You own the software, Feds tell Apple: you can unlock it Apple's battle to avoid handing over user data to the US government has taken an unwelcome turn, with the Feds claiming in court that Cupertino's license agreement gives it the right to do what the government tells it. In a case being heard by US Federal Court magistrate James Orenstein, the government has argued that the …
Then the government will counter that in order to do business in America, there MUST be a US office subject to government-mandated scrutiny, basically fording them to either come back or abandon 350 million potential customers.
Remember that the first iPhones were deliberately GSM based so as to work well world wide rather than being CDMA2000 based, which would have been far better in the USA. World market first, USA second has been their phone philosophy...
Remember that there's only 350 million Americans, but there's about six billion people everywhere else. If Uncle Sam ruins that world wide market then Apple will have to pack up their bags and move. Same for Microsoft, Amazon, Google, Facebook, Twitter... At least some of those companies don't need a physical presence in the US.
Moving their HQ out of the US would change nothing in this case. They would still be selling in the US and they would still have a presence in the US, as such they would all be in the same boat. It would however damage th eir reputation much more than staying. Abandoning the US would definitely put off a lot of US consumers. At the moment they can still pretend they are buying an American product, while conveniently ignoring the fact that it is manufactured in a Chinese sweatshop. If Apple were not headquartered in the US then their products would be no different to Samsung or HTC.
Moving their HQ out of the US would change nothing in this case. They would still be selling in the US and they would still have a presence in the US, as such they would all be in the same boat.
Not quite. If Apple were no longer a company with a US HQ with only a small sub in the US it would be in a far better position, but Apple can't change that. Not only is it building a massive HQ there, it is also engaged in a current court case so it can't just up sticks, and all of its capital is US based.
So it's screwed, basically.
"I foresee US companies not having another option than moving their headquarters to outside the USA..."
They can just move their R&D - particularly anything involving encryption - outside of the USA. I know of one that moved this type of development to Russia specifically to escape US legal reach.
One part of me wants to mock iUsers for willingly sacrificing their freedom to live within a walled garden.
But a greater part of me is concerned that Uncle Sam is using the wording in the EULA that basically says "Don't steal our shit", in order to force Apple to allow the feds to steal someone elses shit.
Don't mock 'iUsers' when, as the article pointed out, it is the EULA that every company uses that is the point of attack. It is not 'Apple', it is every company. It is not 'iUsers', it is everyone using proprietary software.
Damn, the only three-letter agency that is going to win at the end of all this is RMS.
You are aware that nearly all non-open-source software has more or less the same conditions in the EULA (we own the software and you get to use it at our discretion), right? Doesn't matter which brand phone you've got in your pocket, if the feds make that stick you're screwed. This is not an issue to be gloating over just because it happens to be a tech firm that you don't like for whatever reason that's the current target. "First they came for the jews..."
presumably you own your encryption key?
If not license wording can be changed to something like 'Apple gifts you your encryption key which becomes your personal property and you have the right to do wtf you like with it. Apple relinquishes any ownership or rights over your key, blah blah blah' and so forth.
Not that this helps older software but then Apple could happily spin it as a reason to upgrade (again)
This isn't one of the instances where certain three letter groups are simply telling Apple to hand over user information, The court has an actual search warrant. This means there is good reason for the courts to look at what is on the device, otherwise the judge wouldn't have signed off on it.. It follows due process. Good chance that all Apple is doing is protecting a criminal. And for failing to comply with the search warrant should be held in contempt.
'I think that Apple is saying, "This is not *our* information to hand over, it's his or hers," and pointing the feds at that individual.'
However, the point is that there is a search warrant. Due process of law is being followed. We complain when the authorities don't follow due procedure. When they do we should acknowledge the fact.
"However, the point is that there is a search warrant."
Yes, but to my mind, at least, that warrant is being improperly served, which is my biggest gripe with most cyber law as it stands. I don't care who runs/owns the Operating System/Application/Datacenter etc. It's still my data! You want a look at it, come talk to me. In that way, I, who am familiar with the requested data, can decide what rights I wish to pursue with an attorney.
The existence of a search warrant does not mean that there's a good reason for the courts to look at what's on the device, it only means that someone convinced a judge that there is something incriminating on said device.
Based on a search warrant which was later proven to be invalid, my home was once searched, late at night, with me held at gunpoint. Nothing was found, apparently the police found something incriminating in a rubbish bin in front of my home - one of several identical bins lined up in a row, and this was the basis for said warrant.
Btw, no one ever said oops, sorry, wrong house. Hey but I have nothing to hide, right. Damn I've gone OT again.
But who decides who is the criminal. A presupposition is being made that because courts and feds want information the person is guilty. How can it be said that Apple is protecting the criminal before the evidence becomes avaiable. Once again the so-called war on terror becomes a tool to snoop upon anyony whose views may differ.
That's a bit naive, if you don't mind me saying so. We know that the FISA court that oversees these orders rubber stamps them (since the justices that are hand picked for it are guaranteed to do the right thing and not ask embarrassing questions) and the warrants are themselves overly broad. There is a clear conflict of interest between 'We, the People' and what these agencies believe is good, orderly, government.
In America we are allowed to be skeptical of government. In most countries people are brought up to obey government, its a hangover from the power of a monarchy as God's representative on Earth, so the notion that a government itself has to play by the rules and can be challenged if you think they are not behaving themselves might seem a bit weird. In this case Apple, like a lot of us, think the government has clearly overstepped its authority. Trying to tie user data to program code confidentially is one example of how government lawyers are trying to stretch logic beyond breaking point to suit their purposes (one that should fail -- as we all know, program logic and program data are two different things so I think the government is about to get a crash course in software design).
What a mess... I guess the Feds have possession of the phone in question? Then what they're asking Apple to do is unlock the door. If this goes through, then all software companies will be forced to unlock any device* the Feds wish. Bad precedent... very bad. Which would/could lead to forcing encryption with a back door. Which may effectively kill tech in the US. If there's a backdoor, others will find it and use it.
If the Feds don't have possession of the phone, they are asking Apple to unlock the door and bring everything out of the room and hand it to them. Not a good precedent either.
It would seem that if they have possession, then they also have the owner/user of the phone. He/she should be in contempt if they refuse to unlock the phone. In which case, refusing and being held in contempt is an excuse for the court and government to hold him/her forever or until they do unlock it.
What a flustertruck of epic proportions. It would serve the government right if the tech companies moved their headquarters overseas somewhere and re-incorporated as their tax money would go with them and to the place they moved. Uncle Sam wouldn't be able to grab any of it.
*Not just phones... PC's, hard drives, basically everything.
@Mark 85
Not quite so because there is one crucial point you're missing here: Apple are technically able to unlock this phone.
As the article said, Apple could not say that they unable to do what was required and that is why they have taken the tack that they are not allowed to do so. If they couldn't do it anyway then it would be a moot point.
Of course, there is still an interesting and troubling precedent waiting to be set but it is - at least conceptually - easy to avoid without having to change a line of the EULA: design the software and hardware such that it is impossible for Apple to unlock their phones.
As I understand it, that is already the case in some instances so it just needs to be a policy that this is always done. Perhaps, and I am no engineer, but one can imagine a system that would allow an Apple store to unlock the device but still actually require the customer's input, for example with a secondary code that the user can choose.
This case actually ties in with other issues around cloud services being asked to hand over data* because the the whole issue comes about because the companies can hand over the data. If they were technically unable to do so then all the warrants and national security letters in the world wouldn't help.
Yes, it would be great it this wasn't an issue because law enforcement agencies actually respected privacy and proper process (which does appear to have happened here) but it is obvious that that is not the case so the only way to secure data is with real 'no knowledge' systems, meaning that the vendors cannot access the data at all.
This is something that needs to happen and needs to happen as quickly as possible and in as concerted an manner as possible so that it gets done before these agencies can cry to law-makers demanding back doors.
* - Like the MS Ireland case.
They've already done that, the problem here is that the phone is running older software - probably because this case has been winding its way through court since iOS 7 was the current version.
http://www.reuters.com/article/2015/10/21/us-apple-court-encryption-idUSKCN0SE2NF20151021
So they don't really need to do anything to help current Apple customers, assuming they are running iOS 8 or newer on their devices which the vast majority are. However, having a precedent set where the court can compel Apple's help would get the Feds after them to try to help hack into iOS 8 and newer devices. Since Apple designed the thing, it may be possible for them to disassemble my phone, desolder the chip containing the secure enclave, hook it up to some specialized equipment that knows how to talk directly to it (which only they would know since they designed it) and get it to provide the key required to decrypt my phone's contents. Even if that's not possible, with the precedent in hand the Feds would try to make them do it anyway.
@DougS
That was my understanding - that it was something that has been done but I wasn't sure if it was actually a deliberate policy of Apple to do this or whether the situation depends not on a conscious decision on the part of Apple Management but instead is down to the idiosyncrasies of the iOS software such that in one instance it is unlockable and the next it isn't and then the one after that it is again, simple because they're using different code which has a side effect of enabling this.
So what I am saying is that it needs to actually be a requirement such that if the software is tested on this front and patched/corrected if it fails.
When you talk about opening up the phone, however, that - to me - falls into Apple tampering with something the customer does actually 'own': the phone itself. Thus Apple would presumably have a defense against being compelled to do this as the EULA no more allows them to dick-around with peoples' phone hardware than it allows them to break into their home.
How it would actually go down is another question but it is a markedly different situation when judged by the argument being made in this case, which is that the EULA means Apple owns and controls the software.
Dan it was a very conscious and deliberate decision on Apple's part to do this. There isn't anything to 'fail', because your password generates a certificate which is stored in the secure enclave and never backed up whether via a tethered iTunes backup or an iCloud backup. The side effect of that is that if you forget your password you're screwed and will have to restore from a backup (though I'm not sure exactly how you'd even reset that phone back to factory defaults, but maybe Apple can help there)
But yes, since it was a design decision that was deliberate, if a way around it is ever found I'm sure they'll correct it.
"What a flustertruck of epic proportions. It would serve the government right if the tech companies moved their headquarters overseas somewhere and re-incorporated as their tax money would go with them and to the place they moved. Uncle Sam wouldn't be able to grab any of it."
Wouldn't Uncle Sam count this as an export and therefore subject it to an exit tax?
Yep interesting situation. The Accused can taken the 5th. the Cops have a valid search warrant wanting to get at the information that no doubt confirms their suspicions And for the first time Ever I am agreeing with Apple with them pleading in court. Hey please don't use our own EULA against us. It is used to screw the user over , not us.
"I suspect what the Feds are saying is, you control what software runs on the device, so push software to the device that allows us to get unfettered access; i.e. you have the capability to backdoor the device so we are ordering you to do it."
It's not what the Feds are saying. From the article: "the device in question is an iPhone 5s running iOS 7 – one of the devices that Apple can unlock" (my emphasis).
However, it's worth looking at the point you make. If the device isn't unlockable by Apple the likelihood is that it requires key input by the user. In the absence of such input it would make no difference what S/W Apple were to push on to it it would stay locked so no amount of huffing & puffing by the Feds would help them in the least.
I would say not because the key differentiator here is that the people you sell the locks to own those locks. In the case of software, such as iOS, the software is not owned by the end user; it is owned by the vendor. (In this case Apple.)
This is relevant because it is not the phone per se that is locked but the software and while the user may own the phone hardware, they are merely using the software under a strict and limited license, with Apple retaining actual ownership.
Not that I support what is being asked for but it does seem to hold up.
"users have no rights under the EULA "
Well thank you for making that official, Mr. FBI Agent.
Now we know that, after having to change our habits to incorporate encryption everwhere, we're also going to have to totally review the bog-standard EULA and change the way we do commerce all over the world.
All that because of the paranoid behavior of a scant few thousands of people in one country.
A precedent set in the US wouldn't be binding elsewhere. In any event I'd guess that Apple will push this to the Supremes.
If the judgement stays I'd also guess that it will provoke some changes to EULAs to make them more customer friendly which might not be a bad outcome in the long run.
iOS like any software is a tool to process data and it is the data that is the subject of the debate. Allowing the FBI to access the data is surely not related to the nature of the tool used to process that data.
The argument can be brought into the physical world by example. It I borrow a hammer from a tool store I do not own the hammer, I have a licence to use it. If I use the borrowed hammer to hammer in the nails I have bought to build my house the house I'm building is still mine. The person who owns the tool store does not have claim on the house I have built using the borrowed hammer just because that person owns the hammer.
In the same way, Apple does not own the data on the phone because it licensed iOS (the hammer) to a user. There may be many legal reasons why Apple will be compelled to cooperate but existence of a EULA is not one of them. That a Federal prosecutor feels it is necessary to introduce this argument surely must be a measure of desperation.
If it were different, the US government and US corporation would be in a hopeless situation. Imagine all the software used to process government corporate data which has been used under the terms of a EULA. If the argument before the court is accepted then Microsoft, Google, Amazon, Oracle and other corporation will be deemed to own the data their software has processed.
... that EULAs which say "you don't anything, we just give you permission to use it" are being used against the companies who wrote them, if it wasn't for the fact that this is being used to circumvent the rights of users.
I sincerely hope that 1) The Feds get told by the Courts to take a running jump and 2) The EULA writers sort their bloody game out ASAP!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
