Civics: The Government (FBI) vs Apple; Either everyone gets security, or no one does

Bruce Schneier:

There’s nothing preventing the FBI from writing that hacked software itself, aside from budget and manpower issues. There’s every reason to believe, in fact, that such hacked software has been written by intelligence organizations around the world. Have the Chinese, for instance, written a hacked Apple operating system that records conversations and automatically forwards them to police? They would need to have stolen Apple’s code-signing key so that the phone would recognize the hacked as valid, but governments have done that in the past with other keys and other companies. We simply have no idea who already has this capability.

And while this sort of attack might be limited to state actors today, remember that attacks always get easier. Technology broadly spreads capabilities, and what was hard yesterday becomes easy tomorrow. Today’s top-secret NSA programs become tomorrow’s PhD theses and the next day’s hacker tools. Soon this flaw will be exploitable by cybercriminals to steal your financial data. Everyone with an iPhone is at risk, regardless of what the FBI demands Apple do.

Jonathan Zdziarski:

Quite the contrary, unless Department of Justice is asking Apple to completely ignore sound forensic science, and simply pump out a reckless (and possibly harmful) hacking tool, it would seem that false statements are being made to the court. Or perhaps they’re attempting to skirt the reality of this by using the verbiage, “after its purpose”, which requires disseminating it outside of Apple, as well as opening it up to work on other devices, and thereby relinquishing custody of it.

In the same vein, you’ll also notice that in demanding a tool, FBI has sneakily ensured that a more “open” copy of the software will have to be released (that will work on other devices) in order for it to be tested, validated, and re-tested by a defense team. This guarantees that the hacking tool FBI is forcing Apple to write will be out in the public, where it will be in the hands of multiple agencies and private attorneys.

John McAfee:

It has finally come to this. After years of arguments by virtually every industry specialist that back doors will be a bigger boon to hackers and to our nation’s enemies than publishing our nuclear codes and giving the keys to all of our military weapons to the Russians and the Chinese, our government has chosen, once again, not to listen to the minds that have created the glue that holds this world together.

This is a black day and the beginning of the end of the US as a world power. The government has ordered a disarmament of our already ancient cybersecurity and cyberdefense systems, and it is asking us to take a walk into that near horizon where cyberwar is unquestionably waiting, with nothing more than harsh words as a weapon and the hope that our enemies will take pity at our unarmed condition and treat us fairly.

Any student of world history will tell you that this is a dream. Would Hitler have stopped invading Poland if the Polish people had sweetly asked him not to do so? Those who think yes should stand strongly by Hillary Clinton’s side, whose cybersecurity platform includes negotiating with the Chinese so they will no longer launch cyberattacks against us.

The FBI, in a laughable and bizarre twist of logic, said the back door would be used only once and only in the San Bernardino case.

Marcy Wheeler:

If Apple were to move its headquarters and servers to Cork (perhaps with some redundant servers in Brazil, for example), that would be far less accessible to both US law enforcement and intelligence. And contrary to what you might think from those attacking Apple’s alleged non-compliance here, that would result in significantly less intelligence (or evidence) than both are getting now.

That’s because by offering the best encryption product in the world that relies on US-based servers, Apple ensures that at least the metadata — not to mention any content backed up to iCloud (which in Farook’s case, included content through October plus that from his colleagues) — is readily available. If Apple were to move to Cork, any backed up content would be far harder to get and NSA would have to steal Internet packets to get iMessage metadata (admittedly, that’s probably pretty easy to do from Ireland, given its proximity to GCHQ’s gaping maw, but it does require some work).

Jean Louis Gassee:

revelations from WikiLeaks, or Edward Snowden’s exposures of CIA and NSA practices. Keep mind that a breach of the United Sates Office of Personal Management compromised the data of 18 million people. Breaches and leaks have happened and will happen again. Entrusting a government agency with a set of backdoors keys will inevitably lead to bad outcomes.

Furthermore, consider financial systems advances, such as Bitcoin, that need unbreakable encryption to work. These systems will wither if backdoors allow well-intentioned Guardians of the Peace and criminals alike to peek and poke. How can any company that relies on security expect to export compromised technology?