build unique backdoors for each jurisdiction or would the US not allow that?If Apple uses a universal backdoor around the world how many players end up having keys and how could all those keys be safe guarded ?Should someone be able to bring in a foreign iPhone with a foreign encryption-key that is incompatible with the US-based-backdor ?Lets imagine that Apple is not forced to install backdoors in some jurisdictions. Could American citizen/tourists be allowed to buy/bring such iPhones into the county or would they be confiscated ?Will the US government force all other manufactures to create the same backdoor access keys ? Would each of those manufactures have multiple keys for each jurisdiction ?Who would pay to enforce/track all these manufacture’s keys. Or would this just be an Apple only marketing impediment in order to give other world wide competitors a hand up ?I could go on and on with such unmanageable/unintended entanglements.To put it into a network-effect information-perspective, this is not a request for a backdoor into a phone but a request for a backdoor into the pocket-super-computers/cloud-services that increasingly mediate a near holographic-information-dashboard displaying whole of our lives.I think it becomes clear very quickly that such extreme overreach will ultimately collapse under the weight of its own technical/moral illegitimacy !

          7. rick gregory

            It’s NOT THEIR PROPERTY. You’re arguing that someone should be able to be forced to hack into a system owned by someone else under the guide of the 4th. What you consistently fail to get is that the 4th wasn’t written at a point where any of these issues were imaginable. You might want to ignore any of the complexities and pretend it’s simple, but it’s not. If Apple can be forced to do this then they can be forced to do it remotely. To compromise the security of the encryption i Messages so the government can read things.AS for warrants… have you entirely missed the entire NSA story? The ones about rubber-stamped FISA warrants and actual warrantless surveillance?

          8. JLM

            .The FISA problems are cloaked in secrecy and we will never really understand how bad the train got off the wheels. This will be buried so deep, it will never, ever feel the warmth of the sun.JLMwww.themusingsofthebigredca…

          9. SubstrateUndertow

            Is that not a problem especially when amplified by distributive network data access ?

          10. JLM

            .I truly have no idea what that means. When using big words, remember that I am self-admitted simpleton.JLMwww.themusingsofthebigredca…

          11. thinkdisruptive

            That is a very good reason for not breaking encryption.

          12. curtissumpter

            Well I’m glad you’re in the habit of accurately predicting an incomplete Supreme Court.You know, I think you can get paid for that.

          13. Marcosardi

            Apple is not obstructing. They are asked to build a special piece of hardware (software won’t be enough) to be able to potentially break into a device. As Tim mentions in his letter, Apple already provided all the help it can provide through “standard” ways. The sole goal is to get access to potential iMessages sent to other Apple devices. Once such a piece of hardware exits, it can be replicated and used to access data on any iPhone, without asking Apple, the US government or a judge.

          14. Brandon Burns

            Not doing something that you’ve been asked to do, but is entirely within your power to execute, is obstruction.Cook might get some leverage in claiming that it’s not actually in his power to execute, due to [insert vague tech based argument], but he’s not doing that. He’s not denying that Apple can do what is being asked of them. He’s saying he doesn’t want to do it. Unfortunately for him, that’s a weak defense in the eyes of the law.

          15. LE

            Exactly. It can be done and the government is willing to pay for it as well (as I personally found out). The fact that it damages their business model is not a concern of the government nor should it be. The fact that he speculates (as others do) that somehow this will harm others is not within the scope of what he is allowed to opinion on. You don’t get the opportunity to second guess what the government wants except by the rules and procedures you are given to do so (court basically).This will then in the end come down to a battle of the best legal minds and manipulators out there!

          16. Richard

            The fact that it damages their business model is not concern? Really? What court would not consider this?

          17. sigmaalgebra

            Trust the lawyers, government officials, and the Constitution? Would like to.But there is a higher law: Math. Good to read from Schneier and Snowden that the NSA, etc. still doesn’t know a fast enough way to factor a product of two large prime numbers. Good.So, trust the math. For Apple, iPhone, Android, tablets, etc.:Redesign the iPhone, etc., so that no one, not even Apple, is able to do anything to break the encryption. Then Apple will get to sell lots of the new, safe phones and make much more money!E.g., the new iPhone has a pill sized little flash storage that has the crucial private encryption key. Ah, instead of 40 bits long, or 128, or 2048, be generous, say, 2^32. Can buy spares of the pill. And the iPhone can copy from one pill to another. So, with a spare pill, copy the private key to it and store it in some obscure place. When there is a knock at the door, take the pill in the phone and destroy it, burn it, flush it, swallow it, or some such. The iPhone itself, without the pill can’t decrypt anything on that phone, not even if look microscopically at even the smallest components of the internals of the chips, etc., in the phone.Right: What about the software of the iPhone being corrupted while the pill was in place and being used? Argue that knowing some of the data before the encryption and also the data after the encryption does not yield means to decrypt all the encrypted data.Then, design the iPhone so that only a special encryption chip reads/writes the pills so that even corrupted software can’t get the private key. And, when the pill is not in use, the special chip doesn’t store the key, either.Now, this is just so that the US CIA, NSA, etc. can give their agents iPhones that can’t be decrypted by the bad guys, Iran, ISIS, etc. That a few billion smartphones, tablets, etc. are sold with the pills and chips is just a small side-effect!I mean, we do believe in the spirit of the Constitution, right? And since we do believe, it’s okay to make the new devices. Then, even if later some people want to modify their view of the Constitution, tough luck guys. Tell you what: Instead of all your judges, warrants, crow bars, wire taps, Trojan horses, back doors, etc., just start studying number theory and work out a fast way to factor into a product of primes a product of two large primes you don’t know. Just do that, guys!Then we will talk to you about the little issue of P versus NP, and you can go look for an algorithm that shows that P = NP.Gee, I’m getting glad I have two old computers and an old copy of PC/DOS where likely none of the three have been corrupted and that I can use for encryption, with highly trusted open source software or just my software! Then move data to/from computers with network connections via, say, CD or DVD.I mean, again, we do trust in the Constitution, right? I mean, what are the lawyers going to do, try to pass and enforce a law saying I can’t read books and write software?And, suppose there is a back door in Linux, Windows, Outlook, Word, the cloud services along with taps on the Internet backbone. Okay. And suppose I want to send some private information to you. So, I develop the information on my old computer, encrypt it there, move it via CD to a network connected computer. The CD has just a file, and if read it it is just in Base 64, that is, just lines with jumbles of a-z, 0-9, etc. with each line not over 72 characters long. Simple. I can work with that encrypted data just fine, even if my computer has a Trojan horse and is hacked. So, I pull those lines of base 64 into, say, Outlook and send it to you. Since I gave you my public key privately, you can copy the data from Outlook to a CD and move it to an old computer, never connected to the Internet and clearly quite safe (sure, might want a Faraday cage), and decrypt it.We do believe in the Constitution, right?

          18. SubstrateUndertow

            Ever heard the saying :Your eyes are too big for your belly.

          19. SubstrateUndertow

            The point is :The 4th Amendment has little practical relevance in a world ofone-stop-shop for all a person’s digital data.

        2. JLM

          .Would it be overly simplistic to note that Apple literally owns the code that prevents the phone from being accessed and that the Apple software contains a “destruct” function when ten failed attempts at entry occur?The analogy is pretty close.JLMwww.themusingsofthebigredca…

          1. allenrohner

            I own my phone. Apple owns the copyright to the lock software. In the same way, I own the lock on my front door, even though it could be patented (I’m not sure whether physical locks can be copyrighted, my suspicion is no).

          2. JLM

            .And a judge can issue a court order to allow law enforcement to enter our house — even by bashing your door and lock — to get at what’s inside.Seems like we’re on the same page here, no?JLMwww.themusingsofthebigredca…

          3. Richard

            That’s not the issue. The issue is whether a court can compel a builder to make manufacture a home that is not inpenetrable.

          4. JLM

            .Actually, under the Fire Code a builder must conform to certain minimum access requirements in much the same way that the Electrical Code requires wall outlets every 10′.Building codes also require certain setbacks and driveways to provide fire access.Commercial buildings are even more stringent with requirements such as sprinklers and external pump points including a labelled FDC — fire department connection.Even the construction of a “safe room” in a billionaire’s house has to conform to certain requirements and has to be identified to the Fire Dept and the Police Dept.JLMwww.themusingsofthebigredca…

          5. Richard

            Strict Scrutinty will be the standard by which the courts will review any action/law by the govt.Would you come to the same conclusion of the phone/device was implantable in a person?

          6. JLM

            .Likely yes, as currently an individual can be compelled to provide a blood sample, no?I try to keep most of my blood firmly implanted in my body, but hey that’s just me.JLMwww.themusingsofthebigredca…

          7. rick gregory

            It’s not Apple’s house they want to get into so, sorry, analogy fail.

          8. JLM

            .That is why I said the analogy is “close”.There is no real issue that the FBI has an “effect” in their hands as that term is defined in the 4th Amendment.There is no real issue that the FBI has probable cause and appropriate standing to obtain access.There is a Federal Court Order in the FBI’s hands.The Feds have the right to ask for and receive support to accomplish that intent and action. If not, they would not have the Court Order.You are perfectly right that it is not Apple’s house but they have the plans and they can be compelled to cooperate.The 4th Amendment gets you to the party whereat the Court Order calls the tune and can compel Apple to dance to their tune.That is why the analogy is “close.”JLMwww.themusingsofthebigredca…

          9. SubstrateUndertow

            Accessing everything in youriPhone (pocket-super-computers/cloud-services)is increasingly a much broader/intrusive search than most people’s physical homes would be ?

          10. JLM

            .The FBI is entitled to visit your bank and get copies of all of your checks. Court order required.It makes no difference if you have written 10,000 or 10 checks — they get all of them.JLMwww.themusingsofthebigredca…

      4. rick gregory

        What you miss here is that once an iOS has been created that can do this, it can do it on any iPhone (at least any iPhone from the 5C back).The house analogy is flawed – if I’m the landlord to a building I can let the FBI into a given unit and that doesn’t compromise the locks on other units at all. What they’re asking for here does precisely that – it’s an iOS that could break any iPhone security from the 5C back. To use your house analogy, it’s tantamount to giving the authorities a way to enter any house it wants when you give it the ability to enter the house on the corner of 12th and E.

        1. Brandon Burns

          I’d give another analogy, but the semantics debate misses the point.Here’s the point:The 4th Amendment protects you from unlawful search and seizure; you don’t need Tim Cook to protect you, SCOTUS does a fine job at that.However, in the case of a lawfully issued warrant, it is everyone’s civic duty to not obstruct authorities from obtaining the information detailed in the warrant. Tim Cook has the power to let the government into a piece of property owned by a criminal, for whom authorities have a legally issued warrant. It’s his civic and legal duty to do so, as the courts have already told him.The semantics around encryption are of zero consequence in this debate. The Constitution was built to withstand advances in technology. The same rules still very smarty apply.

          1. JLM

            .Brandon, you are on fire and smoking it!The key to the 4th Amendment is the word “unlawful.” That’s the big take away.The second a Court rules on the legality of a proposed search, the adjectival descriptor “unlawful” is no longer in play.The protection of the 4th Amendment provides a clear path to the police at your door and the nerds at your phone.Lawful v unlawful.What we have here is Court authorized search with a Court order. It doesn’t get any more “lawful” than that.JLMwww.themusingsofthebigredca…

          2. Brandon Burns

            I like rules, and the Constitution is as good of a set as any.And in this case, it couldn’t be more fair, or less ambiguous.

          3. rick gregory

            See above.

          4. SubstrateUndertow

            So that is it ?You have inherited a static-constition that is impervious to the effects of a radically changing physical/social/economic environment.The network-effect is just getting off the ground and we can barely recognize the place but the constitution should remain etched in stone for what 100/200/??? years ?”Some men look at constitutions with sanctimonious reverence, and deem them like the arc of the covenant, too sacred to be touched; who ascribe to the men of the preceding age a wisdom more than human, and suppose what they did to be beyond amendment. Let us follow no such examples, nor weakly believe that one generation is not as capable as another of taking care of itself, and of ordering its own affairs. Each generation is as independent as the one preceding, as that was of all which had gone before..”- – – Thomas Jefferson

          5. JLM

            .You and the late A Scalia would have a very short convo.He said, “It’s a dead document, not a live document. That’s why there is an amendment provision.”JLMwww.themusingsofthebigredca…

          6. SubstrateUndertow

            Agreed !Still one hears very little discussion about prioritizing what needs to be reframed and why ?

          7. Pete Griffiths

            An amendment provision is of little practical worth if the requirements for said amendments are so stringent they can scarcely ever be met. We live in fractious times.

          8. sigmaalgebra

            He believes in an independent increments process. His independent “if all which had gone before” is actually a bit tricky to define and not in the 101 level math/stat courses!So, Tom sounds like a brighter than the usual country farmer, but we knew that already.

          9. rick gregory

            Does the 4th even apply here? Apple isn’t being asked to surrender their own property, they’re being forced to hack into someone ELSE’S property.

          10. JLM

            .It applies in the peripheral sense that it is pursuant to a properly executed search which is authorized by the 4th Amendment plus that is where a lot of this convo has drifted.The 4th Amendment is intellectually like filling out a Fed X label.If you have the right addressee, the right fact base, and the right authority — it is automatic and takes less than a day to arrive.JLMwww.themusingsofthebigredca…

          11. thinkdisruptive

            Apple isn’t a locksmith cracking the lock on your door to let the police in. They are being asked to break encryption or to show how it can be done, and that is universal. And, why pick on Apple? There’s nothing special about them that makes them able to break the encryption better than Google or anyone else. This is a court order to remove locks from all doors so that anyone can get into anyone’s house. Hardly a case of legitimately authorized search.

          12. SubstrateUndertow

            “Lawful”is a completely abstract/tenuous agreement among men andthat is why treating it as if it were some concrete tangible is so dangerous.A sampling of all the “Lawful” shit as defined by government around the world makes it clear that “Lawful” is an ever evolving razor’s edge especially under the stress of new technological conditions.

          13. JLM

            .The prisoners will be encouraged by your rant. Will still be prisoners, but encouraged.Do you have any idea as to how many search warrants are issued daily in the US?JLMwww.themusingsofthebigredca…

          14. SubstrateUndertow

            You have a good sense of humour 🙂

          15. Lawrence Brass

            “Lawful” sounds too heavy, I like the concept of “street legal” better. It implies being just as legal as to stay out of jail. Like street legal tax optimization or street legal junk bond, just the amount of legal you need, nothing more, nothing less. ;-)In the US everything can be a business.. http://street-legal.ca/

          16. rick gregory

            Well, if you’re going to ignore the issue I suppose it is simple. The entire point here is that the 4th doesn’t anticipate situations like this where unlocking one thing means you can now unlock all of the other things of that type.

          17. Brandon Burns

            We have machine that make keys — and each machine can make a key for almost any lock on any building. Folks can rip that analogy apart if they want but, semantics aside, it holds.I think making exceptionalist arguments when it comes to the constitution is a slippery slope. Which is why we have SCOTUS

          18. Susan Rubinsky

            So, who says each key/lock has to be the same? I think technologists are smart enough to work out that problem.

          19. allenrohner

            I’ll steal from a better written comment on Hacker News:”Crucially, this is software which doesn’t currently exist in the world and which Apple has no intention of voluntarily writing. There is no specific law or regulation (like CALEA) which requires Apple to provide this functionality….A warrant describes “the place to be searched, and the persons or things to be seized.” I would not expect a judge can draft a warrant for something which doesn’t actually exist, and then force someone to create it.This is not about providing physical access, or about producing documents which are in your possession. This is whether the government can usurp your workforce to make you create something that only you are capable of creating, against your will, not because there’s actually a law which says you have to provide that capability, but simply because some investigator has probable cause that given such a tool they could use it to find evidence of a crime!”from https://news.ycombinator.co

          20. JLM

            .The ability for the gov’t to compel public service by its citizens to solve specific problems is within their legal authority.Back in the day, there was something called the “draft” whereunder the gov’t could compel young men to go, against their will, to foreign lands and kill our enemies.The gov’t can compel its citizens legally to do whatever they want as long as they provide adequate compensation.The Fed Judge in the Ct Order asked Apple for a cost estimate signaling that they would likely get paid for their efforts.JLMwww.themusingsofthebigredca…

          21. PhilipSugar

            I have to appreciate Tim Cook here. The easy way is to quietly do it and get paid a ton of money like Verizon did for the NSA. Can you imagine what estimate you could get past the judgeNo. Probably partly because Apple makes so much money and has so much influence he had the stones to say no.What he is doing is protecting his franchise. I have to have datacenters around the world because NOBODY outside the US trusts the USThat is because the dirty secret is that many US tech companies rely on the federal government to make their numbers.

          22. JLM

            .Tim Cook has a fiduciary duty to his shareholders and one hopes that he considered that before he made a public utterance.I cannot imagine why anyone would want this fight in the public eye or why the FBI didn’t get a gag order.JLMwww.themusingsofthebigredca…

          23. PhilipSugar

            I would argue he took that into account and increased the value of Apple

          24. JLM

            .”Value” is always a dangerous word because a public company has such an arbitrary measure of its current value in their stock price.The bigger issue seems to be what impact it has on brand equity, a fair measure of value but one that is not quoted on a stock market.Volvo holds a high brand equity for perceived safety.Volkswagen destroyed any brand equity it had for integrity with its US diesel fiasco.I would be unable to argue either way though my gut tells me that in the fight of man v gov’t value does not favor cooperating with the gov’t on anything.We are at all time hate level v gov’t. Palpable.JLMwww.themusingsofthebigredca…

          25. PhilipSugar

            Fiduciary is also a dangerous word. Much more so than value. If it comes out he puts in a back door and loses sales to people like me who own over a dozen devices what happens

          26. Pete Griffiths

            I think one of the angles that is in Tim Cook’s mind is the way that he has set out to differentiate Apple from Google. His positioning is that Google doesn’t respect your privacy. Not being a device company it monetizes not devices but YOU. Apple however has no interest in monetizing you and respects your privacy. This is a deep point. It may or may not work as differentiation but if Cook takes this positioning seriously then his actions in this case flow at least in part from this strategic competitive positioning vis a vis Google.

          27. ZekeV

            Conspiracy theorists say the big guys have all cooperated with the intelligence community to limit the level of encryption and other security measures on their devices and services. Not providing a “master key” to decrypt user data, exactly, but just making it relatively easier and within the means of a state-level operation to crack the security on a device or service if they are really motivated. Against this back-channel cooperation, the companies are simultaneously taking public positions in favor of user privacy b/c they are afraid of losing business if they look appear too cozy with the NSA. Again, this is totally unsubstantiated but does seem plausible to me.

          28. JLM

            .The big guys have all cooperated with the gov’t because the Justice Dept and the Commerce Dept are just down the road from the FBI.Highly regulated businesses become “friends” and that friendship serves to make “other” problems go away.Remember when MS had all kinds of anti-trust issues and stood up a battalion of lawyers in DC and all their problems went away. If nothing else, they began to attend the same galas and rub shoulders.I know of someone who owned a jillion apartments who cooperated with the “witness protection program” which was run by the US Marshals at that time.A US Marshall would show up and give the CEO the info on the witness and then the CEO would ensure that lease was approved without any credit check or background check or criminal background check.When the apartments were sold, the US Marshall gave the CEO a letter “thanking” him for his decades long cooperation.The IRS showed up one day to take a look at something of interest to them and the CEO managed to work the letter into the convo and showed a copy to the IRS guy who apparently made a call to the US Marshal.The IRS never showed up again.This is the way it works, I promise you.JLMwww.themusingsofthebigredca…

          29. sigmaalgebra

            Reality 101. Suspicions confirmed. A keeper. Thx.

          30. SubstrateUndertow

            I’m pretty sure Tim is at least that smart and has simply come to a different conclusion than yours about the social/marketing value of digital privacy to both Apple and its customers.Apple is selling devices to surf the new world of discarnate data/presence. The privacy value-proposition of abstracted-digital-evrything is orders of magnitude greater in both its complexity/interdependencies that the privacy value-proposition as defined in the old world of physical assets.

          31. JLM

            .Take a look at Apple’s price chart and factor that in. Small things like fiduciary duty are really big things in the end game.Extra credit for using “discarnate” properly. Thanks for the lesson. Never heard that word before and I am on a first name basis with a lot of words.Tim Cook is 10x smarter than I ever will be.JLMwww.themusignsofthebigredca…

          32. LE

            FBI didn’t get a gag orderYeah even when they contacted little old us for some info they told us it wasn’t to be blabbed about (which I wouldn’t have done anyway).why the FBI didn’t get a gag orderI kind of get the idea that the Government is a bit impotent against such large and powerful corporations who don’t depend on the government or need favors. It’s kind of a variation of “to big to fail” in a way, right?In the case of Apple they not only have money (to buy the best advice) but they also have a very vocal userbase and PR reach that actually matters (as opposed to the slobs that go to McDonalds or shop at Walmart) or a company like Boeing (who sells to airlines and what not..) You more or less have to walk on eggshells with them they have the power. Plus Obama isn’t a deal maker he wouldn’t even know how to play a devious hand to get what he wants out of them by quid pro quo.

          33. James

            Agreed – after the Snowden leaks, US tech companies looked pretty bad. Apple has a lot to lose in terms of public perception.

          34. JLM

            .Apple actually wants that gag order because it gives them a crutch to use and it builds good will.The “FBI” was likely actually the US Attorney for that District. The FBI rarely goes into Court. It provides evidence to US Attorneys who go to Court every day.Apple, undoubtedly, has a lawyer who knows all these guys and they chatted about it before the hearing.The Apple guy is likely defending others v the same US Attorney and would be only too glad to bank a spot of goodwill.Apple gets the final shelter of saying, “Everything that Apple did on this matter was pursuant to a duly authorized Court order. Our hands were tied.”That’s why I am so surprised.JLMwww.themusingsofthebigredca…

          35. LE

            The “FBI” was likely actually the US Attorney for that District.Yes, that is who contacted us my mistake.The Apple guy is likely defending others v the same US AttorneyNone of this matters but my guess is Apple is a big enough fish that they are not sharing attorneys with anyone. [1]Apple gets the final shelter of saying, “Everything that Apple did on this matter was pursuant to a duly authorized Court order. Our hands were tied.”Right but you can only do that after putting up a long fight which is what they are currently doing. It makes sense.I think because Tim Cook is gay (he only came out in 2014) he perhaps even has a bit more of a bias here on the privacy issue. Just speculation on my part of course.[1] You know my when my ex brother in law sold for Apple he had only Dupont as his account. I said “wow what do they think about that” he said “nothing IBM has 100 salesguys that just handle IBM”. He was probably exaggerating (100 guys) but the point was valid. This was in the late 80’s or early 90’s irrc.

          36. sigmaalgebra

            You mean 100 IBM sales guys that handle DuPont?Actually our IBM Research AI project visited DuPont. The IBM guys were totally losing it and in part wanted us to visit their account to help them out.At the time, DEC was getting more revenue from DuPont than IBM was. Why? Because DuPont was awash in chemists and engineers, and they loved DEC computers for their lab automation work. Then that moved to their industrial process automation. Then that moved to the corresponding business record keeping. Then IBM started losing business for business record keeping.A point was that IBM’s products were business machines intended for the narrowly focused use IBM had in mind. IBM hated the idea of a general purpose computer, and IBM’s computers were at total pain in the jaw, neck, and back for use for lab automation.But, yes, commonly, for each major customer, IBM had a dedicated sales staff.

          37. thinkdisruptive

            Because sometimes you fight on principle, and you want people to understand what that principle is. Going along is what everyone expects companies like Verizon to do, and to a large measure, we assume that most companies do things like this surreptitiously to appease the government, and none of us trust those companies or their principles. I’m glad there is at least one company that is willing to draw a line in the sand and say “wait — this is unreasonable. if you want to do something this big, create legislation or forge a new amendment to the constitution that outlines what the principle is and why.” This isn’t about dead terrorists. This is about protecting everyone else from their own government. Cook’s shareholders will do just fine on this stand.

          38. LE

            Apple makes so much money and has so much influence he had the stones to say no.That’s not really stones though is it? Stones would be if you needed the money and said no. Having fuck you money and stones are different things to me.The easy way is to quietly do it and get paid a ton of money like Verizon did for the NSA.Also hard to say how much talent they would have to divert for this that is already spoken for. (the A team)

          39. PhilipSugar

            Nothing wrong with earning and using. And for the ladies out there. Some of biggest ones I have seen were owned and used by women

          40. Sean Hull

            Well said Phil.I just finished reading Bruce Schneier’s Data & Goliath. It underlines many of these points.He’s got some comments on the discussion:https://www.schneier.com/bl…In particular he said:Today I walked by a television showing CNN. The sound was off, but I saw an aerial scene which I presume was from San Bernardino, and the words “Apple privacy vs. national security.” If that’s the framing, we lose. I would have preferred to see “National security vs. FBI access.”

          41. SubstrateUndertow

            “The gov’t can compel its citizens legally to do whatever they want as long as they provide adequate compensation.”Only to the degree that free citizen are willing to tolerate such.REMEMBER (and yes this is sadly naive)who is “The gov’t” they is us !and if “THEY” isn’t “US” then we are failing the founding fathers

          42. JLM

            .Yeah, well, I served with a ton of draftees and they all got screwed in the process. Buried a few.We are no longer half the men who our founders were or the guys who ran WWII.Imagine this — 18-22 year old men stormed Normandy and killed Germans who had been waiting for them for 3 years and had been digging in, deep, for the same period of time. Those young men were killers.In the Viet Nam War, the protestors stormed across Key Bridge in DC and fronted up the 82nd Abn Div — armed and helmeted. Those protestors had balls.Today, 18-22 year old college kids retreat to their safe places when someone speaks harshly to them in a “micro” freakin’ aggression. They run from words.We have become a little soft in the intervening years.This is why I want to reinstitute dueling as a legal dispute resolution technique.JLMwww.themusingsofthebigredca…

          43. Lawrence Brass

            What type of duel do you have in mind?BBQ/booze last man standing?.. or something more lethal?

          44. JLM

            .First choice — the epee in a foil, epee, saber context. I like the hand protection plus when you stick someone it can draw blood not like a foil which is just a touch.Second choice — single shot dueling pistols with big shot so the wounds are survivable other than head wounds. Back to back, ten paces with a do-over if nobody gets hit.Third choice — boxing or hand-to-hand combat (my late father’s favorite)I promise you it would be cheaper, quicker, and way more fun. Settle stock market disputes on the steps of the NYSE at 4:00 PM on Thursdays.Trump calls Cruz a liar? Cruz objects and returns the favor? Cruz slaps him with a leather gauntlet and they clear it up by next Thursday. Lawyers will not like it.Admit it, you’d love to see Jeb v Trump.JLMwww.themusingsofthebigredca…

          45. Lawrence Brass

            You are a bloody Texan.The only blood I want to see is that bubbling out of the steaks.Cruz should be practising his spanish, como primera prioridad.

          46. JLM

            .Here’s the thing once it got started people would begin to settle their stuff and there would be no duels.JLMwww.themusingsofthebigredca…

          47. sigmaalgebra

            > Imagine this — 18-22 year old men stormed Normandy and killed Germans who had been waiting for them for 3 years and had been digging in, deep, for the same period of time.Yup, anyone who walked on Normandy beach on June 6, 1944 was very brave, with big balls.But they did have some help, also from the previous 3 years!(1) England as an unsinkable aircraft carrier had been bombing Germany essentially since the end of the Blitz — I won’t look up the date, but that was about 3 years. With that much bombing, a lot of Germany war manufacturing was rubble bounced more than once.(B) By Normandy, Germany was darned short on gasoline to move anything to Normandy.(C) By Normandy, Allied air power had done a good job on rails and bridges leading to Normandy from Germany. Germany had a heck of a time supplying Normandy. Similarly for what the French resistance did to Germany’s efforts.(D) During Normandy, the US had planes, e.g., the P-47 with, IIRC, 8 machine guns, 50 caliber each, flying over roads and rail lines in France on routes the Germans would need to supply Normandy. Driving a truck in that part of France on that day was a good way to have the truck become instant scrap iron.(E) On the day of the invasion, Germany had essentially no air power at all over the Normandy beaches or the English Channel — short on some or all of pilots, planes, gasoline.(F) When, still, the invasion bogged down, the US just called up some carpet bombing to cut a path from the beach inland, and through that Patton, etc. charged. Some turned right and went to Cherbourg so that the Allies could have a harbor, and some turned left and partially encircled from the south and the east the Falaise pocket.(G) And that June, Germany had also been fighting hard in Italy and Russia.(H) Apparently Germany was so short on air power that at 1 AM on June 6, 1944 they didn’t have any reconnaissance over the English Channel that let them see the invasion coming.(I) The Allies had done a super great job convincing Hitler that the invasion was coming at Calais. Hitler was so convinced that by the time he accepted that the invasion was at Normandy and would send troops, the Allies were already moving off the beaches.Still, apparently the Allies didn’t do everything as well as they might. E.g., there’s a claim that Bradley didn’t have the navy bombard Omaha beach long enough before the landing craft landed.

          48. PhilipSugar

            I’m going to throw gas on the fire. That is the purpose of the 2nd amendment.

          49. CJ

            I’m pretty sure that’s called slavery…

          50. rfreeborn

            I just heard this quote over the weekend re: Scalia, the Constitution and progress – “The constitution not meant to facilitate change,” …“It is meant to impede change. To make it difficult to change.” https://news.wgbh.org/2016/

          51. SubstrateUndertow

            “The Constitution was built to withstand advances in technology.”Sure they made an historically valiant effort but it is a complete pretense that any amount of genius/effort could fend off 200 years worth of technological shift.

          52. Pete Griffiths

            The semantics aren’t of ‘zero consequences.’It is precisely in tricky circumstances like these that precise language matters.

          53. Peter

            Apple isn’t obstructing authorities in obtaining information detailed in a warrant. That’s the whole point here. They have helped as much as they can in the context of the products and features that are available to them today.There is no other example ever where a company or person was compelled to build a product to allow authorities to obtain information detailed in a warrant. To take your example to the extreme, any US citizen expert in cryptography could be compelled to help the government defeat the encryption on the phone.That doesn’t sound like America to me.

          54. thinkdisruptive

            Nothing makes breaking encryption lawful. Especially not a court order. The principle is far more encompassing that getting access to the data on a single phone, which Apple has already helped the US do. What right does the government have to compel Apple to go on a fishing expedition? By what logic are they assuming that it is even possible to break the encryption? And, since they are technologically illiterate, how can they possibly assert that if Apple is successful in breaking the encryption, that won’t impact every other user of a smartphone or computer of any kind? If the government wants to go fishing. let them try, but don’t compel a company to break something it doesn’t control. Why not compel Google or Microsoft or Netflix to break the encryption? It makes as much sense.

        2. SubstrateUndertow

          To belabour Rick’s comment above.”You could say the same thing about breaking into the houses of people for whom authorities have a search warrant.If a judge issues a warrant, authorities should get access to whatever was detailed in the warrantThat is different than the government legally mandating all locks support a special skeleton-key that will be widely available to all law enforcement agencies, all the while making impossible promises that such a state-agency-only skeleton-keys will be used only when properly authorized and only by legitimate state actors. Lots of copies but believe us when we tell you there will be no misuse and definitely no copies for the bad guys.Secondly as the network-effect tech-boom accelerates snooping someone’s cell-phone/cloud-servies is getting ever closer to a defacto download of their complete brain/persona/life. It constitutes a search and seizure that by its endemic nature can only be described as far too broad and intrusive.

          1. sigmaalgebra

            Trust in the math of encryption, not the law. And for the encryption, use either very well reviewed open source or just write your own code. And for the computer hardware, use, say, an old PC never connected to the Internet and with chips that no doubt were never corrupted. Then for the private key, as soon as there is a knock at the door, set it on fire or some such. Right, might want a Faraday cage.Apple, Android, the Cloud — nope, and instead trust your own encryption.E.g., for backup, of data have encrypted yourself, get a little 2 TB drive with a USB connection, and leave it unplugged when not writing to it. Keep it in, say, a waterproof bag in some really obscure place. Another alternative is to backup to DVD Blu-ray, that is, 50+ GB per disk, and store that similarly.

        3. JLM

          .I do not disagree with your characterization of the danger but there is a search warrant involved here. If you have a search warrant you are entitled to the access.We have to put some faith in the intentions of the gov’t.In the end, Nixon went down on something of the same ilk at a place called Watergate — unlawful entry.JLMwww.themusingsofthebigredca…Having said all of this, I personally would never trust the gov’t to do only what they say. Ever.I love my country and I have served it. I do not trust my current gov’t.

          1. Pete Griffiths

            All power corrupts and absolute power corrupts absolutely.As Lord Acton lived 1834-1902 we must assume that such corruption had precedent prior to our ‘current gov’t.’

      5. creative group

        Brandon Burns:News alert if a person in the United States doesn’t have access to the best Attorney’s, power, money, etc the Fourth Amendment means toilet paper.Just surprised how surprised people in the United States are naive to the criminal justice system. Especially with your photo you use. Visit the Innocence Project website. Education is the best teacher against ignorance. (Not knowing, being unaware)

        1. JLM

          .One never gets the justice they deserve; they get the justice they can afford. No more. No less.Hillary Clinton is betting on this.JLMwww.themusingsofthebigredca…

          1. SubstrateUndertow

            I’m surprised I never made you for a Bernie Sanders supporter ?

          2. JLM

            .You know that Bernie is bat shit crazy but that doesn’t mean he isn’t right on a lot of things.In the last debate, he said, “Why do they give us this money?”The only honest guy in the race.I could support every bat shit crazy idea of Bernie’s — free college (I got a free undergrad and grad education via the Army though), single payer (as long as folks could opt out and get insurance) — except for the freakin’ tax rates.Federal revenues are at an ALL TIME HIGH — somebody needs to ride that wave and balance the budget. I would cut Defense by 50% — only long term weapons programs that I would shelve for 10 years while adding 10 Infantry Divisions and 5 Marine divisions.It would be helpful if he had any freakin’ experience, no?JLMwww.themusingsofthebigredca…

          3. creative group

            JLM:we care less about HRC or any of the SuperPac nominees ushered in front of the American people from the two parties.If HRC becomes POTUS the Right should send another check for having someone to cry about and used to get the conspiracy theory movement to purchase their books, speaking tours and new gigs on Fox News.

      6. James

        terrific point

    4. LE

      used by the government in all sorts of ways and cases I personally don’t approve ofConsider that not everyone in this country feels the same way. Some of us don’t mind or fear that slippery slope as much as you do.

    5. tonyleachsf

      This hits on a really important point. Apple’s letter – and most discussion I see – focuses on the US. But global companies like Apple need to consider governments like China & Russia – or Egypt & Tunisia. They don’t – and shouldn’t – be forced to choose between governments that they want to cooperate with because they’re trusted, and governments that they don’t want to cooperate with because they’re not.So – even if we believe the US government is all good and benevolent and would not take undue advantage of de-crypted tech (hardware or software), we can’t believe ALL governments are. Therefore, encryption is important to have and support.

      1. JLM

        .’At the end of the day, legally, is going to depend on where the company (Apple) is located and the nature of the legal jurisdiction.Not to put too simple a spin on it, the CIA conforms to US law until it crosses the border and then its primary mission is to break all the laws of that country they have crossed into.Makes it awkward if apprehended but the CIA exists to break laws of foreign countries.If there is a matter of national security know that the same guys who are comfortable with not just authorizing the CIA to break foreign laws but COMMANDING them to do so will be involved in this discussion.Even the FBI approaches terrorism with an almost blank check to break laws and to “spoof” any situation under the guise of counterintelligence or anti-terrorism.JLMwww.themusingsofthebigredca…

      2. tuneyards

        And for another perspective, speaking as a European, many of us are more worried about the US government than we are our own.

    6. Emily Steed

      Haven’t we learned that the idea of an unbreakable back door is a myth – wishful thinking? Bad guys can break down any door.

      1. JLM

        .In a residential context a lock is a social convention and a speed bump at best.90% of the locks in the US can be opened by sticking in a key and tapping the end of the key with a hammer as you turn it softly.The pins jump and the key turns. Once the key passes the blocking pins — which no longer block when they are jumping — the lock turns and opens.I have done this many times — showing people, not robbing them.JLMwww.themusingsofthebigredca…

        1. Pete Griffiths

          Which is why backdoors and locks don’t work.

          1. JLM

            .Agreeing with you at about a 98% level except for this: One knows where the backdoor is located and which way it swings in a residential context, not so much in a tech context.JLMwww.themusingsofthebigredca…

      2. Phil Chacko

        The TSA tried that. Now you can 3D print master keys to unlock any “TSA approved” lock.http://gizmodo.com/you-can-

        1. Deyson

          I did not know this. Wow. So what do we all do now with our useless locks?

        2. Emily Steed

          Wow that’s amazing! I actually meant my comment figuratively though – as in, there is no such thing as a truly encrypted data. Smart cyber folks can break into any data barrier. I worked with a woman who was an ethical hacker for NASA and she broke into every wall they put up (they hired her to strengthen their security).

        3. tuneyards

          This an amazing demonstration of why having a backdoor built in is a disaster.

    7. LE

      On point (4), I don’t see how we can give this technology to the U.S. Government and expect China or Russia not to have, and use, it.They would not be giving technology to the US Government they would be responding to requests and executing on those requests based on a court order. They don’t have to turn over technology to the US Government.Also, an American company is not in the same position to have to cater to the Chinese or Russian governments requests (with respect to those requests) as with the US Government. And the US Government can give an excuse for that by law if need be.And lastly if Apple is prevented from operating in foreign areas because they will not comply with the requests of foreign governments that is not the problem of the US Government or it’s citizens (who just want to be safe). To bad for Apple stockholders as well (I am a stockholder..). Risk of doing business things change to bad.

    8. Pete Griffiths

      Totally agree.

    9. Piotr Drąg

      That’s the point! We (or Apple) need to choose. If they create a backdoor we can be sure that all of our data will be available to anyone who really needs it. On the other hand we give a green light to all kind of “bad” people. So the question is – what is more important to us: our own privacy (personally I don’t feel that these days I have any real control over my private data) or public safety?

      1. sigmaalgebra

        > (personally I don’t feel that these days I have any real control over my private data)No worries, mate! Just do your own encryption as I have outlined in other posts in this thread. For commercial products/services for encryption, to heck with those. Just DIY (do it yourself). The math is not that difficult, and there is plenty of dirt simple open source software. Or just write your own software directly from the math. Read up on ‘salting’ the input data, etc. and other simple precautions, and then go for it. To heck with Apple, etc.

    10. sigmaalgebra

      > there’s no stuffing the genie back into the bottle, at lest not easily.Sure there is: As in my posthttp://avc.com/2016/02/end-…here, just use some open source Rivest-Shamir-Adleman (RSA) public key encryption software. If are concerned about computer being hacked, just do the en/decryption on a computer that has never been connected to a network. Also, just use an old computer, maybe one with just old PC/DOS — no chance that the NSA has hacked the hardware of all of those! Also to checkout the encryption computer, encrypt on more than one computer and be sure the results are equal. And maybe on the Internet have lots of majority voting on what uncorrupted encryption is. Then move the encrypted data only via, say, CD or diskette.The NSA, CIA, FBI, etc. can make progress against people who want convenience more than security. People willing to give up a little convenience stand to be able to have a lot of security!Read some of the now quite old material of Zimmerman about Pretty Good Privacy (PGP) and Schneier on Rivest-Shamir-Adleman (RSA) public key cryptography. Review the fairly simple math. Get copies of the relatively simple open source software. Do the en/decryption with just some dirt simple command line software, with likely totally uncorrupted hard/software, e.g., in just simple C code, say, on an old computer running, say, old PC/DOS. Move data to/from that old computer via just, say, diskette, CD, or DVD. Encrypted, the results are just a file of lines, each line in base 64 encoding, that is, just ordinary printable characters a-z, etc., <=72 characters per line. Simple. Trivially easy to work with. Base 64 is super simple to work with. I wrote my own base 64 en/decoding code in less than an hour years ago. For the math, Zimmerman code, and Schneier code, I have all that.If you care about security, then do it yourself (DIY).Of course, some dumb dumb dirt bag radical Islamic jihadist terrorist Ali Abdul Fatwah al Jihad bin Boom Boom will likely keep using a iPhone, the cloud, etc. Then they will get caught. Okay by me!

  8. DH

    I’m of the opinion that the Fourth Amendment should apply to our electronic devices. The problem is that the Fourth Amendment has a backdoor (i.e. getting a Warrant), whereas electronic devices cannot be made with backdoors without being made inherently non-secure.The compromise might be that backdoors should be implemented in such a way that physical access to the device is needed. This is apparently what is happening in the current case, where they need physical access to the device to offload its data so they can bruteforce the password.

    1. fredwilson

      i like the “two factor” approach to the back door issue

    2. scottythebody

      Why is this more secure or better? Physical access to the device means nothing in terms of security other than it’s “worse”. In terms of protecting the owner of the device, couldn’t any such back door also be exploited by anyone else with the physical device in hand? I mean, sure, you could put a bunch of certificates in place, layers of encryption, additional keys, and hardware tokens to secure the keys. But then you have another bag of issues and, of course, all those can be compromised or abused, too.Here in Vienna, Austria, we have the concept of “Post Keys”… These are keys handed out to the postal service that serve as “master” keys to get into all of the buildings. I live in the rooftop apartment in such a building. One day, I invited my friend and his family over for dinner. My friend, who is also my banker and a real estate developer, showed up at my door and rang the doorbell. Normally, I would have first heard the downstairs buzzer and would have had the opportunity to screen the entrant and, of course, in this case, to put on some pants and close the doors to all the bedrooms.I opened the apartment door and there stood my friend with a couple bottles of nice wine.”Was the door downstairs open? How did you get in?” I asked.”Everybody who is anybody in Vienna has a Post key,” he replied.

      1. DH

        The requirement of physical access at least makes dragnet surveillance or massive exploitation of the back door more difficult and less likely. Maybe not very meaningful from your perspective, but I think that’s the difference.

        1. scottythebody

          I’ll give you that for sure. But there are still huge issues with it. 1. “less likely” and “more difficult” mean possible2. How do you enforce only authorized physical access can use the back door? Complicated and probably also impossible to do securely3. This will kill the export market for US smartphones and tablets

  9. LE

    I lean in Albert’s direction. But I also see logic in the arguments that Tim Cook makes against opening up a back door to the iPhone.Tim Cook is full of shit. He wants us to believe that there is no way to design a system with safeguards in order to be able to, under proper court order, give information to authorities. Of course there is a way to do that. Tim just doesn’t want Apple’s millennial loving business model to be disrupted.What’s hilarious about all of this is not a day goes by where some hack isn’t fully publicized which puts people and machines at risk. And said hack is typically applauded and gleefully discussed by the same people that, for some reason, think they have a god given right to not, with a proper court order, have their own iphone or laptop info used in a criminal proceeding. [1]I am not struggling with this at all. I see it very simply. Apple should provide a way to comply with the governments requests. And to be clear there is a way for a company like Apple to engineer a safe enough way to do this.[1] You know why? Because disclosing and publicizing security breaches is their game (it’s fun) and they manage to benefit from it in some way. The gain way exceeds their personal loss.

    1. scottythebody

      Hmmmm… How would that be done, exactly? The very people who made this shit up are the ones who say it can’t be done.I’ve seen some stuff about a new model where nine nations would have to come together and vote to decrypt something, but that’s never going to happen.I’m not expecting people to “get” security culture, and I really do love your take. It’s the total opposite view from mine and my community, but It makes sense both ways. The vulnerability disclosure culture exists to make everyone more secure. Sure, it’s become a marketplace, a business, a “bromance” type world, and there’s a lot wrong with it, but I do not in any way see any logical inconsistency with a stance that vulnerabilities should be disclosed (and laughed about, or gloated over, or whatever) and an insistence that encryption implementation should have no back door. Those two thoughts are part of the same mind.Since we’re wishing, I would also like to say that there is a way for Google to implement their advertising-based search service and targeted ads without tracking me and still make a lot of money and there’s a way for streaming music services to get artist paid yet remain very affordable but get record company executives a house in Colorado or Utah and unlimited invitations to the Aspen Institute and TED.

  10. kidmercury

    def siding with encryption. i don’t really get the “we’ll all go down a neverending spiral of encryption and never trust anyone ever again” logic. we have locks on our doors, some even have powerful locks. should we ban those too?ultimately though platforms control the terrain and will specify what encryption services and protocols they wish to support. let them do as they please.

    1. Michael Elling

      What if the bad gal is a machine and we have no way of getting in and shutting her down?

      1. SubstrateUndertow

        In the larger aggregate isn’t that already true.There is a global, emerging, digital, automation-substrate bureaucracy that is incomprehensible as a whole to humans. Sure we can push and pull at it but it has taken on a life of its own 🙂

  11. ErikSchwartz

    The thing that drives me insane about this discussion is that there is a public discussion of backdoors. If the world understands there are backdoors, then they will just switch to encryption that Apple (or the NSA) cannot break.The one time pad is still unbreakable encryption and I don’t need a mobile device or a computer to use it.

    1. LE

      If the world understands there are backdoors, then they will just switch to encryption that Apple (or the NSA) cannot break.That is the “locks are only for honest people argument”. Meaning if someone is determined enough they will figure out a way to a) not use Apple phones or b) install their own software with encryption. c) Communicate with messengers like the mafia did (in those movies anyway).Obviously crooks make mistakes and are sloppy. People are sloppy. With proper thought and planning sure anything is possible. But that is not a reason to not have a way to catch the group of people that leave traces in one way or another. Not everyone is sharp 100% of the time. Of course people make mistakes.

    2. Amar

      True, except the one time pad has a pretty high set up overhead and does not scale for multi channel communications. It needs to be synchronized point to point. There is a reason PGP/PKI make sense. For most of the world (unlike us crypto/sec nerds) it is a constant trade off between security and convenience. In reality convenience beats the pants out of security 9.9 out of 10 times.

      1. ErikSchwartz

        You are of course right, one time pads are a huge PITA. Really all you need to do is decouple the encryption algorithm from the communication channel and you make things vastly more secure.One of the most important parts of code breaking is not letting the opposition know you’ve broken their codes. The allies let the Germans sink lots of ships and let lots of sailors die in order to protect Ultra. This is why I find a public discussion of this a bit crazy.

        1. Girish Mehta

          Yes, it is believed that Churchill allowed the bombing of Coventry to prevent alerting the Germans that Enigma had been cracked (although like much that happens in wartime, whether that is true is still debated 75 years later..)https://en.wikipedia.org/wi….

          1. JLM

            .Enigma was a code machine, not a code. I have actually held and operated an Enigma machine. Me and a million others.JLMwww.themusignsofthebigredca…

          2. Girish Mehta

            Of course JLM, you know that I know that, right ? 🙂 (that it was a machine)

          3. JLM

            .Of course. Ultra was the program. Enigma was a machine. The result was a thing of beauty.JLMwww.themusingsofthebigredca…

        2. David Greydanus

          Niel Stephenson’s book “Cryptonomicon” has a large plot arc based around that Information Theory/Game Theory problem of, “How much can I show them I know without them getting suspicious, and how can I give them alternate explanations for how I knew these things.”

    3. JLM

      .As a guy who has used one time pads more than a few times — not the same one, different ones — you have to know this: a one time pad approach has a big vulnerability in the possession of the actual pad.When intercepted, it is copied and then allowed to go along to the intended recipient. Sometimes a bogus message is sent to get a new one sent. Many times they were sent in entire books with the daily page being identified by a cryptic identifier.Imagine a booklet of 50 sheets (on flash burn paper) with a single character on each of the four corners. You get a message which identifies a single character and you have memorized a “protocol”.The message character is “A” and you know the protocol is that if the temperature is higher than 50F you use an odd or even page. Or, if you are in a certain country, etc.A one time pad can be intercepted and it can be used to decode historic messages also.This is pretty basic spycraft but even more vulnerable when digitized.JLMwww.themusingsofthebigredca…

      1. ErikSchwartz

        I would hope you didn’t use the same one more than once. If you use the same one more than once it’s no longer a one time pad. :-)The real thing here is about key security. If the key is not on the device controlled by Apple (in this case) then Apple can’t unlock the data. If you tell the bad guys this then they will use encryption where Apple does not have access to the key.

        1. JLM

          .One time pads were often used for a 24-hour period with part of the protocol being at what hour the day changed.JLMwww.themusingsofthebigredca…

  12. Peçanha

    The major issue here is definitely the fact that there’s no middle ground: if there’s a back hole, it will be used.Now, people use the “I don’t have nothing to hide” argument to defend access to their data (and anyone else’s), but this logic is flawed. Basically, it would only work if the people gathering your data and judging you were perfect, but everyone is biased somehow.Also, a little civil disobedience is necessary for the society to evolve, and if your data is being monitored, that won’t happen (because they are still crimes, even though they are minor). Think about Marijuana, Gay Marriage, hell, even the Geocentrism! They were all illegal and if the stablishment – government or church – had a way to stop it before going public or at their roots, they would. They can’t tell a good from a bad revolution.So, in my opinion, sacrificing our liberty and the future of the society because of a few bad apples is simply not worth it.

  13. jason wright

    perhaps in law the principle of legal personality needs to be extended to a phone as a person is entitled to invoke the Fifth Amendment and their phone should not be made available as a ‘voice’ against them if they invoke that right. the phone is an extension of the person in a way never before seen in society.

    1. Salt Shaker

      In this particular instance it’s a company phone; a right of privacy is already waived.

      1. pointsnfigures

        Corporations are seen as individuals in the light of the law. They have the same rights a person does.

        1. Salt Shaker

          Yeah, but corporations likely have a different moral or ethical standard, particularly if publicly held or gov’t funded.

          1. pointsnfigures

            Don’t disagree, but so do individuals.

  14. pointsnfigures

    I am with Fred as long as the phone is probed after the fact. The terrorists in San Bernardino committed the act. Prior to committing it, you could say they were very ultra conservative Muslims. Post committing it, they were terrorists and they are attacking our country. What I don’t want is government snooping because it thinks it has cause. I like Rand Paul’s idea that government should have to get a warrant to snoop. We don’t want to see the US turn into Minority Report.

  15. andyswan

    Zero chance. The same argument could be made of a “personal diary” 50 years ago. Once it’s out of your head and recorded, it’s fair game

    1. Richard

      We’re only a few decades from having an implantable chip that will record our thoughts. What say you use this chip to improve your mental health. Do you see the weakness in your argument?

      1. andyswan

        No I don’t.  I would advise against implanting a chip that records thoughts.

        1. bsoist

          I would advise against implanting a chip that records thoughts.Your greatest comment ever!

    2. jason wright

      then we encourage the end of expression, and the silent society is born.

  16. Kevin Hill

    I think the discussion of a tradeoff between ‘regular people’ and ‘bad guys’ presents a false choice.Encryption is a mathematical fact. If someone has dedicated their lives to terrorism, or sex trafficking, or any of the terrible anti-social motives other’s have described, they will only find minor inconvenience in setting up a secure encryption system that doesn’t rely on Apple’s blessing. That process is only going to get easier over time as the technology is developed further.So, all we really have a choice about in the medium to long term is a world where only the bad guy’s data is secure, or everyone’s is. It is certainly not the choice I’d like us to be faced with, but this seems to be what we were given.

    1. scottythebody

      You’re right. Compromising the security of the luxury products so that every “bad person” flocks to freely available open source and basically unbreakable encryption products is not really a good option, but it’s the best case for introducing the back door — that, and the tanking of US smartphone manufacturing abroad. Since Apple is pretty much the only company in the world making any money off of devices right now, I guess you can see exactly who this would harm. So is it a Android fanboi conspiracy 😉

  17. Anne Libby

    All in on encryption. The only thing looking at people’s devices is going to help with is history.And in the meantime, how many people have been pegged by the government as “bad guys” who actually weren’t? (MLK)

    1. pointsnfigures

      It’s not just agencies like the CIA or FBI. Look at what the IRS did to conservative groups the past 8 years. Look at what the FDA and USDA are doing daily to small organic and raw milk farmers.

      1. Anne Libby

        I don’t know the instances you’re mentioning, but in general I’m against institutions being able to troll individuals!

        1. Salt Shaker

          But no one is talking about trolling. A court order based on admissible evidence, probable cause, etc., isn’t trolling.

          1. David Greydanus

            Building a backdoor isn’t some kind of magical process that is tied to a specific legal procedure.You are introducing a structural weakness that WILL be abused not just by the FBI and NSA, but by anyone else that kind find their exploits.

          2. Salt Shaker

            Yeah, it’s one big fucking conspiracy.

          3. David Greydanus

            Maybe you weren’t paying attention during the Snowden leaks.Catch yourself up why don’t yahttps://en.wikipedia.org/wi…

          4. LE

            Please don’t assume that Snowden is a hero to everyone who works in the tech industry.

          5. David Greydanus

            Who said anything about him being a hero?The point is the that United States Government is known to abuse it’s power when given the ability to spy on it’s citizens.

          6. LE

            Of course there is abuse. Things can’t be 99% or 100% perfect or not usable at all under the right circumstances. You have to be able to accept that there will be screwups and abuse in order to protect against a greater enemy.As I’ve said before the government has nowhere near the resources to be able to use even 1/100000th of the data it is able to collect rightly or wrongly. Not going to happen. Never will happen.

          7. JLM

            .Snowden is a candidate for a bullet in the head and the lines will be long to do it.OTOH, who was in charge?No alarm that a systems administrator was accessing documents? Copying documents?Copy capable software?Flash drives?USB ports on computers in a secure environment?No camera surveillance? The kid copied 30K documents.No lie detector test security clearance review?An administrator in a location with no periodic surveillance?No demagnetizing exits/entrances?Any decently configured classified records shop would have had all that stuff. Someone needs to be disciplined for the setup of the shop itself. This is the problem with using contractors.JLMwww.themusingsofthebigredca…

          8. LE

            Your points are all valid.And you know from my perch I would advocate (gasp), and I am not kidding, that in super sensitive areas employees would be required to wear tracking devices (like they slap on people under house arrest). So you know their whereabouts at all times and who they are associating with. [1] In the days of Julius and Ethel Rosenbergs not possible certainly possible today.Of course the entire country would be aghast at the idea of doing something like this. But the fact is if the risk is large enough you need to insure the right thing happens and not just have trust.[1] You know relative to what has happened having full cavity searches is not out of the question (more gasps!!!)

          9. JLM

            .Back in the day, folks who a certain level of security clearance (in those days the name of the security clearance was classified) had to be part of PRP (personnel reliability program) wherein you had a monthly chat with a couple of spooks (usually FBI but you never really knew).You had to be able to account for every minute of your life and to be able to name every person whose company you had been in. You have to be prepared to discuss the most intimate imaginable details.I was in uniform at this time so I really didn’t have too much to worry about as I had very little free time.Every 3-4 months they would run you through a lie detector interrogation wherein they had all of your prior sessions to draw upon.Once a guy showed me how to “beat” a lie detector which essentially entailed arriving at a high level of agitation as your base case which made the elevation of skin temperature, moisture, breathing rate, etc almost indetectable as you had baselined so high.But, here’s the thing, you could spoof your way through one such session but they could detect your false answers over a continuum and moreso watching you than the lie detector tests.A truly great interrogator could make a “book” on you and pick up where your eyes were looking and if you moved your eyes or hands as a prelude or an after effect.Some of those guys were unbelievable.One told me, after asking about a girlfriend, “You’re going to marry that girl.” He was right almost ten years before I did.JLMwww.themusingsofthebigredca…

          10. scottythebody

            All that competes with “sharing”. Nobody wanted to be sitting on the “smoking gun” when the next 9/11 happened.

          11. LE

            I would never take a lie detector test (for multiple reasons) one is simply because I have what is commonly known as “white coat hypertension” which I am sure you are familiar with.

          12. scottythebody

            They ran Windows and used SharePoint. This is not a system designed for security in the first place. If all the controls have to be bolted on and priorities are not on non-functional capabilities, well, there you go… 😉 Agree with you, but the environment was one of “need to share” in the post 9/11 world.

          13. JLM

            .The need to share aspect is interesting because at the agency level there is no cooperation amongst anyone since the end of US involvement in Iraq.We have no battlefield, local, inter-sovereign nation cooperation.We have tons of tech intel and almost no humint. We are screwed.JLMwww.themusingsofthebigredca…

          14. Salt Shaker

            No argument there, but you’re assuming it’s no longer possible to build a system with requisite checks, balances and safeguards. I just don’t buy into that logic. Privacy is sacred until it puts public safety at risk, as determined by a court of law.

          15. LE

            Parent comment doesn’t take into account positives, only ephemeral negatives.If people didn’t consider the positives they wouldn’t take any medicines or undergo surgery.

          16. Salt Shaker

            Thank you for sharing. It’s well documented that Hoover was a twisted, dishonorable and abusive man. He thought he was above the law and frequently engaged in unscrupulous behavior, as the NYT piece on MLK demonstrates. Smear tactics and innuendo were a big part of his MO. Kept files on numerous people in the arts and entertainment, including Elvis, John Lennon, etc. Different time, different era. If we have unconditional distrust of our gov’t, as many believe we should, then we’re all in trouble. Maybe naively, I believe reasonable and effective safeguards and procedures can be put in place w/ mandatory court orders. In select instances–vis-a-vis public safety–the benefit outways the risk IMO.

          17. Anne Libby

            I do believe in our “better angels” — to me, that’s people like Tim Cook having the spine to say, “no.”As we’ve seen in this century, there are parts of our government that are not following the law. Lol, move fast and break things, hope not have to answer for it.And as for the bad guys after we let our government break encryption, they’re like entrepreneurs too. They’ll figure out another way to communicate that don’t involve phones that can be traced to them.And like the thousands of disabled grandparents who are being patted down at the airport as a condition of air travel, what a joke, the rest of us will live with the consequences.

          18. Anne Libby

            Tried to post this from mobile last pm, gah.http://www.nytimes.com/2014…(And, sorry, oops, it looks like it did post. I apologize for the duplication!)

        2. pointsnfigures

          on the IRS-http://www.judicialwatc…FDA and USDA go after raw milk and cheese-http://farmtoconsume…Gibson Guitar ran afoul of the EPA-http://humanevents.com/…Film maker wrongly accused and jailed-http://www.washingto…We agree. Government should not be able to use it’s power capriciously against individuals; no matter what their politics are.

          1. Anne Libby

            Will scan the links later, but I agree with you more than @JLM does.

          2. pointsnfigures

            And then there is this: Twitter supposedly is shadowbanning accounts management doesn’t agree with politically. http://www.breitbart.com/te… Understand a private company can limit freedom of speech, but it’s awfully funny when one limits free communication when it’s based on free communication.

          3. pointsnfigures

            Also, did you know the Dodd-Frank Act that was passed allows government to go into all your financial information line by line if they deem that you are a threat, or a risk to the marketplace? This means some government bureaucrat could have a vendetta against a person or firm-then demand all their bank statements, credit card statements, transactions, general ledgers and brokerage statements to investigate-without a warrant.

    2. JLM

      .That was a false positive if ever there was one.MLK was a registered Republican with a PhD, not some mail-in reverend baloney, and whose entire life had been lived on the inside of a church.Then, there was J Edgar Hoover who was nuts in so many ways.JLMwww.themusingsofthebigredca…

      1. Anne Libby

        Exactly.That there will be people in our government who will break the law — or use it towards their own ends, lol LOVEINT, or be nuts — is a known known.

  18. David Greydanus

    I don’t understand how anyone can take the federal government seriously when they talk about respecting their citizens privacy when the NSA and GCHQ named their anti-encryption programs after the first battles in their respective countries first civil war!They admitted that they were declaring digital war on their citizens!Context: The NSA anti-encryption program is called Bullrun, and the British counterpart is called Edgehill.

  19. Brandon Burns

    If a judge issues a search warrant, authorizing authorities to enter the home of a criminal, it would be silly for people who make houses to say that they can’t make an extra key to let them in.I agree with Tim Cook’s sentiment, but I think his application of it is out of step; specifically, with the 4th Amendment.

    1. kevando

      This is my favorite metaphor justifying the encryption argument.

  20. kevando

    Maybe I’m niave – but I find it so interesting that stuff like this has no effect on a company’s stock price.

  21. JoeK

    If Apple have the freedom to create a backdoor, then they have the ability to close it. So agree to trialing one out for a three year period, and if they have any evidence of an increased rate of information breaches then they can issue updates to eliminate the backdoor.This hacking thing is a red herring, social engineering and mass data breaches are a far greater threat to information security, as evidenced by half of Hollywood having their private iPhone photographs splashed across the web a few years ago, despite Apple’s keeping information safe.

  22. jaypinho

    The very fact that there is a public-facing discussion over whether to create an encryption backdoor underscores the point that its stated objective would be moot by the time it’s implemented. Actual criminals and terrorists would switch (or perhaps already have) to a service that provides uncompromised encryption. Meanwhile, the rest of us are stuck getting our messages opened by the NSA. There are serious First Amendment implications to having to monitor what you say in private communications for fear of your own national surveillance agency.(Worth noting, by the way, that despite its superficial similarity to the gun debate — i.e. “gun control only prevents law-abiding citizens from owning them” — it’s actually quite different. There is virtually no cost or obstacle in switching from a compromised encryption system to a better one to avoid detection, but there are myriad obstacles preventing criminals from obtaining weapons in a well-regulated weapons market.)

    1. JoeK

      End-to-end encryption does not factor into this discussion – we’re talking about having access to the end devices themselves, and so your information is already decrypted at this point.

      1. jaypinho

        You’re right; I just meant encryption generally.

  23. LG222

    1. Putting publicly known backdoors in Apple, Google, Microsoft devices/software will not stop bad guys using encryption. I doubt many rely on major US based company devices today, maybe random idiots, not organised bad guys.2. If I was a bad guy, the last device I would trust (at the moment, let alone if know backdoors added) would be a closed black box supposedly secure service based in the USA.3. Forcing US companies to put in shout from rooftops “we can see all your stuff” backdoors will destroy the US tech business in the rest of the world. The US will be ok with home market sales but China will take over the world faster than they already are.

    1. LE

      will destroy the US tech business in the rest of the worldThey will no longer buy Apple products because the brand will be tarnished?Not even close. That has never been Apple’s unique selling point. The usability, quality, and the brand cache is.The amount of people who actually care about this issue is exceedingly small. This is an inside baseball discussion for techies who like to whine about things that normals don’t give a shit about.

      1. LG222

        Its a tiny point compared to the first. However if the FBI get a key to your stuff, every Government in the world will also demand it.. or you won’t be selling any more products/services in many of those countries.its a minor point of argument, I could care less what profits these companies make. The more important is you would be giving up all liberty whilst achieving little, if any (in long run) extra security.

        1. LE

          I just want shit that works and does things that I find helpful in various ways. The government having access to my data is a necessary evil and not a big one at that. To me.If you want total security then don’t use any electronic devices at all and go off the grid (or whatever it’s called).What am I more concerned about? The security of my ss number and drivers license at various doctors who I know don’t have the knowledge, resources and motivation to properly protect it. Because that to me is a threat with less ephemeral consequences. [1][1] I asked one doctor about this just for fun. His answer was the typical “oh yeah we have it protected highest grade” which gave me as much confidence as none at all. (Same office takes a photo copy of your drivers license and sticks in in a paper file folder for reference what a nice trove of data that is for anyone working in this large office that decides to go rogue..)

      2. SubstrateUndertow

        You are being very short sighted !As personal data/bots/sensor/actuators become a major extensions of our biological personas the security/autonomy mass-culture care-quotient will rise dramatically.

  24. brendancoen

    The FBI is asking Apple to turn off the auto-erase feature so they can do a brute force password hack whereby they try every 4-6 alphanumeric combination and it has been estimated this hack could take between 20 hours and 5.5 years given who you listen to and the number of combinations. My question is, if they have the two dead bodies why not use their fingerprint to unlock the phone? Maybe I missed something in the story?

    1. John Pasmore

      effective thou depends if fingerprint is already enabled – if not you would need password to enable: https://support.apple.com/e… 1. Make sure that the Home button and your finger are clean and dry.2. Tap Settings > Touch ID & Passcode, then enter your passcode.

    2. JLM

      .Not sure why but when rigor mortis sets in fingerprint technology takes a huge nosedive except when you have entire sets of 10-finger prints.On a Samsung tablet I use with fingerprint acess, it works perfectly except for once a week when it just doesn’t work.JLMwww.themusingsofthebigredca…

  25. iggyfanlo

    Have to say like most things I’m 100% in agreement with Albert. Make data public and realize privacy is a blip in our existence as a species

    1. scottythebody

      Totally okay as long as public data is secure.

  26. LGBlueSky

    I see this very simply. If you store something on your phone, laptop, cloud or other device, there should be no expectation of privacy. We live in a different world. I always assumed Apple could break the encryption on my phone. I am fine with that. And if governmental agencies encroach and go all “MCCarthy”, then we have checks and balances and Snowdens to weed them out. Thank you.

  27. Ujjwal Dhoot

    Like any data set, policies are directional for most cases, but they often don’t apply well to edge cases. Helping the government protect us against unlawful elements is part of their job. Apple is not helping the government find details that could help link to a network of other potential terrorists.Encryption is important and I’m a proponent of privacy of users on any platform, but not when the opportunity cost is anyone’s life.Giving phone access for the terrorist in question is a short term band aid, and an important one. So maybe there’s middle ground by giving one time access for the current use case, while Apple and the US government debate the longer term solution for true backdoor access based on each use case.

  28. Sierra Choi

    I think Tim Cook is one cool guy and a very ethical one at that. Strangely, this is not really a case for encryption but one of our 1st amendment rights. Legally, the FBI or any other govt agency cannot take the contents of a mobile phone with a passcode- because it is considered a trade secret that is protected under the law. (on a note though- if you have fingerprint access instead of a passcode, they can take it, as that is not considered a trade secret). The FBI is asking Apple to give them the passcode, so that they can legally utilise the contents of the phone in a court of law, not that NSA hackers couldn’t figure it out and give the FBI what they need.If Apple were to give away this information to any agency, this would present a grave danger to our 1st amendment rights. Everyone deserves justice, even suspected criminals and terrorists, that is why our legal system is set up as “innocent before proven guilty”. Imagine what would happen to the US if we started taking away the rights of people and the government can access all your trade secrets at any time. That is unconstitutional and fascist.As a little bit of tidbit, Tim Cook was also the only tech executive to attend President Obama’s CyberSecurity Summit at Stanford a year ago when President Obama announced plans to integrate all social media and networks directly into government agency databases. All other technology leaders refused to attend because the idea of giving govt agencies free and open access to everyone’s information is something that Silicon Valley thinks of as unethical. http://techcrunch.com/2015/…Having a passcode on your phone is parallel to taking the Fifth Amendment in a court of law. Once we give away all our rights, who knows what else can happen.

  29. scottythebody

    End-to-end all the way. There is simply no “safe” way to introduce a back door and still consider confidentiality preserved. Law enforcement has a lot of tools at its disposal without removing everyone’s privacy. The Paris attackers were texting, if I remember correctly. Not that this is the only thing they did, but even without encryption present, “total information awareness” and dominance just isn’t a thing.The proposal is unworkable. How would these phones be sold overseas? Nobody would buy US backdoor phones. So the bad guys (and everybody else) wouldn’t buy US phones and just use real encryption anyway. Real encryption is part of this world and it can’t be undone.

  30. rick gregory

    First, to deal with the ‘we should be open about our data’… That’s fine, but it should be for each person to choose whether they share their data or not; the issue is control, not openness. Forcing all data to be divulged removes control of my data from me which I can’t see as a good thing.Encryption is a tool that lets me control who can read my data – break that and you remove my ability to keep data private. Why do I want to? Counter-question – why do I have to justify anything to others?Second, I’m disappointed, Fred, that you fall into the ‘oh no, child porn and evil people’ trap. In fact, this case is one that illustrates how law enforcement doesn’t really need to break encryption in order to catch people.Here’s a couple that travelled to the Middle East, subsequently bought thousands of rounds of ammo and a bunch of guns, etc. You can know all of that without breaking encryption. That is, in fact, the justification of the NSA’s widespread collection of metadata – to detect patterns that indicate an attack. If the justification of the NSA programs which Snowden revealed are that they let us detect these patterns, then those programs utterly failed here and that has nothing to do with a phone that’s encrypted.

  31. Chris Mack

    Nobody can be trusted with the keys (even if a foolproof backdoor could be implemented). The only answer is full encryption. Fear-mongering about pedophiles is just that, and can’t be taken seriously for the simple reason – where does it end? We probably all agree on pedophiles. What about suspected pedophiles? What about murderers? Suspected murderers? What about guys like Snowden, who the government considers a traitor, but any sane person sees as a hero? If history tells us ANYTHING – if you give someone power like that they will abuse it. So the answer is simply no. There is no other alternative.

  32. Nigel Sharp

    Hey you Americans have got at least ONE idea right, and that was to promote “freedom”. With freedom comes fanatics and extremists but also amazing civil liberties and expression of thought. With freedom comes absolute privacy, and with technology comes that option – an option i’m all for, because even if I’ve got nothing to hide, I assume (and desire) what I do have is hidden either through anonymity or through encryption. The state needs to be trusting of me, and if something bad happens and it wasn’t a significant majority of people involved, then the system is working.

  33. Fernando Gutierrez

    The tech to encrypt is publicly available. It is just math. If governments limit it in any way, criminals will keep using it, only honest people will lose its benefits.If a terrorist uses encryption (big if, the Paris terrorists used sms messages to coordinate), what makes you think that he will stop doing so because Apple doesn’t offer it any more? if someone is willing to do such terrible things, he won’t have doubts about downloading some illegal software from the internet.If privacy is outlawed, only outlaws will have privacy. – Phil Zimmermann (PGP creator)

    1. scottythebody

      I was just about to post the same comment more or less. From what I know in my limited but probably more than average study on this topic (I’m a security expert by trade, but not studying so much this angle in terms of terrorism and law enforcement), there haven’t been too many (if any) cases where:1) Police knew something was going to happen, but couldn’t stop it because DOH! encrypted2) Attackers used encrypted communication to completely surpass detection before the plot executed

  34. MelkiSch

    Crypting and decrypting is not energy neutral. It is actually resource intensive. Which leads me to believe that private companies will always view this as a cost assessment question. Apple, Chase, Paypal… don’t really have a choice as their business depend on a high level of security, others don’t really care as they will always have the gangster argument ready… the same argument used by the CIA against Snowden. One possible solution, would be to impose various levels of data protection based on the service the private organization storing your data is providing you (ie. organic, non gmo, etc..). That way, the end user knows which one of his/her basic rights are respected.

  35. nwwells

    This feels like a false dichotomy to me. End to end encryption will exist. You can be sure that the government in the very least will have it. The question is whether we afford private citizens the same protections as government officials.

  36. dj8218521

    I’m with Mr. Snowden on this one…

    1. JLM

      .He will want company in his cell, no?JLMwww.themusingsofthebigredca…

  37. Jake Chapman

    I think End to End encryption supporters are the 21st century version of those who support nearly unlimited access to guns.In the not too distant past, wide spread gun ownership amongst the populace was a bulwark against a tyrannical government (no matter how unlikely it seemed) but that is no longer the case. No armed militia can reasonably expect to resist a modern nation state. Instead permissive gun laws result in easy gun access for those who shouldn’t have it.Similarly, I don’t believe end to end encryption does much to safe guard our democracy as its proponents claim. There are so many ways for a modern nation state with nefarious intent to crack down on its population that encryption has very little efficacy. This means that, like easy gun access, the primary beneficiaries of end to end encryption are precisely the people we don’t want to benefit from it. (I realize I am in the minority here, particularly in Silicon Valley)

  38. David Greydanus

    I have noticed that the people who know the least about cryptography are generally the same people who think they see the most clear cut answer to this problem.If you don’t understand at least the basics of the tech, please be quiet.

    1. John Pasmore


    2. ErikSchwartz

      I too have watched the Presidential debates.

      1. David Greydanus

        Am I quoting someone?

        1. ErikSchwartz

          Not that I am aware of. But it is pretty clear from watching them no candidates on either side really even understands what encryption is, let alone nuances about it.

          1. John Pasmore

            Understanding != prerequisite for participation

          2. JLM

            .Would Hillary say, “You’re barking up the wrong tree, Erik?”JLMwww.themusingsofthebigredca…

    3. Salt Shaker

      Oh please, get off your high tech pedestal. The last 4 letters of your surname about sums it up for me.

      1. David Greydanus

        And so ends the respectful discussion…Sorry you found my arguments unhelpful, friend.

        1. Salt Shaker

          Your arguments are helpful, friend, until you crossed the line as one of the anointed or all knowing. Apologies for the slight, a bit out of character. Impassioned subject.

          1. David Greydanus

            We anointed hackers aren’t easily offended.This reminds me of a scene from the Niel Stephenson book “Cryptonomicon” where a professor is dismissing the opinion of a hacker as merely, “technical elitism”, to which the hacker’s response is, (paraphrase)”Why am I one of the ‘tech elite’. I took the time to read a few books so I could understand the subject like I would on any other important topic I wanted to discus.”Not being one of the “Tech elite” is not an excuse to be ignorant on a topic you are debating. Any body can undesrtand at least the basics of computer security.Unlike what the NSA would like you to believe, your average person can understand these issues of they take the time.

          2. JLM

            .I am reading that book right now. Very interesting.JLMwww.themusingsofthebigredca…

          3. Salt Shaker

            You dissapoint, JLM. I thought for sure you’d take this all knowing high school kid to school. I think he’s free between 3rd period and study hall. Wonder who he’s taking to the prom?

          4. JLM

            .Based on what I’ve seen — prom — he’ll be taking his right hand. But even that’s a little iffy.I got such a solid thrashing the other day, I’m gun shy. [OK, that’s bullshit.]You nailed him and I didn’t want to crowd your backswing.Well played.I did weigh in just a little above.JLMwww.themusingsofthebigredca…

          5. David Greydanus

            If you’re interested, the discussion I was referring to starts on page 82 in the chapter “The Spawn of Onan”.

          6. Girish Mehta

            See the first name on my reading list last summer…https://disqus.com/home/dis…actually i dropped off it then (too many other unread books)…but after today’s discussion, am going to pick it up again from the start. Have found I need to be in the right mood for Neal Stephenson..

          7. LE

            David let me give you some friendly older guy advice here. You could be the next Wozniak but at this point you haven’t been doing computer things for that long (I checked your linkedin prior to writing this). As such it’s probably best not to say things like “If you don’t understand at least the basics of the tech, please be quiet.”. Does that make sense?

          8. David Greydanus

            Thanks for taking the time to write that.I’m really not some kind of cryptoanarchic cyberpunk, but I realize now I should have toned it down it bit.I do think that some understanding of crypto and the way ciphers work is important for understanding this discussing, but I am also acutely aware of how inexperience I am with these relative to real experts.Hope that helps.

        2. Collin

          Didn’t seem to start respectfully to me. Last time I checked “shut up, the adults are talking” is not considered respectful

          1. David Greydanus

            How about, “Educate yourself before declaring to the world that you have solved crypto.”Not sure why that’s so unreasonable. Anyone can google this shit…

          2. Collin

            Only problem is that this is less about crypto and more about underlying opinions on privacy. Technical understanding of cryptography is completely irrelevant to the actual discussion on privacy.

          3. David Greydanus

            But is the discussion really about the underlying philosophy of privacy ?We would all like to have the good guys info private and the bad guys exposed. Finding a technical solution to that is hard.

          4. David Greydanus

            I would also say, “Don’t’ start yelling about how you could have fixed the subprime mortgage crisis if you don’t even know what a mortgage is.”

          5. Collin

            You’re missing the forest for the trees.

          6. JLM

            .A lot of truth has to be contained in an attractive wrapper to be heard and perceived. You may grade well on truth but you’re headed back to charm school for the wrapper thing.Hey, I’ve been there more than a few times myself and I like a thumb in the eye regardless of which end of the thumb I’m on but then I am a highly, highly flawed person.Now, get back in the game and start volleying at the net.JLMwww.themusingsofthebigredca…

          7. David Greydanus

            I didn’t mean to be obnoxious. Some of my pent up frustration on this issue may have leaked through.I hope you can still see the point I was making.

          8. JLM

            .Hey, you can never draw blood from me on the issue of obnoxious. I bathe regularly in kerosene to toughen up my skin. I pay more attention to a salution such, “Hey, dipshit”.I get your point completely.Still, if you had to actually know what you’re talking about who would be running for President?Get back in the game.JLMwww.themusingsofthebigredca…


    If a backdoor is created, you have to assume both good and bad guys will have access to it. If people are fine with that, then backdoors should be implemented.

  40. William Mougayar

    Our smartphones are like what used to be a drawer in our cabinet or bedroom. A remotely accessible backdoor is like giving your house (or office) keys to the FBI or whoever is an “authority”. So, it’s non-starter.Just because technology allows remote access doesn’t mean that the remote access needs to be granted openly. Why can’t we apply the same rules as we have today, and if someone is a criminal & there is a warrant to search, then they can search, but that’s not an open back door. That would be done via another method that preserves security for 99.999% of the users who are honest, law-abiding citizens. It would be crazy to design a system for the .001% and blindly forcing it on the 99.999% others. It’s like airport security- we are all subjected to and treated like bad actors the minute we walk into an airport to board a plane.

    1. kevando

      TSA at the airport is a great metaphor. We take our shoes off for security, but what if Umar tried to hide the bomb in his underwear?

    2. Dan McArdle

      “It would be crazy to design a system for the .001% and blindly forcing it on the 99.999% others.”Indeed… Similar to how the financial system has been deputized in order to make Law Enforcement’s job easier. Yeah, it’s crazy, and the cost/friction in financial-services is a huge hidden cost to society, yet here we are.

  41. tobin

    Unfortunately the concept of living in public is not the same as securing my life. The default position on encryption should not be about hiding information, but about protecting information that puts my life and my family’s life at risk.

  42. Collin

    “They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.”My private life is my private life. In much the same way that I am strongly against the efforts by some to overturn Blackstone’s formulation, I am very much against the notion that in order to catch a small number of bad actors, we should give up all but the most meager amount of privacy.

    1. JLM

      .The 4th Amendment, which provides the basis for the validity of your thought, prohibits “unlawful” search and seizure.This is a case of “lawful” search as evidenced by a Court Order.A freedom is not being given up. A duty is being exercised.Were it “unlawful”, I’d be nudging you aside on the barricades and waving the same flag.It is not.JLMwww.themusingsofthebigredca…

    2. SubstrateUndertow

      Apparently there is a sliding scale on the cost/benefits of enforcing different amendments.The acceptable cost in lives of maintaining 2nd amendment gun rights is apparently somewhere around 3,200 lives a year.The acceptable cost in lives of maintaining 4th amendment unreasonable searches and seizures rights are far less at a cost of approximately ?? terrorist deaths per year ?

  43. Tom Zeller

    We would also catch “child pornographers, sex slaverunners, narco gangsters, terrorists, and a host of other bad people” if we let the police indiscriminately do house-to-house searches without warrants. But we don’t. Creating a backdoor decryption mechanism would create a future Edgar Hoover on steroids with something on everyone. Don’t like the power of the state? we’ll decrypt your communication until we can arrest you or embarrass you. Freedom to communicate privately is critical to future freedom.

    1. SubstrateUndertow

      “Freedom to communicate privately is critical to future freedom.”Freedom to communicate privately is foundational to our biological autonomy/security and these cyber devices are simply bio-extending analogues !

  44. JLM

    .The legal and law enforcement aspects of Apple’s dilemma are pretty small potatoes.There is a Court order from a Federal Judge and Apple has only two choices: comply or suffer the consequences.Making a new law or espousing a new body of legal interest is not one of the short term possibilities. That Judge is not going to let Apple say, “Can you wait on maybe us getting a new law through the Congress, Your Honor?”If that Federal Ct Judge thinks that Tim Cook is going to fail to comply with her order, she can throw him in jail for contempt and notify the next in command — the registered legal representative for the receipt of legal notices. This would be with the Sec of State’s office in California.The legal issues themselves are long settled and go back to the days of physical safes in which safe manufacturing companies were routinely required to open their safes. This happened because there were “destruct” mechanisms which began to appear in the 1950s.You have to ask yourself who would want such a mechanism when safes were used primarily to safeguard valuables. Who and why? Not dissimilar to this case.No safe company ever fought this and the FBI and law enforcement won all of these confrontations.It is hard to see this in any other manner.The Court Order also asks Apple for an estimate of the cost to write the software — which Apple says does not currently exist — to open the phone.Here’s the big one: The info on the phone self-destructs after ten failed attempts to access it.I cannot believe that either Apple or the FBI really wanted this debate to hit the airways and I think Apple is particularly ill-advised to make public utterances on this matter. I cannot believe that the FBI didn’t obtain a gag order on this as part of the original Court order.There will always be some kind of exception to any encryption regime for law enforcement and national security. How it operates — in a world when the IRS is using your tax returns for political purposes — is another issue altogether.Law enforcement gets it stuff while every possible misgiving expressed on this blog is likely valid. That is the law and that is the times.JLMwww.themusingsofthebigredca…

  45. Victor Zambrano

    The question is who decides what’s allowed and what is not; who decides who’s the criminal. Today it is a mass shooting incident, tomorrow it is about messaging on riots against the government, or else.The case is not about privacy, it is about security: it is unequivocally about who do we give power to decide and trespass into our lives, and who decides when it is right to use that power.The simplest (and more personally empowering, less ambiguous) answer to all the possible scenarios is “none but yourself”. Any other answer opens the possibility of that power being dangerously misused.

  46. Emily Steed

    If encrypted data is analogous to items in a home, then a reasonable solution may be treat access to personal data as analogous to other situations where the government is required to obtain a warrant to enter your home, barring immediate danger. As members of a community, the right to our privacy should be weighed against the duty to protect vulnerable members of our community. The police can’t legally enter your home without meeting legal thresholds. Can’t data access be the same? If smart people got together, I am confident we could create a reasonable legal test for access to encrypted data. It would be imperfect, for certain. But most things in law are an imperfect compromise and a work in progres to balance competing rights and duties. And taking a yes or no approach is highly imperfect.

    1. JLM

      .Your voice is fair and reasonable.Police can enter anywhere they want on the basis of “hot pursuit” or a Court Order.This includes homes, boats, planes, cars, and blood streams.There is no need to change the law in any manner.There is a Court Order which is to be held as the gov’t having successfully answered the question of the appropriateness of the request.Apple, Tim Cook, et al, have only two choices: comply or defy. If they defy, then they are subject to being jailed for contempt of court.Another bit of law is the duty or right of a coronoer/medical examiner/magistrate/JP to order an autopsy in the event of a death which may involve foul play.Interestingly enough, when Sup Ct Justice died in Texas, the potentate of Marfa, Texas decided not to order an autopsy because of the Justice’s history of heart disease and the nature of his death.There is enough law to deal with this situation right now.If I were Tim Cook, I’d keep a “go” bag behind my door at the office.JLMwww.themusingsofthebigredca…

  47. jason wright

    perhaps the iphone needs to run on Ethereum Tim.

  48. David Semeria

    I know it’s not trendy in the tech community, but I’m firmly in the “greater good” camp here.I believe judges should be able to issue warrants for electronic surveillance and intrusion if there is a demonstrated serious issue at stake, such as the ones mentioned by Fred.I would also argue that DH’s suggestion of needing physical access to devices is too limiting (suspects could just throw them in the river) — but I would like to see a robust appeals process prior to the warrant’s execution (unless there is an urgent issue of national security)I know it’s an uncomfortable feeling knowing the government could potentially access your private data, but that minor discomfort is nothing compared to foiling just one terrorist attack or catching just one rapist or child abuser.

    1. JLM

      .Well you are in good company, David, cause what you say happens to be the freakin’ law.Tim Cook is unlikely to be even Pres Obama’s SCOTUS nominee given his knowledge of the law.JLMwww.themusingsofthebigredca…

      1. David Semeria

        Ah… well that’s good to know JLM. So why don’t the FBI just get a warrant (or court order or whatever) and just take it over to Tim Cook’s people?

    2. scottythebody

      I don’t understand at all why the physical access to the device somehow magically makes the back door more secure.

      1. David Semeria

        I agree, the security back doors (about which I doubt the importance) should be guaranteed by law not technology.

    3. scottythebody

      The problem with a lot of this is that the courts that deal with this stuff are all secret.

    4. SubstrateUndertow

      “the greater good”the devil is not only in the details but future details are unimaginably opaque !

  49. Stephen Voris

    If there is going to be a backdoor, at the very least require it to record the identity of whoever uses it.

  50. Michal Illich

    Definitely end-to-end encryption.Mainly for photos and backups – we already have such services using end-to-end encryption (but unfortunately, not a majority yet).And it would be great to have it for other services such as collaborative docs/sheets editing (this is more difficult to develop but possible).Bad guys described in the article consist of less than 0.001% of the users. And they will always have a way to encrypt their communication. So disallowing end-to-end encryption for regular folks will not hurt bad guys, it will only hurt us.

  51. James Ransom

    This raises more questions for me. Not on the topic itself but on multiple topics like this that do not have an easy solution to it. Has there ever been an issue such as this one in our past that has eventually been solved? Will there ever be an answer to the end of encryption or will this just be another issue that is put up for Presidential debate every four years?We must look to the past for guidance, but we cannot mimic it. It is our responsibility to ensure the future is brighter for the coming generations.On a side note I am glad though to see Tim Cook carrying on the legacy on Steve Jobs by making sure the future is not like 1984.

  52. NS

    For the technically inclined, an excellent analysis how how Apple technology can be modified to comply: http://blog.trailofbits.com

    1. scottythebody

      Hmmm. Some of that is speculative. Saw some other information that the phone in question must be a 5C, which has no secure enclave. I think that a whole new SE would be required (with the back door manufactured into it)… But that’s just a quick take.

      1. scottythebody

        Re-read it. Yes, that is what he proposes. You would have to fuck up the secure enclave to make this work. So basically remove the secure enclave 😉

  53. Lee Lorenzen

    The Tim Cook letter implies that the FBI wants a new version of the OS to be created by Apple and for Apple to somehow force it to be installed on the phone. The reason for this request is because this new “more hackable” OS would disable the auto-erase feature that normally comes up after a certain number of failed password attempts. Presumably after this auto-erase feature is disabled, the FBI would then use a brute-force approach to try every password combination until the correct one unlocks the phone.So with Apple’s help, the creation of this “more hackable” OS is apparently a trivial change that gives Apple (or better said, a few employees at Apple) the ability to create and install a back door to any Apple phone anytime they want without anyone knowing they are doing so and without any court order or 3rd party oversight. If this is so, isn’t the security of all iPhones (especially those in which someone at Apple has physical possession of the phone) already compromised?Given the legitimate reasons for the FBI to get access to these terrorists’ phone data, why not have the FBI provide the iPhone to Apple (but kept under the FBI’s watchful eyes for chain-of-evidence reasons) and then let these few Apple employees create and install the new OS (at Apple headquarters), run the FBI’s brute force password program, unlock the phone to prove the correct password has been found, relock the phone with the same password, put the old OS back in place, destroy the new “more hackable” OS and give the iPhone back to the FBI (who can then open it with the correct password)?If Apple won’t agree to this, I bet the FBI could post a memory dump of the terrorists’ phone including the currently installed “unhackable” OS and offer $100,000 to the first person who could find the exact bytes of data in that memory map that need to change to allow the phone’s memory map to be modified to turn it into the “more hackable” OS?Is that outcome really better for all of our security than the approach where Apple responds to valid court orders and keeps the backdoor under their own lock and key?

  54. Rafi Kronzon

    People talk about complete privacy as if we’re losing something we already have. We never had, and (I agree with Albert), never will have, unbreakable privacy. Legally, the constitution gives us protection only against “unreasonable search and seizure.” So is Tim Cook really protecting us, or is he trying to introduce a new constitutional protection? Last I checked, those are introduced differently.

    1. SubstrateUndertow

      Sure we never had complete privacy.But we also don’t ever want complete exposure.

  55. pointsnfigures

    https://www.techdirt.com/ar… NYPD has deployed stingrays over 1000 times without warrants. Baltimore PD has done similar.

  56. curtissumpter

    How much of this argument is based on convenience?Accessing a mobile device is fantastic but if you’re looking to trace a network aren’t there other better ways?IM metadata (which people were called/texted which can be gathered from telecoms or cable companies), phone call metadata, MAC address cellphone pinging, GPS tracking (if it was enabled on the cellphone), all of which could be accessed from ATT/VZ/T-Mobile.In the past encryption was just a dead drop or face-to-face communication: ephemeral and untraceable.How much of this is just law enforcements desire to know? iCloud backups aren’t encrypted. This simply seems like a wedge into a dataset that the FBI would like. It seems unnecessary.Not to mention how long will it be until a privacy Cayman Islands comes along and allows the manufacturing of a truly dark device? Then what?

    1. scottythebody

      All true.

  57. Tom Labus

    Scott McNealy said the idea of privacy was done 20 years ago. It’s long in the grave,.I have no idea how Cook gets out of this one. Can they give them the info only and not the process? Is there the ability to compromise with a court order?

    1. JLM

      .You can appeal or file to “quash” a court order. This is a Federal Court and the Judge can order Cook jailed for contempt for his utterances and his unwillingness to cooperate alone.Fed Judges are appointed for life.JLMwww.themusingsofthebigredca…

      1. Tom Labus

        Does a court order come with a time frame for compliance?

        1. JLM

          .The party requesting the order typically presents the Court with a suggested order and the court rules “yeah” or “neigh”.The hearing is likely to be in the Judge’s chambers and the targeted entity may be present and represented by counsel who may make suggestions as to the final court order.In national security matters, the target is never in the chamber. Ever.In this case one has to believe that Apple’s lawyers were on the spot and that the Judge was very thoughtful as to the cost having asked for an estimate.Nobody is mad at Apple. They all want Apple to cooperate.Bottom line, I suspect that the Court Order said, “Get back to us with an estimate and a time line.”You have to remember that Tim Cook wants that Court Order to give him shade and shelter.JLMwww.themusingsofthebigredca…

          1. Tom Labus

            Thanks, Jeff

  58. hypermark

    I think the simple calculus here is that what makes digital data different is that in absence of unbreakable encryption, you have a recipe for governments, large corporations or bad actors to maintain an: A) Automatic; B) Ever growing; C) Never ceasing data store of every communication you have — good, bad or gray.That store of data can be mined, categorized, or combined based upon a seemingly endless array of algorithms, and you wouldn’t know until it’s too late that, for example, five seemingly innocuous conversations you had over multiple years leave you f-cked for:A) Identity TheftB) False ProsecutionC) Discrimination by Insurance Companies, Financial Institutions, etc.As we have seen in the wake of Post-911, what can be exploited in terms of monitoring and misuse of personal data, WILL be exploited.Hence, it’s not a question of giving the backdoor to the good actor, as if US has it, its allies will have it, its favored business lobby will have it, and so too, will its adversaries have it.The litmus test for personal rights like Miranda Rights, are specifically whether we push those rights down to even the bad, unsavory characters. Why? Experience and wisdom dictates that the tool that can be plied against the guilty will be just as sharply used against the innocent.

  59. tk

    A lot of what out society is based on is a fact that there is a scale lf privacy – you can shout something to an entire world, you can tell it to colleagues, you can have a deep private discussion, and you can keep your notes to yourself..As a software is eating the world, the only way to keep this is to allow encryption – otherwise everything is open and there is no place to hide.And as we can see on wiretapping, if something is exceptionally allowed today for terrorism investigation, it will be routinely used on millions tomorrow.It is necessary to be able to have a private conversations that not even governments can hear – because if we won’t be able to have them, then there’s no emergency brake in case governments would go bad (which they do). And the checks and balances disappear if governments are allowed to conspire while people are not.

  60. Kyle Reese

    I think one of the key words in the 4th is “unreasonable.” The constitution protects Americans against unreasonable searches and seizures. If a court ordered warrant is not reasonable than what is? The importance of the word “reasonable” is also central to our judicial system where an individual must be proven guilty “beyond a reasonable doubt.” The big question someone has to answer for me then is what warrants an unreasonable search? The constitution clearly doesn’t provide us with absolute privacy.

  61. Claude Hénault

    Encryption helps protect hundreds of millions of people from quite devastating harm: identity theft, misuse of medical info by insurers, abuse of citizens in dictatorships, and many others easily imagined. This protection is provided by commercial encryption provided to people in general, almost all of whom are law-abiding. The action initiated by the FBI will put a crack in mass-market encryption that will eventually become a highway through which these honest people will be victimized by criminals and governments.Organized evildoers of all stripes will migrate to non-U.S. Encryption, or even roll-their-own. Result: only the honest majority is made vulnerable, spied upon and surveilled, to their significant personal detriment, while organized criminals of all sorts remain protected. All this because of curiosity about one dead terrorist’s phone.Babies and bath water come to mind.

  62. Simone

    Got my popcorn, read all the comments. While reading I had this nagging question – am I supposed to believe that between the time of the terrorist act and TC’s letter on 16 Feb that phone was not accessed?!Finally I clicked the link and read the Apple letter. My understanding is that Apple has provided all info required in relation to San Bernardino attack: ‘When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI’.BUT’But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.’Specifically, the FBI wants us to make a new version of the iPhone operating system’So, at least to my understanding, there is a misunderstanding that fuelled the passionate comments below. Apple HAS conformed with the requirements of this specific subpoena, but now is confronted with a subsequent, much more generic request. In conclusion, Apple’s letter seems to indicate 1) that they have already met the data disclosure detailed in the subpoena; 2) it is not clear what is the legal format of this subsequent request to build the backdoor.Related: ‘UK MPs have expressed their misgivings about Britain’s proposed new spying law in a critical report.’http://uk.businessinsider.c…

    1. Rafi Kronzon

      I don’t think it’s a misunderstanding. They have handed over the encrypted data, but not the key to unlock it, which they “don’t have”. But since they built the lock, to claim that they don’t want to build a key to unlock it because it’s “dangerous” is disingenuous. He’s too smart to think that his encryption is unbreakable. Cook, IMO, is less concerned with protecting consumers’ cat photographs than in championing a new type of protection for the consumer.

      1. Simone

        I don’t know what to think, my understanding is they decrypted/handed over data for 1 phone but FBI is now pushing the envelope to have in the future access to all phones ‘just in case’

      2. Stephen Voris

        It’s entirely possible to build an encryption system with no known back doors (whether it’s possible to build one with no actual back doors is, as I understand it, something computer science hasn’t proved one way or the other, though the evidence points to it being possible). The “dangerous” bit comes in because encryption back doors, unlike physical keys, can be stolen – or guessed – without going missing and alerting people that they have been stolen. In other words, “good luck limiting it to law enforcement”.

  63. rick gregory

    Ok, there’s a lot of “but the 4th amendment! Apple should comply with search warrants!!” stuff floating around this thread, but all of that misses the point. Yes, you probably need to comply with a search warrant on your stuff… but this ISN’T Apple’s ‘stuff’. it’s someone else’s property.They’re not being asked to surrender something they have, they’re being asked to hack into someone else’s device.

    1. Rafi Kronzon

      I’m not a lawyer, and haven’t read the decisions, but couldn’t a court could see the software and hardware encrypting the device as belonging to Apple? Apple certainly makes that clear in it’s terms of service.

      1. rick gregory

        Keep in mind, they’re not asking Apple to use a tool that Apple has. They’re asking that Apple be forced to write new software that can do what the FBI wants.I’m not a lawyer either but if I don’t own the phone and the information on it then we’ve already given up a lot legally. I’m perfectly aware that I don’t own iOS but I’d assume that I do own the information in the phone I use, i.e. that it’s my property.

  64. abn

    Just because a backdoor can be built doesn’t mean it should. Either way, people will find a way to do bad things without getting caught. The second you remove protection from encryption.. the bad guys will just do their bad stuff another way. When Harriet Tubman was sneaking slaves out of the South she was breaking the law. Imagine if the government had the tools they have today and used them against her. thermal imaging, drones etc.. Government are not always good. Blacks couldn’t vote and used a different water fountain in our very recent history.Why do we need to sacrifice our privacy for the sake of a few bad actors?

  65. ZekeV

    Tim Cook’s letter is pure PR. From what I’ve read, the iPhone is already backdoored, in the sense that Apple has a key to the firmware and can load a custom iOS that behaves in accordance with law enforcement directives. So while it’s technically true that your data is encrypted, Apple can make it relatively easy for law enforcement to guess your password to open it up, if they really want to. Very few users would have iPhone pins that are sufficiently random to resist a dedicated attempt.What’s at stake here aside from PR is just Apple trying to keep control of when and how it provides law enforcement cooperation. And to increase the perceived cost to the Feds of such a request. In a scenario where a terror attack is imminent, Apple would certainly provide assistance to law enforcement. And if we think Apple would assist, then there’s really no assurance Apple or any company can give users as to the absolute privacy of their data, except for security that is completely transparent and under control of the user (which would also be anathema to the goals of companies like Google and Apple).A similar dilemma is faced by any provider of centralized hosting, financial services, communications, and other “useful” services. The more private and convenient such things are, the more useful they are to bad guys. Certain types of services, however well-intentioned, are known to attract really unsavory activity — like, a *lot* of it (for example, e-gold in the 90s). I agree that companies cannot turn a blind eye to user behavior that is evil. This is hard to reconcile with privacy values.Part of the answer may be to design for decentralized services when we care about privacy — bitcoin instead of ACH; Tahoe-LAFS instead of AWS. Decentralized services are not really services, but rather protocols that individuals can participate in of their own free will. I don’t know why this feels different, but it does. Might have something to do with the societal corruption that comes from turning a blind eye / vs. the freedom of speech and association that are exercised in the choice of what software to run on one’s own computer.To make a physical analogy, if I sell safes, I don’t think I have a moral obligation to ensure that no one uses my safes to store evil contraband in their own basement, let’s say. But if I’m a bank or a storage locker, I do have a moral obligation not to let a drug dealer use my facilities to store coke and dirty cash. On the user side of this equation, if I use the services of a bank, I should be OK with providing AML-KYC information subject to “reasonable” safeguards against unlawful disclosure — basically, render unto Caesar, whose picture is on the bills. If not, I can avoid using banks.

    1. rick gregory

      First, that version of iOS could be created but does not exist according to Cook. Call me crazy but I’ll take his word over yours.Second, the only reason this would work is that the phone under discussion is a 5C which doesn’t have the hardware chip to encrypt things, it’s all done in software on that device (and earlier ones).Third, if they used a long alphanumeric passcode it’s probably not feasible to brute force the passcode (depending on what it is of course). Brute forcing it will work find if it’s a 4 or 6 digit numeric password. A long, random, alphanumeric code will take years to crack.

      1. ZekeV

        I did not say Apple has already written the custom iOS. I said they CAN do so. There really is no distinction between those two things, as far as privacy assurances go. If it can be done, it will be done.How long do you think it would take the NSA to crack an 8-digit password that is selected by a user who is not trained in tradecraft by a national intelligence service? This is a rhetorical question.

        1. scottythebody

          Depends on the implementation and how you can brute force it. If the private key is strongly protected in hardware and paired with another symetric key, then you’re not going to be able to brute force it. If you could bypass all that and have access to the keys and the encrypted file without any addition protections, then I’ve seen estimates as low as 6-8 hours to brute force such a password. That’s why the back doors matter.

          1. scottythebody

            And I think that’s to brute force *all* the possible combinations and not using any dictionaries or tricks to speed it up. But my memory is a bit hazy and I don’t feel like looking for the research I saw. But it’s public if you care to Google it.

          2. ZekeV

            Snowden says the NSA can do a trillion guesses a second…

          3. scottythebody

            I think the point is that, without strong key protection, the strongly-resourced can decrypt just about anything they want 😉 And even if the keys are strongly-protected, they are also good at finding (or buying) flaws in the implementations that they can utilize without having to bother about the brute force (again, argument against a back door).

    2. scottythebody

      What you say *used* to be true. After TouchID and Secure Enclave (I guess that is iPhone 5S and up, but I don’t remember .. maybe the 6), not so much.Based on my current knowledge, if you set a pass phrase on a new iPhone (6 or more alpha numerics, I use 10), then enroll some fingerprints, that phone is pretty damned secure. If the software version (as is implemented in the iPhone 5C in question) is so secure that the FBI is begging Apple to crack it, then the hardware version is totally hopeless.I’m pretty sure that with the exception of some very specialized devices, the iOS base security is by far the strongest on the market. Leaving aside, of course, the fact that once you install a million apps and visit a million web addresses you very well may end up compromised at a different layer.Heck, even iMessage is pretty damned secure. I know some of the best security people in the world, real hacker types, and they can’t crack it. But they do acknowledge that, given Apple’s control, they could introduce a key without you knowing it and start reading all your messages.

      1. ZekeV

        Interesting. Well, another possibility is that the FBI is fully capable of cracking this particular iPhone (or at least, as capable as they would be with Apple’s assistance) and merely wishes to use this case to set a precedent for future requests.

        1. scottythebody

          I agree with that. That could very well be the case. And also it explains Apple’s reaction.

    3. Simone

      That is my understanding of the letter too – PR. As well as the authorities trying to seize the opportunity. Tim C wouldn’t publicly (indirectly) defend terrorists to protect data privacy

  66. Joel Natividad

    I’m with Brandon on this… Isn’t there a technological, bullet-proof solution to ensure that the “backdoor” is only opened when a valid warrant is issued? An updated, cryptographic equivalent of the Nuclear Two-Man Rule? https://en.wikipedia.org/wi

  67. NMH

    Our government, despite best intentions, is a terrible maintainer of secrets. If the government failed to secure the OPM data then I hardly think they should be trusted with a master key nearly every mobile device on the planet. I’m less concerned about what they’ll do with the access than with what someone else will do with it when they inevitably compromise the government’s systems that secure that access.https://en.wikipedia.org/wi

  68. Mariah Lichtenstern

    I don’t believe the ends justify the means.A little declassified history on the FBI’s bright ideas: https://en.wikipedia.org/wi

  69. Jim Ritchie

    Usually not a big fan of Wired, but this article was helpful for me to get a better background on the issues. http://www.wired.com/2016/0…It is interesting that the Federal Magistrate is using the All Writs Act https://en.wikipedia.org/wi… in their attempt to force Apple to develop new software to defeat the “10 bad password then wipe phone” feature, but I suspect that this may not even be technically possible because of security hardware on this specific phone.This specific Court Order really has nothing to do with encryption per se and I believe is a government overreach on the use of the All Writs Act. I therefore support Apple in their non-compliance and to resist being forced to develop software they do not wish to create.

  70. kidehen

    We can’t invert society by dabbling with the notion of “Privacy”. Please remember, this is ultimately about our ability to calibrate our vulnerability. That right doesn’t belong to any tech company or the government of a democratic society (as exemplified by the USA).To tweak “Privacy” is to break the very essence of the kind of society the USA and many other democratic nations exemplify.Apple cannot break its Encryption at Rest modality. Basically, this is an all or nothing situation, there is no middle ground.Backdoors do not work, they are a figment of the kind of imagination that underlies (and delivers) the kinds of bugs that afflict software programs in the most catastrophic ways!This isn’t about playful hacking. This is about democratic society as we know it. Give up “Privacy” and democratic society as experienced in places such as the USA is over!Exponential curves and scale don’t apply solely to business models. They can also affect society in very profound ways.Track this thread via its Linked Data URI: http://linkeddata.uriburner… .

    1. JLM

      .Yet another argument for my staying Android?Pretty sure I saw “privacy” checking into hospice on the way over here.JLMwww.themusingsofthebigredca…

  71. Dan Conway

    zero struggle on this end. murdering terrorists lose their privacy rights when it concerns potential national security issues and/or potentially saving the lives of citizens, period.a dark take but recommended viewing on privacy and crypto: the Black Mirror episodic The Entire History of You. streaming on Netflix.

  72. Lawrence Brass

    At the core, I think the problem is only about trust. Who to trust?Do you trust a government official or contractor that can walk out of the federal building with your personal information stored in a thumb drive in his or her pocket? Will your personal information be used for a good cause? Do you have any guarantee? Really?It is a tough problem. As a system designer I would rather design prompt processing of court orders into the system instead of backdoors or flaws. In my mind, holding encryption keys on behalf of a customer or tricking them to reveal them is a flaw, and that are the type of things that authorities are trying to validate.On the consumer side of things, I think we are already fubar. Trying to protect what we already lost is a waste of time.A good article about probable Apple’s motives here: https://tidbits.com/article

    1. Rafi Kronzon

      “Trying to protect what we already lost is a waste of time.”–But you never had it. When in the history of this country (at least since the constitution was ratified), did you ever have protection from government searching and seizing your property, ostensibly with a reasonable cause?”A good article about probable Apple’s motives here:”–I agree with this article: “My opinion, without having ever talked with Tim Cook, is that this is at least partially social activism on his part. I suspect that this is an issue he cares about personally, and he has the soapbox of one of the most powerful and popular companies in the world under his feet.”I think Tim Cook is overreaching. He’s not only outside his comfort-zone legally, but he risks having public opinion turn on him. IMO, the courts need to stop him with a show of force before Google, etc. join the fray.

      1. Lawrence Brass

        I like and respect Tim Cook, and I trust him when he tells us that Apple cares about their customers’ privacy. That is one of the things I buy when I pay for Apple products.Quoting the article:”These aren’t nebulous questions from privacy activists or Apple enthusiasts. We are in the midst of fundamentally redefining the relationship between governments and citizens in the face of technological upheavals in human communications “It is a pending discussion that has to be open, informed, and public and not manipulated scaring people with BS.

        1. Rafi Kronzon

          “It is a pending discussion that has to be open, informed, and public and not manipulated scaring people with BS.”–In my opinion, this is exactly what Tim Cook is doing. Are we to believe that weakening this encryption feature (which by the way, has only been in place since iOS 8), will lead to this? In Tim Cook’s words, “The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”

          1. Lawrence Brass

            There already have been rulings against mass surveillance in the US and Europe, will the agencies comply?There is a legal vacuum that was very convenient before Snowden but it is not anymore as cryptography and security is being implemented correctly and getting harder to break. So now the agencies are asking for help.This legal and procedural vacuum has to be addressed in my opinion, so that when an agency asks for help, a company can help them on clear legal grounds and not negotiating and moving the fence back and forth.

  73. joelatone

    Not necessarily the subject of your question, but there’s a good explanation of what’s happening with Apple the the FBI and the iPhone, by Michael Vogel, here: https://www.quora.com/Why-c

  74. pr1

    This is a fun discussion but IMHO slightly divorced from the facts.First, the phone actually belonged to the SB County, not the dead terrorist, and the County has given permission to the FBI to access the phone. Accordingly, it’s not really a 4th Amendment constitutional issue in this case (although it could be in a different scenario), it’s a public policy issue. (I don’t believe the cost and effort being required of Apple are a significant issue)Second, Apple is being asked to create an iOS specific to this particular phone, identified by whatever IDs this phone vs others (sorry, not technically proficient enough to know how to describe it). And it’s not too difficult to imagine a protocol whereby the judge keeps the new iOS in a secure escrow such that it’s not otherwise available to the FBI to tinker with in a way that would make it work on other phones. Trusting that escrow to remain secure is the policy issue.Third, unless we’re assuming that the escrow is not secure and that other governments get access to it, the issue with regard to China, Russia etc is what it always is – doing business in territories controlled by unsavory regimes creates moral issues for US companies and those who live in those territories and trust US companies are always at risk.But that’s got nothing to with this case, and the need to find out if the SB shooters were in contact with others.

  75. Dave Pinsen

    I agree with Tim Cook on this one.There’s little to be gained from hacking the San Bernardino terrorists’ phones. Their motivations were obvious, and their attacks didn’t require any electronic coordination or instructions from a third party.But San Bernardino highlights the broader conflict between immigration policy and personal freedom. Put simply, the less restrictive our immigration policy is, the more intrusive our surveillance/police state needs to be.I’d rather have a more restrictive immigration policy (say, one that excludes most immigrants from terrorist hotspots such as Saudi Arabia and Pakistan) and a less intrusive surveillance state, but that’s just me.

    1. Salt Shaker

      “and their attacks didn’t require any electronic coordination or instructions from a third party.”And you know this unequivocally how?

      1. Dave Pinsen

        Because it doesn’t require any electronic coordination for a couple to drive somewhere and shoot a bunch of people.

        1. Salt Shaker

          Fair enough, but you didn’t address the second half of your statement.

          1. Dave Pinsen

            I addressed your question. If you have another one, feel free to ask.

          2. Salt Shaker

            You said they didn’t require “instructions from a third-party” as fact. My Q, respectfully, is how do you know? Are you saying cause instruction wasn’t required or necessary it didn’t occur. Bit of a leap, no?

          3. Dave Pinsen

            You said they didn’t require “instructions from a third-party” as fact. My Q, respectfully, is how do you know?I already answered this question. See above.Are you saying cause instruction wasn’t required or necessary it didn’t occur.Where did I say it didn’t occur?Bit of a leap, no?I don’t think I’m the one doing the leaping here.

          4. Salt Shaker

            I guess I’m just not good at word games, so humor me. Your words: “There’s little to be gained,” “their motivations were obvious,” as if understanding whether anyone else may (or may not) be complicit is irrelevant, the primary rationale for accessing the encrypted phone(s).

          5. Dave Pinsen

            Instead of facilitating the invasion of privacy of all iPhone users, why not wiretap the mosque these killers attended? Wouldn’t it be better to invade the privacy of a few hundred people than to open a backdoor to invading the privacy of tens of millions?But, going back in time a bit, it wouldn’t have required any special intelligence to not let in the Muslim mail order bride, or, going back further, the father of the groom, an alcoholic wife-beater/part-time truck driver. It’s not like any key industries of ours would have collapsed if we stopped letting in Pakistanis. We could have just decided not to take in immigrants from such a volatile region.It’s telling that, today, the most arguments against a moratorium on Muslim immigration are, essentially: a) It might make the Muslims already here angry and more likely to resort to terrorism; b) we can’t alienate the Muslims we need to spy on other Muslims.As for the possibility that there’s data on the iPhone that could show some mullah in Pakistan gave these two encouragement, it doesn’t seem worth opening that backdoor to find out. What would we do with that information, have a drone kill a dozen of the guy’s neighbors?Take a step back and consider what we have been doing this century:1) Welcoming hundreds of thousands of new Muslim immigrants.2) Killing tens of thousands of Muslims overseas.3) Increasing surveillance/screening of all Americans.You seem to want more of 3). I’m saying let’s have less of 1), 2), and 3).

          6. Salt Shaker

            We can learn from our mistakes, and there def were many, rather than continue to believe a system is eternally corrupt and incapable of doing what it is supposed to do. There are safeguards that can be put in place to insure privacy for the masses is maintained, such as 2, 3 or even 4-factor authentication that first requires a warrant. With respect to several of your other comments, they reek of xenophobia and violate several moral, ethical and constitutional standards that I believe makes this country the great country that it is. We unquestionably do need better/stronger immigration policies and checks, no doubt, but I respectfully don’t think we’ll be screening for “mail order brides” or “alcoholic wife beaters” anytime soon.

          7. Dave Pinsen

            Nice virtue-signaling at my expense. Seems a bit of a waste, given that you comment pseudonymously, but I hope it gave you a warm feeling of self-satisfaction.

          8. Salt Shaker

            Oh, come on, reasonable people can disagree. I remain anonymous cause I’ve been a victim of identity theft. You may think that’s a bit inconsistent w/ my position on privacy but it isn’t. I just choose to be selective in how/when I engage. The system is broken but I believe it is not beyond repair. This notion that the gov’t is our enemy or is incapable of doing anything right is a hard nut for me to swallow. Should it be trusted unconditionally? Of course not, but there has to be a fundamental belief that fuck ups can be addressed and modified in future endeavors. Eternal condemnation just doesn’t work for me.

          9. Dave Pinsen

            “Reeks with xenophobia” isn’t reasonable people disagreeing. I’m out.

          10. Salt Shaker

            Sorry, but “we could have just decided not to take in immigrants from such a volatile region” is a little harsh and extreme. I debate so it broadens my understanding of others. To each his own. Have a good day.

          11. Salt Shaker

            Your comment to me about a month ago. Honestly, I couldn’t make this shit up if I wanted to:”Your comment reminds me of the rise of the nationalist (“xenophobic”) right in Europe, in response to mass immigration there, and Ed West’s comment about it last week:Europe is like Oedipus – by trying to avoid a disastrous future, it is doing everything to make it happen.”Sounds a bit hypocritical no, but I’m pretty sure you’ll see it differently.

  76. kidehen

    We can’t invert democratic society by dabbling with the concept of privacy. Please remember, this is ultimately about our ability to calibrate our vulnerability. That right doesn’t belong to any tech company or the government of a democratic society (as exemplified by the USA).To tweak privacy is to break the very essence of the kind of society the USA and many other democratic nations exemplify.Apple cannot break its encryption-at-rest modality which is vital to privacy. Basically, this is an all or nothing situation, there is no middle ground.Backdoors do not work, they are a figment of the kind of imagination that underlies (and delivers) the kinds of bugs that afflict software programs in the most catastrophic ways!This isn’t about playful hacking. This is about democratic society as we know it. Give up “Privacy” and democratic society as experienced in places such as the USA is over!Exponential curves and scale don’t apply solely to business models. They can also affect society in very profound ways.

    1. Chris.Wronski

      It’s hard to trust someone when you know that you would lie if you stood in their shoes.The FBI wants unfettered access to everything. Not because they are bent on some Orwellian future, it just makes their jobs easier. Encryption is a thorn in their side and they will use this locked iPhone as another cudgel to try and chip away at the legal support for encryption.Look at how the Terry v. Ohio ruling has slowly been stretched over time by LE to allow a little bit more searching and then a little bit more searching and then a little bit more searching. Get a toe hold and then work it from there.I believe that this is why smart people in this country are pushing for an open public debate on the encryption topic while we still have the opportunity to influence the outcome. The court of public opinion still holds a lot of sway.

  77. Chris.Wronski

    I can’t believe that no one has cross posted the recent Schneier on Security blog post talking about all of the encryption products that are available in the marketplace. This is a great read and quite relevant if we are going to have a public discussion about this:<https: http://www.schneier.com=“” cryptography=”” archives=”” 2016=”” 02=”” a_worldwide_survey_o.html=””>

    1. Chris.Wronski

      Does not appear that the link is going to work. Not sure what is up with that.You can google search on “A Worldwide Survey of Encryption Products”. Authors: B. Schneier, K. Seidel, S. Vijayakumar

    2. SubstrateUndertow

      All your posts appear well grounded 🙂

  78. Pete Griffiths

    A backdoor is an invitation to hackers.Once they know it’s there, they WILL find it. And the consequences are unfathomable.

  79. Pete Griffiths

    There is a HUGE difference between:a) the government using the massive resources at its disposal to crack a device that has been designed to resist attacks, andb) the government forcing a company to weaken the security its devices affordI have no problem with the NSA unleashing its most talented teams on figuring out how to crack THIS iPhone to good purpose.I have huge problems with the Feds forcing Apple to weaken the security surface of its devices (past present and future) in a manner that will make them easier to crack not just for the Feds but for any other actor (including bad actors)The former does not weaken access to all devices any more than is already the case in that senior powers already have the resources to break devices and encryption if truly determined to do so. The latter opens devices to a much wider spectrum of players, many of whom may well be subject to NO legal controls or constraints.

  80. Adam Gering

    It is the eternal question of who watches the watchers. We are quickly approaching a society where ubiquitous surveillance is possible, so it’s a question that needs to be answered.Encryption proposes that preemptive ubiquitous surveillance of private data should not occur. The NSA wants encryption backdoors that facilitate mass collections and analysis of data indiscriminately — active surveillance, pre-crime — and I think it is clear to most that that should not be allowed: we can’t answer who watches the watchers, we can’t control who the watchers are, and the moral hazard is too great.So I do believe you must accept the use of strong encryption.The second issue is warrant-access to specific encrypted data, post-crime; i.e. not surveillance. That is what we are talking about in this case.There are already well known cryptographic solutions to that problem. The problem is political, not mathematical.The political problem is that whatever utilities or systems that are given to the FBI to facilitate warrant or warrant-less access to encrypted data must also be given to both the NSA and the CCP. At that point, the issue of whether a valid warrant exists or not is mute. You cross an international border? Give us your iPhone while you go through the security scanner at the airport, and all your secrets belong to us.The problem is, how can access to data be limited to *valid* *warrants*. Presently there is no international standard to validate legitimate requests for access to encrypted data.Create that, and the problem is solved. Cryptographically, this would be relatively easy. Use key-splitting of escrowed encryption keys across several jurisdictions. Example: require courts in 5 of 7 jurisdictions to each sign a warrant and allow their part of the key to be released.However, there is no political will to establish such a system. Perhaps Apple should have created such a system on their own? They have subsidiaries in many countries… they could have created their ability to comply with decryption warrants using their own standards that they could live with, and have avoided this mess.The third issue is the integrity of systems designed to protect data, communications and computation. This is, by far the greatest risk. If Apple, Microsoft, or anyone else, is forced to compromise the integrity of their core software at the requests of governments, then all is lost. This is the real fight and hand right now.

  81. daryn

    As much as I hate the idea of government “snooping”, I have to agree with you. End-to-end encryption is great for the world as a whole, but if law enforcement and intelligence agencies can prevent the bad guys from an act of terrorism or catch a criminal by intercepting communications, well, that’s hard to argue with. I don’t like “back doors”. I think there should be both an expectation and well-defined policy and practice around the internet equivalent of wire taps, that service providers support and uphold.Certainly that’s hard to enforce globally, but so is managing organized crime and terrorism.

  82. DJL

    I am late to the party. But here is my view from the world of information security. There is absolutely no good way to stop the bad guys without some type of data mining. That being said, the Government usually snoops in the wrong places and is terrible at correlation. (ISIS is posting to Facebook and Twitter before they attack.) So you need to come up with high-level “triggers” based on anonymous data. (This is easy to do.) and then find a way to drill down quickly to non-anonymous data to get the bad guys. (Much harder.) I don’t care if the Feds hack my email if they have reason to suspect I am committing a crime.Like most things – this cannot be solved by massive government legislation. You need to get IT companies (Google, Facebook, Apple) into some form of agreement with the Feds where they Feds can get the data they need and get out. This is more of a cooperative framework for allowing access than a big privacy law.

  83. dineshn72

    I’ve struggled with this topic quite a bit, perhaps as much, if not more than Fred. Here is the conclusion I have come to — I would much rather that the Govt, or rather, the people in the Govt not abuse my privacy; as opposed to worrying about drug dealers, terrorists etc going dark. Those guys are going to get their encryption sauce somewhere anyway; and if this sounds suspiciously like the argument for gun-ownership, it isn’t anywhere close. The chances of anyone abusing power based on access availability are much too high here; and that tech is pretty low bar, to be honest

  84. Simone Brunozzi

    It is a 2000 year old debate. Simply put: Quis Custodiet Custodes?

  85. Ole Jakob Thorsen

    With things like the Patriot Act in USA, this whole thing may seem a tad trivial, but in a democracy you can´t even think about compromising on citizens right to privacy. Yes, bad guys can hide information. No matter what, they will always be able to find ways to do so. On the other hand, don’t force 98% of the population to give up their right to privacy with the argument that if you haven’t done anything wrong why not give it up. A democracy that is defended by undemocratic measures is not a democracy – simple as that.

  86. vruz

    There’s no scientific case for a backdoor that opens for “the good guys” only.If you create a backdoor, the backdoor potentially opens for all “the bad guys” too.When Comey makes the case for “golden keys” that’s just plain unscientific bullshit.There’s no two opinions on this. Ask any serious computer scientist.Backdoors make people less safe. Law enforcement still have plenty of tools at their disposal, and they keep spying on every call and every email if they want.They don’t need more power, and they certainly don’t need more toys at the expense of further erosion of the rule of law.I might add that any suggestion of a “golden keys” approach is plain disingenuous, even malicious, unscientific bullshit, since Comey, President Obama, the Attorney General, the Director of National Intelligence (who has committed perjury before the Senate, by the way) all have access to the best minds in the planet who will tell them exactly the same.Find me one serious computer scientist or cryptographer who thinks otherwise and is able to prove it.Find me *** one ***.These are not good people trying to do the right thing.These are people of the belief that might mkes right, and in their delusion grandeur are now making the aphorism extensible to the idea that might makes fact.It is not so. Charlatans and fascists must be met with the fiercest resistance.

  87. Peter Van Dijck

    If you are ABSOLUTELY OPEN with your data, that’s ok and you likely don’t need end to end encryption.However, many people cannot afford to be absolutely open. And since we can’t have it both ways, we need end-to-end encryption to defend/support people that need it (against abuse, …), and therefore we need to also give it to criminals. Same way the government shouldn’t have a master key into everyone’s house, or an AI that can read everyone’s thoughts.TL;DR: we need encryption to protect the people that need it.

  88. sigmaalgebra

    For Albert’s posts: He sounds like an interesting and nice guy. But, he also sounds like he has some predispositions, parts of a belief system, part of a social contract, that for me, never outside the US except for a few short trips to Canada, look like they are from some underlying foundations of post-WWII European socialism and in fairly strong conflict with some of the corresponding underlying foundations of post-WWII US, uh, pragmatism, realism, individuality, distrust of big government, etc.Ah, right, very vague stuff, but, still, maybe the core of the issue.Affairs? Ah, come on? As I see it, affairs have two problems: (1) They stand to weaken the family which so far, with common US attitudes, is one of the main pillars of a strong society. (2) If a marriage starts off with the common vows “love, cherish, honor, for better or worse, richer or poorer, in sickness and health, forsaking all others, ’till death do we part” and then has affairs, then the vows were lies.So, the vows were supposed to be a very important, central to life, usually once in a lifetime contract which, then, with one affair, was just discarded.So, that attitude that affairs are normal or whatever, is an after the fact repudiation of a lifetime contract.Okay; okay; okay; okay; I got it: Marriage vows are just a fuzzy bunny playtime, dress up, costume party and not to be taken seriously. Okay. Got it. Some laws say no fault divorce which essentially means that those vows are meaningless. So, the vows were essentially a contract, and the laws came along later and made the contract void. Bummer.Okay, the vows don’t mean anything. I got that one. Now I will react accordingly:So, in come some darned sharp lawyers with one heck of a pre-nup that a court can enforce very strongly. E.g., no more no fault stuff.E.g., she has an affair, and then she’s out’a there, loses the wedding gifts, the house, the furnishings, the car, all but the clothes on her back, the jewelry, the credit cards, the checkbook, any part of or claim to any of the financial assets, the medical insurance, the children, rights to communicate with the children, any financial support, etc.That’s the deal; that’s what’s in the pre-nup; sign the pre-nup, and that’s the deal.Won’t sign the pre-nup? Fine. But then no way am I getting married: No making a long term commitment for a short term asset. No way.E.g., if she wants girl’s night out, okay, but then she doesn’t want a marriage with me. After girl’s night out, no sense in her coming home because the locks will be changed, the doors locked, and a process server right there handing out papers.Sorry, honey: We won’t be getting married, but don’t feel bad: Maybe I’ll still take you to dinner, say, a $1 meal carryout at McD’s.Great fillet of venison — maybe with a classic sauce Bordelaise or one based on black current jelly — with high end grape juice, ah, just La Tâche, at La Côte Basque? Nope! Not now; not even when they were still open.Look, the really good men want to build, in particular build strong families.Yes, as we learned from Daisy, “Rich girls don’t marry poor boys.”. Right, and, limiting that to smart boys, that’s just a special case of a more general result, “Smart boys don’t marry rich girls.”, either. Instead, smart boys marry poor girls. Sure, sweet, pretty, young, darling, adorable, precious, affectionate, loving, empathetic, passionate, devoted, etc. They (1) communicate openly about themselves, no deception, ulterior motives, manipulations, (2) care about him, and (3) respect and (4) respond to him. Right, (1)-(4) right out of E. Fromm, The Art of Loving, 1946. And, possibly surprisingly right out ofSid Ricketts Sumner, Tammy out of Time, 1948,and also the very close movie Tammy and the Bachelor (1957).Sure, a picture is worth lots of words:http://farm9.static.flickr….And another picture attached below.Ah, all of this will be in Girls 101 for Dummies: Boys.For the US, an implicit assumption is that, for each person, a lot of important aspects of life, emotional security, and financial security are from their membership in a strong family. Alas, for a huge number of reasons, lots of people are stuck with much less than a strong family. So, it looks like one of the goals of socialistic Europe is to have the state provide much of what the US implicitly assumes will come from a strong family but is often missing.One result, then, is that all families tend to be less strong, and that is not so good.In simple, blunt terms, with affairs, that is, adultery, then love making in the marriage doesn’t mean love, and the result is loneliness, emotional insecurity, and anxiety that the government can’t solve.For encryption, I was pleased to see Schneier and Snowden claim essentially that the NSA has yet to find a fast way to factor the product of two large prime numbers. Okay.Last time I checked, cracking classic Rivest-Shamir-Adleman (RSA) public key encryption was equivalent to such factoring. And I do trust that the best mathematicians in the world would just love to find a fast way to factor, would rush to publish, and would likely win all the available prizes, fame, tenure, a chair, at the high end research university of their choice, etc. I doubt that the NSA can compete with that. So, until read in the NYT that some mathematician just won, say, the Abel Prize for fast factoring, RSA remains safe.And the math behind RSA is rock solid, crystal clear, and as available as pizza. And similarly for the corresponding open source code, or just write your own.Last time I checked, mostly just need Fermat’s little theorem.The RSA math is basically some number theory, that is, abstract algebra. In my math education, I was interested in analysis and classic applied math, not algebra, but I did more algebra than I wanted — e.g., wrote my honors paper on group representation theory. Last time I looked, Fermat’s little theorem was easy.Then, one set of laws governments can’t fool with are the laws of mathematics. Maybe this is good or bad, but it’s a fact of life.There’s another way to stop terrorists such as in San Bernardino: Enforce the immigration laws on the books, apply common sense, and make good use of the NSA, CIA, FBI, etc.Yes, some wacko criminal uses a gun to commit murder, and some politicians rush to keep honest citizens from having guns. Yes, some radical Islamic terrorists kill a lot of people, and some politicians want to clobber the privacy of honest citizens. Bummer. How ’bout going after the criminals and the terrorists, at least first?

  89. Rafi Kronzon

    Does anyone else find it puzzling to see the public reaction of Tim Cook’s stance? It’s as if the left and the right have done a complete flip.On the left, you have massive support behind Bernie Sanders and Hillary Clinton to break up the banks, and tighten regulation and oversight. Can you imagine a letter from JP Morgan claiming that it doesn’t want to hand over records of overseas money transfers to the government because they care about protecting their consumers? The left wouldn’t trust the corporation, and want the government to oversee everything. The right would support JP Morgan, explaining that they’re looking out for consumers.Then you have encryption. The left is rushing to the defense of Tim Cook, fearing too much government control, spying over its citizens, and loss of our liberty and freedom. Some of the arguments I hear from the left on encryption are very similar to the right’s arguments about guns. Fear that requiring licenses, background checks, and gun tracking will lead the government to take all our guns away. Meanwhile the right is telling us that the government is trying to protect us, and in Donald Trump’s words, “Who do they think they are?”.Do the left and the right think that Apple is different than JP Morgan? They are both public companies that answer to their shareholders with the express purpose of making money. The fact that we trust either more than our government is the scariest thing about this entire discussion.

    1. creative group

      Logic will either make a person smarter and comply or resistant and double down on being dumb.

  90. Deyson

    In these situations it may be best to look at history. Have there been politicians or governments that have abused their power and taken advantage of their people’s right?Sometimes if we ask what is the worst that can happen we can look at history to see what possible outcomes may be and are we willing to live with the consequences.Even though technology has changed there has always been some new technology that caused these kind of debates and fears.We have to be careful of fear as many times we have fallen victim to unintended consequences.

  91. Guy Hargreaves

    This should be an extension of the 5th Amendment. If I’m hiding evidence I have no compulsion to tell anyone where it is. Apple has conveniently embedded a hiding place in my iPhone. If forced to remove this hiding place will I be able to put an end to end encryption app on my phone myself should I choose? If not that would be akin to forcing me to give the government a key to my private safe. It’s bs and Apple should fight it all the way to SCOTUS, which is right now in flux itself!

  92. Pete Griffiths

    Does anyone understand how Apple is supposed to conform to the terms of the order?The objectives are clear enough but the means aren’t. They are supposed to provide a piece of software that enables the feds to override auto erase and try lots of PINS fast until they crack the phone BUT they are supposed to do this without (a) altering iOS (b) altering system data, and (c) altering user data. How the heck is this possible?

  93. Hcharlanes

    Btw, all you investments in Blockchain/Bitcoin technologies would be suffer a lot from this. If backdoors exist in a hardware, no need to built a secure, with no third party distributed system like this.

  94. Tom Labus

    Time frame for Apple’s responsehttp://www.bloomberg.com/ne…

  95. reinharden

    Not to be terribly pedantic but when Tim Cook says “we believe the contents of your iPhone are none of our business” he’s talking about “none of Apple’s business”.To essentially change that “our” to “We the People” is clearly changing the context of the quote.Protection of private property is a fundamental right. Data is personal property. Citizens should be allowed to protect it.Politics aside, the American government’s attempts to limit encryption have been short-sighted for decades and in the long run all it will achieve is moving what are currently American jobs to other countries.

  96. Nick Triantos

    Take a look at what’s been in the news today regarding P2P software installed in security cameras, routers, and other IoT devices. Several have been found to send data to specific addresses in China (see http://krebsonsecurity.com/…. TPLink is apparently now being ordered to not allow open source firmware to run on their routers, which nearly guarantees that some number of million people will have their data exposed to people who can exploit bugs in those devices.We need to recognize, as so many others in these threads have pointed out, that ANY security holes that remain for government officials to read encrypted data can similarly be exploited by hackers for malicious purposes. 30 years ago, it would have been Hard with a capital H for “the bad guys” (the USSR at the time) to sniff traffic on US-domestic phone conversations). Now, hackers and other bad actors can do so with almost no effort, from the comfort of their homes halfway around the world.All data should be encrypted in a world where hackers and normal people are permanently connected.

  97. Ramon Hoyos

    I believe the solution is to give back the data to their owners (who are for me the individuals or organisations that produce it). Ownership comes also with responsibility, and possibility to limit (by law) the rights attached to the data. If you want it would be like owning a house. The police- or anyone else- cannot break legally into your house unless they have 1) a fact based reason 2) followed the proper procedure. Off course that would mean that the business model of a lot of tech companies (that “grab” the data but do not want to be held responsible) would need to be redefined: I would speculate that there will be a contractual relationship between lets say a Facebook user and FB that will let FB use the data in exchange for holding it (it would also mean that FB is able to transfer the data to competing networks at user’s request) . It means also that unless there is international cooperation to agree on a set of laws data based companies would have to localise their operations in order not to subject their “clients” to a legislation that they don’t know. Geographic data hosting could become the futur equivalent of tax heavens…

  98. johndodds

    I’m late to this discussion and lacking in domain knowledge, but have been told that the request does not actually require Apple to provide a backdoor through encryption, but rather is seeking their help in making a speciifc password vulnerable to brute force attack.Can anybody tell me if this is a valid distinction?

  99. KH

    For me, the answer is very easy and applies to everything regarding security, NSA, CIA and it is this quote von Ben Franklin: “Those who would give up essential Liberty to purchase a little temporary Safety, deserve neither Liberty nor Safety”

  100. Inna Raykhman

    i think Albert’s stance and Apple’s decision are not polar opposites. If i understand correctly, your partner proposes a way of thinking/being, which i agree with, nothing private will stay so forever.On the other hand, may be because i grew up in Soviet Union, i agree with Apple’s decision wholeheartedly. Most people on the whole are neither all bad, nor all good, but a bit of both. And we, personally and publicly, must build safeguards to not let the evil get out of hand, to keep it in check, to cultivate the good.

  101. Tom

    Safe manufacturers design safes that are designed so that the contents are destroyed if they are broken in to.Isn’t this the same thing? Should safe manufacturers be hauled before the courts unless they can stand up a bunch of safe crackers?The model of Iphone in question is physically hackable as its accredited to FIPS 140-2.I.e. the Federal government have assessed it and decided it is quite safe but not that safe. If they really wanted to, they could take the time to physically break in to the the hardware security module and retrieve the encryption keys.

  102. JLM

    .Well the IRS used its powers v the Tea Party, right?JLMwww.themusingsofthebigredca…

  103. JLM

    .No, I would not like to ever be in the company of the Clinton’s.If I shook their hands — which would require a court order — I would quickly count my fingers to ensure I had gotten them all back.Grifters. Poseurs. Trashy.By the way, look up who their daughter is married to to get an idea how deep the graft runs.JLMwww.themusingsofthebigredca…

  104. JLM

    .Dig deeper and see who Eddy’s Daddy is, Andrew.JLMwww.themusingsofthebigredca…

  105. scottythebody

    It’s a very valid point you make, Mr Crystle. But to me, it’s even scarier to think of the non governmental entities who will use the tools without authorization (i.e. attackers) and the fact that mandating such back doors would literally kill the entire US “smart device” industry abroad.

  106. JLM

    .His Dad is a huge, big time grifter who spent a little time in the Club Fed as you so accurately note.What does that tell us?The Clintons are just fine in the company of one generation removed criminals?JLMwww.themusingsofthebigredca…

  107. JLM

    The 4th in all of its naked glory.”The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”Pretty clear that the word “effects” casts a long enough shadow legally to cover even toe nail fungus.JLMwww.themusingsofthebigredca…

  108. JLM

    .What’s really scary is that the MSM has never reported on this while Chelsea is getting paid $1MM per year by whom? The MSM?The world is becoming one big con.JLMwww.themusingsofthebigredca…

  109. JLM

    .First, Andrew, what is your hourly rate?Snipers move in minute, small movements sometimes taking a day to cover 300 yards.”Effects” covers everything. Legally.JLMwww.themusingsofthebigredca…

  110. SubstrateUndertow

    up voted for the very funny “toe nail fungus” reference 🙂

  111. creative group

    What JLM forgot to tell you was how the exclusionary rule applies.(generally anything seized during an illegal search cannot be used as evidence in court.) Usually seasoned law enforcement, especially the FBI will state the evidence was in plain view to overcome that protective rule for citizens of the United States.Also he didn’t inform you of the Seek and Peak Warrant without your consent or knowledge of a law enforcement search.(A sneak and peek search warrant (officially called a Delayed Notice Warrant and also called a covert entry search warrant or a surreptitious entry search warrant) is a search warrant authorizing the law enforcement officers executing it to effect physical entry into private premises without the owner’s or the occupant’s permission or knowledge and to clandestinely search the premises; usually, such entry requires a stealthy breaking and entering.)Now you know the rest of the story. (Paul Harvey, Goodbye)The education in exercising your 4th Amendment Rights:https://www.flexyourrights….

  112. Lawrence Brass

    Nice hat!

  113. JLM

    .I was with you until the “virgins” cause it is so damn hard to find a virgin even in the Virgin Islands.Never bullshit a bullshitter?JLMwww.themusingsofthebigredca…

  114. JLM

    .You have to be sensitive these days not wanting to create a micro-aggression and say anything directly. So a ?????????????????? conveys a certain gentle softness that is not as offensive.JLMwww.themusingsofthebigredcar.com

  115. JLM

    .The guy was a Democrat Congressman. All one needs to know.You don’t think the MSM is in the pocket of the Democratic party?JLMwww.themusingsofthebigredca…

  116. JLM

    .JLM didn’t forget anything. Wait a second, maybe he did. Nah, he didn’t.The exclusionary rule defense is almost never won because law enforcement tags on “and other shit involved with such and such” as part of the savings clause for a warrant. And, yes, they say that everything was in plain sight.A Delayed Notice Warrant is only used when there is some extenuating circumstance such as an ongoing investigation that would be compromised if the search was known to have happened.It is also used in conjunction with the permission to install surveillance video or audio gear. If you’re going to be in there, you might as well take a look around, no?Interestingly enough both the NSA and the FBI can use your own computer camera to see and hear you. That was a pre-Snowden secret of some considerable importance that he compromised.Neither of these details are really in play here.JLMwww.themusingsofthebigredca…

  117. creative group

    JLM;conducting a thought provoking interaction, dialogue or forms of communication with you is similar to a Psychiatrist taking the medication that he prescribed for his patient. It appears therapy sessions have been abandoned. Didn’t think you were serious but now it is apparent you don’t realize your pants are at your ankles. (No wait, you intentionally left them there)

  118. JLM

    .Creative Group (I don’t think you’re actually a group) –I have no idea what you’re talking about. I am very uncomfortable with your characterization as to the location of my pants (which I can assure you are exactly where they are supposed to be).It feels very awkward and, frankly, a macro-aggression rather than a micro-aggression. Wanders into gender confused but I may be reading too much into it.I suggest we both retreat to our safe places (which for me will be Green Mesquite BBQ on S Lamar across from the H2O Hand Carwash).Now, start behaving yourself and stop fixating on the location of my pants, you creep.Tongue. Cheek.And the assembled masses all said, “Amen.”JLMwww.themusingsofthebigredca…