— Cory Doctorow (@doctorow) March 26, 2016
Before beginning, I should point out a couple of things. One, I am a computer security professional. This can mean a lot of things as it's a very broad domain. So I will revise that to say I received my MS in Computer Science because of my thesis work on breaking a fingerprint crypto-system. It is fair to say that I know more than the average security bear about encryption. Frankly, it is what I find to be the most interesting of all security topics so I am passionate about it as well. Additionally, I will add that I was a Special Agent for the Department of Homeland Security in what seemed like another lifetime now. What this means is that I had oodles of more training in Constitutional law than your average security pro or crypto fiend. Constitutional law is also something I get excited about. Now that you know these things about me you can imagine how quickly my blood pressure rises when I get going about the FBI v. Apple shenanigans. It is with this in mind that I am posting a recent email I received from someone that I think is representative of what a lot of folks think and my response to it. The person that sent me the initial email has needled me for years over computer security so my response isn't one to just any random person on the street. It should be viewed as a frustrated response to someone that I have tried to educate on the subject on previous tries. Enjoy
Patrick,
I am going to open myself up to a lot of grief here but this Apple thing has been driving me crazy.
I am not an Apple fan. To me Steve Jobs played games with his product line very much like IBM did in the ‘60’s, ‘70’s, ‘80’s and even into the ‘90’s, namely trying to keep all competition off their product line. Whether it was software or hardware. Yes, they had a fine product but to me open access brings about a healthy competition which makes the overall product better for the consumer and for the industry in general. One problem with open access is it can be more vulnerable to hacking. Due to its control methods and it smaller user base, Apple wasn’t getting hacked as much as Microsoft and PC’s.
If Apple wanted to remain low on the hacker radar, they should have quietly had the FBI hand over the phone and given it back to them with a new password. By blowing this whole thing up in the press, they basically threw out a challenge to the hacking community saying “we dare you to find a way into our device”. How arrogant and foolish of them to think it could not be done. Next time I bet they will be a lot more cooperative with the Feds when they come knocking.
Sincerely,
John
John,
Your naivety on this topic is jarring. First, open access almost always leads to more secure products. Security by obscurity is a myth. Open source code is more secure over time and always will be. It's the nature of the beast. When people can see what's going on under the technical covers it results in better and more secure solutions being implemented. Apple products have not historically gotten hacked as much primarily because of economics. Windows systems are far more insecure and its what the majority use so that's where intrusion effort goes. But to say this is the only reason is silly.
"If Apple wanted to remain low on the hacker radar, they should have quietly had the FBI hand over the phone and given it back to them with a new password." This is beyond absurd. I think you have been watching too much Fox News or CNN to get this argument. Apple would have gladly accepted this scenario. The FBI wouldn't let them because they always wanted this case to set a precedent. As such, if the FBI had won in court (they wouldn't have by the way) they would have a back door into any Apple product running that version of iOS. If the FBI had that capability then so would every scum bag hacker as well as every repressive government in the world. A couple of other points here. One, if the FBI didn't have technical morons working for them they had all of the tools needed to get into the phone at the onset of the investigation. Those idiots screwed it up so that they needed someone else to get into the phone because of how they mishandled the device in its original state.
This is not the same as picking a lock. This is creating a key that unlocks every door in the world. Further, to suggest that Apple wanted to blow this up in the media is equally asinine. Again, the US government chose to have this fight to set precedent. This phone, which will yield 0 evidence, was not requested to be back-doored by the FBI for more than 50 days after San Bernandino (must have been a real emergency). The powers that be were trying to capitalize on a terror attack to further their power. Nothing more. Apple, as every security person with half a brain, knows that there is no infallible security technology. Measures are designed to merely buy time. We are always just weeks or months from the newest exploit subverting our privacy and digital security. The US government took up a losing fight and just got embarrassed by their own ineptitude.
As Apple and people like myself said since day 1, someone would find a way in and the government shouldn't be compelling a software company to write code. Do you know that the Supreme Court has already ruled that software code is protected free speech? How do you feel about the US government compelling someone to make a certain kind of speech they don't want to make. I am sure that would be very popular in North Korea but I for one, support the 1st and 4th amendments. At the end of the day the US government and sadly most Americans do not understand computer security, especially encryption. It is my hope that changes over time but in the mean time it should be terrifying to everyone that only a company with the resources of Apple could stand up to an unconstitutional and moronic request from the government. Frankly, there are not many, if any, serious computer security experts that support the FBI in this. As you probably wouldn't read any papers from experts as they can be exceedingly dull why don't you take a look at this from John Oliver. It is only about 15 minutes and really explains rather elegantly the problem with what the FBI is trying to do here.
Patrick
No comments :
Post a Comment
Note: Only a member of this blog may post a comment.