[Cryptography] Thoughts on the Apple iPhone fiasco

[RB]

On Wed, Feb 17, 2016 at 9:58 AM, Phillip Hallam-Baker
<phill at hallambaker.com> wrote:
> Perhaps the bigger concern is that once Apple has signed an O/S
> version, the same signed image could be used against other phones. It
> seems to me that Apple could mitigate this by limiting the O/S load to
> only work against the one phone involved in this particular incident.
> The serial number of the phone is known.

I'm intentionally ignoring the balance of your arguments, but this one
warranted pointing out the obvious follow-on.  It's not that Apple
would be required to create one "unlock firmware" tied to one serial
number, it's that once they have proven it can be done they will be
compelled to do the same in every other criminal case (or worse, make
an unkeyed version).

Whether or not it's hard to satisfy the request (or even whether they
should do it), it's in Apple's best interests to represent that the
activity is inordinately costly, whether socially or financially.
That way, even if they lose and are compelled to do as requested,
they've set a higher standard for the inevitable subsequent requests.
Apple isn't considering just San Bernadino, they're considering the
tens (hundreds?) of thousands of requests between now and when
hardware susceptible to this particular request is phased out.