Apple Engineering VP: The FBI Wants Us To Make Everyone Less Safe
from the that's-a-problem dept
As so many have tried to frame the Apple v. FBI fight as one of “privacy v. security,” the fact is that it’s really about security v. security, where it really comes down to what are you more afraid of: the off-chance that someone will secretly plan a terrorist attack on an encrypted iPhone, or the much more likely issue with millions of phones being stolen or hacked into by criminals looking to swipe your private information. Apple’s VP of software engineering, Craig Federighi, had now taken to the pages of the Washington Post to try to highlight this issue, and explain that the FBI and DOJ are really trying to make everyone a lot less safe.
But the threat to our personal information is just the tip of the iceberg. Your phone is more than a personal device. In today?s mobile, networked world, it?s part of the security perimeter that protects your family and co-workers. Our nation?s vital infrastructure — such as power grids and transportation hubs — becomes more vulnerable when individual devices get hacked. Criminals and terrorists who want to infiltrate systems and disrupt sensitive networks may start their attacks through access to just one person?s smartphone.
And he also has a good response to those, like Manhattan DA Cyrus Vance, who insist that they just want Apple “to go back” to the way they had security on phones prior to iOS 8. In other words, make everyone less secure. Their argument is that if that was okay a few years ago, why isn’t it okay now. And the answer is that security holes are found over time and they make systems less and less secure. So taking a step back is not just like going back a couple of years, but much, much worse, because now lots of people know how to get past the security features:
Of course, despite our best efforts, nothing is 100 percent secure. Humans are fallible. Our engineers write millions of lines of code, and even the very best can make mistakes. A mistake can become a point of weakness, something for attackers to exploit. Identifying and fixing those problems are critical parts of our mission to keep customers safe. Doing anything to hamper that mission would be a serious mistake.
That?s why it?s so disappointing that the FBI, Justice Department and others in law enforcement are pressing us to turn back the clock to a less-secure time and less-secure technologies. They have suggested that the safeguards of iOS 7 were good enough and that we should simply go back to the security standards of 2013. But the security of iOS 7, while cutting-edge at the time, has since been breached by hackers. What?s worse, some of their methods have been productized and are now available for sale to attackers who are less skilled but often more malicious.
And, as he notes, the FBI’s demands in the San Bernardino case are akin to doing the same thing to the security of iOS 8: creating a vulnerability that will almost certainly “spread around the world in the blink of an eye.” It’s a good, straightforward piece explaining why the FBI and DOJ’s demands are so dangerous here.
Filed Under: craig federighi, encryption, protection, security
Companies: apple
Comments on “Apple Engineering VP: The FBI Wants Us To Make Everyone Less Safe”
The chances of weakened security leading to attacks being prevented is approximately zero squared, while the chances of innocent people suffering from identity theft, bank details theft etc is one hundred percent. Why would the FBI not like this situation, as it would give them more crimes to investigate.
Re: Re:
Don’t believe the hype. Apple has gone over the top on this and they are lying to you outright.
The FBI has not asked Apple to roll out an new OS for everyone. They haven’t told them to put a back door on every phone. They are asking for a single device to be made more accessible.
The latest overhype from apple is (and I am not kidding) that the FBI wants them to turn on cameras and microphones so they can film and listen to you. Really.
Apple has pretty much turned to a turd on this one. They are outrightly being dishonest. Fuck Apple, seriously (and I don’t say that often).
Re: Re: Re:
The latest overhype from apple is (and I am not kidding) that the FBI wants them to turn on cameras and microphones so they can film and listen to you. Really.
(Like you wouldn’t if you could?Think of all the pirates you could catch, right?)
so, whats is your pin number?
{if this goes thru,I bet I can get Your pin within 6 months of it happening…}
Re: Re: Re: Re:
My pin number? Sorry, I don’t use Apple products. My phone is just swipe to unlock, because I don’t keep anything of value on it. Steal my phone and congrats, you got a well used Android phone and at best access to a dead end gmail account.
Re: Re: Re:2 Re:
Hmm…
How about your contact list? Browser cookies? Default names to ‘harmless’ apps?
How much are you willing to bet that I can’t social-engineer that dead gmail account back open, and go on from there?
That IS, after all, what you ARE betting.
Re: Re: Re:2 Re:
A dead end gmail account? Why, what would you possibly have to hide, you fine upstanding model citizen?
Re: Re: Re:3 Re:
Nothing to hide – but I am smart enough not to give away too much either. I don’t have to have a big flag on my backpack telling everyone who I am and where I am going.
It’s my choice, nothing more.
“How about your contact list? Browser cookies? Default names to ‘harmless’ apps?”
Actually, my contact list is quite short on my phone, I usually just dial from memory the people I need to reach. I delete the log every so often as well. No doubt if you put a ton of effort into it, you might find a few slivers. The point isn’t to make it absolutely empty, it’s just to make it more than a little challenging for marketing types to try to connect me from one to the other.
You certainly wouldn’t find any banking, credit card, or other information on my phone. Why would anyone want to carry that information with them all the time in something that is easily stolen?
Re: Re: Re:4 Re:
So because you have no problem with the FBI wanting access to your phone you believe everyone should do the same. What a surprise.
Re: Re: Re:
Re: Re: Re: Re:
“The FBI is asking for the entire ecosystem of iPhone devices, now and in the future, to be vulnerable to a process by which critical security mechanisms on the device can be circumvented.”
Correctish, but not really entirely true at all. You left out the part where the phone would have to be in their possession, that they wouldn’t just roll it out remotely on random phones, etc. This is all the hype Apple is pushing, that the FBI will suddenly be able to hack your phone, turn on your camera, and catch you humping a dead moose (or whatever it is) and use it against you.
“Sure. But don’t let that set a terrible precedent that will fuck the rest of us, seriously.”
I don’t think there is any terrible precedent here. Apple isn’t being asked to make all devices less secure. They are not being asked to make it so any hacker can access your phone. They are not being asked to install a backdoor. If your pincode is 8 to 10 characters long, this OS patch (it’s not a full OS, it’s a patch to remove 2 security hacks in place to make up for insanely short pincodes) won’t change anything. The police could take your phone, apply the patch, and spend then next decade trying to get into your device. A backdoor would be “push button, and you are in”. Nobody is asking Apple to do that, or any of the other scary things they are invoking.
Apple really is overdoing it.
As a side note, how long do you think it will be before Apple faces a serious tax crackdown in the US? Weeks? Days? I can’t help but think that the FBI will be putting pressure on in any way they can to get this job done.
Re: Re: Re:2 Re:
There is a terrible precedent here, the one of forcing a software company to sign software and update devices at a governments command. That gives governments the ability to take control of any device using software from any company that they can coerce in this way.
Re: Re: Re:2 Re:
Ah the ignorance. Either that or you are an asshole. I’d love to insult your intelligence but I’ll go with asshole.
This has been explained in great detail already. The precedent is even worse than anything else (and I’m including loss of trust and all the forensic process there). If it can be forced on Apple it can be forced on anybody. That’s horrifying.
Besides, it has been clearly discussed that this code will leak putting millions at risk.
So you are full of bullshit. It has been pointed out already but it doesn’t hurt to keep it visible.
As a side note, how long do you think it will be before Apple faces a serious tax crackdown in the US? Weeks? Days? I can’t help but think that the FBI will be putting pressure on in any way they can to get this job done.
Ah the despotic, totalitarian way. Not that we haven’t seen the US using the Govt might to screw people in the past, no? You can see it and yet you fail to see how allowing the FBI to have their way and establishing a precedent is incredibly dangerous. Oh wait, you can. It’s just you being an asshole.
Re: Re: Re:2 Re:
They are not being asked to install a backdoor.
And if you say it just a few MORE times, THEN it’ll suddenly be true.
Idiot.
As a side note, how long do you think it will be before Apple faces a serious tax crackdown in the US? Weeks?
And assuming that’s true, who should we fear more? Apple for not unlocking the phone, or the FBI?
I assume you’re fine with living in a police state, where your refusal to cooperate is met with coercion.
It amazes me that you’re still here arguing FOR the DOJ/FBI after a comment like that.
Just fuck off. Really.
Re: Re: Re:
“Apple has gone over the top on this and they are lying to you outright.”
Feel free to offer any proof of that. In the mean time ignore Apple and listen to the countless security experts and other tech companies who have explained in great detail why this is such a bad idea. Let’s hear you try to refute all of their claims as well.
“The FBI has not asked Apple to roll out an new OS for everyone. They haven’t told them to put a back door on every phone. They are asking for a single device to be made more accessible.”
It’s extraordinary that anyone would still be trotting out the “just one phone” line at this point. That one has been so well and truly debunked that even law enforcement has stopped claiming that.
Re: Re: Re: Re:
“Feel free to offer any proof of that. In the mean time ignore Apple and listen to the countless security experts and other tech companies who have explained in great detail why this is such a bad idea. Let’s hear you try to refute all of their claims as well.”
The trick is that they are not talking about the same things, they are intentionally talking about something that just isn’t in the cards on this case: Rolling out a less secure OS to every iphone in the world.
See, the problem is they are correct and honest if you take the assumption that FBiOS would be rolled out to everyone phone in the world. It will not (Apple controls the universe). So the scare factor they are rolling out is about something that does not exist.
So it’s hard to argue their points, because their points exist in something that isn’t happening. Apple has gotten plenty of people to discuss a weird world where somehow everyone ends up with the OS patch made for a single phone, applied under Apple’s update control. The only way it gets out and APPLIED in the wild is if Apple does so.
Even with the patch (which would only disable 10 tries max and lockout “features”), you would still have to brute force the pincode. At 8 digits or longer, the amount of time required to do that would be beyond any reasonable expectation.
You also have to remember that any file decryption requires the physical device. Downloading the encrypted data and trying to decode it won’t work, you need their security chip to provide the rest of the method to decrypt the data. So the patch would have to be on the phone and then a pincode brute force system run against the phone for, oh, MONTHS to try to get in.
“It’s extraordinary that anyone would still be trotting out the “just one phone” line at this point. That one has been so well and truly debunked that even law enforcement has stopped claiming that.”
Yet it is just for one phone – to start with. Moreover, even if expanded out, it’s a phone at a time, not a global patch for all iphones – which is the scary universe Apple is trying to paint.
Can you show any indication that Apple will be forced to roll out an update that makes all phones significantly less secure than they already are to all phones in the US (or world) as a result of the FBI warrant?
I don’t think you can.
Re: Re: Re:2 Re:
“See, the problem is they are correct and honest if you take the assumption that FBiOS would be rolled out to everyone phone in the world. It will not (Apple controls the universe). So the scare factor they are rolling out is about something that does not exist.”
Nobody credible has claimed that. Your entire argument is based on a gross falsehood. What a waste of your time…
Re: Re: Re:2 Re:
“Can you show any indication that Apple will be forced to roll out an update that makes all phones significantly less secure than they already are to all phones in the US (or world) as a result of the FBI warrant?”
The simple fact that they “can” role out an update that makes your phone less secure, makes your phone less secure. If they want to keep the people’s trust, they need to make it so nobody can crack the phone, especially Apple.
The judge was asking that they make the tool, then destroy the tool.. that’s all well and good, but just Manhattan has over 150 phones sitting in evidence because they are locked. There could potentially be thousands of phones sitting in evidence waiting for a ruling just like this. What? Apple is going to create “thousands” of single use operating systems to crack all these phones? That would take a hundred years of manpower to do. The next argument is, the government will pay for it. That’s bullshit. Once the cost becomes prohibitive, the Gov will get the courts to make Apple do it on their own dime, or create a permanent hole so they don’t have to keep creating one use operating systems.
Apple has thought this whole thing through. There are billions of dollars and thousands of jobs wrapped around this ruling. I appreciate your enthusiasm for our justice system, and disdain for major corporations walking all over it, but in this case the government needs to come up with a crack themselves, or just understand that some phones will be inaccessible.
Re: Re: Re:2 Re:
Sorry, it took some time fit me to connect the dpots and understand where you’re… well either wrong or deliberately misleading.
“The trick is that they are not talking about the same things, they are intentionally talking about something that just isn’t in the cards on this case: Rolling out a less secure OS to every iphone in the world.”
They are talking about the same thing.
You pretend that the demand from the FBI is only on one phone, not all of them. That’s – only technically – true, but you try to explain that means only this one phone will be compromised. Every other phone will be safe.
That’s wrong because enabling the FBI this very power that has been explicitly denied earlier by the Congress opens several security holes as has been described in several articles before. (That you have commented on, so don’t pretend they don’t exist.)
You’re saying is just about this one phone that the FBI has in custody, brushing aside all the risks: leak of the software that could be used on stolen phones, risk of other governments making the exact same request, risk of the US authorities requesting broader changes, risk of people denying updates, etc.
“Weakening security on all phones” is not about “deploying a voluntary security breach on all phones”. It’s setting a while unsecured and untrusted environment in a domain that needs trust and innovation.
I’m still not sure if you’re mistaken or outright lying, but
I’m definitely annoyed that you still battle on those irrelevant technicalities.
Re: Re: Re:
The FBI has been a huge bully and flagrantly dishonest at almost every step of this case.
You say fuck Apple? I say fuck you.
Re: Re: Re:
The flaw in your logic is that that single phone is identical to thousands — possibly millions — of other phones, in every way except the PIN.
A backdoor that works on just that iPhone will also work on every iPhone of that model running that iOS version.
It’s not hype or overhype, it’s simply the truth.
Re: A long post about why!
The weakened security will make everyone less safe. In addition to information theft, like identity theft and bank details theft, there is planting of false information, tracking each family member, doing nasty things with “internet of things”(like unlocking doors, getting passwords, turn on or off the heat), doing nasty things with app controlled equipment like modern cars (like report it stolen so the user isn’t able to drive anywhere, or draining the battery), and so on.
The disabled security would also be god sent for terrorists. If emergency calls is routed to fake responders it would make havoc on the police’s ability to respond. It would also make it much easier to get access to places they shouldn’t be allowed in. Both in homes and in sensitive areas.
I disagree though, when it comes to why. There is no lack of very serious crimes in USA, that the FBI does not bother to investigate. One such overlooked crime is rape, where there is hundreds of thousands of rape kits that isn’t even analyzed. If you count every women in USA from newborn to geriatric centenarians, there is still more than unanalyzed rape kit / 1000 women!
A large number of these is done by serial rapists.
But both the local police and FBI have a disdain for victims. Being a victim is week. It is considered “emotionally stressful”, for the police, to talk to the victim and investigate. And because of the disdain for victims, 500 to 1500 dollars to analyze a kit is “not worth it”. There is an absurd number of rapes that isn’t reported to the police.
There is a significant segment of the police that view the public as potentially dangerous. When the police train for how to handle possibly armed citizens/criminals, the citizen/criminal tend to suddenly try to shoot. This makes to little emphasis on how to handle unarmed and not dangerous suspicious looking citizens, and the police is often not mentally well equipped to handle this and is too aggressive. This causes actual harm and unnecessary friction. Frequent assassinations by a few police officers makes this worse for all police officers (and for the citizens).
This makes the police want to force it their way. It also makes it want to force themselves into the citizens phones, as every citizen is a potential enemy.
Having a armed car in the garage and brandishing guns and forcing their will is also better at inflating the ego than doing tedious work.
Re: Re: A long post about why!
Should be:
If you count every women in USA from newborn to geriatric centenarians, there is still more than one unanalyzed rape kit / 1000 women!
Re: Re: A long post about why!
Except, again, you are falling for the hype. The FBI has not asked for Apple to roll out diminished security on all phones.
Once you grok and handle that basic idea, you start to realize that Apple is hyping this to the very ends of the earth.
Want your device to be secure? Use a longer pincode. 10 digits (like a phone number) would be more than enough.
Don’t buy into Apple’s lies. They are on the attack and they are trying very hard to mislead the public, all I suspect to avoid admitting that their entire security and encryption scheme comes down to a 4 digit pin code… not very secure in reality!
Re: Re: Re: A long post about why!
Are you sniffing glue ????
A longer pin code does nothing to make you more secure if
the gov’t has a means of bypassing it .
Basically you should just go and give your local law enforcement a set of keys to your front door , the passwords to your bank accounts , the authorization for them to see your medical records and anything else that you would want to be kept private , cause hey if you have nothing to hide so why should it matter if they have the ability to make sure you’ve got nothing to hide .
Don’t worry they will keep it secure for you 🙂
they’ll never use it less they need to……..for others protection from you …………..
Re: Re: Re: A long post about why!
It is well documented that this is more about the precedent than information on that single phone. It is even documented by FBI themselves.
And it were obvious very early, as his own phone were destroyed and he willingly choose to not destroy this one.
If the precedent is set, a longer pin code or physical access to the phone would not matter, as there is no fundamental legal foundation protecting Apple from further demands. This is about who has the final say about backdoors and privacy.
There is a very low probability that the introduced vulnerability will stay secret.
This goes for all US software. I hope contingency plans is in place to move important systems to safer software quickly enough!
Re: Re: Re:2 A long post about why!
“If the precedent is set, a longer pin code or physical access to the phone would not matter, as there is no fundamental legal foundation protecting Apple from further demands. This is about who has the final say about backdoors and privacy.
There is a very low probability that the introduced vulnerability will stay secret.”
Two things here, first and foremost, since Apple’s encryption system (as documented here by Mike) requires the one way system of their security chip, Apple cannot so easily backdoor or compromise that feature. Instead, the feds are aiming at the weak point in the chain, the short pin code. They are not getting it disabled (because you need it to crack in encryption) and instead they will have to brute force it.
The trick is that if the 6 digit code takes a day, the 7 digit would take 10 days, 8 digit would take 100 days,and 10 digits would take 10,000 days – and it all must happen on the target device.
The vulnerability is already there, there is no “secret” about it. Since you cannot update an iPhone with out Apple’s digital signature, it means that even in the wild, the code is useless, because it cannot be applied.
Sorry, but the arguments are weak.
Re: Re: Re: A long post about why!
@Whatever
You have absolutely no idea how the technology works and I am thoroughly convinced you are trolling here. You are making assertions which are factually, provably false.
Go away.
Re: Re: Re: A long post about why!
Want your device to be secure? Use a longer pincode. 10 digits (like a phone number) would be more than enough.
I see. So computers ARE able to count from 0000-9999 rather easily.
But 0000000000-9999999999, that’ll take a lifetime?
Is that the crux of your argument? Is that your understanding of security?
Because if it is, then frankly, you’re a fucking idiot.
Fuck the FBI.
>The FBI has not asked Apple to roll out an new OS for everyone.
>They haven’t told them to put a back door on every phone.
>They are asking for a single device to be made more accessible.
This is simply false. It is an example of the FBI lying. The FBI has said:
(1a) This is only for a single phone
(1b) But there are twelve other phones that we want, which we will ask for (presumably one at a time) after we get this one
(2a) This will not impact any other jurisdiction, nobody else will be asking for anything more just because of this.
(2b) However, the ADA for New York has a stack of one-hundred-odd phones that HE is saying he will ask for help with.
None of those are Apple statements, all are from the FBI or other US authority.
The first two statements CANNOT both be true, ergo it is the FBI that is lying (although I suppose we can’t know which statement is the lie, or if both are false.
Likewise, the second two statements cannot both be true; the US goverment official must be lying.
Apple has said that if the government can demand as a matter of law THIS rewrite of their operating system, what rewrites can be restricted? Again, the answer is logically obvious. Since we already know that governments have been turning on cameras and microphones where they could, obviously if they could demand that help more often, they would.
Apple has also said, and it is a simple matter of law, that if evidence from the phone is used in court, everyone involved–defense attorneys and their technical experts–have the legal right to inspect the code used to decrypt the phone. Apple has said, and it is a simple matter of fact, that in those circumstances no power on earth could keep the back door secret–it would leak, and any phone would be vulnerable.
This is a much better argument even than it appears. The obvious answer is, that the FBI has no intention of using that evidence in court…. but they are trapped in another lie and can’t tell the truth now, because that would completely destroy the rationale for using the all writs act in the first place.
This is not about Apple, or about terrorists–these terrorists have already gone to the Supreme Court and won’t be remanded. This is about the FBI being able to collect information on anybody,–but not for use in court, for the purposes of blackmail. It’s the 21st century version of the J. Edgar Hoover blackmail files.
Re: Re:
“The first two statements CANNOT both be true, ergo it is the FBI that is lying (although I suppose we can’t know which statement is the lie, or if both are false.”
Why? The case if for a single phone. If successful, they will likely go through the same steps of discovery and move for a warrant to get similar access to those phones as well. Both statements are correct and neither is a lie.
The lie is Apple saying “it’s about every iphone every made!”. Pay attention to who is not telling the truth!
Re: Re: Re:
I see. So then, according to you:
The case if (sic) for a single phone.
But:
If successful, they will likely go through the same steps of discovery and move for a warrant to get similar access to those phones as well.
Which certainly means “more than 1 phone.”
And it’s a lie if Apple says:
“it’s about every iphone every made!”
So it’s clearly about one phone. Now. But likely, it can be about multiple phoneS (notice the S at the end of phoneS, implying PLURAL), by your own statement, which you clearly state is not a lie.
So plural can’t imply all? Please explain. We all anxiously await your well-reasoned response.
(OK, we’re not really waiting. We just want to laugh at you some more…)
I hope that is untrue. Sensitive networks should be impervious to any “random” phone. Sensitive networks should require physical access to affect. And they should be encrypted. And they should use dedicated lines if it is sensitive enough.
Though, how knows. I often cringe at unnecessary vulnerabilities introduced in systems.
Of course you have to give up all your safety and freedom to your government for them to effectively fight people who want you to have no freedoms and saftey.
/s
I keep going back to that iPhone ID password change. First, the FBI denied involvement. They then had to admit they instigated it. Meanwhile, Apple had offered to send trusted engineers to effect another iCloud backup in case there was more recent data on the phone. The FBI’s password change thwarted that. Was it done with malice aforethought? Or the result of culpable incompetence? Either way, guys, you made the bed so you must sleep in it. You can’t expect Apple to undo your Tracey Emin emulation.
Re: Re:
Exactly.
Why isn’t this point getting more attention? It seems like everyone enjoys debating whether Apple should or shouldn’t do what the FBI asks yet no one’s really talking about how Apple got into this position in the first place.
Maybe if the FBI did its job at the beginning and didn’t wipe the crime scene or tell the San Bernadino School Board to change the password then they could have gotten a good backup and they wouldn’t be in this position.
Security?
I’m no longer in security or sales. But, why do you keep ” secure” items in an insecure environment? You keep them, your identifiable, monies, and access to other secrets, on a device you can lose, or hack? Are you newbornes? Still in diapers?
I’m betting, Apple cannot do it. They fired some people last November, or the ended their contract. The person that knew how, was in that bunch, I hope the have to pay cooks salary to him for the backdoor. But, then, they pushed several updates, after they gave the OS to China, and that guy, was not there for the update tests, so they are out of the loop. So I bet they can no longer do it.
Or, did China push the updates? Who can tell, now?
"if that was okay a few years ago, why isn't it okay now?"
Great, let’s get on this logic and let’s start with airport security. I remember a time where I could still board a plane without being scanned and groped and without having to take every single thing out of my bag separately.
So, let’s go back to this time. Unlike phone security these procedures are actually proven to be useless so…
ha ha ha!!!
Whatever is keeping you guys way to busy.
Simple, the Government is already stealing and intercepting everything they can on every one they can. This is not even remotely a secret.
Yes the FBI wants Apple to make this so they can remotely do anything they want to any iPhone they want at any time they want. They will not care about getting a warrant “National Security” is the only warrant they need and pretty much every Judge buys it.
Yes Whatever, we already know, that you know, the FBI will abuse whatever Apple builds them as much as they possibly can.
Just give up the Troll… you actually had a good roll!
Re: ha ha ha!!!
And every computerise device that they can lean on the manufacturer to do their bidding, and just think of all those mics in TV’s……..