Apple/FBI thing backdoor practical discussion

It is more like a combination of the two scenarios. The account ID has a password and there is a second 'PIN' password set by the end user that Apple does not have. A third "key" can be the user's fingerprint. Wiping the device is not necessarily permanent because you can privately store a backup copy, the data is only wiped locally. You would need the account ID and the PIN and most likely a backup key to access that data.

Apple encourages users to use a fingerprint ID along with their personal key. Apple can't access the data without the user's keys.

Apple is now working on an iPhone even they can’t hack:

[nytimes.com...]

It's hard to brute force a device that securely wipes itself after a certain number of tries. They're lobbying for removal of this 'security feature', not to break the encryption. This seems like an obvious political ploy to gain precedent to do this on a larger scale. It's doubtful there's anything valuable on this actual phone as they have older iCloud backups to play with. This is a smart way for them to garner public support to do this in a way that doesn't make them look like privacy violators the way that asking for a backdoor to encryption does.

Apple's 4 digit pass-code is to blame here. It's imminently brute-forceable in a reasonable amount of time. Their band-aid has been this OS controlled 'feature' that limits the number of attempts. Although clever, it's their Achilles heel in this case, as it's possible to override this by altering the OS. Going forward, they have little choice but to make this impossible. The problem will be whether they can make something that is still usable for the public.

Lets get real, there is no mystical data that is only available locked up inside the iphone that isn't available in other places. I thought we learned from the NSA's hack of Google? We're talking about privacy vs the illusion of privacy here.

Why would the FBI be butting heads with Apple when they likely know what's in the phone?

The phone wiping is not a default setting, it would need to have been set by the user. They would not likely set the phone to wipe all data unless there were a backup. The backups need the account ID and password and the PIN passcode to access encrypted data. Apple does not have the PIN which can be reset by the user any time.

IF the phone was connected to a computer and accessed via iTunes all the contacts, notes, files and settings could be accessed - but they would need the iTunes login and the PIN. If it has not been set to wipe on failed attempts, it could be cracked. They should be talking to the person who owns the iPhone, not Apple.

I'm not currently an iOS user so I'm not familiar with the defaults. When I did have an iPhone there was an option (think it was an option) to increase the times between guessing if you entered the password incorrectly more than once. That would also prove to make brute-forcing a phone's password quite difficult. This would also be something that the OS controls, not the hardware (there is a separate hardware controlled delay that the FBI can't ask Apple to remove.). I recall having this activated and password guesses could make you wait about an hour before trying again after a certain amount of tries. I've heard talk that they're trying to remove this as well.

I was passing through the Apple site today to check post-holiday refurbs and noticed a link down in the corner [apple.com...] The article/letter covers Apple's POV and it paints quite a different picture. They have complied with all subpoenas and even offered their engineers to help in this specific case. It also explains the difference in this case:

A Dangerous Precedent

Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.

The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

It explains their refusal pretty clearly.

You and I need to enter a password to use it and if a person gets the password wrong things might get wiped but that has never stopped an update from installing itself which TELLS you that the phone is NOT secure. Again, why are we even discussing as if the FBI doesn't already know what's in the phone? They want to officially have it unlocked so they can actually use what they know is in there. If it's not "officially" unlocked then the illusion of privacy would be shattered when they bring up some of the things that are supposed to be private.

Like a good lawyer the FBI only asks for things when they already know what they will get.

This specific case of the FBI vs. Apple is simply the battle the federal government has picked to finally launch their war against all digital privacy in the USA.

For the last few years, both the Directors of the FBI and National Intelligence have been barnstorming the country, both in public and in private with the tech companies, insisting that law enforcement in this nation MUST have backdoor access to encryption as a matter of national, state, and local security and law enforcement. But instead of seeing both the public and the tech companies meekly or pseudo-patriotically comply with its demands, more of the public and virtually all the tech companies are separating themselves from the government on the issue and, indeed, going in the opposite, American constitutional direction to even more private (read stronger) encryption technology.

So, the law finally decided to force the issue legally, and what better case to do it with than an open and shut terrorism case?

If the feds can win this battle by having the Court force Apple to even attempt to backdoor both the 10 password attempts and pause between password entry (thereby allowing the FBI to then try all the brute force they want, no matter how long it takes them), then they will have succeeded in setting a legal digital precedent for the government to really start exercising its anti-encryption will over every private corporation and company in America.

Others have already mentioned what many already believe: the federal government almost certainly already has all the meta from that phone, which - if, in fact, true - simply proves that this particular battle with Apple serves as the first significant shot of the digital privacy war against private corporations and companies the feds have now decided to wage.

Legislation in both the Senate and the House, both pro- and anti-encryption, is currently circulating; the Executive has simply decided it wants a a very, very public ruling from the Judiciary most favorable to its draconian intent first.

Think about the now-here future of the Internet of Things and how all the info it utilizes must be encrypted to maintain any semblance of privacy for users - and then think about backdoor access to it all, allowing not only the federal government entry, but any other entity that has the talent to work its way in, too.

Surely we've traded-off enough of our constitutionally protected privacy by now in exchange for all the "security" they've been selling us, right? Or, are we really going to surrender it all to the police state which is already enveloping us?

Aherman, the privacy is already gone! They now want to be able to openly use info they collect without someone saying "how did you know that?" in court. If they receive the right to unlock at will they no longer need to reveal how they gather data. We're talking about the same FBI that openly taught police how to lie to judges about their use of "stingers" to trick cell phones, google it.

A local police chief got fired for using a stinger to listen in on teenage girls phone conversations, and this is a tiny little town.