Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Craig Federighi: FBI wants device security rolled back to 2013

Craig Federighi: FBI wants device security rolled back to 2013
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Mar 7, 2016, 08:12 AM
 
Craig Federighi, the senior vice president of software engineering at Apple, has spoken out against the requests by law enforcement to weaken the encryption of its devices in an op-ed. In the piece, where the Apple executive explains why the company takes security seriously, Federighi claims the requests to "turn back the clock" on the software-based protection most people rely upon would have the potential to be extremely harmful to consumers.

Explaining his role as part of a team that works "tirelessly to stay one step ahead of criminal attackers" wanting access to personal data or to control devices to "commit broader assaults that endanger us all," Federighi writes in the Washington Post of the numerous breaches of banks, retailers, and federal government that have taken place in the last 18 months.

The executive goes on to claim smartphones to be more of a danger if broken into, as it forms "part of the security perimeter that protects your family and co-workers" and is a potential attack vector when used to attack national infrastructure, such as power grids and transportation. "Criminals and terrorists who want to infiltrate systems and disrupt sensitive networks may start their attacks through access to just one person's smartphone. That's why my team works so hard to stay ahead."

The encryption used in the iPhone "represents the best data security available" to Apple's customers. The cryptographic protections employed on the device help protect against unauthorized access, as well as help protect against those wanting to place malware or spyware to gain access to other, more sensitive systems. Federighi acknowledges that nothing is 100 percent secure, caused through errors in code, and that "identifying and fixing those problems" are paramount to customer safety. "Doing anything to hamper that mission would be a serious mistake."

The FBI is pressing Apple to go back to "a less-secure time and less-secure technologies" for its devices, claims the executive. Expressing disappointment at the FBI's insistence that iOS 7 security was "good enough" and to "simply go back to the security standards of 2013," Federighi rebuts this by saying that even the security used in iOS 7 has been beaten by hackers, and that "some of their methods have been productized and are now available for sale to attackers who are less skilled but often more malicious."

On the subject of creating a tool for the FBI to help bypass passcode protections, "intentionally creating a vulnerability that would let the government force its way into an iPhone," Federighi highlights the fact that law enforcement agencies have conceded more requests to unlock smartphones will be made if the current debate over San Bernardino ends poorly for Apple, as well as it becoming a "weakness that hackers and criminals could use to wreak havoc on the privacy and personal safety of us all."

"Security is an endless race – one that you can lead but never decisively win," insists Federighi, before concluding "We cannot afford to fall behind those who would exploit technology in order to cause chaos. To slow our pace, or reverse our progress, puts everyone at risk."
     
Inkling
Grizzled Veteran
Join Date: Jul 2006
Location: Seattle
Status: Offline
Reply With Quote
Mar 7, 2016, 09:36 AM
 
Oh yes, I remember 2013. It was like living in wartime Germany under the Nazis. The constant spying, the Gestapo listening into every phone call and opening every mail. It was a terrible time. Then Apple saved us. // \\ Not! That's why this is a tempest in a teapot. I can understand why Apple's executives are hot and bothered. Lawsuits, federal or civil, have a field day with their email. I can understand why people might get hot and bothered about the Obama administration's IRS targeting political groups. Nothing has been done about that. I could understand if Apple were getting flack for refusing to do business with repressive one-party dictatorships like China or nasty Middle-Eastern theocracies. But it isn't. It's pitifully eager to canter to their demands. But this, a situation involving terrorism and multiple murders where the FBI merely wants to unlock an iPhone they have every legal right to possess as evidence. It's no different than calling in a locksmith to open a Mafia kingpin's office safe. // \\ We need to be sensible. There's a lot to worry about in our sad, sick world. But if we were to make a list of what "puts everyone at risk," what Apple's talking about would be near the bottom for people in the U.S., much less people in those dictatorships with which Apple, apparently clueless about their hypocrisy, is eagerly doing business and, if the rumors be true, cooperating with those nasty regimes.
Author of Untangling Tolkien and Chesterton on War and Peace
     
jimoase
Fresh-Faced Recruit
Join Date: Apr 2008
Status: Offline
Reply With Quote
Mar 7, 2016, 09:57 AM
 
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

For this to be changed a judge needs the power to nationalize a private company. The government was not given that power, therefore no judge has that power.

The right to own property is critical to have freedom. We were not given that right by government nor did we give that right to government. The only way that right can be taken by another is with force. Only government possesses the power to use force. At the bottom of every law and regulation is a gun.
     
Mike Wuerthele
Managing Editor
Join Date: Jul 2012
Status: Offline
Reply With Quote
Mar 7, 2016, 11:06 AM
 
Inkling, you're missing the point. Yes, the FBI has every right to subpoena Apple for data it has.

It, literally, does not have the key. It, literally, would have to create the tools to make a key. It, literally, would have to weaken the device's overall security to do so. Apple's deal with Apple Pay is likely contingent on the security of the phone, so to tell me that device security isn't something that US citizens has to worry about is false.

Have you ever heard of the concept of a "greater good," because this is a prime example. This isn't an active investigation, and the FBI has all the data it needs to be certain that this pair did the shooting both from the iCloud data that Apple gave it near instantly, and the data that the carriers have provided.

The FBI botched the data collection from the get-go, and so did the county. So, somehow, because the FBI hosed this, it's Apple's responsibility to weaken overall security for me and everybody else with an iOS device?

No thanks.
     
DrSkywalker
Fresh-Faced Recruit
Join Date: Mar 2011
Status: Offline
Reply With Quote
Mar 7, 2016, 12:55 PM
 
Inkling has no inkling, I'm afraid. Police were able to do police work before there was iOS 9, and nothing is there to stop them from trying to find bad guys.
     
chimaera
Dedicated MacNNer
Join Date: Apr 2007
Status: Offline
Reply With Quote
Mar 7, 2016, 03:05 PM
 
Ah, Inkling again.
I could understand if Apple were getting flack for refusing to do business with repressive one-party dictatorships like China or nasty Middle-Eastern theocracies. But it isn't.
Unless you own nothing Made in China, you do business with them too. Apple sells large numbers of encrypted-by-default phones to Chinese citizens, which the "one-party dictatorship" is unable to break into. Those people are human, they deserve privacy rights too.
a situation involving terrorism and multiple murders where the FBI merely wants to unlock an iPhone
I assume you mean "disgruntled-employee mass shooting of co-workers", and I can tell you didn't read the court filings. The FBI hasn't asked to unlock the iPhone, they asked Apple to hack iOS so the lock password can be brute-forced.
It's no different than calling in a locksmith to open a Mafia kingpin's office safe.
The locksmith has the right to decline the job, and so does Apple. Slavery was recently outlawed in this country, little more than a century and a half ago. The FBI can call a different locksmith, like those NSA dudes who monitor all our phone calls.
     
Flying Meat
Senior User
Join Date: Jan 2007
Location: SF
Status: Offline
Reply With Quote
Mar 7, 2016, 06:44 PM
 
Some people seem to have already meekly ceded freedom for protection.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 12:46 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,