<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 16, 2016 at 8:28 PM, Aram Perez <span dir="ltr"><<a href="mailto:aramperez@mac.com" target="_blank">aramperez@mac.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">"A federal judge has ordered Apple to help the government unlock the iPhone</blockquote><div>..... </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"> does not ask Apple to break the phone’s encryption but rather to disable the feature that wipes the data on the phone after 10 incorrect tries at entering a password." <a href="https://www.washingtonpost.com/world/national-security/us-wants-apple-to-help-unlock-iphone-used-by-san-bernardino-shooter/2016/02/16/69b903ee-d4d9-11e5-9823-02b905009f99_story.html" rel="noreferrer" target="_blank"></a></blockquote><div>......</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
This will set a dangerous precedent along a very slippery rode.<br></blockquote><div><br></div><div>This is a court order no different from other orders in many regards.<br><br>If Apple is able and complies with this one order then there is proof of the capability</div><div>and any court order from any court domestic or international has proof</div><div>that the action is possible and can thus demand the service.<br><br>This is not one court order or one phone. This is the first phone.<br>There is no way Apple can address this single court order as special </div><div>and contain the service to this one writ.<br><br>Divorce actions looking for proof of dalliance, any law enforcement agency </div><div>can demand the service. A business will crop up for machines to automate </div><div>the input of the keys.<br><br>This is not a domestic issue. Once demonstrated in this court any court</div><div>domestic or international can make such a demand. France, Germany,</div><div>China, Iran, Cuba... the list is longer than the list of nations in the UN.<br>The requests would not be limited to national security (no law to this end)</div><div>thus divorce, health care provider snooping, companies worried about </div><div>corporate secrets. <br><br>Border crossings maned by the likes of the TSA can mandadate via regulation </div><div>a special software version at the gate. </div><div><br>Apple has a lot at stake. Apple pay and iTunes transfer a lot of value </div><div>enough money that the Apple system is likely fully covered by</div><div><span style="color:rgb(84,84,84);line-height:18.2px">The </span><span style="font-weight:bold;color:rgb(106,106,106);line-height:18.2px">Computer</span><span style="color:rgb(84,84,84);line-height:18.2px"> Fraud and Abuse </span><span style="font-weight:bold;color:rgb(106,106,106);line-height:18.2px">Act</span><span style="color:rgb(84,84,84);line-height:18.2px"> (CFAA) to a degree that the Writ </span><br></div><div><span style="color:rgb(84,84,84);line-height:18.2px">may prove to be illegal. The fact that phones authorize payments </span></div><div><span style="color:rgb(84,84,84);line-height:18.2px">is a big deal and done badly risks financial chaos. As large as Apple</span></div><div><span style="color:rgb(84,84,84);line-height:18.2px">is the liability of a breach is larger.<br><br>This individual phone is a lot like a customer hosted at an ISP or Cloud storage provider.<br>One defense for a computer system is login code that protects from denial </span></div><div><span style="color:rgb(84,84,84);line-height:18.2px">of service attacks as well as brute force pass word attacks. In the </span></div><div><span style="color:rgb(84,84,84);line-height:18.2px">US one cannot be compelled to divulge something you know but</span></div><div><span style="color:rgb(84,84,84);line-height:18.2px">the ISP in the same way this writ requires can be compelled to disable</span></div><div><span style="color:rgb(84,84,84);line-height:18.2px">the attack deflecting tools to allow a brute force attack of an account</span></div><div><span style="color:rgb(84,84,84);line-height:18.2px">that contains an encrypted home directory or virtual machine (</span><font color="#545454"><span style="line-height:18.2px">effectively</span></font></div><div><span style="color:rgb(84,84,84);line-height:18.2px">all).<br><br>The reality that foreign nations will line up to avail themselves of this service</span></div><div><font color="#545454"><span style="line-height:18.2px">should stop this public action with a national security letter by Monday.</span></font><br><br><font color="#545454"><span style="line-height:18.2px">One analogy is to ask a company to engineer a virus to kill a single pig or cow.</span></font><br><font color="#545454"><span style="line-height:18.2px">A lethal virus that escapes into the wild could cause agricultural collapse.</span></font><br><font color="#545454"><span style="line-height:18.2px">Note the problem with bananas being infected and dying ... happening now. </span></font></div><div><span style="color:rgb(84,84,84);line-height:18.2px">Worry about changes in the Ebola virus... only a fool would demand to have Ebola</span></div><div><font color="#545454"><span style="line-height:18.2px">weaponized </span></font><span style="color:rgb(84,84,84);line-height:18.2px">with a court order. It could be done but legal... no. <br><br>To my mind this is so ill thought out that someone should consider if it is being</span></div><div><font color="#545454"><span style="line-height:18.2px">promoted by an agent of a hostile nation or provocateur. All those involved in </span></font></div><div><font color="#545454"><span style="line-height:18.2px">asking need to have their financial, private paper and digital data public and private gathered, </span></font></div><div><font color="#545454"><span style="line-height:18.2px">secured and </span></font><span style="line-height:18.2px;color:rgb(84,84,84)">inspected.<br> </span></div><div><span style="color:rgb(84,84,84);line-height:18.2px">This is a big deal. Not just for apple but for global stability.</span><span style="color:rgb(84,84,84);line-height:18.2px"><br><br><br><br><br></span></div><div><br></div><div> </div></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>