Apple Open Letter… eh

[ Updated below, but I’m leaving the text here as I originally wrote it. ]

 

By now, just about everyone has seen the open letter from Apple about device encryption and privacy. A lot of people are impressed that such a company with so much to lose would stand up for their customers. Eh, maybe.

I have to somewhat conflicting thoughts on the whole matter:

1)

If Apple had designed security on the iPhone properly, it would not even be possible for them to do what the government is asking. In essence, the government plan is for Apple to develop a new version of iOS that they can “upgrade” the phone to, which would bypass (or make it easier to bypass) the security on the device. Of course, it should not be possible to upgrade the OS of a phone without the consent of a verified users, so this is a bug they baked in from the beginning — for their benefit, of course, not the government’s.

Essentially, though they have not yet written the “app” that takes advantage of this backdoor, they have already created it in a sense. The letter is therefore deceptive as written.

2)

The US government can get a warrant to search anything. Anything. Any. Thing. This is has it has been since the beginning of government. They can’t go out and do so without a warrant. They can’t (well, shouldn’t) be able to pursue wholesale data mining of every single person, but they can get a warrant to break any locked box and see what’s inside.

Why should data be different?

I think the most common argument around this subject is that the government cannot be trusted with such power. That is, yes, the government may have a reasonably right to access encrypted data in certain circumstances (like decrypting known terrorist’s phones!) but the tools that allow that also give them the power to access data under less clear-cut circumstances as well.

The argument then falls into a slippery slope domain — a domain in which I’m generally unimpressed. In fact, I would dismiss it entirely if the US government hadn’t already engaged in important widespread abuse of similar powers.

Nevertheless, I think the argument that the government should not have backdoors to people’s data is one of practical controls rather than fundamental rights to be free from search.

 

I have recommendations to address both thoughts:

  1. Apple, like all manufacturers, should implement security properly, so that neither they nor any other entity possess a secret backdoor.
  2. Phone’s should have a known backdoor, a one-time password algorithm seeded at the time of manufacture, and stored and managed by a third party, such as the EFF. Any attempts to access this password, whether granted or denied, would be logged and viewable as a public record.

I don’t have a plan for sealed and secret warrants.

 

[ Update 2/17 11:30 CA time ]

So, the Internet has gone further and explained a bit more about what Apple is talking about and what the government has asked for. It seems that basically, the government wants to be able to to brute-force the device, and wants Apple to make a few changes to make that possible:

  1. that the device won’t self-wipe after too many incorrect passwords
  2. that the device will not enforce extra time-delay between attempts
  3. that the the attempts can be conducted electronically, via the port, rather than manually by the touch screen

I guess this is somehow different than Apple being able to hack their own devices, but to me, it’s still basically the same situation. They can update the OS and remove security features. That the final attack is brute force rather than a backdoor is hardly relevant.

So I’m standing behind my assessment that the Apple security is borked by design.

If programming languages were exes

 

[ Please excuse this ridiculous flight of fancy. This post occurred to me yesterday while I was hypoxically working my way up Claremont on a bike. ]

An common game among the nerderati is to compare favorite computer languages, talking trash about your friends’ favorites. But what if programming languages were ex-girlfriend (or -boyfriends)?

Perl 5

Perhaps not the most handsome ex, but probably the most easy-going. Perl was up for anything and didn’t care much what you did as long as it was fun. Definitely got you in trouble a few times. Did not get jealous if you spent time with other languages. Heck, Perl even encouraged it as long as you could all play together. Perl was no priss, and taught you about things that you shouldn’t even describe in polite company. The biggest problem with Perl is that nobody approved, and in the end, you dumped Perl because everyone told you that you had to grow up and move on to a Nice, Serious Language. But you do wonder what might have been…

Perl 6

Never actually went on a date. Stood you up many times.

Python

Trim and neat, Python really impressed you the first time you met. Python came with a lot of documentation, which was a breath of fresh air at first. However, the times when Python’s inflexibility proved annoying started to mount. After one PEP talk too many, you decided to move on. You still remember that one intimate moment when Python yelled out “you’re doing it wrong!” Relationship- ender. Mom was disappointed.

C++

C++ seemed to have it all. It knew just about everything to know about programming. If you heard of some new idea, the odds were that C++ had heard of it before you and incorporated awhile back. You had many intellectual conversations about computer science with C++. Thing is, C++ seemed kind of rulesy, too, and it was hard to know what C++ really wanted from you. Most annoying, whenever you didn’t know what C++ wanted, it blamed you for not “getting” it. C++ also seemed to have a bit of a dark side. Sure, most of the time C++ could be elegant and structured, but more than once you came home to find C++ drunk and in bed with C doing some truly nasty things.

C

C is not an ex. C is your grumpy grandpa/ma who gives zero f@#ks what the kids are doing today. C is the kind of computer language that keeps a hot rod in the garage, but crashes it every time it takes it out. It’s a wonder C is still alive, given its passtime of lighting M-80’s while holding them between its fingers. Thing is, it’s actually pretty fun to hang out with C, someone who can tell good stories and get its hands dirty.

PHP

Looked a lot like Perl, just as promiscuous, but never said or did anything that made you think or laugh. Boring. Dumped.

Haskell

The weird kid in high school that sat alone and didn’t seem to mind be ostracized. Everything Haskell ever said in class was interesting, if cryptic. There was something attractive about Haskell, but you could never put your finger on it. In the end, you couldn’t imagine a life as such an outsider, so you never even got Haskell’s phone number.

Excel

Wore a tie starting in elementary school, Excel was set on business school. Funny thing was that beneath that business exterior, Excel was a complete slob. Excel’s apartment was a pig sty. It was amazing anything ever worked at all. Pretty boring language in the end, though. Went on a few dates, but no chemistry.

Java

Man, in the 90’s everybody was telling you to date Java. This was the language you could finally settle down with. Good thing your instincts told you to dodge that bullet, or you’d be spending your retirement years with a laggy gui for an internal app at a bank. Ick.

Javascript

You were never that impressed with Javascript, but you have to admit its career has taken off better than yours has. Seems Javascript is everywhere now, a celebrity really. Javascript has even found work on servers. At least Javascript is not hanging out with that ugly barnacle, Jquery as much as it used to.