[Cryptography] Thoughts on the Apple iPhone fiasco

Phillip Hallam-Baker phill at hallambaker.com
Wed Feb 17 11:58:34 EST 2016 

It seems to me that Apple should 1) comply with the warrant and 2) fix
their code.

I was quite surprised by these conclusions. I had been thinking that
the response should be to dig in. But when I look at the
circumstances, this looks remarkably like Lavabit. Cryptography is
involved but the design allows a trusted party to disclose the key.
This is a trusted third party that got themselves into a situation
where they could be coerced.

Rather than have them march their men up to the top of the hill only
to march them down again, better to get on with the next bit.


This is an example of a situation in which there is a conflict between
personal privacy and public safety. Consider the circumstances:

1) The phone belonged to a person who is believed to have committed a
mass murder.
2) The owner is dead.
3) The phone is locked
4) Apple has the ability to bypass the lock mechanism

The responsibility to decide where the proper balance between privacy
and public safety lies with the courts. Just as it isn't the FBI's
prerogative to make such decisions, it isn't Apple's either.

In this case, I don't think it is a close call. The phone's owner is
suspected of being a mass murderer and they are dead. I don't think
anyone has the right to privacy in those circumstances.


It seems to me that Apple is fighting the wrong fight here. Any
security system that depends on a trusted third party not being
coerced is flawed. Waffling on about 'precedent' isn't going to help
matters.

The only way for Apple to provide a credible assurance that it is
protecting user privacy is to provide a system that verifiably puts
the device beyond their control. That may not be possible when the
operating system can upgrade itself without requiring the user to
unlock it. My experience is that the phone demands the pin to upgrade.

Some stories suggest that later iPhone models do have hardware
enforcement of the 10 password attempt lockout. If so, it would seem
that any precedent set in the San Baradino phone incident would be
short lived.

Perhaps the bigger concern is that once Apple has signed an O/S
version, the same signed image could be used against other phones. It
seems to me that Apple could mitigate this by limiting the O/S load to
only work against the one phone involved in this particular incident.
The serial number of the phone is known.

More information about the cryptography mailing list