I'm staying with a friend who is is retired LEO, and he strongly believes Apple should/must comply. He wants big jail time if they don't.

He thinks a it's a matter of safety because terrorists. 14 people were killed, therefore the ends justify the means as you say.

We got into it the other night, and I think the case boils down to if we should be allowed to have secrets from the - secrets the government can never unlock, no matter what. he feels strongly that we should not be permitted to do so, because when a legal warrant is written, the government must have access to everything.

He also doesn't believe the Snowden leaks, and thinks that when it comes to the pursuit of justice, the government should be trusted with everything.

> He also doesn't believe the Snowden leaks, and thinks that when it comes to the pursuit of justice, the government should be trusted with everything.

Not believing the Snowden leaks is akin to denying the Holocaust IMO.

It's completley delusional to reject the validity of empirical evidence on the basis that it does not align with your preferred political narrative.

> Not believing the Snowden leaks is akin to denying the Holocaust IMO.

The parent's wording may have been off. My parsing of "He also doesn't believe the Snowden leaks" inferred a missing "were justified".

Then again, I could see a few different interpretations. We need a clarifying phrase after "doesn't believe the Snowden leaks", like "doesn't believe the Snowden leaks were justified" or "doesn't believe the Snowden leaks tell the whole story". One parsing is "doesn't believe the Snowden leaks are legitimate and authentic".

To clarify:

He doesn't believe that what Snowden leaked is true.

He doesn't believe the NSA is recording internet traffic / phone calls etc.

He doesn't believe multiple global intelligence agencies are working together to gather as much information as physically possible.

In short, he doesn't believe the NSA, etc. are doing the things Snowden said they're doing.

(Yes, I showed him the classified slides, he still doesn't believe it's true)

I'm not sure where you can justify inferring that extra information. From what you've described, the context simply doesn't exist outside of your mind.

A case I heard recently is that if a undercover CIA operative was captured in e.g. China (with an iPhone), should Apple be compelled to break the security if demanded by the Chinese government?

Compelled by whom?

Setting aside patriotism, seems like that's a choice between the less painful of the consequences of a) non compliance set by the Chinese government vs b) the cost of _compliance_ set by the US government.

EDIT: Also, why would the CIA ever entrust their communications and data to a format/device that could be cracked by a commercial entity that could be subject to the above scenario?

I think people would argue that since Apple is not a Chinese company they'd be ok with Apple ignoring the request.

I'm sure Apple could just set up its iPhone production lines somewhere else in no time at all, right?

Ask your friend how that's any better or safer than what the East German Republic did to its people under the Stasi. If he tries to dodge then I'm gonna say he's not much of a friend. When it comes to protecting the rights of others which includes their privacy I would probably have cut that person off day one. I'm a bit of an extremist to be sure, but some things are more precious than a friend and freedom, IMO, is one of them.

Thanks for writing -

The 'legal warrants' part that you said is interesting. I'm not sure I'd heard that thought clearly articulated. The idea that when a legal warrant is issued the Gov't should have access to everything. Something to consider.

OK - thanks for the input!

This is not really a new issue though. If a guy has a safe in his house and the cops get a warrant to search his house, they'll ask him what the code to the safe is. At that point he can tell them, or tell them he doesn't know and got it at a yard sale and was hoping to crack it one day. Of course I guess they could just take a diamond cutter to it at point. Can't really do that with software (barring quantum computers).

I don't believe the government should be able to conscript a company to create something that doesn't exist.

That said, I do think that people on the Apple side are being insanely hyperbolic. The x-tries feature is at best security through obscurity. In my mind, this really isn't different from having a feature on your desktop's operating system that deletes data after x-tries. It is not a "backdoor" or "breaking encryption" to remove the drive and plug it into a powerful computer that attempts to crack the password.

They aren't asking for encryption to be weakened or a master key to be created. If the key is bruteforcable and the only thing that prevents it an arbitrary limit from the OS, I don't really consider removing that arbitrary limit to be weakening the encryption.

The entire point of encryption is that you are protected by math and nothing else. The only time that protection can be undermined is BEFORE encryption happens. In my opinion, any changes to the algorithm or environment AFTER encryption are completely fair game.

If the government goes further and attempts to undermine that protection, I think that's cheating. If all the government is asking is for a change to the environment, I don't see how that qualifies for any of the words Apple is using ("backdoor", "master key", ...) - their security depends on obscurity and I guess the question becomes whether the government can compel them to shed light onto that obscurity.

Apple can't do anything about the fundamentals of math, it's still on the government to crack the password and for users to have strong passwords. A key principle of crypto is open algorithms, the only secret should be the key. As long as no effort is made to undermine those keys or the access to encryption, I think anything is fair game if you have physical, court ordered access.

If you want the hard sell, watch Charlie Rose's interview last Friday with Cyrus Vance, the Manhattan district attorney, and Jon Miller, the NYPD's head of counterterrorism [0].

You will hear a lot of ugly words and phrases like "terrorist," "rape," and "child pornography," as well as a lot of pleasant ones like "protection," "safety," "democracy," and "the American public." You will hear an argument that iOS 7's security model was great, and that Apple is challenging the U.S. government as a marketing pitch to foreigners.

You will not hear much that sounds like the sort of thing people say on Hacker News.

0. http://www.pbs.org/video/2365672280/

Ha - thanks. :) I'll watch it. But I'm specifically asking here because I'm trying to understand and learn from the rational arguments. There's never a challenge finding inflammatory or disingenuous ones, and there's not much to learn from them either (on either side of most topics - not unique to this one).

I do not agree with this line of reasoning, and personally find it ridiculous that the court can compel companies to subvert their own novel systems for government use (e.g. require access to suspects' OnStar), but:

This seems, to me, to be similar to CALEA[1] requirements that compel telco companies to implement infrastructure that allows wiretapping. I do not have firsthand experience, but on the face of it telcos are specifically forbidden under CALEA to implement devices or technology in their infrastructure that could prevent "lawful intercept" from occurring. This particular instance does not seem to have a CALEA justification, but that may be a temporary problem.

I think that they are setting themselves up for a win/win scenario and may not be concerned with the legal footing being ironclad. If they win, great. Otherwise, fighting for and losing this case is the stepping stone to going to congress to get a CALEA analog for US companies making communications devices.

[1]: https://en.wikipedia.org/wiki/Communications_Assistance_for_...

VERY interesting. Thanks for posting. I wasn't familiar with CALEA.

For clarity, a CALEA type approach wouldn't compel a company to ACTIVELY subvert their own systems (as in Apple creating new tools for the Gov't to achieve that end under All Writs).

Instead, CALEA would force companies to create LESS secure systems from the start which could then be subverted passively (no All Writs component) on request to allow for "lawful intercept". Is that a fair characterization?

But in sum, a legal argument based on CALEA. Makes sense. Thanks-

The whole point of NSLs is to have the same level as CALEA, but not publicly. Apple is requiring the FBI to lay down its cards and submit them to public examination, rather than act in secret, which is a progress for democracy in US.

I say US, because I don't see any mention of foreign countries about either the iPhone 5 or the Secure Enclave. Apple is probably legally required to spy on foreign nationals, isn't it?

For me, it boils down to the fact that I don't understand why Apple would not have the ability to restrict this exploited version of iOS to only run on the device in question. That's the entire point of code signing. They could have the OS refuse to execute on anything other than that specific device, and the FBI can't modify it without invalidating the code signature. The FBI could post the code on Facebook and it wouldn't make any difference, nobody would be able to use it.

With that in mind I find it ridiculous that Apple is refusing.

If the FBI was asking them to leave a vulnerability open in all versions of iOS that only the FBI could access, then I would have a huge problem with that. Apple seems to want everyone to think that's what is going on, but it's not. The FBI is asking Apple to exploit a vulnerability that already exists in an older operating system.

If Apple cared so much about user security then that vulnerability wouldn't have been there in the first place.