Forum › Apple's letter Feb 16, 2016
Anyone living in the United States have read the letter Apple published yesterday? FBI wants to Apple to create a backdoor to hack into any iPhone. That's just unbelievable. We must act now or dystopia will be our future
http://www.apple.com/customer-letter/
A Message to Our Customers
The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.
The Need for Encryption
Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.
Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.
For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.
The San Bernardino Case
We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists.When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.
We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
The Threat to Data Security
Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.
The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.
The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.
We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.
A Dangerous Precedent
Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.
The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.
Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.
We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.
While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.
Tim Cook
I heard a bit abt it. It is so freaking tough when it involves combating terrorism. there must be more than one way to resolve the issue. Fbi just wants to get into the shooter's phone right? Let's see how the privacy issue will pan out in congress. They will have to address the issue soon.
I heard a bit abt it. It is so freaking tough when it involves combating terrorism. there must be more than one way to resolve the issue. Fbi just wants to get into the shooter's phone right? Let's see how the privacy issue will pan out in congress. They will have to address the issue soon.
It's not tough at all. Apple installing a backdoor, even on just one single phone, opens up the door for abuse and security issues thus making any encryption on the phone literally useless in the first place. The guy they're investigating is already going to jail for multiple murders regardless of whether Apple helps here or not.
I heard a bit abt it. It is so freaking tough when it involves combating terrorism. there must be more than one way to resolve the issue. Fbi just wants to get into the shooter's phone right? Let's see how the privacy issue will pan out in congress. They will have to address the issue soon.
It's not tough at all. Apple installing a backdoor, even on just one single phone, opens up the door for abuse and security issues thus making any encryption on the phone literally useless in the first place. The guy they're investigating is already going to jail for multiple murders regardless of whether Apple helps here or not.
I was thinking apple can help the FBI break into the shooter's iphone then create an update to secure other iphones. The shooter is going to jail to pay for the crime. The info in the phone is important. That info can help the us fighting terrorists or mitigating/preventing future attacks. This could create precedent.
It would set a precedent of them bowing to the authorities and they would be compelled to do it carte blanche any company that capitulates to law enforcement's demands should never be trusted and should be immediately disinvested in if you have any stake in security.
I was thinking apple can help the FBI break into the shooter's iphone then create an update to secure other iphones. The shooter is going to jail to pay for the crime. The info in the phone is important. That info can help the us fighting terrorists or mitigating/preventing future attacks. This could create precedent.
So Apple should ruin the encryption they already put in place to prevent abuse just long enough so that the FBI can have their way and Apple will have to find a new way to deal with encryption? That's kinda... Yeah...
And anyways the request is unfeasible to begin with. Apple cannot target one phone for updates and even if it could the phone cannot update while locked. So they physically cannot bypass the encryption here.
I don't think companies or individuals should comply on all government requests. It depends on the situation, on what's at stake. Because it is related to national security, personally, I'd want both Apple & FBI finding ways to work together. I want to feel safe. I also want my family & friends to feel safe. If apple thinks the request is unfeasible then propose an alternative.
If apple thinks the request is unfeasible then propose an alternative.
Such as what? The whole point of strong security on a device is so that people can't access it. It's a completely moot point if the manufacturer can manage to bypass it because then it means ANYONE will be able to figure it out. The only way that security like this can actually work is to not allow it to be bypassed in any form. Which is what Apple has done here. So even though they made the phone and the operating system they are just as incapable of bypassing the phone's security as the FBI are.
If apple thinks the request is unfeasible then propose an alternative.
Such as what? The whole point of strong security on a device is so that people can't access it. It's a completely moot point if the manufacturer can manage to bypass it because then it means ANYONE will be able to figure it out. The only way that security like this can actually work is to not allow it to be bypassed in any form. Which is what Apple has done here. So even though they made the phone and the operating system they are just as incapable of bypassing the phone's security as the FBI are.
are you an apple engineer? How could u know 100% that there is no alternative? I am not a tech savvy so I cannot offer an alternative. I rarely see anything absolute. So I believe there is an alternative to this. Well I have expressed my personal view on this issue. If u believed opposing the government is the optimal choice than trying to work out a solution to benefit the whole nation then it'd be fine too.
are you an apple engineer? How could u know 100% that there is no alternative? I am not a tech savvy so I cannot offer an alternative. I rarely see anything absolute. So I believe there is an alternative to this. Well I have expressed my personal view on this issue. If u believed opposing the government is the optimal choice than trying to work out a solution to benefit the whole nation then it'd be fine too.
I don't need to be an Apple engineer. All you need to be able to tell that what the FBI is asking is impossible is some programming knowledge and knowledge of how operating systems work on even a theoretical level.
There is no alternative to this. It is literally physically impossible to implement any workaround to allow the FBI into the phone. ANY workaround would have to either utilize a backdoor (which doesn't exist, hence this situation) or would require an update to the operating system which would require the phone to be unlocked in the first place. (And thus is a completely moot point since that's the entire goal here in the first place.)
And even if they did implement a backdoor into the operating system you should refer to what I said earlier about opening up the door for abuse and hackers. There is no solution here which doesn't screw over innocent people so the only actual solution is to not put a backdoor in it at all and keep things strongly encrypted.
are you an apple engineer? How could u know 100% that there is no alternative? I am not a tech savvy so I cannot offer an alternative. I rarely see anything absolute. So I believe there is an alternative to this. Well I have expressed my personal view on this issue. If u believed opposing the government is the optimal choice than trying to work out a solution to benefit the whole nation then it'd be fine too.
I don't need to be an Apple engineer. All you need to be able to tell that what the FBI is asking is impossible is some programming knowledge and knowledge of how operating systems work on even a theoretical level.
There is no alternative to this. It is literally physically impossible to implement any workaround to allow the FBI into the phone. ANY workaround would have to either utilize a backdoor (which doesn't exist, hence this situation) or would require an update to the operating system which would require the phone to be unlocked in the first place. (And thus is a completely moot point since that's the entire goal here in the first place.)
And even if they did implement a backdoor into the operating system you should refer to what I said earlier about opening up the door for abuse and hackers. There is no solution here which doesn't screw over innocent people so the only actual solution is to not put a backdoor in it at all and keep things strongly encrypted.
Time will tell right? It is kidda moot point to go back and forth. Let's see how thing pans out.
Time will tell right? It is kidda moot point to go back and forth. Let's see how thing pans out.
"I can't counter this and don't want to admit I'm probably wrong here so let's meet in the middle so I don't lose face." At least exit the argument with some dignity ffs.
It's not a moot point, if they implement it it will be abused, the FBI should not have that power, neither should Apple really, it should be entirely under the user's control as to what software and encryption is on devices they own and how it reacts to being probed.
Time will tell right? It is kidda moot point to go back and forth. Let's see how thing pans out.
"I can't counter this and don't want to admit I'm probably wrong here so let's meet in the middle so I don't lose face." At least exit the argument with some dignity ffs.
u know I don't think you're wrong. I see your points n others as well. that is why I said it is a tough issue. There is really no winner in this case. If apple win, we'd get to keep our privacy. Terrorist gets to keep the secrets. Did we really win? If Apple lost, we wouldn't win neither. so I am hoping there is an alternative.
last edited at Feb 17, 2016 10:50PM
It's not a moot point, if they implement it it will be abused, the FBI should not have that power, neither should Apple really, it should be entirely under the user's control as to what software and encryption is on devices they own and how it reacts to being probed.
I am not disagreeing your points there. I heard congress is going to address cyber privacy issue soon. They probably are going to vote on a new law. Like after 9/11, they passed the patriot act.
u know I don't think you're wrong. I see your points n others as well.
You should really make that a lot more clear then because everything you've said up until now has suggested otherwise.
I heard congress is going to address cyber privacy issue soon. They probably are going to vote on a new law. Like after 9/11, they passed the patriot act.
The thing is you cannot have surveillance and keep things private. Cybersecurity simply cannot work in a way that allows both. If it allows surveillance then the security is a completely moot point because anyone with knowledge or time can work their way through it.
And the Patriot Act has been commonly accused of being unconstitutional as it is. It only ever got through Congress as a kneejerk reaction to 9/11 in the first place.
There's really only two outcomes here. We continue to respect privacy and quit with all this bullshit about surveillance agencies wanting backdoors and decryption keys for stuff, or we allow backdoors and decryption keys and such and while we may not terribly quickly see abuse of these things from official sources (mostly because, especially at first, people are going to be very wary of any potentially abusive surveillance) you can be guaranteed that there will be plenty of third parties who will work hard to prove why this was a stupid idea in the first place. The end result is basically the same really, privacy will have to be respected. Just one way will damage the well-being of plenty of innocent people before that happens.
u know I don't think you're wrong. I see your points n others as well.
You should really make that a lot more clear then because everything you've said up until now has suggested otherwise.
I agreed with the privacy argument. But I mentioned safety is important to me, personally. That mean I would be willing to give up some privacy. Though, I still hope there are ways aound it. u insisted on there would be no ways aound it. I say we dont know it yet so we shall see.
u insisted on there would be no ways aound it. I say we dont know it yet so we shall see.
This is one of the places that you really need to just accept you're wrong. You clearly don't have any expertise on the subject so you don't know whether it's possible or not. I'm definitely no expert on the subject but I do have quite a bit of experience so I do know what is and isn't possible here. What the FBI is asking is impossible in this case and while possible for future cases if Apple takes action it, as I've repeatedly said, opens up innocent people to abuse and hacking.
u insisted on there would be no ways aound it. I say we dont know it yet so we shall see.
This is one of the places that you really need to just accept you're wrong. You clearly don't have any expertise on the subject so you don't know whether it's possible or not. I'm definitely no expert on the subject but I do have quite a bit of experience so I do know what is and isn't possible here. What the FBI is asking is impossible in this case and while possible for future cases if Apple takes action it, as I've repeatedly said, opens up innocent people to abuse and hacking.
wrong abt what? wrong abt being optimistic? Abt hoping there is more than one way to resolve the issue? Ofc I dont know if it is possible or not. That is why I said I HOPE. I hope there's other way to break into that phone. If indeed there's no alternative way, that proved u r right & I had false hope.
last edited at Feb 18, 2016 2:33PM
wrong abt what? wrong abt being optimistic? Abt hoping there is more than one way to resolve the issue? Ofc I dont know if it is possible or not. That is why I said I HOPE. I hope there's other way to break into that phone. If indeed there's no alternative way, that proved u r right & I had false hope.
Let me try to explain this as simply as possible. You are saying you don't have the knowledge necessary to make a judgment on this. That is you and ONLY you. Just because you are lacking that knowledge does not mean that all of us are. I can tell you with absolute certainty that what the FBI is asking of Apple is physically impossible. There is no way for Apple to help the FBI break into this phone. Literally the only way is for the FBI to try and brute force it or obtain the passcode from the phone's owner.
This isn't something that has a possibility for me being wrong here. You just seem to think that your ignorance on the subject means there's somehow magically possibilities that don't in fact exist.
wrong abt what? wrong abt being optimistic? Abt hoping there is more than one way to resolve the issue? Ofc I dont know if it is possible or not. That is why I said I HOPE. I hope there's other way to break into that phone. If indeed there's no alternative way, that proved u r right & I had false hope.
Let me try to explain this as simply as possible. You are saying you don't have the knowledge necessary to make a judgment on this. That is you and ONLY you. Just because you are lacking that knowledge does not mean that all of us are. I can tell you with absolute certainty that what the FBI is asking of Apple is physically impossible. There is no way for Apple to help the FBI break into this phone. Literally the only way is for the FBI to try and brute force it or obtain the passcode from the phone's owner.
This isn't something that has a possibility for me being wrong here. You just seem to think that your ignorance on the subject means there's somehow magically possibilities that don't in fact exist.
Wow! u claimed u r no expert yet saying it is impossible for you to be wrong here. This matter has ended yet u made a judgement against me. Okay if that makes u happy.
Wow! u claimed u r no expert yet saying it is impossible for you to be wrong here. This matter has ended yet u made a judgement against me. Okay if that makes u happy.
You don't need to be an expert on a subject like this to know whether something is impossible or not. You just have to actually know what you're talking about. Which you don't. Though with the way you're resorting to just shitposting more and more I'm starting to think you're just a troll rather than an idiot. Not that there's much of a difference between the two.
Alice, as much I'd love to agree with you about the privacy protection, you clearly miss one important point. FBI can still invest into creating a back-door themselves. Your absolute belief in security as something unbreakable is purely theoretical unfortunately. Every software has bugs. I'm telling this to you as a 10-year professional tester with a degree in IT from one of the best Maths/IT unis in the world (LOL, I didn't study with excellence and I'm probably not the world's best tester of course, but still, I do have some experience and knowledge). And among all bugs, there are security bugs too. The recent news about a bug in the C library affecting practically all server software is a good example. So if FBI spend enough resources, hire some ex-Apple devs, some hackers, create regular hacking contests, etc, they'll manage to break it, sooner or later. It's really only the question of time and money. This is precisely the reason why giving away information about yourself in the net, to Apple/Google/Facebook/wherever makes it prompt to hacking and getting stolen no matter the security concerns. So the only real way to secure your privacy is not to give the info. It may look to you extremely conservative and outdated, but that is essentially the sad truth.
And in this case, Apple quite literally use PR, trying to get them the image of not being Evil. Which is not that bad, of course. But really, it's a lot more about politics, business success, than it is about privacy that they care about.
Personally I'd probably still prefer that FBI invested themselves to design the back-door they needed without Apple's help though. So I guess it's their way of getting some budget pie from the government. But even if they manage to get that back-door done themselves, it can still leak to public. Because, well, it's still people who work in FBI. So eventually, it'll be more money people's taxes spent this way, and time lost for the court. This can of course also improve security overall, if they publish results about the found issues similar to how Google have done it so far. So it's still probably a better alternative, but clearly a more expensive one. And with a risk of them never publishing such reports. And I'm actually quite certain they might have it broken already, but simply need an official decision to use this info in court as a legal proof. Which is of course also a risk of misinformation being created unless verified by Apple, who wouldn't be able to do it without their own back-door. Or they'd have to approve the back-door created by FBI and then release a fix to it. Which is kinda similar to Apple developing the backdoor themselves. And we're back to square one LOL.
Let's see how this evolves.
last edited at Feb 18, 2016 7:19PM
Going to split this up to make it a bit easier to see what bits I'm responding to.
Alice, as much I'd love to agree with you about the privacy protection, you clearly miss one important point. FBI can still invest into creating a back-door themselves.
I'm not missing this point at all. It just wasn't really relevant to what I was arguing. If the FBI wanted to do this then that's completely up to them. I'd still disagree with it and definitely think it wouldn't help at all in this case however.
Your absolute belief in security as something unbreakable is purely theoretical unfortunately. Every software has bugs. I'm telling this to you as a 10-year professional tester with a degree in IT from one of the best Maths/IT unis in the world
(Snipped for brevity.)
I'm not saying it's unbreakable. I'm saying in this case there's nothing that can actually be done. What the FBI are demanding in this case requires the phone to be unlocked so they can push an update to it or it requires a backdoor to already be in place. (Or a security exploit that can bypass the lock screen altogether but if they want that then Apple's not really the one to be asking here since they'd have patched something like that as soon as possible.)
This is precisely the reason why giving away information about yourself in the net, to Apple/Google/Facebook/wherever makes it prompt to hacking and getting stolen no matter the security concerns. So the only real way to secure your privacy is not to give the info. It may look to you extremely conservative and outdated, but that is essentially the sad truth.
It actually doesn't look outdated and conservative to me. I personally avoid that sort of thing whenever I can.
And in this case, Apple quite literally use PR, trying to get them the image of not being Evil. Which is not that bad, of course. But really, it's a lot more about politics, business success, than it is about privacy that they care about.
Of course. I should probably make my stance here a bit more clear. I actually intensely dislike Apple. I think they're a pretty scummy corporation. I just happen to agree that their actions here are the right ones regardless of their actual reasoning for doing so behind the scenes.
Personally I'd probably still prefer that FBI invested themselves to design the back-door they needed without Apple's help though. So I guess it's their way of getting some budget pie from the government. But even if they manage to get that back-door done themselves, it can still leak to public. Because, well, it's still people who work in FBI. So eventually, it'll be more money people's taxes spent this way, and time lost for the court.
If the FBI want to try then they should feel free to. As I mentioned above I still disagree with it but in that case it's really up to them.
This can of course also improve security overall, if they publish results about the found issues similar to how Google have done it so far. So it's still probably a better alternative, but clearly a more expensive one. And with a risk of them never publishing such reports.
Only if they publish it however. With an intelligence agency the chances of them doing that is pretty unlikely since publishing information on it means there's a much higher chance of it getting fixed. (Which is pretty stupid since anyone who stumbles across it can exploit it for malicious means meaning they'd probably protect more people by helping get it patched in the first place.)
Let's see how this evolves.
Of course, but I don't see Apple helping nor do I see the Supreme Court (if this issue ever gets that far) ruling against Apple here. If the FBI want into the phone they're going to have to do it themselves.
last edited at Feb 18, 2016 8:43PM