Never had much use for Apple, and even less for Steve Jobs, the guy who made jail seem cool, as Richard Stallman said. So it was with some surprise that I found Apple on the side of the angels, resisting an FBI demand — supported, of course, by Obie — that they create a backdoor into the security software on their phones.
The technical details of this wrangle have been poorly explained in the media, so perhaps it’s useful to do so here. This stuff, at this level, really isn’t hard.
Phones like the one the San Bernardino shooter had possess a security feature, which is not enabled by default, as I understand it, but can be enabled by the user. It works like this: A certain number of unsuccessful password attempts, and the phone wipes all its data. The assumption is that after that number, the phone has fallen into hands other than the user’s, and those hands are attempting a brute-force password-guessing attack. Which, of course, will sooner or later succeed, and much more often sooner than later.
Now this is a nice feature. It has what are by computing standards ancient antecedents: Unix systems, since the late Pleistocene, have locked a user account after a certain number of consecutive failed login attempts.
What the Fibbies want Apple to do is write custom software — and give it to them — software which will disable this security feature, and permit J Edgar’s boiz to run a brute-force attack on this phone, and of course on any other phone which falls into their hands, or say the Israelis’ hands, or the Saudis’, or the Brits’, or any of our other disreputable ‘allies’, or for that matter into the hands of any crook who bribes a Fibbie to give him the software.
Physical analogies for data security systems are always problematic, but roughly speaking, this is not like asking Apple to hand over the physical key to a house, a key which happens to be in Apple’s possession, for some reason. Apple — as far as we know — doesn’t know the password (though I wouldn’t put anything past them; but that’s another topic). In the physical-equivalent world, this would be like saying that Apple doesn’t possess the key.
What this is like doing is demanding that the manufacturers of locks build locks which are guaranteed breakable. This is Apple’s claim, and so far, it has a certain plausibility.
However there is a further wrinkle.
The reason why this demand is even possible at all is that Apple phones have a huge, glaring security hole already. The operating system of the device — the software that controls it — can apparently be overwritten and replaced with other software, even without the owner’s password, or for that matter without the owner’s knowledge.
The phone, however, won’t accept such new software unless it is digitally signed with a key that Apple does possess. So in theory, such software couldn’t be written, or rather signed, by just anybody.
So our physical analogy has to change somewhat. What Apple has done is produce a lock which is already compromised — compromised by design. It has a second keyhole, if you like, to which Apple has the key. The cops are demanding that Apple give them that key, a key that they can copy at will, and share with whomever they please, and use on whatever lock they please.
Now I am not a lawyer, but if I understand the matter at all, this state of affairs means that Apple has already forfeited, for these phones, whatever tenuous legal protections privacy still has in the United States, and moreover, has forfeited them on behalf of who knows how many of its customers.
This needn’t have been the case. All they had to to was provide that software upgrades couldn’t be done without the device owner’s password — subject to the usual autodestruct behavior, if enabled. But they didn’t do that. This isn’t a subtle thing, that somebody overlooked. It’s too big for a bug. It must be a feature.
So…. what were they thinking of?
Guesses welcomed. I have a couple of my own, which I will share in due course.
Meanwhile, the usual complicit media treatment of Apple continues to depict them as the guys in the white hats.
I suppose, by comparison with the FBI, they do in fact look pretty good. But that’s setting the bar rather low.