We are developing the social individualist meta-context for the future. From the very serious to the extremely frivolous... lets see what is on the mind of the Samizdata people.

Samizdata, derived from Samizdat /n. - a system of clandestine publication of banned literature in the USSR [Russ.,= self-publishing house]

On the false choice between Privacy and Security

Many commentators are referring to the current fracas over strong encryption and other security technologies, including especially Apple’s refusal to provide the FBI with hacking tools for the iPhone, as a trade-off between privacy and security.

Even people who feel that strong security technologies are a good thing often position things as a trade-off of this sort.

I would like to reiterate something many of us already know: this is an entirely false dichotomy.

Backdoors in security systems don’t just eliminate privacy, they also make systems insecure.

The current fight isn’t just to make sure that the government cannot learn that you’re reading dissident publications or to make sure the government cannot automatically find everyone who has opinions it doesn’t like, although those are certainly worthy things to want.

The current fight is about whether we will impose a technological infrastructure which will be exceptionally vulnerable to attackers in order to provide nothing more useful than some very, very short-term advantages to people investigating crimes.

This pits the interests of everyone in society who depends on technology for their safety, which is to say, more or less everyone, against a tiny group of law enforcement officials who find their jobs somewhat more difficult.

We should remember that the damage caused by insecurity in our critical systems is not theoretical — it is pervasive problem even today. We saw only this last week a hospital forced to pay ransom to restore its computer systems. We’ve seen instances in the last year of the US federal government losing data on literally everyone with a recent security clearance to enemies unknown who presumably are very, very interested in knowing who all those US government agents might be. Untold millions of dollars are stolen every day in various sorts of computer fraud — everything from credit card fraud to fraudulent IRS e-file refunds. We already know that you can do horrible things to SCADA systems and the like that could potentially kill people, and whether you believe that’s already happened or not, it is clearly only a matter of time before people die that way.

All of this is because of lack of security in computer systems — a lack of security that the FBI, Cyrus Vance Jr., and other special interests propose to make dramatically worse on a permanent basis, in order to make their jobs somewhat easier for the short term. Imagine what things will be like in a world where Cyrus Vance has a slightly easier job but maniacs who have stolen US government master crypto keys can cause thousands or millions of automated cars to crash, killing their occupants.

So, please stop making it sound like it is merely the right to privacy that is at stake. Certainly the right to privacy is crucial for our society, but even those who do not agree with privacy should understand that back doors are not about making a trade-off in favor of increased security but in favor of pervasive insecurity.

This is not about security vs. privacy. We’re talking about nothing less than deranged short-term thinking that privileges the convenience of a small part of the machinery of law enforcement over the safety of almost everyone in our entire society.

65 comments to On the false choice between Privacy and Security

  • Vinegar Joe

    I guarantee you this. If Syed Rizwan Farook had attacked a Christmas party at Apple and murdered 14 managers, Tim Cook would have had Farook’s iPhone decrypted and the info turned over to the FBI before you can say “Religion of Peace”.

  • Perry Metzger (New York, USA)

    I see that “Vinegar Joe” is under the delusion, as so many others are, that a world where systems are insecure is one where he is going to be safer.

    One day soon, the world he longs for would result in his messy death when the SCADA systems running the elevator he is traveling in were sabotaged to send him crashing quickly into the basement of the building.

    Technology is not some arbitrarily malleable tool. Engineers cannot will into existence perpetual motion machines simply because people like “Vinegar Joe” want them to, and neither can they will into existence systems with back doors that will not also result in dangers far worse than the ones he imagines that such back doors will fix.

  • newrouter

    San Bernardino Shooter’s iCloud Password Changed While iPhone was in Government Possession


  • Tim Cook would have had Farook’s iPhone decrypted and the info turned over to the FBI before you can say “Religion of Peace”.

    And that would not change one iota of the truth of what Perry M. lays out above. This issue is vastly, incomparably bigger than this particular case.

  • Perry Metzger (New York, USA)

    The politician grabs the engineer by the collar. “Can’t you just build me a gun that will only shoot bad guys?” they demand. When the engineer tells them that no, a gun can’t distinguish bad guys from good guys, they accuse the engineer of holding out on them, of refusing to try hard enough.

    The fact that the politician is too unskilled and indeed too unintelligent to understand the basics of how to build a gun for themselves does not deter them from being absolutely, completely convinced that it is simply a matter of the engineers disingenuously failing to cooperate because they have some hidden agenda.

    “If they really cared”, the politician says, “the engineers would build me my gun that only could shoot bad people. They are callous fiends who do not care to help. We will make them try harder by torturing them or passing laws.”

  • Perry M: to be fair to Vinegar Joe, he did not actually express an opinion on the central issue so you are imputing something he did not state. He might think what your riposte was aimed at, but actually his remark was about Apple’s likely behaviour in a given scenario.

  • Perry Metzger (New York, USA)

    True enough, and I should not have imputed to him more than he said. That was (among other things) less than charitable of me.

    However, regardless, we should not care overly much about Apple’s motives or hypothetical behavior in another scenario might be. Those are at best a distraction.

    Instead, we should concentrate on the central issue, which is what we feel proper public policy should be, and clearly it should not involve the state imposing technology decisions that endanger all of us.

  • Julie near Chicago

    Here’s what ex-CIA-head Michael Hayden had to say about it. He and the Perries seem to be channelling the same Muse. I find his argument persuasive, if anybody cares. (Of course, it’s not as if I believed the individual right of privacy has any existence, let alone importance. *g*) One thing: He notes Jim Comey, as head of the FBI, has a different viewpoint from most of us — including him. However, the way he explains that rather refreshing observation is interesting in its own right.

    —- —- —- —-


    Ex-NSA, CIA chief Michael Hayden sides with Apple in FBI iPhone encryption fight

    February 18, 2016

    Apple and the U.S. government are gearing up for a public and legal battle over FBI Director James Comey’s demand that Apple give the FBI a tool to break the passcode on San Bernardino shooter Syed Farook’s iPhone, a tool Apple argues create a “backdoor” around the iPhone’s security, putting customer privacy and safety at risk and setting a dangerous precedent in the U.S. and abroad. Google CEO Sundar Pichai sided with Apple on Wednesday, but Apple CEO Tim Cook also got a more surprising endorsement for his stand against the FBI: Gen. Michael Hayden, former NSA director (1999-2005) and CIA chief (2006-2009).

    In a conversation with Wall Street Journal associate editor John Bussey posted Wednesday, Hayden said that he understands both sides of the unbreakable end-to-end encryption debate, but …. [Snip]

    And at the article’s site, or on UT, you will the WSJ’s video of Mr. Bussey interviewing Mr. Hayden.


  • Julie near Chicago

    Blast. UT!! I forgot. Smited! 🙁

    I hope my comment gets released soon, because it has a pretty good video of Michael Hayden on this very topic

  • mike

    I just made a very similar argument against the introduction of hate-crime legislation in Taiwan. Such legislation purports to introduce a short-term benefit to certain specific groups of people (the deterrence* of hate crimes relating to race, religion, gender, sexuality and disability) in exchange for the long-term legal insecurity of everyone else.

    *Where is the evidence that such legislation actually does deter so-called “hate crimes”?

  • Paul Marks

    On the specific case before us.

    Mr “Tim” Cook of Apple Computer has refused a Court Order (not an FBI instruction – a court order) to open up a device in a murder case.

    The court, as far as I know, has not asked Mr Cook to tell the FBI how to open the device – the court has told Mr Cook of Apple Computer to provide the information on the device (made by his company) of the murderers.

    Mr Cook has refused to comply with the court order – he does not care what details of other terrorist operations may be the device.

    If I defined a court order in a murder investigation I would be sent to prison.

    Why is Mr Cook not in prison? And I do mean an ordinary prison – not “Club Fed” as a marketing stunt for Apple Computers.

    “But Mr Cook is a libertarian hero”.

    I seem to remember this is the same Mr Cook who demanded laws preventing “discrimination”.

    I see so the government can tell private companies who they must trade with and who they must employ.

    But the courts (and they could be anarcho capitalists courts if the fact that it is a government court is what upsets people) may not demand the contents of a device in a murder investigation.

    And Vinegar Joe is quite correct.

    If this was, for example, the telephone of the local KKK boss or, of someone who was (horror of horrors) against “Gay Marriage” – Mr Cook would be spreading their private information across the planet.

    There would be no talk of the “false choice between security and privacy” then.

    It is only terrorism, murder, that Mr Cook does not care about.

    Mr Cook has nothing but contempt for Court orders (he is the head of Apple “they would not dare” send him to an ordinary prison …..) – but should there be a petition in a university (“Go For the Bern – Bernie Sanders”) against someone who was suspected of “racism” or “homophobia” Mr Cook would, I repeat, order their private information be spread to everyone who wanted it.

    The fact that this is an electronic device is not relevant.

    If I was involved in murder and had information in a safe deposit box and the company that made the safe deposit box refused a Court Order to open the safe deposit box – what would happen to the head of that safe deposit box company?

    Why should the same thing not happen to Mr Cook?

  • Paul Marks

    In case there is a reply involving such words as “freedom”, “liberty”, “rights”, “privacy” and so on.

    It is not fitting for a determinist to use these terms in a supportive way.

    If all actions are predetermined, if there is no moral choice (no ability to choose to do other than we do), then Mr Cook has NOT “made a stand against a government” – he has simply acted in a predetermined way. Nothing that can be praised or blamed.

    And if the court chooses to respond by sending Mr Cook to prison – they also (if determinism is correct) done nothing that can be praised or blamed. As they have simply acted in a predetermined way – with no moral choice involved (if Free Will, moral choice, does not exist).

    if Mr Cook has no Free Will in regards to his choice to back government regulations banning “discrimination” then YES he has no Free Will (moral agency – freedom of choice) in relation to defying a Court Order in a murder case.

    But the government people also (if determinism is correct) have no Free Will (no moral agency – freedom of choice) in what they do to Mr Cook – as this (like his actions) is also Predetermined.

    We are in the world of Martin Luther – “Here I stand, I can do no other” – not a statement of moral choice (as English speakers are likely to misunderstand these translated words), but a statement that Mr Luther’s actions were predetermined. That Mr Luther had no real choice over his actions – that, properly speaking, his “I” (his choosing moral self) was an “illusion”.

    As was the moral “I” of someone who, for example, burned him. As they would have no real choice over their actions either – they could do no other than they did.

    So please no talk about “freedom”, “liberty”, “privacy” etc from determinists – thank you very much.

    The terrorists murder people (and plot with other terrorists?) without moral choice.

    Mr Cook “chooses” (in fact does not choose – any more than a clockwork mouse does) to defy a Court Order in a murder case, because his action is predetermined by a series of causes and effects going back to the Big Bang.

    And the government people will either imprison him or not – again with no real moral choice. Their actions also being predetermined.

    So nothing moral to discuss here as morality (properly speaking) does not exist. With freedom, liberty, privacy (etc) being an “illusion”.

    Move along people.

  • J.M. Heinrichs

    No, the court’s demand is that Apple produce a variant of iOS which will allow the FBI to access the data on just this one iPhone. Mr Cook has stated that if Apple were to do so, there is no guarantee that this would be a one-use-only. And to create a version of iOS which offers the functionality desired by the FBI, would be to release a version which could crack most other iPhones if it were to ‘escape into the open’. And no-one from the FBI has offered their guarantees that such will not happen.
    Conceivably, the Feds could have brought the phone to Apple and requested Apple to figure out how to get them a copy of all the files on the iPhone, without any additional demands. Which Apple could have agreed to without Vinegar Joe’s histrionics. Apple does the cracking and hands over the accessible data without compromising its product, and the FBI continues their sleuth. Such turns out to be improbable because an IT Special Agent poked in the wrong places.
    A final note, there are three words missing from the ‘reporting’ on this case: National Security Agency. You should ask why.


  • Paul, you have completely and utterly missed the point of what is going on here and simply swallowed the Official Government Position hook, line and sinker.

    J.M. Heinrichs, you have completely and utterly understood precisely what is going on here.

  • Julie near Chicago

    Paul, J.M. is right. That’s the way the news is being reported. I myself don’t see why Apple can’t get into the DEAD man’s phone without having to put iOS backdoors into all its phones.

    It may be the terms of the court order as such that Apple is ordered not only to get into the dead man’s phone but also to put the backdoor into all iOS updates and versions including this one. That I do not know, but maybe Perry or J.M. (or both, or everybody but me) does know.

    I do think the thing has been reported in a very confused way. The reporting makes it sound as if the two issues are one. They’re obviously not, unless somebody has fused them — either the FBI or the Court which issued the order.

  • I can see both Paul’s point and Perry’s (M, with agreement from deH). I also imagine I can add a useful observation (don’t we all 🙂 ).

    PerryM: “If they really cared”, the politician says, “the engineers would build me my gun that only could shoot bad people. They are callous fiends who do not care to help. We will make them try harder by torturing them or passing laws.” We can all recognise this as just one more example of left-think. We are so clever that we are always right, so no-one could ever oppose us honestly; they must be fools or evil.

    Thinking about why we so often and so honestly oppose quickly shows PerryM’s main point: every back door makes the system wholly insecure to the backdoor’s owner – and risks making the system vulnerable to others. In the same way, “no guns” notices empower government agents who have a legal right to ignore them but also empower criminals. In the same way, a state can both protect us from a foreign Adolf Hitler and evolve into something similarly oppressive at home. Those examples come from opposite extremes. I guess none here would doubt the ‘no guns’ trade off is a truly awful choice. As regards the mere existence of even a minimal state, I guess we’re more nuanced. What I’m saying is that back-door, versus the security-vulnerability cost of it, _is_ a trade-off, just not the trade off that PerryM’s post was mocking. I can imagine agreeing with where PerryM already is: that it’s not a good trade-off.

    PaulM is absolutely right to say that, to a Tim Cook, helping deal with Islamic terrorism smacks of islamophobia – bad think – whereas the opportunity to out a Brendan Eich is his moral duty – good think.

    However my focus is elsewhere; not “should they?” abstractly but concretely “can they?” If so, what does that mean about “should they?. There seem to be three choices.

    1) Apple can already bust open iPhones. They are merely refusing to let the state do what they have given themselves the ability to do. That moves the argument strongly towards Paul in my quick first-take on this

    2) Apple cannot do it today, but they could in very finite time (months?), with just a few engineers. If so, the system is already destined to be compromised, as computing power and theories grow. The issue is the state’s right to say, not “give me” but “make and give me”

    3) The judge is ordering Apple to build a gun that can only shoot bad guys. We have no reason to think this possible – and some reasons to think it definitely isn’t. Argument moves strongly towards PerryM.

    A side-point: who would have thought in the 80s that our enemies would be Islamic terrorists – good at dying for the cause, maybe not so good at encryption. And who would have thought ten years ago that Russia would again be shaping up to be a major enemy; fewer kamikazes, more encryption experts – China more so in both directions. And since they have Hillary’s emails anyway, does it matter?

    I hope these thoughts help debate.

  • Lee Moore

    Since I know nothing about computers or telephones, I’m quite happy to believe the Perries on this one – that this is a false choice between privacy and security.

    But I’m afraid I did wince a bit at the headline “On the false choice between Privacy and Security” which implies to me a claim that such a choice is always and necessarily false. This may not have been Perry M’s intention, but for the avoidance of doubt, I don’t believe such a choice is always and necessarily false. Change the “the’ to an “a” and it’s fine.

    Never having to choose between two things one likes belongs to the world of fairy tales.

  • Julie near Chicago

    J.M., short as it is, the first time through I just skimmed your comment. Having now actually read it, I see you say that indeed the court order was that Apple actually provide the iOS’s (from here on, anyway) with backdoors. I have been wondering about this since the thing came up. Thanks for your statement that that really is how the two things got “fused.”

  • Jacob

    Apple should first supply all the info that was on the dead murderers iPhone or iCloud. No argument about that. Has it?

    If the FBI still insists on getting a back-door to IOS – this should be contested.

    Another issue: Suppose the back-door key to your information exists (it has to) but is only available to Apple, not to the FBI. Is you privacy secured ? What difference does it make (from your privacy viewpoint) if the key is available to Apple only or to the FBI too ?

  • Jacob

    Anyone who puts ANY information on ANY device on the net (or web), should kiss goodbye his privacy and security. There is no such thing as secure info on the net. There cannot be. There can only be various degrees of insecurity or risk.

  • Alisa

    Privacy is the distraction here, as it is meaningless outside of the context of security. Privacy is the primary means of maintaining security, and much less an end in and of itself: we close and even lock our doors so as to deter intruders from actually intruding, in the hope that they get the hint and we won’t have to shoot them; we keep our financial info private so as to minimize the risk of theft, blackmail, and other compromises; we keep potentially embarrassing info private to minimize the risk of, well, embarrassment which can damage our financial and other wellbeing (see blackmail again). Etc, etc. It is all about security – i.e. protecting ourselves from violence, no matter if it is organized and legalized, or not.

  • AngryTory

    Privacy is what leftists want instead of real security. If leftist cared more about security they wouldn’t be leftist and they’d have guns. When you have guns, people leave you alone and you don’t need laws or companies to protect both privacy or security

  • bob sykes

    Apple is in the wrong here. The FBI has a valid search warrant and court order. Apple will have to comply. The legal situation is explained by Patterico:


  • The FBI can get judges to sign off on anything.

    It’s sad to see how many William Ropers are braying for the government to turn the screws tighter on Tim Cook because they don’t like him or Apple.

  • The link Bob Sykes gives above is indeed important reading for this issue. The statements and reasoning need verifying (or refuting) to engage with it.

    I query just one point: “Third, as described by the government, the software in question would have a unique identifier so that it would only work with this single device.” If the government retained the software, it would probably be reverse-engineerable to apply to other devices. If the timeout feature was not itself subject to disable-after-N-attempt, then another phone’s unique key might well be crackable.

    If the government did _not_ retain the software (practically, this means if it gave the phone to Apple and got it back with timeout-password-tries switched off), Apple would nevertheless have it. Even if they deleted the source, the engineers could recreate it far faster than they first made it. So _if_ we believe Apple do not already have such a utility, then that would mean one (admittedly low-cost) barrier to Apple’s breaching iPhones was removed.

    This isn’t presented as an invincible argument against Patterico’s conclusion; it is just a qualification of it.

  • Apple is in the wrong here. The FBI has a valid search warrant and court order.

    No, Apple are not wrong. If they are served with a valid search warrant and a court order instructing them to alter their security architecture so they can identify (say) all likely Jewish iPhone users, should they comply with that too?

  • There is no such thing as secure info on the net

    Then I invite you to try and knick some information from Perry Metzger. Go on, I double dare you. Seriously, as you clearly know so much about security, I am sure you can do it 😉

  • Perry Metzger (New York, USA)

    PdeH: The last time I believed I had absolute confidence in the security of a computer I controlled was in summer of 1988, when I was required by my managers to take extraordinary measures to defend some firm proprietary source code I was analyzing. A colleague, who I had asked to test my defenses to make sure they were good enough, was on the box two hours later. (Admittedly the person in question was and is quite famous in computer networking and security, and was in possession of what would now be termed a “zero day”.)

    That said, Jacob’s statement is clearly inaccurate. Were it true, no commerce could be conducted online, and no equipment could be safely attached to a network. Neither of those is true.

  • Laird

    Jacob, you have not been paying attention. Apple has divulged all of the information on the Cloud. That was never an issue. Apple agrees that it is obligated to turn over all data in its possession. In fact, had the investigators not screwed up and changed the phone’s password Apple could have uploaded all of Farook’s data to the Cloud and would have shared it. The fault here is entirely the government’s.

    This is one of those rare instances where I disagree with Paul Marks. Tim Cook has done nothing wrong here, certainly nothing which warrants jail time. He is asserting that the court order was illegal and is contesting it through the proper legal channels. That is precisely what he should do. And if the order is ultimately upheld I have no doubt that he would obey it (as he has all of their other orders).

    In this discussion we are conflating two very different issues which should be separated. The first is the wisdom of the order, and of asking Apple to create a “backdoor” into its iPhones (which is what Perry M’s original post was about). The second is the legality of the order under dispute. As to the former, I come down on the side of the privacy advocates and want our phone encryption to be secure and inviolable, even by the government and even (especially!) in extreme cases such as this one. Our privacy rights are too valuable to surrender even when to do so might (allegedly, theoretically, hopefully) prevent some other heinous crime from occurring. Such crimes are extremely rare, whereas the risk of such programs getting into the “wrong” hands (and I would argue that it is the government’s hands which are precisely the “wrong” ones, but YMMV) is far too widespread and severe to accept. The short-term benefit to the government doesn’t even come close to offsetting the long-term harm to the citizenry as a whole, even if you are a utilitarian.

    As to the second issue, the legality of the order itself, I think Apple has it right. The court is ordering Apple to create software which doesn’t presently exist, in order to defeat its own security. This is allegedly under color of the “All Writs Doctrine”, which essentially authorizes federal courts* to issue writs in aid of its other lawful orders. Thus, if you are in possession of documents relating to someone else and which are under subpoena, the court can order you to release them even though you are not a party to the actual case provided that the burden thus placed on you is not “unreasonable”. And it is the crux of the government’s argument here (I have reviewed their brief) that requiring Apple to devote its engineers’ time to creating software which doesn’t presently exist, for the sole purpose of defeating its own security measures, is not “unreasonable”. It claims that because Apple is in the business of writing software to ask it to perform this particular task is not much of a burden. I find that argument unpersuasive, to say the least. It is a serious disruption to Apple’s business activities, to say nothing of its being proximately detrimental to Apple’s future business prospects. The government disparages Apple’s resistance as being motivated by marketing concerns, as if that were irrelevant and wholly immaterial. In any event, the government is asking Apple to devote significant resources to creating something which does not now exist, solely to make the government’s job incrementally easier. This is not a “reasonable” request, and is a gross expansion of the All Writs Doctrine. It should not stand.

    Finally, I note that this case is in California, which is part of the 9th Judicial Circuit, the most notoriously liberal circuit in the country. Ordinarily I have nothing good to say about the 9th Circuit, but in this case it might work in Apple’s (and our) favor, if it comes down on the side of privacy rights. That would not be an unlikely result.

    I am not a fan of Apple products, but I am rapidly becoming a fan of Tim Cook!

    * I have a serious problem with a magistrate judge, who is not a Constitutional Article III judge, issuing such an order, but that is yet another legal issue which I won’t pursue here.

  • PerryDeH, there is a difference between “This is indeed a wholly lawful command under the constitution of this country – but I think it is immoral and will not do it” and “This pretends to be a lawful command but under an honest reading of the constitution of this country it is not truly so – and I will not do it”. In your disagreement with PaulM above, I’m unsure which point it is you are making.

    If Apple already in effect has the unlocking software utility, so can enable unlocking that particular phone and then hand it back to US gov. without the latter getting more than that, then the “it is lawful” claim looks very strong under the US constitution. Things get more interesting if Apple are required to do non-automatic work and/or that work indirectly degrades the security of other phones – but the constitutionality might still be defensible (and I mean originalist defensible).

    If, as is reported, the phone is in fact the property of the government department that employed him and gave it to him, so the terrorist pair probably left it, while destroying other devices, precisely because they had the sense to put nothing dangerous on a phone they could have been asked to hand back at any time, then the likelihood of little benefit to investigators also seems strong. Of course, terrorists can make mistakes about such things; crimes are solved by such mistakes.

    PerryM’s encryption experience matches my own. I lock my door at night despite knowing that a prepared criminal gang could smash though it in a few minutes at most. I have many passwords on many systems, despite knowing that most if not all would cause Cheltenham little trouble. Some of the encryption I’ve written has been consciously aimed to do no more than ensure it will cost anyone more to crack it than to pay the licence fee for my products even if they value their time at less than £1/hour. There is no such thing as a totally secure building, but there’s quite a difference between my house and the NORAD command post. There may indeed be no such thing as totally secure info on the net, but it matters a lot whether the government can watch 100 suspects at most using all their resources, or can watch so many that a single employee can also keep an eye on the big chief’s political enemies by working a few extra hours, with no danger of the whole state security apparatus inevitably being aware that terroristA is being neglected this month because the election is approaching and electoralRivalB is being watched.

  • Laird

    “If Apple already in effect has the unlocking software utility . . .” Niall, why are you speculating about this? The government as conceded that Apple does not have that ability, and that it would be required to create new software (or modify existing code) to do so. See its brief in numerous places, for example at p. 13 (page 18 of the pdf).

    The Order which the FBI is seeking to enforce requires Apple to “bypass or disable the auto-erase function”, which would then permit the FBI to employ “brute-force” methods to hack the phone’s password. If that function can be bypassed on this one phone it can be bypassed on any other phone using the same or similar iOS. It’s amusing (if depressing) that the court and/or the FBI is so gullible or ignorant that it believes that such software could be “coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE.” And even assuming that the software could somehow be so limited, once an order of this type is permitted its use will become routine. Once that genie is out of the bottle it is not going back in. If the panopticon state is to be halted (or even slowed) the time to do so is now.

  • Laird, the key phrase in my comment is “in effect”. As I would not trust Tim Cook further than I could spit him, I place no special value on his implication that the court is ordering lots of work. “A whole new iOS” _could_ mean, copy & paste, patch a few lines, recompile , upload to phone – done in a day. Or it could mean several engineer-months of work. My guess is it is nearer the former than the latter. Despite much reportage, I’ve seen nothing that has cleared this up for me.

    I agree that once the FBI has the software, any unique identifier is unlikely to remain so for long. It is not clear to me why the phone password cannot be found by brute force and then the prior iOS re-uploaded before it returns to sole custody of the FBI. That would leave Apple empowered to break iPhones, but if it would only take them a day, they are already nearly there.

  • Julie near Chicago

    I don’t suppose anyone remembers the RICO statutes and asset forfeiture. It seems to me this court order enables somewhat of a parallel situation to develop with cybercommunications.

    I don’t think either perfect cybersecurity or perfect privacy is on the menu. (Well, the latter is obviously true.) Maybe someday Man will event unbreakable encryption, but so far it seems that What Man can devise, Man can defeat — somehow or other. It seems on the record to be a matter of time and will.

    Perhaps folks will recall the situation with asset forfeiture under RICO statutes, under color of which perfectly innocent spent have every last dime of their, their family’s, their friends’, and donors nationwide in trying to dislodge the victims’ assets from the grasping paws of whatever govt. agency is collecting today.

    Of course, RICO is only there to help nail down Bad Guys, and would only EVER be used for such.

    It may or may not be the case that Mr. Cook is acting on principle in his stance. He may, of course, be just putting on a show. But in this case, I think he has the right of it, even if for the wrong reasons.

    Nor am I particularly a fan of Mr. Cook. I’ve heard some things I like and some I don’t.

    In the end, as a businessman, it may be that he thinks Apple does itself a favor PR-wise by insisting that it won’t enable easy bypassing of the 10-try limit.

    Even fairly staunch Google-haters liked when Google decided it was better business not to comply with Chinese demands that its communications programs provide censorability by the Chinese regime — if I have the straight of it.

    Thought experiment: what if some car manufacturer designed and built an unBootable car? Would such a case be parallel to this one? Certainly there are some differences, but can we argue successfully for the unConstitutionality of a governmental ban on whatever makes the cars unBootable? And if we can’t, should we add an amendment so that it does become unConstitutional?

  • Julie near Chicago

    Niall, whence your anti-Cook judgment? Asking for info only, as I have not followed Mr. Cook’s doings.

  • Laird

    Naill, I don’t know how difficult the programming task would be any more than you do. It might, as you suggest, be trivial, or it might require reprogramming the system from the ground up; we can merely speculate. But I suspect that it is not a trivial issue, because I understand this to be a central feature of the iOS. Perhaps we’ll know more when Apple files its formal objection to the Order (it has until Tuesday to do so).

    Your suggestion, as I understand it, is that Apple create the necessary workaround, brute-force the passcode to open the phone, then delete the special code and re-install the original iOS before returning the opened phone to the FBI. That might work, although I suspect it would not be in strict accordance with the specific terms of the Order (which is filled with enough technical language that I don’t completely understand it). That would certainly help, as it ensures that the special code is never in the hands of the government. But it doesn’t solve the central problem of whether the government can lawfully order Apple to disable its own security system. It would be like ordering a safe manufacturer to “crack” its own safe, and that gives me a real problem. And, of course, the precedent would have been set so no one else could argue the point in the future. I think this case needs to go all the way to the Supreme Court.

    By the way, in my previous post I inserted the wrong link to the government’s brief filed on Friday. Here is the correct link.

  • Laird

    Sorry for misspelling “Niall”.

  • Fred the Fourth

    Speaking as someone who has designed and implemented security code equivalent to that in the instant case, I believe it would be a technically trivial task for Apple to engineer the code demanded by the FBI.
    I applaud Apple’s using every legal means to avoid being forced to make that code. I agree with the fundamental point made by Perry M., and I make a similar argument to my peers when this topic comes up.
    Last, as you might expect, I put nothing in my phone that I would worry about if revealed, and I store the absolute minimum of data on the internet and in the “cloud” in order to get my business done. I also use various non-technical tricks to defend my assets, which I recommend to anyone in a similar position, e.g. my stock broker accounts have explicit written instructions attached to them which prevent money from flowing out of the accounts unless I am present in the flesh. I re-verify those written instructions frequently.
    Not perfect, but so far so good.

  • Laird, I’m used to people mispronouncing my name, let alone misspelling it, and my own comments are not so typo-free that I can ever mind those of others; don’t give it a moment’s thoughts.

    Fred, your technical background and mine have some overlap; your technical take is the same as mine. Most of my comment has been devoted to disentangling the “its is not (originalist) constitutional” versus “it could nevertheless be a dangerous precedent” ideas, and looking at ways of mitigating the latter without pushing any given position on it. I agree with PerryM’s original point; the dichotomy presented in the public domain is false. My posts aim to discuss whether there are other trade-offs that are true, including, as Julie speculates, that what man can devise, man can breach.

    I must now return to my technical background (work, and having a life 🙂 ) so will likely not post more in this thread, but willI read what others say with interest. (So, Julia, my detailed restudy/catchup of Tim Cook must be deferred to another day – nor should I claim any special insight at this distance. A worrying trend has begun on Twitter and Facebook recently; the SWJs spreading beyond the universities they’ve captured to create “safe spaces” on the web via both open and secret enforcement. I have come to believe that Cook was on that same SWJ ship before, _during_ and after his appointment as CEO. If I can be shown I’m wrong, or at least partly wrong, that’s good news. And you are as well or better placed to form an opinion than I. In this current issue, my wholeherted agreement with Fred on the technicalities means I read Cook’s public statements and think “this is spin / agenda – not mere truth”; specifically, he is intentionally exaggerating the technical difficulty and may be purposefully suppressing the possibility of its being done without giving the FBI a generalised back door – which he himself in effect has. Of course, some good causes as well as many bad ones get discussed with spin and dissimulation from less-thansaintly public figures that get caught up in them. And now I must get up and go do stuff – without even checking this post for typos; bye.)

  • Julie near Chicago

    Thanks, Niall. As we know, Paul is highly allergic to Cook, and his take is usually good on this things. And here you are indicating some degree of agreement, so you give each other more weight. I will have to see what’s out there about the man. I will say that I myself tend to break out when there are SWJ’s around…whether in physical or cyberspatial propinquity.

    Do you know “The Liver Song”? “I hate liver/Liver makes me quiver/Makes me wanta curl right up and die/Wanta cry….? That’s the effect SJW’s have on me. 🙁

    . . .


    ‘I put nothing in my phone that I would worry about if revealed, and I store the absolute minimum of data on the internet and in the “cloud”….’

    To which I can only say, Good for you. You seem like a sensible person, so refreshing in these lax modern times. I don’t do “social media” except, as noted elsewhere, that stick thing you make marks with, and the telephone (not a cell, either, except from the store to ask the Young Miss if I should get milk–or if the car gets the ague on the Interstate), and e-mail (which is a problem somewhat). But then I’m old enough to wear purple and be paranoid i.e. nasty and suspicious.

  • Julie, _I_ misspelled _your_ name. I will pretend this was a deliberate mistake in courtesy to Laird’s feelings, not the typo it actually was. 🙂

    And now I really must quit this thread. 🙂

  • Julie near Chicago

    This, from a story by Bloomberg:


    Apple’s New Lawyer Calls iPhone-Unlock Order a ‘Pandora’s Box’

    Apple Inc.’s newly hired outside lawyer, in his first remarks on a U.S. court order requiring the company to help unlock the iPhone of a dead terrorist, said the move could imperil the privacy of millions of people around the world.

    Former U.S. Solicitor General Ted Olson, a partner with the law firm Gibson, Dunn & Crutcher, said on ABC’s “This Week” program that the order would open a “Pandora’s box” of privacy issues.

    “This is not just one magistrate in San Bernardino,” said Olson, 75, whose wife died in the Sept. 11, 2001, terror attacks. “There are hundreds of magistrates, there are hundreds of other courts.”

    In rejecting the magistrate’s decree, Apple has ignited a long-simmering battle between the tech industry and the government pitting concerns over civil liberties against the need for surveillance to fight terrorism. Republican presidential front-runner Donald Trump waded into the battle last week by urging people to boycott Apple products until it complied.

    “This case is entirely overstated,” John Miller, the New York Police Department’s deputy commissioner of intelligence and counterterrorism, said on “This Week” after Olson’s appearance. “The giant parade of terribles,” as he described Apple’s worries over government breaches of civil liberties, “is absurd.”

    On Tuesday, U.S. Magistrate Judge Sheri Pym ordered Apple to lend “reasonable technical assistance” to the FBI in recovering information from the phone used by Syed Rizwan Farook, who teamed up with his wife in December to kill 14 people in San Bernardino, California.

    Chief Executive Officer Tim Cook posted a letter … saying that the directive would create a dangerous precedent that could ultimately require the company to build software to help governments intercept private e-mails and access private health records. [my boldface –J.]


    This is closer to what I’ve been reading, FWIW. It also clarifies Apple’s position, if that is Apple’s position.

  • Julie near Chicago

    Niall, since you’re finally bowing out for the last time you probably won’t see this, but fear not–I may tease those who mess up my name, but we are all guilty of typos and slips-of-the-fingers and I have more crucial matters on my plate.

    Like solving the Middle-Eastern Crisis, the Brexis Crisis, the American CRISIS!, and what to have for supper. :>)


  • Julie near Chicago

    By the way — it’s also reported, in a “Tweet” from 2013, that people were exhorted by the NYPD to update to iOS 7, a FREE update, because of its additional security feature that one must have his Apple ID and his password in order to use the phone. The person who posted this “Tweet” also pointed out that this would make one’s iPhone less attractive to thieves, since it would be so much more difficult for them to use.

    See the full “Tweet” at


  • Julie near Chicago

    If anyone hasn’t seen it, ABC prints what it says is Apple’s letter to all of its customers regarding this mess. Dated Feb. 17.


    And at


    ABC writes,

    The password for the San Bernardino shooter’s iCloud account associated with his iPhone was reset hours after authorities took possession of the device.

    The Justice Department acknowledged in its court filing that the password of Syed Farook’s iCloud account had been reset. The filing states, “the owner [San Bernardino County Department of Public Health], in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup.”

    Apple could have recovered information from the iPhone had the iCloud password not been reset, the company said. If the phone was taken to a location where it recognized the Wi-Fi network, such as the San Bernardino shooters’ home, it could have been backed up to the cloud, Apple suggested.

    [Snip links to related stories]

    The auto reset was executed by a county information technology employee, according to a federal official. Federal investigators only found out about the reset after it had occurred and that the county employee acted on his own, not on the orders of federal authorities, the source said.

    Apple executives say the iPhone was in the possession of the government when iCloud password was reset. A federal official familiar with the investigation confirmed that federal investigators were indeed in possession of the phone when the reset occurred.

    Missing the opportunity for a backup was crucial because some of the information stored on the phone would have been backed up to the iCloud and could have potentially been retrieved. According to court records, the iPhone had not been backed up since Oct. 19, 2015, one-and-a-half months before the attack and that this “indicates to the FBI that Farook may have disabled the automatic iCloud backup function to hide evidence.”

    The development comes as the Justice Department is pushing forward with its legal fight against Apple, urging a federal judge to compel the tech giant to help the FBI crack open an iPhone left behind by Farook.

    Farook, who along with his wife, Tashfeen Malik, launched a deadly assault on Dec. 2, 2015, killing 14 of Farook’s coworkers at a holiday party.

    The Justice Department has asked Apple to turn off the feature that erases an iPhone’s data after 10 failed attempts to unlock the device so that investigators can run all possible combinations to break the four-digit passcode on Farook’s phone. A federal judge ordered Apple to help the FBI but the company has said it plans to fight the order.


  • Sorry, Julie, but I get an error message on that PNG.

    I also saw somebody link on reason to a story that the feds tried to use the same sort of writ against Apple before the San Bernadino shootings. I’ll see if I can find the link….

  • Julie near Chicago

    I dunno what to tell you, Ted. It works fine for me…OS 10.6.8, Ff 41.0.1. Anyway, the image is a screenshot of the “Tweet” text and the front page of an Apple Users’ newsletter announcing iOS 7 available, free, and with it your “device,” if lost or stolen, cannot be reprogrammed without your Apple ID and password.

    Thanks for the info on the Reason story. I have to say I wouldn’t be surprised.

  • Rob Fisher

    What I find interesting about this is that Apple are saying “we do not want to help decrypt this phone” and not “we are unable to help decrypt this phone”.

    That tells me there is room for improvement, though it may involve inconvenience to users, such as longer pass codes.

  • Also, Scott Shackford over at Reason wrote an article today that’s worth reading, but I read H&R on my smartphone because it sucks on my desktop, and don’t have that link at hand right now.

  • Julie near Chicago

    Thanks, Ted. I’ll go read the EFF’s contribution, and I expect I can hunt up the Reason piece without much trouble. :>)

  • Just be warned that the commenters can be a saucy lot. 😉

  • Paul Marks

    A Court Order should not have been necessary.

    Apple should have volunteered (without being asked) to open the telephone – without any order from a Judge.

    This is a case of murder and terrorism – it is not the correct time for a marketing stunt by Mr Cook.

  • Paul Marks

    As for defying Court Order.

    Well if he persists in this (and loses his appeal) Mr Cook should be treated in the exactly the same way I would be if I defined a Court Order.

    Mr Cook should, he he loses his appeal, be sent to prison (an ordinary prison – not “Club Fed”) till he changes his mind.

  • Laird

    Paul, that’s utter nonsense. Cook has done nothing wrong. He is following the correct procedures to challenge an order which he believes to be illegal. Ultimately the superior courts will decide whether he’s right. There is no other way in which such orders could ever be challenged. What you are suggesting is that every court order must be followed every time, regardless of its legality. That is patently ridiculous.

    I expect better of you.

  • Laird

    The Wall Street Journal is reporting that Apple has now filed its Motion opposing the court order. Apparently that motion is not yet available in electronic form (the WSJ didn’t include a link to it, and I can’t find it in the Federal Courts’ electronic filing system). I look forward to reading it when it becomes available. In the meantime, though, I thought the following paragraph from the WSJ article was very interesting:

    “Separately, Microsoft Corp. said Thursday that it would file a motion to support Apple Inc. in its court fight. Other top tech companies, including Google parent Alphabet Inc. and Facebook Inc., also are preparing to file such motions, according to people familiar with the companies’ plans.”

    So Apple isn’t alone in this fight. Good.

  • Perry Metzger (New York, USA)

    If we are to believe Paul Marks, though, filing an appeal is illegal defiance of a court order, and everyone at Google, Microsoft, and Facebook should be thrown in jail. Also, it is clearly a marketing stunt, and a form of support for murder and terrorism.

  • Perry Metzger (New York, USA)

    For those who would like to read Apple’s initial legal response, it is here.

    The lead counsel for Apple in this case from the prestigious firm of Gibson, Dunn is Ted Olson, former Solicitor General of the United States under George Bush. As a point of trivia (it is not an argument for or against the position he argues), his wife was killed by in the terrorist attacks of September 11, 2001.

  • Laird

    Thanks for that link, Perry. I shall enjoy reading it. (I note, on a quick glance, that there are some errors in the page numbers shown in the Table of Contents; in several instances the second digit was repeated. The document isn’t really 355 pages long, but only 35 pages (plus attachments)!)

  • Laird

    I’ve now read Apple’s Motion to Vacate. Unsurprisingly, it is an excellent piece of work, far superior to the government’s Motion for Order to Compel. The original Order, which Apple is challenging, was issued ex parte; in other words, the government requested (and drafted) the Order without any opportunity for Apple to voice its objections at that time. As is typical in such cases, the court relies of the accuracy of the government’s representations and its legal reasoning. My expectation is that after reading the briefs, and perhaps hearing oral arguments, the magistrate judge will vacate the Order, which was clearly unprecedented and almost certainly unconstitutional. And I doubt the government will attempt any sort of appeal.

  • Laird

    Well, we’ve drifted away from this topic but it’s still timely so here’s an update: A different federal court (this one in NY) has completely agreed with Apple’s argument and refused to issue an order demanding that it decrypt an iPhone. So much for the claims of those who assert that Apple has some sort of legal obligation to assist the FBI by defeating its own security features, or that its legal arguments are specious. And it’s now coming to light that the government was just waiting for such a case as the San Bernardino terrorist killing which it could exploit to press the argument. Apparently this was another of those crises which was just “too good to waste”. That’s certainly no surprise to me; indeed, it’s exactly what I expected, given the manner in which the FBI publicized this case. They are truly a despicable lot, and no one should ever give this government the benefit of the doubt.

  • Alisa

    Many thanks for the updates, Laird.

  • Alisa

    In October, Orenstein invited Apple to challenge the government’s use of a 1789 law to compel Apple to help it recover iPhone data in criminal cases

    What law is that?

  • Perry Metzger (New York, USA)

    Alisa: The All Writs Act.

  • Alisa

    Thanks Perry.

  • Mr Ed

    So it appears that the case in point of Apple and the San Bernadino’s ‘militant”s phone is moot, as the FBI have found a way in, delaying perhaps a show-down, and the DOJ have dropped the case.

    I note that Apple updated iPhone 6 software today.