If you want to talk about "enablers of authoritarians", consider that Apple has built a system in which they are the sole authority, that is opaque to all introspection by third parties, and against which Apple -- and only Apple -- must protect their users against all comers, for all time.
In addition to which, our security relies on Apple themselves never changing their business priorities and choosing to exploit their position of absolute authority.
The fact that they have that authority is why the government can compel them to do anything in the first place.
If you want to talk technical specifics, then no, your assessment is incorrect. The Apple ID password was changed, but that doesn't affect the on-device keying.
PIN numbers are the weakest link in the iPhone crypto chain. Apple strengthened that link through non-cryptographic means: tamper-resistent key derivation software that either runs on the main CPU, or in later devices, on the secure enclave CPU.
That software enforces a limited number of retries, essentially strengthening the PIN number. However, Apple also retained the ability to subvert the owner's lock on the device and install new key derivation code that does not include those security features; this applies to both the 5c and later devices with secure enclave.
If Apple hadn't retained that backdoor, the FBI would have nothing to ask for. Apple has, however, and has consistently made themselves the sole authority and gatekeeper of these devices.
Thank you for explaining. I'm still not clear on what the FBI's major malfunction is.
How would relaxing the tamper-resistent key protection help here? One needs the PIN to reimage the device. Chicken & egg. Creating a one-off OS image can't help without first having the PIN.
And the goal is to get the data, not crack the phone. Why can't the FBI use the backups? And what do they hope to find that don't already know (by other means)?
Just sounds like CYA to me. The more I learn about this silliness, the less plausible the FBI's narrative becomes. The FBI screwed up, is now just finding scape goat.
---
Authoritarian already has a widely recognized definition.
> How would relaxing the tamper-resistent key protection help here? One needs the PIN to reimage the device. Chicken & egg. Creating a one-off OS image can't help without first having the PIN.
The weak link is that a PIN can be cracked very quickly; in hours or days. The search space just isn't very large.
The only thing preventing the FBI from doing so is the Apple-signed iOS code that erases data keys after too many unsuccessful retries.
So, if Apple uses their privileged backdoor to disable that check, the FBI can brute force the encryption key by trying as many PIN combinations as they like.
In effect, this means Apple already has the cryptographic backdoor necessary own any PIN-protected iPhone in the world.
That's small potatoes, though -- they can also install new software on locked devices, and push modified updates to applications distributed through the AppStore. After all, apps are resigned with Apple's signing key, discarding the original software authors' signatures.
When you factor in bitcode (in which Apple compiles the actual binaries server-side), application authors can't even verify that distributed binaries match what they uploaded, and the use of a relatively high-level bitcode allows Apple to much more easily patch/rewrite significant portions of the application.
In other words, Apple built a system in which they have almost absolute authority over every iPhone, and due to strict platform DRM, there's almost zero transparency into their use of it.
> Authoritarian already has a widely recognized definition.
"adj. Characterized by or favoring absolute obedience to authority, as against individual freedom: an authoritarian regime."
Can you install software on your iPhone that pre-empts Apple's authority over the device?
Can you install software without Apple's approval?
Can you prevent Apple from installing whatever software they like on your iPhone, including software that implements CALEA-compliant real-time surveillance?
The answer to all three is "no", and why I think this absolutely fits the "authoritarian" definition.
You can, of course, use a different vendor's phone. The situation there will be roughly the same. Eventually, if nothing else changes, we'll see CALEA expand to cover smart phones in the same way it expanded to cover internet traffic once the ISPs were sufficiently consolidated. The vendors' authority over the devices makes this easy.
Like the apologists for the FBI (and other enablers of authoritarians), I'm trying to gleen the real technical story from the public misinformation.
You may know about FileVault's password protected volumes. https://en.wikipedia.org/wiki/FileVault
Does the (pre-Secure Enclave) iPhone 5C which the FBI borked store its data the same way?
I now believe that by changing the password, the FBI also borked (lost) the recovery key, so now neither the iPhone nor its backups are readable.
You and the FBI want Apple to create a one-off patch to better crack the keys of an encrypted file, presumably one of the iCloud backups.
Um, good luck with that.
If you know better, please clarify with your understanding of the actual systems in use, vs arm waving apologia.