Tag Archives: iPhone

I stand with Pear

I stand with the idealized version of a company who innovates and stands up for our privacy and civil liberties. On TV we don’t often see this company by name (unless they’re a sponsor) but we know who we’re talking about when we see a piece of fruit on a laptop. The Simpsons was cutting it pretty close with “Mapple.”

The real Apple, I’m not so sure about.

The Basics

These are very technical issues that I’m presenting in a colloquial way. But I think this situation is something that can be understood and thought about by anyone.

The FBI requested*  Apple’s assistance in unlocking the phone of one of the San Bernardino gunmen. Specifically they asked Apple to do the following:

  • Create a way for the FBI to guess the phone’s code by brute force (trying all possible codes) without having to type in the numbers or letters.
  • Disable any delay countermeasures that space out the time between guesses (i.e. Make it so the FBI doesn’t have to wait half an hour after five bad guesses).
  • Create a program that prevents the phone from erasing its contents after a set number of bad guesses.
  • Do all of these things without modifying the contents of the phone.

Apple CEO Tim Cook stated in a letter Apple’s opposition to the court order**. Their basic argument is the following:

  • A program to crack an encrypted iPhone does not currently exist. If they write one, there exists a possibility (however small), that the program will find its way into the wild and will be misused either by hackers, or even by unchecked government surveillance.
  • If you write a program to crack this one iPhone, you’ve written it to crack all iPhones. In Apple’s words “The government is asking us to hack our users.”
  • Complying with the order may set a dangerous precedent and allow for Government overreach.

Some Analysis

Here’s one thing Apple didn’t say: We CAN’T comply with the order.

If you’re technically inclined you should read this article from the Trail of Bits Blog. It does a good job of explaining encryption at all the various layers, what the government asked Apple to do, and how Apple could do it.

Basically there are two locks on a phone. The passcode which the FBI is trying to break, and the phone’s hardware key (stored in a couple of different places depending on the model of phone). You need both keys to decrypt the data, but you can get the hardware key if you get the passcode right. Trying to decrypt the data without these keys is basically impossible.

What Apple is saying is that they CAN write a program that will allow you to brute force guess the first key, which gives you the second key and access to the phone. The phone’s security CAN be bypassed. According to the Trail of Bits estimates it would take half an hour to retrieve a four-digit pin, a few hours to get a six-digit pin, and up to 5.5 years to guess a six-digit alphanumeric passcode. The FBI hasn’t mentioned which type of code they’re trying to crack on this particular phone.

Is this a bad thing?

Well generally, yes.

Apple’s taking a stand that they won’t write this program because to do so would expose their phones. But the fact that it’s possible for them to comply with the order suggests that someone else could write this program and expose iPhones in the same way. Apple didn’t give any estimates on how long it would take to engineer a program like this.

Basically, if Apple cared about privacy as much as they say they do, they’d make a phone they couldn’t crack even if someone asked nicely (though that sounds a lot easier than it is).

So why doesn’t the government write this program themselves if it’s so easy to write?

They need Apple’s digital signatures, and knowledge of the iOS operating system. A rogue program doesn’t just run on your phone. It needs to be verified, and Apple can write something the phone will recognize as authentic.

So it’s not so easy?

Well, the problem is this. Apple and the government are both very security conscious places. And they’ve both been hacked. That’s why Apple says they’re worried about bringing a program like this into the world. It could always get out. The problem is, so can digital signatures. And engineers can always be personally targeted. Many data breaches work at the human level, not the technological.

What do you think?

I think this is one of the worst possible cases for Apple to have to take a stand on. This was a terrible act of terror, the phone is owned by the shooter’s employer who has agreed to let the FBI try to crack it, and it’s possible the FBI could learn about other terrorists or even future attacks from the phone’s contents (though, then again, maybe not).

Tim Cook’s tone is alarmist and a bit strident. Even if you agree that privacy is important, you probably also think that law enforcement should have some ability to get information it needs.

But privacy really is important. Sure, we want to be able to crack the bad guy’s phones. But if we create tools to crack those phones, who’s to say that program won’t be used to crack the phones of people trying to do real good in countries with oppressive regimes.

Maybe what the FBI needs is the assistance of one Benedict Cumberbatch. He was able to guess the passcode of Irene Adler’s phone, thus removing any leverage she might have had over him. Her phone was literally “Sher-locked.” No, seriously. Check out Wikipedia if you think I’m lying.

I think Apple’s right to challenge the court order. These sorts of things shouldn’t be followed blindly without at least some public discussion of practical limits, and an understanding of the potential risks. But I don’t think either side has the clear moral high ground.

So I stand with Pear. They make a great uncrackable myPhone, even though the fruit is terrible.

PS. Thanks to Adam for his great thoughts on this issue and for starting a conversation that lead to a lot of good articles.

————-

* I’m using a nice term, it was a court order actually.

** If you read the whole letter, Apple’s pretty clear about how horrible the San Bernardino shooting is, and how they’ve made every reasonable effort to assist law enforcement.

Advertisements

Leave a comment

Filed under Trube On Tech

If you bought an iPhone 5, please consider returning it

I think we’ve all gone a little insane. Or at least five million of us.

Let’s start with 2000 and work our way up. By now you’ve probably heard about the 2000 worker riot at a Foxconn plant in Taiyuan. While the initial findings seemed to indicate that the riot started as a dispute between workers from different provinces, it seems more likely that the riot broke out as a result of workers having enough of distrust and beatings from the guards. 5000 police had to be sent in to stop the riot, and the 79000 person factory shut down as they picked up the broken glass and the 40 injured.

This plant may have made the iPhone, and if they didn’t, another one just like it did. Apple sold five million of those phones this weekend, and if these workers had been pushed just a bit harder, they might have sold another two million.

But make no mistake, we bought them, this $800 phone that may be as much as a year behind its competitors. Many of this five million will likely replace this new phone with the latest model next year.

I didn’t buy one, but that’s not terribly surprising. Apple hasn’t been selling to me for a while. I particularly like the Mac Book Pro, priced at $1399 for the basic 64GB model. The computer on which I am writing this blog post has 160GB (+32 GB in an expansion SD card slot),  and cost $185 dollars. I could literally buy seven of them for the same money, one for each day of the week.

I’m solidly middle middle class. Maybe lower middle middle. I have gadgets certainly, but an $800 phone makes no sense. I was mad when my $800 HP laptop only lasted two years, and most people who buy the iPhone don’t even keep it that long.

This is insanity, this economy that requires a constant influx of new things while we throw out the old. And I think we know that. We also know the “hidden” costs of this constant influx of new things, environmental damage, distracted driving, and thousands of workers in China working criminally long hours, being searched to make sure they aren’t stealing the products they make, and being beaten by guards at the slimmest provocation.

We don’t need these things, and we know it. I’m a cube dweller. There is not a single function for my job that requires, or even would be helped by an iPhone (or any smartphone). There are thousands like me in my company and in every company. Even managers who might have more of a legitimate business use more often then not seem to use these devices for little else than being rude in meetings.

I’m not saying give up your gadgets. To pull out an old chestnut from my dear friend Brian “pot to kettle, damn your blackness.” I’m saying keep them and use them until they don’t work anymore. Make deliberate decisions about what you buy and decide if its really something that’s right for you and that you will use. Take your time before bringing this thing into your home. And consider the source, the people who made this magic device you are holding.

Apple’s not alone in the crazy department (though a patent on rounded rectangles is just silly and Michael Okuda should be counter-suing you any day now Apple), but lately they may be a little more insane than most. Even the little decisions, like cutting Google Maps from the phones and then not knowing where Mt. Rushmore is just seems sad. It’s sad that Apple prices itself out of the middle class, and doesn’t seem to share its wealth with the people making its products, be it through more humane working conditions or better pay.

We know what’s right, what’s sensible, what reasonable. So do it already!

1 Comment

Filed under CFML, Trube On Tech