undefined | Better HN

0 pointssaurik10y ago0 comments

> Speaking as a developer. I'm not qualified to answer this for sure, but my gut feeling is that such a feature in the hands of typical end-users might actually be a bad thing for security.

I think users should be allowed to make the security tradeoffs they consider relevant. Many people leave a key to the door of their house somewhere outside but nearby, yet I don't think the people who build locks should decide that that is never acceptable and decide to play parent and come up with a solution to this problem: I would prefer people to be informed about the tradeoffs they are making, but they should be allowed to do what they want. Meanwhile, this enables the people who want more security than "I trust Apple, all of Apple's employees, Apple's security from hostile third parties, and the government under which Apple does business" to go "above and beyond".

> That's why I think calling this a backdoor isn't a fair assessment.

I am using this term because Apple is using this term: they said "They [the FBI] have asked us [Apple] to build a backdoor to the iPhone." when what the result would be would still require brute forcing a passcode to get the data in question. They make it sound extremely hard, but in fact it is really easy for them to do this: it is a single line of code changed; what makes it possible for them to do this is not that they haven't bothered to build it, it is that they are moral enough to not want to do it, and they are the only people with the key... but the key, fundamentally, is equivalent to the power the FBI wants. The FBI could "build" this backdoor for themselves if Apple handed them that key.

0 comments

studentrob10y ago

> I don't think the people who build locks should decide that that is never acceptable and decide to play parent and come up with a solution to this problem: I would prefer people to be informed about the tradeoffs they are making, but they should be allowed to do what they want.

Shouldn't Apple be allowed to do as it wants?

> what is fundamentally different is only that people realize the government might be able to force Apple to use their key.

The public already knows from the ongoing debate that the current iPhone is unlockable by Apple. What difference does it make if the key does not exist yet, as Apple says, or if it does, as you say? Everyone knows the power is in Apple's hands. We'll all demand better iPhone security as a result of this discussion.

> this enables the people who want more security ... to go "above and beyond".

I understand you are asking Apple for a specific feature that gives more security. Regardless of the existence of this particular case, you would still be trying to raise awareness and gather support for pushing Apple to implement that feature. Is that fair to say? I support you in that effort. I also think this discussion ought to be held separately, perhaps after the case, so that we can focus on not giving the DOJ any means to handcuff the tech companies. The results of this case will have a dramatic impact on all tech, and if you truly care about privacy and security, you will support Apple's stance.

Let's table the debate about how Apple needs to improve its phone security and allow users to update firmware, and focus on matters at stake: whether or not the DOJ should be able to compel Apple to hand over the key. Whether or not that key has been created is irrelevant to the fact that if the DOJ wins this case, it is one step closer to mandating that Apple make all their phones unlockable.

j / k navigate · click thread line to collapse