Back to: Brief interlude | Forward to: But it's not April 1st yet!

Follow the money: Apple vs. the FBI

A lot of people are watching the spectacle of Apple vs. the FBI and the Homeland Security Theatre and rubbing their eyes, wondering why Apple (in the person of CEO Tim Cook) is suddenly the knight in shining armour on the side of consumer privacy and civil rights. Apple, after all, is a goliath-sized corporate behemoth with the second largest market cap in US stock market history—what's in it for them?

As is always the case, to understand why Apple has become so fanatical about customer privacy over the past five years that they're taking on the US government, you need to follow the money.

Apple wasn't very good about customer security in the early days of iOS. Early iterations of the iPhone notoriously lied about the security of SSL connections to email servers; my understanding is that this led to them being banned from some corporate and government accounts for a few years. But then they seem to have realized that security wasn't merely a useful feature to pitch to their customers, but a necessity. And the reason it's essential is Apple Pay.

It used to be a truism that General Motors was an insurance company wit a car-manufacturing subsidiary. GM's pension fund had grown so large (over most of a century) that GM had to invest the money somewhere in order to generate a return on investment that would keep the pensioners going: selling cars was simply not a big enough business. And today Apple is sitting on the largest cash stockpile in US corporate history. Its legendary $120-150Bn in cash has attracted the attention of activist investors like Carl Icahn, but even share buy-backs will only get you so far when you're taking 90% of the profits of the entire global smartphone industry. Some analysts have opined that if Apple maintains its current turnover and earnings, and continues to buy back shares at the current rate, by 2024 AAPL will revert to private ownership ... and still be sitting on $100Bn in cash.

Of course, if you have a tenth of a trillion dollars you can't just rock up to a bank and say "please accept this deposit, how much interest do you pay"? For one thing, if you have $0.1Tn, you have enough money to buy several banks. For another thing, money doesn't exist when it's not moving: it's a coefficient of economic velocity. Money needs to be invested and generate a return. Over the past decade Apple leveraged their cash pile to ensure they had a lead over their competitors. Given a five year product roadmap, they could project the need for some critical piece of hardware—synthetic sapphire phone displays, for example, or 5K monitor panels—years in advance. Such components didn't actually exist, but they knew suppliers who could provide them if someone loaned them the cash to build a factory (typically in the high hundreds of millions to low billions of dollars). So Apple would find a company like Sharp and say, "we're going to need a million 27 inch 5 megapixel displays in four years time. We'll front you the money to set up the factory at just 1% over the bank base rate, in return for an exclusive option to buy the first million quality-compliant components to come out of it". Everyone wins: Sharp get a factory that can mass-produce new high resolution display panels, Apple gets an exclusive lead on these panels for consumer sales, and Apple also gets to invest its money in a way that generates far more profit than merely handing it over to an investment house.

But ... Apple has too much money. From roughly 1998, when Steve Jobs returned, Apple began growing like a dot-com startup, at high double-digit annual percentage growth rates—only it started doing so from a billion dollar a year turnover base, not two guys in a garage. By 2008 it was probably clear to Steve Jobs and Tim Cook that if their strategy of becoming the dominant company in the consumer side of the post-PC world succeeded, the problem of where to find enough mattresses to stuff the $500 bills was only going to get worse. When you're making $50-100Bn a year in profit, you can't put the money in a bank: you have to become a bank. And that's what Apple Pay is about, and that's why Apple have become fanatical about customer privacy and electronic civil rights (in one very narrow field).

I'm going to assume you know what Apple Pay is: you use your iPhone, iPad, or Watch as a trusted, authenticated identity token in a shop to pay for stuff. It ties into your bank account and basically your phone swallows your debit and credit card.

Ultimately the banks are going to discover—the hard way—that getting into bed with Apple was a bad idea, about the same way that getting into bed with Amazon over ebooks was a bad idea for the Big Five publishers. Apple is de facto an investment bank, right now: all it needs is a banking license and the right back end and regulatory oversight and risk management and it will be able to go toe-to-toe with the likes of Chase or Barclays or HSBC as a consumer bank, too. And Apple has a very good idea of how risky their customers' behavior is because unlike the banks and the credit card settlement network they're not running on incrementally upgraded legacy infrastructure designed in the 1950s. Note those two words a couple of sentences ago: "risk management". Banks are not in the business of holding your money or making loans; they live or die by how well they manage risk. Apple, like Google, has a much richer relationship with their customers than any bank. They can (for example), with a customer's position, know roughly where the customer's phone or watch is moving, and thereby spot faked payment credentials if someone clones the device and tries to use it to buy something a thousand miles away. The CC networks have velocity checking but it's a really crude metric for spotting fraud: Apple can massively improve on it.

But that's not where anti-fraud methods begin and end. For example, Apple have got reasonably good fingerprint readers on their current devices, backed by long PINs and password management. The newer phones have trusted hardware stores for the cryptographic tokens that are used to unscramble the addresses where data is written in the phone's on-board storage: they support (and encourage the use of) two-factor authentication. Some analysts report Apple is working on improving their front-facing cameras to the extent that they can do iris or retina scanning. On the long-term horizon, there are already ultra-compact low-cost DNA sequencers out there; if you really want to authenticate a user via biometrics, about the ultimate trust level is a combination of a shared secret (their password) with a mixture of biometrics tested simultaneously—a fingerprint reader that can quickly confirm a match for their genome while the front camera recognizes the retina of the person holding the device. Their phones are, in many respects, more secure than the ATMs and credit card infrastructure we've used to accessing our bank accounts. And that gives the phone vendors an opportunity to leapfrog over the existing banking infrastructure in the efficiency of their risk management protocols, by reducing fraud while simultaneously knowing much more about their customers' habits and being able to spot potentially risky activity patterns early enough to reduce their exposure.

Here's my theory: Apple see their long term future as including a global secure payments infrastructure that takes over the role of Visa and Mastercard's networks—and ultimately of spawning a retail banking subsidiary to provide financial services directly, backed by some of their cash stockpile.

The FBI thought they were asking for a way to unlock a mobile phone, because the FBI is myopically focussed on past criminal investigations, not the future of the technology industry, and the FBI did not understand that they were actually asking for a way to tracelessly unlock and mess with every ATM and credit card on the planet circa 2030 (if not via Apple, then via the other phone OSs, once the festering security fleapit that is Android wakes up and smells the money).

If the FBI get what they want, then the back door will be installed and the next-generation payments infrastructure will be just as prone to fraud as the last-generation card infrastructure, with its card skimmers and identity theft.

And this is why Tim Cook is willing to go to the mattresses with the US department of justice over iOS security: if nobody trusts their iPhone, nobody will be willing to trust the next-generation Apple Bank, and Apple is going to lose their best option for securing their cash pile as it climbs towards the stratosphere.

Discuss.

156 Comments

1:

NOTE: I haven't applied my usual fact-checking tests to this essay yet because I'm typing it on a wee laptop in a hotel room, in a hurry, without good internet access and a screen large enough to organize a metric shitload of browser tabs on. If you spot any factual errors, please flag them up below and I'll edit the article accordingly ... but it might take a day or two (I'm not home today and tomorrow will mostly be spent driving).

2:

This was exactly my understanding of Apple's motivation in challenging the FBI-requested court order. Apple's not being a virtuous defender of the public's right to privacy; they're protecting their business interests.

A related question, then, is how much do you want to trust Apple with your data? How much choice will we have in an evolving electronically-driven economic system to secure or withhold our data? Do we need to seriously reconsider the entire concept of privacy, and how it's applied?

3:

@DaveP I thought the issue at hand is setting boundaries to the All Writ's Act. sudo make me a sandwich to the max.

4:

I knew about that in outline, but hadn't realised how far it had gone. They will have to be careful, because there is a risk that they will make the USA government feel threatened, and then its SOP would be to break up Apple.

One actual possibility is that they might decide to resuscitate provably secure architectures and operating systems (from the 1980s), because they could easily fund the development both of the basic technology and the interfaces to existing protocols (which is a far harder task). Now, that would be very interesting indeed, and would provide a long-term defence against being hacked into by the NSA or whatever. And, of course, they would have no trouble buying GCHQ if they wanted a private spookery, but I doubt that would match their core plans :-)

5:

They used to say GM was a very successful finance company with a crappy car manufacturing subsidiary. About a century ago GM set up the General Motors Acceptance Corporation as a way to lend people the money they needed to buy cars. It was very successful, and over time they branched out to insurance, mortgages and other financial services; when the US automakers started taking hits from foreign competition GMAC was often the only part of GM turning a profit. However, GMAC did a lot of home mortgage loans in the 2000s and after getting hit hard in mortgage crisis they had to sell off the finance bits.

(GE was another manufacturing company that into finance by lending to customers who wanted to buy their products, though IIRC they started on the business side not the consumer side. In the 2000s GE Capital was one of the largest finance companies in the US; however in the last few years GE has sold off a lot of the finance stuff to focus on
manufacturing).

I would note that the reason Apple is sitting on such a huge pile of cash is that they don't want to repatriate it to the US and pay American corporate taxes on it; as quoted in this The Hill article, "It would cost me 40 percent to bring it home. And I don't think that's a reasonable thing to do". If Tim Cook were to get his way the US would stop taxing American companies worldwide and Apple might no longer have to worry about big piles of cash laying around overseas.

6:

Interesting take, I didn't realize how big a pile of cash Apple was sitting on.

One problem with iris recognition as a biometric marker is that your iris changes over time and as medical conditions and potentially as medications change. You can't trust it as an absolute. So any good iris ID system will have to re-sample the eye as it is verifying, say, add one image to the baseline every week/month to accommodate this drift. Perhaps they already do this, I haven't seen it in print.

Myself, I use a passphrase to access my phone, but I use a fingerprint to access certain accounts, Amazon, mSecure, and iBooks among them. The law is pretty solid that a key can be compelled by a court order (i.e. your fingerprint), but not a passphrase. Your mileage may vary in the UK and in extreme USA cases.

7:

My problem with the direction that Apple is going, and why I prefer a "security fleapit" like Android, is that I do not see my phone as a credit card, I don't want access to my money dependent on a device as fragile as a mobile phone. I see my phone as a personal computer I can hold in my hand. I do personal computer things on it. I share data willy-nilly between applications. I have run a file server, a webserver, and a chrooted Linux environment on Android. And that kind of thing is not compatible with the kind of security you need to use it as a magic credit card. I tried using iOS and it was a nightmare.

Give me something as rugged as a Secure-ID dongle, potted in epoxy, replaced every year, with a secure store that gets wiped out by the laws of physics when the trickle of power from the battery goes away. I'll carry that *with* my phone. I'll carry that places I wouldn't take my phone.

Or make the credit card phone a dumb device and an access point for my microtablet that I do actual stuff on.

8:

Apple Pay sits on top of the credit card industry. Do you believe they will remove that layer one day, and tie directly to your bank account?
As I understand the payment industry is incestuous and has become a commodity. Its ripe for anyone to replace it. Apple seems to be in a good position to do that over time.

9:

One of the issues that I have with biometrics as an authentication factor (DNA in particular) is that the failure modes can be horrendous. And by failure modes, I have read (unverified) stories of cars in Malaysia with thumbprint unlocking being stolen by cutting off thumbs. And once a biometric authentification factor is compromised, there is no way to repudiate and replace that factor.
On the core topic of Apple as a bank or financial institution, I'm not sure that the owners would be too thrilled. FIs are generally much better at rewarding insiders than investors.
What makes more sense to me is to stop at providing the infrastructure, with several charging models, including charging both payer and payee for peer to peer transactions.

10:

once a biometric authentification factor is compromised, there is no way to repudiate and replace that factor

Remember that the stored biometric data is a function of the input data (e.g. a fingerprint retina scan) AND the algorithm used to encode it. If different devices encode the biometric data in different ways then having your fingerprint compromised on one device doesn't mean you have lost it to the world. Still pretty bad, though.

More generally, this article now has hit the top of HackerNews, with the usual mix of insights and daftness.

11:

Two comments.

First off, while Apple is going into payments, it's not clear that their cash hoard has much to do with that; they're probably making a profit on it already, for an up-front investment that, on Apple's scale, is fairly modest. (And conversely, having a large fund to manage, in the manner of investment banks, doesn't necessarily presage a move into the consumer banking sector. Plenty of people and entities with huge funds to manage -- from George Soros to various American University endowments -- haven't gone that way, except perhaps for minor investments in businesses that do that.)

Second, the legal fights over end-to-end encryption, and encryption of data on phones, aren't really relevant here: like communications metadata, payments information necessarily has to be visible in cleartext off the phone in order to be processed correctly, and law enforcement can demand access there.

In fact, the US legal precedents that give law enforcement warrant-free access to communications metadata are probably stronger for payments. The rationale in those cases is that once people give data to a third-party company, it's no longer private. There are lots of companies that have to know about a purchase, and more that actually do -- payment data in the USA is routinely used for ad targeting, for example, with very little in the way of consumer protection. It's difficult to argue that people have a reasonable expectation in privacy in data that's routinely shared with ad brokers. And whatever tools US law enforcement has to get access to this stuff would almost certainly apply with equal force to any new entrant.

(As to whether consumers know that the banks are watching their purchases: it's also routine, over here, for credit card purchase incentive schemes to reward particular types of purchases -- 2% off your gasoline purchases, for example. That obviously can't work unless they know what you're buying.)

For what it's worth, I'm aware of one attempt to build a payments network that can't monitor "who sent what to whom" details of the payments passing through it: Zooko Wilcox's Zcash, a variation on the general theme of Bitcoin. But it does require entirely new protocols, and can't obviously be done in any way that interoperates with the "legacy" payments network, even as far as using the same currency. And if Apple's got much to do with it, that has so far been kept pretty quiet...

12:

[ COMMENT DELETED BY MODERATOR -- moderation policy violations, viz. trolling and flaming. Commenter banned. ]

13:

"A related question, then, is how much do you want to trust Apple with your data?"

Wrong question. If you wish to have a smartphone that functions as intended, you will be giving your data to a corporate conglomerate. Which corporate conglomerate do you wish to give it to:

One whose business model is all about harvesting your data and monetizing it by selling it to advertisers (Google), or one whose model is selling you a device and then making sure you are so happy with that device that you buy your next device from them as well (Apple).

I know which one I don't want to give my data to, which is why I will never use an Android phone.

14:

Re: 'The rationale in those cases is that once people give data to a third-party company, it's no longer private.'

Not an expert, but can't imagine that the mega corporations who do business directly with small business partners where most of the financial transactions are conducted online would be thrilled to learn that their financial transaction data are open game (i.e., saleable) because said data was given to/passed through some 'third-party'.

15:

Good concept, but slightly off.

Sears might be the better model for both Apple and Amazon.

Sears had Discover Card (payments), Coldwell Banker (real estate), All State (Insurance) and Dean Witter (brokerage) among others.

Sear also is the cautionary tale, especially since the same year they ended the catalog is the same year Amazon opened up.

16:

How do you know that Apple is not already compiling and selling your personal data? As long as Apple does not attach a name to the data file, it can claim to have not personally identified the user. But since there are many other ways to identify and locate a user, this is not particularly reassuring.


http://www.apple.com/legal/internet-services/itunes/appstore/dev/stdeula/

Excerpt:

'b. Consent to Use of Data: You agree that Application Provider may collect and use technical data and related information, including but not limited to technical information about Your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to You (if any) related to the Licensed Application. Application Provider may use this information, as long as it is in a form that does not personally identify You, to improve its products or to provide services or technologies to You.

d. Services; Third Party Materials. The Licensed Application may enable access to Application Provider’s and third party services and web sites (collectively and individually, "Services"). Use of the Services may require Internet access and that You accept additional terms of service.'

17:

In addition to the longer-term game discussed in the post, on which I don't have any comment, Apple may also be playing a short-term game. Which is simply this: establishing the precedent that it is not required to be in the business of helping law enforcement. Not for any great public-minded reasons, but simply because that's not the business that Apple wants to be in.

Apple's response to the FBI has been running along two main tracks. The public defense has been focusing on a slippery slope argument which has attempted to get people whipped up about the idea that stopping the FBI here is critical to privacy rights in the future. This part of their response has been FUD basically from beginning to end, trying to build on both (1) the post-Snowden disgust with warrantless surveillance (which has absolutely nothing to do with this case, since the FBI almost literally couldn't have a stronger argument that its attempt to search the phone in question satisfies American due process requirements) and (2) the notion that smartphones are "extensions of ourselves" and should therefore be immune from search regardless of whether the authorities have a warrant (even if this argument makes sense as policy, the idea that current American law supports it is laughable).

That's not quite the defense that Apple has been presenting in its legal papers, though. They certainly touch on all of those themes, but the real action has been on a much more prosaic (and legally relevant) point: that the government is overstepping its bounds by making Apple take positive steps to help the FBI crack the phone's security. While Apple has done what it can to cloak this argument in principle (witness the spate of news stories last week, obviously leaked by Apple, about how Apple's engineers would be so offended at the thought of helping crack iOS that they'd rather quit than do so), the gist of this argument is really about money: it will cost time and money for Apple to do this thing that it doesn't want to do, and it's unreasonable for the government to ask it to do it.

Short term, at least, I think Apple is being driven the desire to establish the precedent that (1) it can design its products however it wants and (2) if that design creates problems for law enforcement, that's too bad -- it's the cops' problem, not Apple's. Because Apple is hurtling towards a world in which its products are going to routinely frustrate the efforts of law enforcement (if we're not there already), and if it's required to help out the cops every time they get a warrant, it will need to have an entire, and probably very large, department of engineers devoted to doing nothing else. They don't want to do that, I think, and they seized on this case as the chance to prove that current law, at least, doesn't require them to do so (hence the tech press's sudden interest in the All Writs Act).

Sure, they're risking Congress coming in and writing a law that clearly requires them to help law enforcement, but my guess is that they figure that threat is minimal: Congress doesn't seem particularly willing, or able, to pass laws that would discomfort the Apples and Googles of the world. And, in the meantime, they get to burnish their supposed pro-privacy credibility, and give their many, many fans another reason to view them not as the apex predator of contemporary capitalism, but instead as somehow the plucky underdogs who just care about their customers and their privacy, gosh darn it.

(Sorry about the snark, but Tim Cook's "offended Alabama boy who's not going to be pushed around any more" schtick these last few weeks has really been too much).

18:

Apple could buy Paypal or one of its startup competitors.
And there will probably competition like Android Pay and the credit card companies could write their own apps. But yes, some large changes seem likely in the near future.

19:

While I don't wholly disagree with this analysis, Apple is making market share from those who don't like the Facebook, Google and Twitter policy of "apparently free but we sell all the data we glean to marketing analysts" business model.

They "give" you a free Apple ID and email address, yes. But you need a working email so they can bill you to use iTunes, the iOS and the Mac App stores (I think in that order of income, the first two might be the other way around with in-app purchases factored in), and the overheads of largely unused email accounts are pretty low. I think you can now use non-Apple email addresses too which makes it even lower.

I don't know how much of their market share comes from Tim Cook and others saying "We take your privacy seriously. We're upfront about how you pay and we don't sell your data and we do our utmost to protect it" but I bet Apple's business analysts could give you a good estimate. I'll also bet they won't. But I'd be surprised if this wasn't a factor in them deciding to fight the FBI tooth and nail. They can be forced by the Supreme Court to let the FBI in and say "we've done everything we can" and while it might hit that sector of their customers somewhat, it won't kill them there. Just rolling over would really hurt that part of their public image too.

Now, I think you're right and their longer term ambitions with Apple Pay may also be driving this plan to emphasise their fight for privacy, but short term goals matter too, and short term it would hurt their share price if they rolled over.

20:

I don't think banking needs that much security. You only need a certain amount of it, so that costs are kept at bay (in particular, you need an effective deterrent for fraud from your own customers) and consumers can be convinced to trust your services. Retail banking is just about money, and one dollar is as good as any other, so it is straightforward to compensate users for losses.

M-Pesa appears to be highly profitable, and rely on devices which are likely much less trustworthy than your average Apple device, so it can be made to work. There is also zero evidence that extensive government monitoring makes retail banking less safe (in the sense that fraud-related costs go up). The 2030 time scale is also way off, considering that mobile banking is a reality for so many people today (and often the only source of banking services they have).

Regarding Apple's cash problems, these things have a tendency of solving themselves on their own. For example, one day the company might realize that the profits they were so busy hiding from tax authorities have been hidden so effectively that Apple, Inc. themselves has lost control over them.

21:

There are also two man-in-the-middle attack vectors at issue.

(1) Apple doesn't (and cannot) own/control the data transmission system, unless Apple's devices connect only to Apple's devices. The old, crude analogy to wiretapping remains relevant: I own my phone, Our Gracious Host owns his phone, but Ma Bell and BT own the signal system between them. With enough traffic and analysis, that man-in-the-middle vector becomes a way to get a lot of information — not, perhaps, real-time interception (or alteration!) of particular banking transactions, but plenty else.

(2) That data is getting stored somewhere, if only for an audit trail and the occasional customer refund. Can you say "honey pot"... or "gold mine"? See, I knew you could. Advertisers, among others, claim that this is just something they call "data analytics." Those of us who are somewhat older-school call it "traffic analysis," and the spectres of Chelsea Manning and Edward Snowden should tell you exactly how much confidence y'all should have in your past transactions (or anything else) remaining secure.

It's very 1984ish through a funhouse mirror: Who controls your financial past controls your financial future; who controls your financial present controls your financial past. And that's just unimportant things like "finances."

22:

You have it the wrong way round. The mega corporations demand that they or an associate of theirs holds the data. You are right that the small companies are not overjoyed by having their data sold on, but the megacorporations have them over a barrel. But that pales into nothing compared with the lack of joy that British companies felt when they discovered that the DTI was giving their data (including pending patents) - and, later, GCHQ was giving their communications - to the USA and, indirectly, to their USA competitors.

23:

I agree with your thoughts on the short term. Sometime in the next generation or two of iPhones, Apple will add "really, really secure" mode. Once invoked, forgetting your passcode means your data are lost. By the same token, custom OS software attacks will also be defeated. Hardware attacks will still be possible, at least at the level of disassembling integrated circuits some number of atoms at a time. At that point, the All Writs' demands would begin to look like "provide us with a copy of your IC masks to guide the crackers".

24:

Ahem: you can't get an Apple ID without a valid email address, so the system's supported non-Apple email addresses right from the start.

(Yes, you can send email to charlie.stross @icloud.com, but it might be a few weeks or months before I get round to checking that moribund account ...)

25:
you can't get an Apple ID without a valid email address

You can't now. Not always the case.

I think your conclusion about Apple Pay is wrong, but I can't go into details. (Any more than I can say I know -- or knew, anyway -- what information Apple did collect, and how it was, and was not, given 3rd party access.)

Apple Pay is a long-game: the Apple Watch is actually one of the end goals for it. (Step 1: Get people used to using their iPhone for payments. Step 2: Make it more convenient with their watch. Step 3: Make it more convenient with some other accessory. Etc.)

26:

You and I aren't really their target market. Rather those people currently sitting in desks listen to teachers drone on are. In a few years there will be consumers who simply do not know a world without smartphones and apps. Who grew up using a phone or tablet before they touched a PC or laptop. These people are going to see their phone (or its successor) as the center point of their technological lives, everything else is an accessory. They're more likely to be without their keys, wallet, ID than they are to be without their phone.

So to this group, not making payments, unlocking their car/house, or or proving their identity with their phone will seem risky and cumbersome.

Why would you trust something so insecure as cash or a credit card or a physical key?

27:

A number of companies seem to be looking to the same future as Apple Pay. Google and Samsung come to mind. And Visa and Mastercard have been working on their own online versions, though they lack the hardware control that their competitors have.

Microsoft will probably jump on the bandwagon too, once the market is saturated...

28:

Okay - and thanks for the correction.

Maybe it's time to look at the minimum amount of time that data must be kept per type of transaction. I'm guessing that the majority of consumers/users buy the unlimited data plans nowadays making itemized billing by number called/connection time unnecessary for anyone to collect. And, in the case of online/phone purchases, there's no reason why the transaction details can't be immediately flipped over upon confirmation to some central file at a more secure single-purpose location thus allowing the preceding transaction to be wiped from that device and user file/data short-term memory.

Rereading the above, I realize that I'm adding some clunky complexity antithetical to Apple's design and core business strategy, i.e., hide the details of how stuff works.

But, at some point, I think consumers (including businesses) will want to know that sensitive data will reside at only one secure location, therefore the amount and variety of data that gets automatically transmitted per each transaction will probably be reviewed to see what needs to be trimmed back.

Lastly ... isn't quantum computing/encryption supposed to make this entire discussion irrelevant anyway, as in: no one other than those at the terminal points of a transaction/connection will ever be able to access that particular data stream?

Again ... neither an expert nor scientist, just interested in learning how such concepts apply in this scenario.

29:

There are two fundamental problems with this analysis:

1. The FBI backed down on their demand, because "someone" came forward with a way to hack the iPhone without Apple's help. That person may either be a hacker who came forward to claim the bounty, or it may be that the FBI's counterintelligence wing has been sitting on the method, and they found a plausibly legal way to give it to their brethren in the law enforcement wing without compromising operational security or the firewall between the two. The truth is irrelevant here.

In any case, Apple's security isn't good enough, and that's why I don't use Apple Pay. If OGH's strategy is correct, it's already in trouble.

2. It's not just about the money. Apple, like so many things in consumerist society, runs on addiction. They don't just want to be your phone, they want to be your credit card, your Walkman, your dictionary, your book of maps, your camera, your board games, and your computer, along with as many other things as will keep you fully occupied, because what they are doing is using you as a consumer and selling you as a consumer to all the companies that will pay to buy a piece of your action.

That, in turn, requires you to be loyal, except that nobody trusts loyalty for some stupid reason (perhaps relating to modern corporate culture). They prefer you to be addicted instead. What they desperately don't want you to do is to go over to their competitors or (worse) go cold turkey. So they need you to feel secure with them.

Since I've got a number of relatives and friends who pick their next phone based on how cheap it is, rather than who made it, I suspect they've actually got a serious problem already. I'm not sure Apple Pay will become ubiquitous if someone's jumping between Apple phones and Android phones based on whether they can afford Apple with their current job and how long their last iphone lasted.

Worse for them (politically), they're also more deeply connected with urban populations, which are more liberal in the US. Get away from the cities, and a lot of those addictive features stop working very well if at all. This is one reason why old farts out in the country still have landlines and are on the "wrong" side of the digital divide (and often vote Republican). Some of them, in turn, see us phone monkeys as Slaves to the Machine. I'd say both sides are right, but this does play into US politics, at least, in a way that may not be so obvious outside the country.

30:

Another thing I'll point out is that the problem with the FBI wasn't the US, it was China and international law.

(Note, I didn't come up with this idea, but I can't find where I read it, so if someone's got the reference, speak up so they get their deserved credit).

The problem under international law is that, if the US government can force Apple to implement a backdoor, then logically, any government has an argument to force them to let that government have access to the same backdoor. Indeed, any phone company might be forced to comply with that request, because if Apple can be forced to bend over and expose their backdoor, why not little Cryptophone, whose sole selling point is that they are the latest word in phone security?

That gets *really* awkward, because ultimately it means no one can trust any smartphone to not be backdoored and hacked. This kind of paranoia is probably justified anyway, but one can see phone companies really not wanting to make the legal precedent anywhere in their share of the world market.

31:

Until sometime "recently" (for not computer tech versions of recently) you were certainly offered the option to create an email address and an apple ID together, that's what I did.

But while @icloud.com works for me, my original apple ID was @me.com and I've not tried a new one in ages.

32:

Ehh, I've always been skeptical of this part of Apple's argument. They've certainly played the China/Russia card in some of their PR, but if you read their legal papers, it's been a passing argument at most, and even then it's really just been the assertion that if they do this for the FBI, other governments will want them to do it, too.

And you know, maybe? But the implicit assumption hidden in that line of argument is that other governments aren't already asking Apple to do stuff like what the FBI has requested, which I find . . . difficult to believe. I also find it difficult to believe that agents in other countries' police or security forces are going to consider themselves bound by whatever US law says the FBI can or (especially) can't force Apple to do, since all of those other countries of course have their own laws, which give those police and security officers their own rights to demand Apple's assistance, on pain of having their own country's courts take action against Apple.

I can see a genuine political, rather than legal, issue for Apple, though. It's one thing to tell a foreign government that the assistance they're requesting is something Apple refuses everyone, even Apple's home country. It could be substantially more awkward for Apple to tell a foreign government that it can't provide that government the same kind of help it gives the US, because of that government's poor record on human rights, or whatever. That's not the sort of thing you want to tell the trade minister who has the power to cancel your request for a new factory, or to provide subsidies to that local competitor who's thinking of getting into the smartphone business.

Which, I suppose, is another short-term motivation for what Apple is doing (and maybe one of the reasons they've gone so public with all of this): it's easier to minimize the political cost of saying "no" to foreign governments when Apple can point to the fact that it said "no" to the FBI, too.

33:

Here's my theory: Apple see their long term future as including a global secure payments infrastructure that takes over the role of Visa and Mastercard's networks—and ultimately of spawning a retail banking subsidiary to provide financial services directly, backed by some of their cash stockpile.

Why stop there? They would be in a prime position to issue their own (private) currency. They could trivially provide a protocol/app to allow phone-user to phone-user direct transactions (medium of exchange) and keep a tally of how much iCash is associated with each biometric identity.

This tally/transaction record could be at 'one secure location', which would be very Apple, or in some sort of distributed blockchain thing, which is possibly a better idea from a security/auditability/consistency POV.

There's no doubt a dismal scientific rationale for private currencies. Pace OGH's observations on its deflationary nature, bitcoin seems to work as a currency, certainly better than some state-issued currencies.

From the currency end-user's point of view, if you can pay for your coffee by donking your phone on a magic pad, it doesn't really matter if you're paying dollars or bitcoins or euros or appleCash, provided the retailer accepts it. Are we destined to live in a Global Company Town?

34:

How is Apple going to become a bank? Or, more likely, lots of banks? I can't see them operating in just the USA when there are all those other countries with money to spend.

Do they just set up a brand new bank in each territory? Or do they buy into an existing bank where they want to provide banking services? The latter is attractive in that they start with a going concern which is probably already profitable and already has a decent customer base. Plus you don't even have to buy the whole bank, just a fat chunk of one...

Of course that does land them with the technical debt of all those legacy banking systems -- but if they make a habit of this sort of thing, they'll soon develop enormous expertise in modernizing bank systems.

Interesting to try and predict what banks they'd try and buy up first and where. My guess is a relatively small US state like Rhode Island or Hawaii or Delaware, which gives them access to a fairly typical but small USA bank[*] and so develop and debug their banking IT systems and upgrade procedures on a smaller scale before going after the really plum targets.

[*] I always found it odd that retail banking in the States is basically a huge collection of local per-state or per-city businesses, and there isn't a huge presence of national and international banking chains as there are in the UK and increasingly all across Europe.


35:
In any case, Apple's security isn't good enough, and that's why I don't use Apple Pay

A common error. Apple Pay is not totally secure -- nothing will ever be. The question is whether it's more secure than the alternative, which is, essentially, a credit card. And the answer there is a pretty large yes.

There's a lot of misunderstanding about what Apple Pay is, and how it works.

36:

I feel fairly confident in stating Apple does not want to become a bank.

As evidence of my claim, I point to Apple's "loan to own" program, in the US, which offers a 0% interest loan to purchase a new iPhone, spread over 24 payments. Apple is not taking on the credit risk itself; an actual bank is doing that. (I'm sure Apple guaranteed the loans, but being a bank means a shit-ton of regulations, and also having to deal with collections. By farming this out to a third party, Apple doesn't have to deal with any of that.)

37:

Apple can still be a financial institution. Probably more money to be made from just charging access and transaction fees than from operating as a traditional 'bank'. In fact, the last thing Apple probably wants is to expose itself to any form of government audit.

38:

Remember that the stored biometric data is a function of the input data (e.g. a fingerprint retina scan) AND the algorithm used to encode it.

For biometric data to be used as an authentication method, the data sent from each device must be convertible to a canonical format. It's no defence that device 1 encodes it in format A and device 2 encodes it in format B; at most, it requires an attacker to compute an encoding that looks natural and matches closely enough in a different encoding.

If you have to provide biometric data encrypted with a private key stored on your device, that's an improvement over the US credit card system. It means I don't get access to all your money by stealing your payment instrument. Of course, it's almost as good to use a chip-and-pin credit card.

39:

"Lastly ... isn't quantum computing/encryption supposed to make this entire discussion irrelevant anyway, ..."

Well, yes, since this is a SF-related blog, it is. In practice, however, it's unlikely to be relevant to mobile, customer devices much before ubiquitous fusion power or a space elevator.

40:

Amazon's probably in the best position to issue a private currency, of all the major tech companies. After all, they already have their "coins" that can be spent on apps and in-app purchases. And they have a massive global retail operation that their currency could be spent on.

Though Amazon's attempt to break in to the phone market failed horribly, so they have the hardware problem that Apple doesn't.

41:

This essay provides a compelling argument for the strong "state-like" response from Apple. In my opinion, Apple's arguments stood solidly on their own footing based on the privacy principles upon which they rested, but I have to admit, the ideas from this essay inject the arguments with a much greater sense of urgency.

They also justify a significant investment in cryptocurrency & blockchain research, not insofar as Apple might unilaterally introduce such a tool, because suddenly $100B looks small, but because cryptocurrency will likely become a key element of most future exchanges.

However....just imagine Apple as a nation state.

The Democratic People's Republic of Apple would have a GDP similar to Ireland(~$230-$250B), a reserve currency similar to the UK (~ $100-120B) and a population of 500M (iOS users). I am already a 'member' several times over and as a shareholder, I would be a considered a 'citizen' with voting rights.

Indeed, creating their own currency, international exchange, and marketplace is not beyond the imagination.

Would I consider having my paycheck deposited into the National Bank of the Democratic People's Republic of Apple? You bet! Especially if it came with the various levels of discounts that the DPRA could negotiate from financial and commercial institutions.

...

Dear Best Buy, you will give citizens of the DPRA a 5% discount when they pay with the iPhone.
- SIncerely, Lord T. Cook

PS Why is your car parked at the local motel for 2 hours on Thursday afternoons? Is your wife aware of this? Please consider our request carefully.

...

Dear Humana Healthcare,

You will begin accepting iPhone payments for medical care and offering payment schemes based on ACTUAL costs for stuff, not made up prices.

Sincerely, Lord T. Cook

PS Sure is a nice reputation you have here. Sure would be a shame if your browsing history were combined with your travel history to Thailand and made public. Just sayin...

...

There is no way this could go badly

...

I, for one, would like to welcome our new iOverlords...

42:

[ DELETED BY MODERATOR -- reason: rude drive-by commenter was rude ]

43:

You're probably right, but there's another issue:

There's not that much money to be made in retail banking. One big reason I went to a credit union is that the local multinational banks were charging maintenance fees on my account, because I wasn't bringing enough in to satisfy them.

Why would Apple want to muscle in on territory that the banks are getting out of? It makes sense in other parts of the world, where phone accounts are used as alternative bank accounts, and that's probably where they hope Apple Pay takes off. Here, it's not so clear why it's useful, especially when it means they get increased fraud headaches and (probably) decreased expenditures over time as more people get poor and fewer buy stuff.

Most of the money making opportunities are in the gambling financial sector, and I'd be shocked, shocked if Apple has no financial dealings. Now, if Apple has any sense, they'll pour that money into things like securing their supply chain and securing the infrastructure (land, power, water) they need for things like data centers, as Google has been doing for the last decade. (soapbox) Making money for the sake of making money is kind of stupid, if all it does is inflate a financial bubble so that the money becomes worthless (/soapbox). How is it different than what's going on in Zimbabwe now?

44:

The two go and in hand, and ultimately smartphones are a flat market. Financial services like Apple Pay are a future market with massive potential.

And the two go hand in hand. The more you reply on an iPhone for things like making payments, the less likely you are to switch.

45:

"They also justify a significant investment in cryptocurrency & blockchain research..."

And their is some proof somewhere that nobody will ever be able to break or subvert the encryption used? When I hear "blockchain" I wonder do we really want our entire political and financial system relying on N!=NP?

46:

GE was another manufacturing company that into finance by lending to customers who wanted to buy their products, though IIRC they started on the business side not the consumer side. In the 2000s GE Capital was one of the largest finance companies in the US; however in the last few years GE has sold off a lot of the finance stuff to focus on manufacturing

Not quite.

Like Boeing, GE was having trouble selling aircraft engines due to the costs of each purchase. (You don't buy just one. You buy enough for all the planes you are buying plus extras to swap out when maintaining one that have been in use. Plus parts. Training. Etc...) So they started a leasing/finance company to avoid having to line up financing for each deal with outside firms. They, GE, were also able to sell the bonds and such much easier than many of their purchasers, say "Air Peru". GE made more money and the customer saved money. Over time this arm of GE became so profitable they got into all kinds of financing. Including homes, cars, and a really big one, private label credit cards. Home Depot and others.

When the banking crisis hit they didn't really get hurt all that much. They, GE, had been ruthless in not doing stupid things. (It was a hallmark of their operations.) But in the aftermath of it all the banking laws in the US were changed to the point that the entire GE company would have to be run as if it was a bank. Federal oversight and all. GE decided no thanks and spun off the financing arm as a separate company. Synchrony Bank.

Basically almost all US companies with financing arms of any size made similar choices.

Which is why I doubt Apple will ever become a bank. It would open them up to all kinds of disclosure, regulation, and oversight. Unless they move all the corporate operations overseas. And politically that's just not a good idea just now or in the foreseeable future.

47:

- Sincerely, Lord T. Cook

Have you considered that this may be exactly how Apple got the FBI off their backs?

My own pet theory, (probably wrong but fun to think about,) is that if I was Tim Cook and I had a hundred-billion dollars floating around, I could hire Ridley Scott to make my anti-FBI commercials. The Feds would discover there really is "...a garden of pure ideology, where each worker may bloom, secure from the pests of any contradictory true thoughts."

Then the Feds decide to hire a bunch of Israeli security hackers instead of taking the fight to national TV.

48:

But you need a working email so they can bill you to use iTunes, the iOS and the Mac App stores .... I think you can now use non-Apple email addresses too which makes it even lower.

They haven't required an "Apple email account" for years. Maybe over a decade. If ever.

49:

I always found it odd that retail banking in the States is basically a huge collection of local per-state or per-city businesses, and there isn't a huge presence of national and international banking chains as there are in the UK and increasingly all across Europe.

The same reason insurance (life/health/property/liability) is a state thing. The companies would rather lobby state governments for favors than our Congress. The former usually doesn't make the news or at least not the national news. The later tends to be all over the TV and other news when a big issue comes up. And there ARE federal chartered banks but they get to deal both states where they are located.

50:

Ultimately the banks are going to discover—the hard way—that getting into bed with Apple was a bad idea, about the same way that getting into bed with Amazon over ebooks was a bad idea for the Big Five publishers.

They already have discovered it. AFAIK Apple does not know the amounts or details of what is being purchased via Apple Pay. As best I can see it this is just another way to make people want an iPhone vs. Android.

51:

Actually Google's business model is, or was, selling access to users matching a profile, not selling the correspondence table. There's a bit difference there in that only Google has/had the contact information. So Google has/had a strong motive to NOT share user data.

They've branched out so much since I last really evaluated them that it's hard to be sure it's still true, but I haven't heard anything concrete about them selling user information rather than access to users.

52:

And this is why Tim Cook is willing to go to the mattresses with the US department of justice over iOS security: if nobody trusts their iPhone, nobody will be willing to trust the next-generation Apple Bank, and Apple is going to lose their best option for securing their cash pile as it climbs towards the stratosphere.

Just to clarify. The FBI is asking Apple to create a new iteration of iOS that will allow them to brute force break into an iPhone by sending passcodes over the USB port.

This is a really big deal. The FBI claims it will not take more than about 10 or fewer people a few weeks to do this. And on the surface this may be right. But this new iOS will be installable via Apple system that allows an iOS device to be OS updated via the USB port WITHOUT unlocking the device. So Apple will either have to allow this bastard iOS OS to load via the production (or production testing) servers or create an entire separate infrastructure to support the bastard iOS operations. And keep it running. (If the FBI can All Writs them to write it they can also All Writs them to maintain it.) Which really means an entire set of support operations which duplicates many of the "real" operations. Bastard production, bastard test, bastard development, etc... And a way to keep all of this from touching the real stuff. The FBI has already admitted that if they win this one they have a stack of iPhone they will ask to have the same bastard iOS loaded on. Heck the DA in NYC says they have 175 iPhones they will ask Apple to bastardize as soon as the FBI wins.

Oh, and don't think this is as clear and simple as the FBI says it is. The FBI and Apple are involved in 8 or 9 cases like this. All proceeding under seal. The FBI went public only on this one. And everyone assumes they were waiting for one where it would be easy to line up the support of the public and elected officials.

53:

I thought the issue at hand is setting boundaries to the All Writ's Act.

Totally.

54:

And if the FBI wins I can see not too far down the road the FBI or similar getting a judge to order Apple to create a really bastard iOS version that will allow the FBI to ease drop via a device. And tell Apple to include it in their updates to "this list of devices". Oh, and you can't tell anyone you're doing this. At all.

55:

Anybody truly paranoid already assumes that every phone is eavesdropping at all times. Another paranoid possibility is that the whole farce between Apple and the FBI is all a big show to make it look like iphones are really secure, so please go ahead and put your terrorism plans on them because they will be safe. When in reality the FBI totally has access. And look at the training we're doing for an amphibious landing in Kuwait.

If Apple becomes The Bank, I'm going to need a bigger mattress. What about a Carrington event? Not that we're currently safe from one, all money is electronic. Another thing, breaches are like earthquakes. You want lots of little ones to let the pressure off. If your iPhone becomes your universal credit card because it's soooo secure, and everybody trusts it totally for years and years, then one day, wham, just when we think we're safe, the big one. Somebody steals ALL the money.

56:

If you do some digging you will find that companies selling software/devices that break into or allow you to hack a tablet or phone list support for most all smart phones EXCEPT iPhones running iOS 8 or later.

57:

And the slippery slope argument is that those tools are pretty much all originally created by either law enforcement or cell phone service providers.

Law enforcement wants to quickly clone a phone for archiving, the cell phone providers want to help the nontechnical move their old phone to a new phone (with pricey upgrades). The cloning tools were getting scary, and some were designed to be used in traffic stops.

Apple's current OS is suppose to resist it, and thus make it so the phone's worth less to steal. Not to mention enough people now keep private details on there. Apple's bank plans are just part of it. They need people to trust the phone.

The slippery slope argument is once the tool is made, it will quickly become something on a flash drive spread around police departments, where someone whose lazy or corrupt lets it get uploaded and now we're back to zero.

The other thing is Apple is really playing a game of immune system. Apple is good, but the world is always trying to hack, and people learn. Hell, people have written code into super mario using glitches to play flappy bird. Apple always has to keep going, as older phones become less secure and exploits became known. Here Apple likely got off the hook cause an exploit was found.

58:

One actual possibility is that they might decide to resuscitate provably secure architectures and operating systems (from the 1980s), because they could easily fund the development both of the basic technology and the interfaces to existing protocols (which is a far harder task). Now, that would be very interesting indeed, and would provide a long-term defence against being hacked into by the NSA or whatever.

Yes, please! The NSA fucked us so much back in the day, and we're not going to fix any of these problems until we reckon with that one.

59:

The AP is now reporting that the FBI has dropped their case, saying that they figured out how to unlock the phone on their own.

https://twitter.com/AP/status/714570046056570880

60:

Just a heads up, Charlie: John Gruber just posted this to Daring Fireball, so there may be a sudden influx of new commenters on the way.

61:

"Some analysts have opined that if Apple maintains its current turnover and earnings, and continues to buy back shares at the current rate, by 2024 AAPL will revert to private ownership ... and still be sitting on $100Bn in cash."

This statement makes no sense. Apple has bought back something like $125B of its common stock and retired it. Canceled it. It no longer exists. The value of that stock has moved to the remainder of the existing stock. There is no way, by this method, to take Apple private. Apple owns no more of itself now than it did when it started the buybacks.


62:

Charlie D @ 11:
Credit card companies also monitor purchases looking for suspicious patterns for fraud prevention (in the US at least). If suddenly purchases at a camera store or in Dar es Salaam appear on your card they might freeze the account on suspicion of fraud (former has personally happened to me, the second happened to someone I know; both happened to be false alarms).


Matthew Seaman @ 34:
Both the federal government and the states can charter banks in the US. However, interstate ownership of banks has only been allowed for about 20 years or so. Mergers have produced some big ones with national reach like Citi, Bank of America and Wells Fargo, but yeah as a result of that old rule there are a lot of banks in the US, 6,182 according to the FDIC.
Even if Apple wants to get in the financial game I seriously doubt they'd buy an actual chartered bank as that would put them under a whole lot of regulatory requirements. PayPal, for example, is very specifically not a bank and has spent its existence carefully structuring itself to minimize regulatory oversight.


David L. @ 46:
Thanks for correcting my memory.


63:

There's not that much money to be made in retail banking.

Exactly, thanks for saying that.

The problem with Charlie's proposed game plan is, it doesn't make sense. If you have a truck load of money, you don't get into the retail banking sector to make money - you use it to play the funny money game, same as the rest of the banks. Much less control, much less red tape, much more profit. You use your access to phones for a little targeted spying and insider trading - much more lucrative than spying on joe shmoo to see if this $34 transaction is valid.

Nah, I have a different rationalisation of apple's actions; one that fits the facts. They are following google, again.

Realistically apple has stopped really innovating and has become a fast follower. They slap on a nice UI, a bit of gold (sometimes literally) and charge their tame fanbois an extreme markup. It's their model. They don't really know where to go next, or what to do. Thus they react, and it's often to google.

As anyone will tell you, google was in the phone payment game years before apple got interested (they didn't want the banks dictating phone hardware). They aren't as polished at delivery as apple, which is where Tim Cook probably saw "we can do this too, and our shareholders will think it's strategic". Same thing is happening with automated vehicles, VR, etc. - apple tries to get in on 'something new', so they are not left too far behind (there lack of attention to large phones nearly killed them).

As for apple not wanting to give the FBI a backdoor, it's probably much more to do with seeing google give in to government arm twisting, and then getting shafted as a result. Just look at the idiotic "right to be forgotten" EU diktat. By rolling over they now have over half a million requests to deal with AND have bureaucrats telling them have to do more, and fining them - all without those freeloading governments paying a cent. Much better to draw a line in the sand early and say 'no'. Can you imagine how many phones the FBI would eventually want compromised, for free? There's no upside in apple saying yes.

The real question about that whole debacle is; why wouldn't the NSA help them out? We know that they have stolen, strong armed, and perverted all the major US comms providers such that they have near total visibility. But they wouldn't help the FBI in a terrorist case?

Or maybe they did ....

64:

Apple could go private by buying up its own stock. Once the number of shareholders goes below a certain number, the company is no longer under the same SEC level of regulation as a company owned by members of the general public.

P.S. This was an important plot point in The Wheeler Dealers.

65:

I really doubt that Apple is going to become a bank (or bank holding company). As others have noted, the money isn't there. Apple Pay currently does transactions through ordinary credit and debit card channels. Apple does automatically generate unique card numbers for transaction codes, but that technology has been around for a while e.g. as ShopSafe. (It's been around so long it's usually implemented using Flash.)

I think the FBI was right. Apple is fighting this as a branding thing. They want to be the smartphone company fighting for their customers' privacy. It's not that Apple doesn't know all sorts of things about you. It's that they don't make their money reselling that information like so many other companies. If Uber started selling your ride data to marketers, you might seriously consider switching to Lyft. If Facebook ran a ride sharing service they'd have ten screens of privacy settings, and they'd still sell your data on the open market.

As far as the FBI finding someone to crack that phone, my guess is that the NSA did it for them. The NSA, which is charged with both encryption and decryption, came out against the FBI, recognizing the risks to US security if the FBI got its way. The NSA almost certainly has the requisite technology, and unlike the CIA has no restrictions on domestic operations. (I once took a FORTRAN course from a guy who later became head of computing at the NSA. They ran his picture in the New York Times.)

66:

...my guess is that the NSA did it for them.
My guess is that it is a private forensics/reverse-engineering company, and that they either worked out an attack on their own, or were provided an obtuse hint by a national lab or security agency. Doesn't take much of a hint to help somebody smart to get unstuck. We will probably never know though.

Thanks to Charlie in the original post for fleshing out this argument very nicely.


67:

NPR is reporting that the current rumor is that an Israeli company called Cellebrite did the hacking.

68:

do you think it possible under any stretch of insanity to suppose that apple will help the fbi if they are not credited with it?

69:

Only too easily, esp if apple err "collaborated" ( use of word entirely deliberate ) with the NSA behind the curtain

70:

"Apple does automatically generate unique card numbers for transaction codes, but that technology has been around for a while e.g. as ShopSafe."

So how does that work then? With a card number being 16 digits it looks straightforward at first sight, with roughly a million numbers for every person on the planet. But most of those digits are "fixed", and there don't seem to be enough "variable" ones remaining for anything to work at all.

Not having any "ID" it is nearly impossible for me to use any form of electronic payment. Most of the time this isn't a problem, except for buying stuff off Amazon or Ebay. For that a workable dodge has been to use "3V vouchers": you hand over money to a shop with a Paypoint machine and in return get a single-use Visa number with that amount of money on it. All the numbers begin with 4898065000, leaving only 6 "variable" digits. Which means only one million numbers total, and I can't see how that works at all. A possible explanation might be that they are so small-scale that they can get away with it (nobody else even seems to have heard of them), but that can't be true of the thing you're talking about.

This morning's news is a big disappointment. I wanted to see it go all the way, and the FBI to win. Anything that handicaps the spread of electronic money handling is great news in my book, and the idea of anything approaching Charlie's hypothesis becoming widespread is quite horrific. It's bad enough being restricted by things insisting on ID, but to see what few options I still have available ending up being killed off and having to spend hundreds of pounds I don't have on an electronic device I don't want to take the place of a number written on a piece of paper would be even more crippling.

That prophecy about nobody being able to trade unless they have the mark of the beast is nearly fulfilled already, but so many people have acquired the mark of the beast as a kind of background process that nobody even notices.

71:

"The problem with Charlie's proposed game plan is, it doesn't make sense. If you have a truck load of money, you don't get into the retail banking sector to make money - you use it to play the funny money game, same as the rest of the banks. Much less control, much less red tape, much more profit."

You and Heteromeles are missing the point, possibly because the banking abuse is less well-organised in the USA compared to the UK. You go into the retail banking business to get control of a lot of other people's money, in order to speculate (i.e. gamble) with it.

Also, in Apple's case, it makes it a LOT easier to provide customers with a single, simple payment and account management system, and would be one component of Apple taking over much of Amazon's payment agency business.

72:

I see a few problems here, Charlie (I work in fintech, btw):

1. Apple isn't really sitting on that much cash.

2. Apple Pay is not a bank, will not become a bank, nor will not become a frontend for a bank system. Payment processing is totally different from banking- not just from a technical perspective, but a legal one as well. Apple likes it this way, because banks still bear the compliance and liability burden. The bottom line is that between Apple Pay analytics, fees, and money made from processing deals with partner financial institutions, Apple doesn't need to be a bank to make money from the Apple Pay product...even discounting the huge margin they make on the physical Apple device that runs it.

3. Tim Cook went into the cage against the FBI because if the US government gained the legal and technical right to break Apple's encryption, then Apple's vendor relationship with other organizations (many of which value their privacy) would be endangered. Being an official vendor for companies, institutions, and other governments is hugely lucrative, especially when you sell premium products with huge margins and a hugely profitable service model and secondary market to boot. Cook is not trying to defend his chance at being bank president, because it's not the easiest or best way to make money. Apple will be happy when 3 billion people are buying a new iPhone every 2 years, and when all holdout governments demand iPhones, not blackberries.

I build financial products in San Francisco. I don't know anyone here who wants to be a bank. Apple doesn't want to be a bank. *No sane tech company* wants to deal with the compliance work inherent in operating a multinational financial institution.

73:

I happen to have been following this issue, and I came to many of the same conclusions as OGH. Is this a problem for you?

74:

Apple isn't really sitting on that much cash.
Potato patato - that's irrevelant.

Call it assets then - its still a metric fuckton, even accounting for the Debt they are racking up against it in the States. Even if an asset is longer term than cash its still relatively easy to move between them with a bit of planning.

Banks don't hold much cash either.

75:

Moderator: I believe @12 constitutes trolling. If you agree, please take action accordingly and delete my ill-considered @73. Thanks!

76:

1. Apple isn't really sitting on that much cash.

OK. So it's only $110b. Still a fairly big pile.

77:

There's an argument for saying that really really secure iphones are already here. In conjunction with iOS8/9 the Iphone 6/6s has a whole load of additional hardware support for encryption the 5c just doesn't have. Whilst nothings truly unbreakable given enough time or the right exploit its likely the Fed's worst nightmare has already arrived.

The Register has a good write up on the differences encryption-ly speaking between the 5c and the 6's.

78:

Aplogies. My previous response was actually @Michael Cain.

Its also wrong to conflating an iPhone 5c with Apple Pay coz it ain't up to it cryptographically speaking.

79:

As a non-techie I'm wondering how iPhones whose appeal includes being loaded with all sorts of non-Apple produced apps is able to say: No worries, none of these additional goodies (which happen to add to our revenue stream) immediately allow for unforeseen modes of entry.

80:

It isn't don't worry. It is more like we vet apps more than the other guys. And act faster when we find issues. Plus we allow you to update your phone for security issues when we release the fix, not when (or even if) your carrier decides it is worth their time to allow you to get the fix.

81:

I think OGH' thesis is broken for 2 reasons:

1. Microsoft that also wants to get into the payments business sided with the FBI originally, via Gates' comments. Yes, they sided with Apple for the court case, but unless you think gates made ill-considered comment, it might be fair to say that this case is not really about transaction security.

2. As we now know, the iPhone was successfully hacked and the FBI have withdrawn the request. Whether Apple complies with hack requests or the FBI/NSA/Other just hack the phone is rather irrelevant. The iPhone used in the San Bernadino killings was hackable. That means that just like plastic cards, it is insecure and criminals and government agencies can get at your records and money. Apple must realize this and can only hope to try to stay ahead of an arms race. As a consumer, it would be better to know that a phone was so secure that only a government agency could extract information via a legal warrant. Now we know that this isn't true.

I'm also in agreement with those who say banking isn't a good business to be in. Far better to just rent experts to manage the funds for a hefty return. Far fewer regulations and more flexibility. The Us might eventually accede to the tax amnesty to repatriate funds. This is more about stock buybacks enriching insiders that anything else. The fund pile is a just a huge carrot for legislators.

82:

Here's a question tied to this:

If Apple pivots towards financial services, will it still make sense for them to finance so much R&D? I have a lack of knowledge in this field, but didn't the prominence of GMAC contribute to the deteriorating innovation in automobiles?

83:

the idiotic "right to be forgotten" EU diktat

Nit-pick: while I think we can agree that the implementation was bad, the "right to be forgotten" is an emergent side-effect of the ECHR-mandated right to personal privacy, which is about as strongly integrated into European law as the First Amendment right to free expression is integrated into US law.

The reason for the right to privacy, lest you forget, is that during a period roughly 70-80 years ago (and, more recently, from 1945-1989) personal privacy was basically non-existent under various degrees and flavours of totalitarian regime that left a very nasty taste in peoples' mouths.

Yes, trying to make Google the arbiter of collective memory was dumb, but some kind of control on inappropriate and damaging expressions was absolutely in line with European social and legal norms and sneering at them is about as useful as, say, my sneering at your stupid second amendment (guns for everybody, including toddlers! pew pew pew!) would be.

84:

Yes, I'm aware that being a PSP is not the same as being a bank. (Disclosure: I was the first developer hire at Datacash, back in the day.)

You should take my "Apple becomes a bank" with a pinch of salt -- obviously the SEC regulation would be far too onerous for a tech firm, until the industry matures to the extent of, say, the automobile or aviation industry (linear sales growth, if any, saturated market, no more exponential progress, financialization and fashion as drivers of sales: I don't see this happening much before 2030). But Apple does have a lot of assets to shuffle around, and using some of them as a float while brokering other folks' transactions seems logical as a possibility.

85:

Yes, #12 was trolling. Comment deleted and commenter banned.

86:

One point about the San Bernardino shooter's iPhone; I haven't seen any reporting of what model it is, but it has been described as "an older iPhone". If it's running iOS 8 or above, then it's at least an iPhone 4S, and if it's a work supplied one it's unlikely to be more than 3 years old, so probably an iPhone 5S (when they introduced the fingerprint reader). But the newer ones have improved hardware security baked in.

So, the FBI might be able to crack iPhone 5S's and earlier iPhone models but still have a problem with iPhone 6's and subsequent models -- hence the use of the All Writs Act, in an attempt to force Apple to hand them the (not-yet-existent) keys.

87:

You're not cynical enough :-) Apple have enough money to buy themselves out of regulation in most countries, and might even achieve it in the UK. Oh, no, it wouldn't be a BANK - perish the thought! - but it would allow them to provide many/most of the same services using cut-outs and similar. Do you think that That Lot wouldn't reduce the onerous regulations if it were quid pro quo for 100 billion being moved into the UK?

89:

One thing I will fight on here is that there's going to be a big clash coming about this. American Freedom of Speech versus EU Right to Privacy will collide nastily.

This has been an ongoing issue with American firms doing work in the EU. Its a problem as much of territoriality as it is values. To Americans, freedom of speech trumps privacy so long as its newsworthy and if its true. (The whole Gawker thing comes out to a question on whether or not what Gawker did was cover something newsworthy enough to overcome his Hulk Hogan's privacy right).

In the US, truth is an absolute defense in defamation and in (most) privacy torts, and the burden rests on the aggrieved party to prove something is untrue. Historically, the EU (especially GB) have shifted the burden and reduced the defense to conditional (I know there's new statue in the UK as of 2013 which does some shifting).

As a result, the US has placed freedom of speech on top of the right to privacy, while the EU has placed right to privacy on top of freedom of speech. It's already caused a few cases of conflict (see the German murder wanting to redact their wikipedia article). The folks I know doing civil rights law are really concerned about the right to be forgotten due to its potential overreach as it gets used more often.

90:

Charlie @ 84:
As a publicly traded company Apple is already regulated by the SEC (Securities and Exchange Commission). You may be thinking of the FDIC (Federal Deposit Insurance Corporation), which regulates banks that offer deposit accounts. Or possibly the Federal Reserve, or the OCC (Office of the Comptroller of Currency). The alphabet soup of federal regulators can be confusing :).

Charlie @ 86:
Wired has a copy of the government's request in the case In the Matter of the Search of an Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus License Plate 35KGD203. It says that the phone is an iPhone 5C model A1532.

91: The reason for the right to privacy, lest you forget, is that during a period roughly 70-80 years ago (and, more recently, from 1945-1989) personal privacy was basically non-existent under various degrees and flavours of totalitarian regime that left a very nasty taste in peoples' mouths.

I say idiotic because :

a) it does nothing about the government spying on everything you do and the lack of privacy that results.

b) it does nothing about apple, google, microsoft, the banks, uncle tom cobbly spying on you and the even greater lack of privacy that results.

c) it does nothing about the original record on the original website.

All it does is to attempt to introduce an imperfect information access hole, coupled with overreach into other countries jurisdictions (a bad idea that needs to be jumped up and down on), and put the cost on someone else.

In short it's mistargeted, ignores the stuff that can really hurt you, doesn't work, and doesn't have the idiots creating this stupidity footing the bill for their stupidity (which might give them pause for thought). It doesn't even deal with, you know, the stuff you do in private - concentrating in the main, it seems, on stuff you've publicly screwed up on. At a minimum, if you've been in court, it should never be grounds for removing reference to it. Ditto for stupid public statements or things you've personally published.

92:

Many of the arguments here and elsewhere take as granted the idea that the FBI actually did crack the iOS8 security running on the iPhone 5c. But why are we so willing to believe that to be the case? Lots of words, little proof. And I'd be willing to bet that there won't be any way to prove it happened. It makes much more sense to me to believe that the FBI realized they were going to lose this case, messily and publicly, thereby losing any chance to achieve their longer-term goals (the legal go-ahead to backdoor any electronic device they want). They invented a fictitious work-around, floated a few half-believable rumors about the nature of that work-around, and backed off to wait for a less-capable target. As a small bonus (at least to the FBI), Apple gets left looking like their security isn't quite as good as they're advertising.

93:

Interesting idea. But it doesn't help the FBI as they have admitted that they want to hack other iPhones. It makes no sense that they would back off with a bogus claim as this impedes them and prevents them from commandeering Apple in future.

Now that the FBI has claimed to hack the San Bernardino phone and that this was important, they are now going to have to provide substantive answers to what they found an why it was so important.

94:

Something I'd note about the FBI is that when they gather evidence it's always with the intent of using it to prosecute someone. If the NSA can't or won't let an engineer testify about how they got information out of a locked phone that information is useless to the FBI as it won't be admissible at trial.
So one possibility I see is that the US government already knows what's on the phone, but has been looking for an alternate non-secret way of getting the data so it can be used to prosecute someone. Alternatively, given recent developments, it could be that they know what's on the phone, realized it's all useless, and so came up with an excuse to back off Apple. Or, as DavidK44 notes, the government may have nothing at all and is slinking away from setting an adverse precedent. Or this could be a genuine breakthrough that for the first time lets someone see what's on the phone.

95:

I suspect you underestimate the capabilities of both private forensics (and reverse engineering) labs and the top national labs. Plus ego/bragging rights (and profits) if it's a private company involved. And other companies will be itching to provide similar services.

I see this as the first serious adversarial round of a technical attack/defense hardware arms race. It will be hard (OK impossible, in a small consumer device like a phone) for Apple (the defense) to totally win, but they may be able to create a device that resists the capabilities of anybody but the highest level attackers, and make cracking irritatingly tedious even for them. The potential legal challenges (worldwide) are another story.

96:

I don't see how it does anything but benefit the FBI to make this claim, even if it isn't true. By claiming they've hacked the phone, they avoid a potentially crippling loss in court that sets a legal precedent that they don't want. There's nothing preventing them from picking another case and demanding Apple backdoor this new phone - the newer versions of iOS are unlikely to be hackable in the same way as the iPhone 5c was, so their new claim will be believable.

Why should the FBI need to "provide substantive answers"? They'll either say that it had nothing unknown on it, or they'll slap a National Security sticker on the information. In either case there's no way to verify that they actually retrieved anything from the phone.

This case was never about what was on the phone, it was about setting a legal precedent that Apple can be compelled to backdoor their software. A bogus "we're good now, see you next time" withdrawal allows them to try again; a legal finding against them wouldn't.

97:

"I see this as the first serious adversarial round of a technical attack/defense hardware arms race." I agree, and I suspect that Apple is not as concerned about the hard-but-eventually-crackable level as it is about easy exploits that could arise from government-induced backdoors, especially when you add the ApplePay/money-handling vector into the equation (to bring this back around to OGH's original thesis). Apple can likely keep sufficiently ahead of access implementation hacks so that they never develop enough to allow rapid access, but that's only assuming that there isn't engineered-in backdoors that they can't close.

98:

Recall that the FBI said that they needed Apple to unlock the phone as there was no alternative. Now that this has been proved wrong, it will be much harder to make that claim again.

Regarding content. The FBI chose that phone so that they could sway public opinion and potentially the court using the "terrorist and safety" threat. Now that the phone is unlocked, journalists will naturally follow up. The FBI can dodge and weave, but it won't look good, and the public will not be so easily swayed in supporting the FBI again.

As the saying goes, it takes just one thing to destroy a lifetime of good reputation. The US public seems to have an overly fond view of the security forces, and the FBI is certainly a step up from the local PDs. This event could make a dent in that reputation in the public's mind.

No doubt the FBI will try again, but I suspect that they will need a more pressing example to make their case next time.

I see this as a loss of face for the FBI. If any of the phones are more advanced then they may not be able to crack those too, which was what setting this precedent was all about. Apple will endeavor to make hacking their phones ever harder. While I don't subscribe to Charlie's thesis, it certainly can't hurt Apple to sell a phone that maintains your privacy better than the competition, and ensures that locally stored data is harder to extract.

While David Brin assumes all encryption is breakable and therefore just go with transparency, I see no reason to make it easy for the security people to take away privacy.

99:

One-hundred percent agreed.

100:

Loss of face, but since they're also supposed to be "the good guys," it's the only just thing to do.

Remember always that this is the law enforcement side of the FBI. There is a (counter)espionage side of the FBI that's firewalled away from these guys, but they don't crack phones for their law enforcement brethren, because that would be illegal.

So yes, the FBI lost the possibility of making the precedent by pursuing the case. Conversely, they retained their credibility as a lawful organization, which, despite our cynicism, is really important. We want the criminal division of the FBI to abide by laws. They also racked up good guy kudos by publicly telling Apple that they thought the 5C IOS was hackable before they announced a successful hack, giving Apple a sporting chance to find and patch the problem (and oddly, I got an IOS upgrade a couple days later, which, for all I know, may have contained the patch among other things).

Oddly enough, I'm cool with all of this. So far as I can tell, any system will become hackable if it's out in the wild long enough. This applies to biology as well as electronics. While the FBI probably wishes that they could have gotten the court ruling in their favor, I'm glad they're still, above all, interested in getting it lawfully, rather than just passing their evidence to the NSA or CIA to get things unlocked and possibly tampered with.

101:

The FBI's bread and butter is being a bureau of investigators working for the US Justice Department. Like a couple cops working for a district attorney, but huge. What does the Justice Department want here? Beats me.

OT. When I hear 'going to the mattresses' I think strikebreaking. Company sees a strike coming a month ahead, they order a couple hundred mattresses in a semi trailer, park the trailer on their property. If the strike goes down, scabs and management sleep on the mattresses instead of crossing the picket line. The mafia stories are just stories to me. I've seen the mattresses. Maybe not OT: What does Apple see coming?

102:

Your points a bit a fallacious

1. Bill G > Microsoft. He's been backpedalling furiously since his original statements - most likely at MS's request.

2. That means that just like plastic cards, it is insecure and criminals and government agencies can get at your records and money.

So? Its like most phones - but importantly it does not have Apples secret encryption sauce for Apple Pay. So its about as secure as a "normal" phone, maybe fractionally better than say a rootable android handset, which apparently the TLA's love coz the rootability of Android makes it easier to crack.

103:

At a minimum, if you've been in court, it should never be grounds for removing reference to it. Ditto for stupid public statements or things you've personally published.
I might take issue with that ...
Suppose you'd done something really stupid as a teenager ( You mean you didn't? ) & it resulted in a minor court appearance.
This will then dog you for the REST OF YOUR LIFE, no matter how much you change.
This surely is WRONG?
In Law in the UK, there are such things as "spent convictions" - after x years, if minor, they "no longer exist" - except they do under this idiot idea.
NO

104:

Oh bugger - italic formatting gorn WORNG

[[ Now fixed - mod ]]

105:

This case was never about what was on the phone, it was about setting a legal precedent that Apple can be compelled to backdoor their software.

You're thinking too small. It was about the ability to get a court to tell ANY company operating in the US to modify their product in specific ways to help out the government.

106:

Greg

Even in the US juvenile criminal records are typically sealed. To the extend that law enforcement has to jump through hoops to get access to them if they are dealing with an adult who may be continuing "in the life".

107:

Thanks, Charlie. Sorry for taking the troll bait. This has been a great topic!

108:

"Spent" convictions don't just apply to juvenile crimes -- The Rehabilitation of Offenders Act means that most convictions and all cautions, reprimands and final warnings are considered "spent" after a certain period (convictions including what would be considered felonies in the USA, if the sentence was less than four years). And this includes adults.

109:

But this doesn't make sense. 'Spent' or not, you search back through newspaper cuttings, you find details of the court case - a tactic beloved of genealogy programmes. 'Spent' doesn't mean that news of the case disappears, just that the court system doesn't reference it anymore. There's nothing saying that you get to excise all reference to it, neither should there be. Otherwise you'd have to be paying for someone to hit the newsprint with the Tipp-ex (now there's a phrase that's aged).

On the privacy stakes there are FAR more important fish to fry.

110:

I think there was an element of reasonableness in the concept of a "right to be forgotten" which was at the heart of the issue but which soon go lost due to what seems to be both overreach on the part of the EU Court and wilful petulance on the part of google.

Firstly the EU court should have recommended national level legislation, as per "spent convictions" rather than making a EU-wide ruling, applying it only to Google seems wilfully stupid too.

Google went into the fight treating their search results as "gods truth" then ended up on the back foot as a result, and took the ruling incredibly petulantly. If people now hit the "hidden results" warning or ChillingEffects.org then its a cue to switch to Bing, DuckDuckGo or whatever and find the quality gossip, which seems to be to be skirting perilously close to contempt of court.

111:

I'm not arguing against the way Europeans look at things. Just pointing out that Greg's comments about teenagers (referring to a comment about the US) wasn't on point.

Europeans and USAians look at these things differently. The problem as I see it is both want to extend their laws to cover things outside of their country.

112:

'Spent' or not, you search back through newspaper cuttings, you find details of the court case - a tactic beloved of genealogy programmes. 'Spent' doesn't mean that news of the case disappears, just that the court system doesn't reference it anymore.

Nope, it's a lot more extensive than that. If it's spent, there's no requirement to disclose it to employers or people you do business with. And if you're arrested and charged with some other offense, a newspaper had better be very careful not to mention the "spent" conviction in coverage of the case unless and until you've been tried and found guilty, lest they be in contempt of court.

There have been cases in the UK of jurors being jailed for contempt for discussing cases on Facebook, or for researching a case (or an accused) on the internet. Judges really don't like to preside over mistrials.

(US news coverage of arrests or trials in progress would trigger a mistrial -- and probably some time sitting in a gaol cell for the journalists/editors responsible -- if it happened in the UK.)

113:

Spent convictions count, as do juvenile convictions, for everyone, forever.


A couple of years ago, an acquaintance of mine landed at Newark NJ, to a warm welcome of manacles, an overnighter in the cells, and an early flight back to Gatwick.

Twenty years before, aged fourteeen, he got arrested vaulting the ticket barrier and London Underground took him to court.

His employers didn't know - and it is illegal for them to ask about a juvenile conviction.

Naturally, he didn't record it for US entry.

US immigration shouldn't know - and it would be illegal for any UK civil servant to inform them after he had turned 18. Or before that, as Juvenile proceedings are confidential unless otherwise directed by the court.

But they knew.

Draw your own conclusions: my 'take' is that US law enforcement has always had a culture of 'We store everything about everyone, forever, rights be danmned and we will use it for anything, any time we please' - and the post-Snowden world is merely the pre-Snowden world with increasingly intrusive technology.

That world is about the authories possessing a 'general warrant' - get all the information and all the papers, everything about you, go through it all and formulate suspicions and a prosecution - with all the material on hand already.

General warrants are one of the specific grievances that triggered the American War of Independence...

This is the US we're talking about, not some EU countries I could name. Like England & Wales.

...And obtaining acccess to a phone that captures your correspondence, your calls, your keys, your wallet, your movements and your two-factor authentications to your desktop banking apps is the most general warrant of all.

Worst of all, a 'backdoor' is a General Warrant, active and recording, against *every* citizen, all the time, from every government - China will demand it if the US get it - and eventually for insurers, employers, divorce lawyers, blackmailers, journalists and thieves.

Apple know this; and they know that this argument is lost - but they still have a business to run and they know that the continuing expansion of all their businesses will halt when they, or one of their competitors, gets hit by the first big data crime that triggers mass revulsion instead a mass media 'meh'.

The fourth or fifth time everybody's smartphone 'wallet' is cleared out might just do it: mass publication of every sexually active woman's medical and psychiatric history by extremist Christians will probably do it; mass executions of dissidents in foreign countries do not seem to matter; and abstract discussions of privacy and freedom will not.

Apple know that, too: and they know that some things are unmentionably bad for business, so the abstract legal principles of 'All Warrants' are, in many ways, a gift from the philosophically-challenged legal experts at the FBI.

114:

But far too many employers trawl for spent convictions, so that they can shit on people if the "right to be forgotten" is not enforced.
It's called ... getting on with your life.
It also acts against reform of behaviour & attitudes, if you are going to be perpetually dogged by a conviction, no matter how minor, no matte how many years ago ...
Simon Weston got shafted that way, recently ....

115:

Apple know that, too: and they know that some things are unmentionably bad for business, so the abstract legal principles of 'All Warrants' are, in many ways, a gift from the philosophically-challenged legal experts at the FBI.

Camel's nose under the tent, basically.

It's arguable that we're already there thanks to the Five Eyes ... but the intel agencies run on highly restrictive rules: data goes in, but it NeverNeverNever comes out except via certain very deeply canalized channels (like a Presidentially-signed order for a drone strike, or Edward Snowden's USB stick).

But there's a huge difference between the confessional-booth grade security of the NSA or GCHQ and that of J. Random Constable with access to the Police National Computer network.

116:

Up here, we discovered that your police record includes any interaction you had with the police, and that's what gets shared if someone 'needs' it. (And the range of groups that can request it is growing steadily.)

http://www.thestar.com/news/canada/2014/12/20/girls_discredited_story_of_sex_assault_cost_dad_chance_at_job.html

http://www.thestar.com/news/gta/2014/12/03/despite_no_criminal_record_her_career_is_lost.html

http://www.thestar.com/news/world/2014/07/24/toronto_police_to_keep_sharing_nonconviction_records.html

http://www.thestar.com/news/crime/2014/07/18/toronto_woman_stunned_by_police_revelation_in_background_check.html

http://www.thestar.com/news/world/2014/06/22/no_judgment_no_discretion_police_records_that_ruin_innocent_lives.html

http://www.thestar.com/news/world/2014/06/08/star_investigation_ontario_human_rights_commission_police_records_nonconviction_records_canadian_civil_liberties_association.html

There's new legislation that supposedly solves the problem, but it doesn't remove the information from US databases (where it's been shared under anti-terrorism laws). And it apparently stays in police databases, which can be surprisingly leaky. And the penalties for police who leak/misuse information are much lighter than for other people.

117:

Note that some of this is true in the US. The jury can very easily be restricted from research, discussion and contact. The link falls apart when it comes to media.

Like I said before, truth is an absolute defense in reporting.

The US could do with better rehabilitation (we're succeeding in some places like the experimental drug courts in California), but by and large we suck. It's just such a political football to get people to care. When folks like Charlie discuss Thatcherism's changes to the psyche of the UK, it extends to Reagan in the US.

Reagan ran on dog whistle politics, the war on drugs, and just say no. Criminals were not addicts, but were instead monsters. Crack was 100 times worse than coke, thus deserved 100 times worse treatment. (Meaning Tim Allen got 2 years for dealing 1.43 pounds of coke, while 10g of crack (3 rocks or a normal daily supply for an addict) triggers a 5 year min).

We're starting to wake up and remember politics before Reagan once again. (For good and bad!) As a result we're actually talking seriously about getting rid of crazy knee jerk laws. The feds nerfed some of the mandatory mins for users, and many state laws were nixed. But we built a system giving long sentences, and few tools for rehabilitation, making us afraid of ex-cons. It's made a bad cycle.

118:

The entire "right to be forgotten" ruling runs on reasonableness - FFS, it only applies to Googling the requester's name so if you want to find out any spent convictions you add the word "convictions" and there you go. There's a public interest defence for Google, as well. It's just about giving people a modicum of control over what damage others' idle curiosity can do to them.

Google insisted they'd the right to record everything and fuck your distress and inconvenience until they forced the court to invent a mechanism to make them be good citizens. No-one's happy, but we are where we are.

119:

The FBI explicitly weren't looking for Apple to crack the phone; they were looking for a general-purpose, evidence-quality Bastard iOS, which they would then promise only to use on the phone in question*. Take a look at what that tool would have to do.

*The next court order to unlock a phone would, of course, be part of an Important Terrorist Case and refer to this one - and the tool produced - in about the 2nd paragraph.

120:

Point 1 is taken. Gates may well have put his foot in his mouth, that MSoft then had him correct. But we don't know what their calculus was/is, do we?

Point 2 may well be true, but that just means an extra step. If Apple had to provide a back door for the phone, why would that not apply to the wallet too?


121:

While the FBI probably wishes that they could have gotten the court ruling in their favor, I'm glad they're still, above all, interested in getting it lawfully, rather than just passing their evidence to the NSA or CIA to get things unlocked and possibly tampered with.

I would hope that is true, but I am getting increasingly skeptical that it is. I expect the FBI will try again, or use other methods. They are subject to public and political pressure for results.

122:

Oh, I expect so too.

The thing you have to realize is that, as an environmentalist, I get involved in bad ideas for development that have, in many cases, been tried for decades. I wouldn't be at all surprised if this unfurls the same way.

For example, one tactic Apple could (and should) use to limit the damage is to get a ruling that they only have to unlock a particular operating system for a particular client for a particular case, making it harder, even with the precedent, for law enforcement to force them to make backdoored systems as a matter of normal operating procedure.

123:

Actually, no, that is not true as far as the UK is concerned. There are a zillion complicated exemptions under which convictions, cautions and even mere arrests are never spent, and some under which they must be disclosed, including pretty well anything classified under sexual offences, anything involving children, or terrorism. The 1974 Act is bad enough, but there are a large number of additions not yet merged in, so I am not going to summarise the mess! http://www.legislation.gov.uk/ukpga/1974/53/section/ especially 4(4) and 7. Searching on "Rehabilitation of Offenders Act 1974 (Exceptions)" in that site is enough to make one gigger!

Also, as Nile implied, GCHQ etc. have confessional-booth grade security only as far as mere British subjects are concerned, and they happily pass it on to the USA and sometimes other countries, with no strings attached. I have had several colleagues who have been refused access to UK documents under the Official Secrets Act and have had no problem obtaining them from the Library of Congress or, in one case, the Embassy of the Union of Soviet Socialist Republics. Several of my contacts in UK businesses have had data they have been forced to provide to UK officialdom passed on to their competitors in the USA, and some have provided (weak) evidence that that needed GCHQ or similar snooping.

124:

Wow, someone read my post about payments using mobile :)
The principal thesis is that banking information is more sensitive (in the sense of privacy). But I don't agree. The trade secret is what you buy (or sell), who from, and which price. This is a contract. A payment order contains the same information. So it no more or less sensitive than everything else. I understand that cracking someone's bank account is more convenient for cracker that digging folders of contracts.

125:

The last computer I wrote code for back in the 80s was a commodore 64, but even with this supreme level of tech naivete I can still imagine a cheap way to ensure smartphone privacy while enabling compliance with court ordered overrides. Just burn a small program into the phone's chipset giving access to all files, activated by entering a hundred digit random character password. This string would be unique to a phone's serial number and printed on a metal dog-tag kept in a vault at the manufacturer's office, but no electronic record of it would exist except in the guts of the phone itself. So although still vulnerable to safe-crackers, it's inaccessible to remote hacking. The user wouldn't even know the password or need to, since things like payment transaction security could be handled by routine commercially available security programs. But if a warrant were produced demanding access to an otherwise impenetrable system, the manufacturer could just go dig the code tag out of their safe. Now they're off the hook legally and can devote all the research and development they want for quantum computing, unbreakable large prime number public key encoding schemes, whatever, make it well and truly unbreakable privacy, courts are still happy with that. Seems plausible, why wouldn't it work?

126:

Couldn't a gov't agency trace back any individual from any known sites that were visited within a specific time window? If you know a minimum number of things about someone then it should be possible to segment and re-segment until you hit a handful or fewer possibles.

Don't ISP/carriers also have the same connection data as might be obtained from Apple? And, since most carriers are/were telecons, therefore have existing working relationships with gov't authorities, they'd be more likely to hand over communication data.

127:

No. Just... no.

Almost every single concept of that is completely and utterly wrong, with regards to security. It's the level of wrongness that makes every security professional wince, and politicians think they know what's going on.

128:

That's metadata, and not what was being demanded.

I'm curious what you think they were asking for?

129:

NSA funded a good bit of the research on provably secure architectures and operating systems and program-proving technology.

I was there at the time, on Don Good's project at UT Austin.

We were using a box that used the original 56-bit DES, implemented in hardware. It was known at the time that NSA had been involved in the development of DES, but that was all that was known for certain. There was widespread speculation that they'd deliberately weakened it. It was not until LONG afterwards, when differential cryptanalysis was declassified (by NSA), that it was learned that their involvement had in fact significantly STRENGTHENED the DES.

130:

Thanks for the hearty guffaw at picturing in my mind's eye the image of security professionals wincing, cringing and slapping their foreheads in disbelief, maybe having to just go sit down for a while. Sure you don't care to elaborate?

131:

There is so much wrong with your proposal that, no, I can't.

Well, I suppose I could actually tear down each and every sentence, individually, but I'm not going to -- if you want to take some security training, there are in fact lots of resources (colleges, private classes, bookstores, and online). You could in fact go read the articles posted by any single security professional in response to the "there should be a master key" philosophy. Which has been in the news a lot the past year.

132:

Semi-related (in that it concerns security agencies), here's Peter Watts on new neuro developments and law enforcement:

http://www.rifters.com/crawl/?p=6542

Enjoy :-)

133:

I guess, in this case, the master key is the combination to the safe in which all the individual keys to each phone were stored? Granted that's millions of physical keys, and I'm quite sure that the computer company would rather digitize it into a master database (which would be guarded by the master key password), but while I agree that it's physically impractical (I suspect it would be possible to hack in the factory making the chips, for instance), I don't think it's quite the same as a Single Master Key that unlocks all phones setup.

Not that I'm advocating for it. I'm with Schneier that end-to-end encryption is safer overall. Still, I'm not a computer programmer, and I just hate when someone tells me something is all sorts of wrong and leaves the statement flopping there.

134:

Differential cryptanalysis was reinvented (in the open literature) by Eli Biham (and Adi Shamir), at which point it became clear that the DES S-boxes were resistant, compared with other plausible S-boxes. I was at an early reveal (a talk) by Don Coppersmith where he outlined the design considerations, with some coyness still required. The (decades old) recollections don't completely align with the second paragraph of Differential cryptanalysis (wikipedia) but I'm willing to believe the latter's extended details (notably that the technique was know to IBM by 1974 but never published or even hinted at), apparently described later in a paper.

135:
I don't think it's quite the same as a Single Master Key that unlocks all phones setup

I'm sorry, what part of "all the keys should be locked in a single secure location on the manufacturer's premises" does not equate to "single master key" to you?

It is a monumentally stupid idea, of the kind -- as I said -- favoured by politicians who know nothing about actual security.

How politicians react when they find out it's about physical keys: http://www.northjersey.com/news/business/senator-wants-sale-of-master-key-stopped-1.1423591

136:

So let's take the Space Opera Approach:

The Vault has five keys to the Master Vault:
One held by the CEO
One held by the FBI
One held by the Company's lead off-site attorney
One held by some security guarantor
One held by some other security guarantor.

Now this is a bit of a five ring circus, but it would make for a decent space operatic story, if not great security.

137:

I've never liked bio-metrics for authentication. If you're using fingerprints or some kind of DNA, you're leaving copies of your key every where you touch.

Someone has used a lifted fingerprint to compromise the iPhone 5s and 6. https://blog.lookout.com/blog/2014/09/23/iphone-6-touchid-hack

For retina scans, you're going to put your eye and trust that no one replaced it with a laser.

138:

I'd imagine Apple's pro security stance is just an attempt at achieving a competitive advantage over Google/Andriod. It's pretty hard for the Google ecosystem to take a similar stance since their main revenue streams are all about monetizing data and Android is by design a security shit show

Apple wants to win against Google a lot more then they care about being a bank

139:

But as others have covered, the 'right to be forgotten', isn't. Not only do all convictions not get spent, the governments still use the data, and the data is still available to those that want to trawl in other ways - and that's if google doesn't alert the searcher to missing info, or they don't cross correlate with another search engine (heh, Bing's useful for something other than porn).

Which is worse, that you got a criminal conviction as a teenager, or that you went to the effort of trying to hide it as an adult?

Personally I'd love some privacy - but it has to mean something, which means addressing government and multinational spying first, not trying to hide things that were once public knowledge; making sure that private details are never collected in the first place.

140:

From a theoretical perspective I tend to agree with you, we inch ever closer to the panopticon.

From a practical perspective you are way off base. The reality is that the vast majority of individuals will suffer way more emotional, reputational and financial damage from gossip, ancient facts, and one sided reporting, than from any amount of Government and Multinational spying.

GCHQ noodling away at my emails only has the potential to do me immediate harm - unless Im very unlucky Im just one needle in their giant haystack.

A prospective employer googling and finding that incident with the pensioner and the fireworks when I was a stupid kid - immediate harm to my job prospects.

At this juncture any risk based assement would look to right to privacy over right not to be surveilled.


Oh if we thought the Apple vs FBI roadshow is over - 63 more cases in the pipeline:
http://www.theregister.co.uk/2016/03/30/fbi_wants_63_more_phones_unlocked/


141:

Now this is a bit of a five ring circus, but it would make for a decent space operatic story, if not great security.

It did: "Iron Sunrise" made the Hugo shortlist using it.

142:

Biometrics aren't an authentication token (password), they're an identification method (username).

As for "replaced the camera with a laser" ... we're discussing phones here. Really secure phones are going to be secured with tamper-evident seals; indeed, they already are to some extent (e.g. Apple, Samsung et al use water sensors to verify whether a phone's been dunked in the bath before they decide whether or not to honour a warranty that doesn't cover water damage).

144:

I laughed at your response. You are, indeed, correct, but it IS possible to explain in metaphor - and I am afraid that 99% of those references you refer to will NOT help, because they jump straight into the 'solutions' and technologies, without describing the principles.

Hacking into computers is like common burglary - they typically don't try to pick the lock on the front door. They will see if it is left unlocked, and may occasionally copy a key or force the door, but they will usually prefer to find some other way in (like a window, air vent, etc.) And, almost all of the time, they will rely on the occupant having used inadequate security on those routes or having forgotten to secure them properly. And sometimes that will be because the occupant bought 'secure' windows/vents/etc. that were easy to open if you know how and have the right tools.

145:

There is a lot of confusion between privacy and secrecy. The former involves not having information disclosed without good reason, and the latter involves hiding it, whether or not it should be disclosed. In the UK, and expecially in its law, almost all 'privacy' is actually secrecy, and this is very harmful.

146:

And, almost all of the time, they will rely on the occupant having used inadequate security on those routes or having forgotten to secure them properly.

When my house was broken into over 20 years ago there were two interesting point.

1. The guys doing the break ins were doing them based on their friends of friends at high school talking about when they were "off" kid watching duty due to people being out of town. I was actually in town with family out but got home late and found the mess. At least I wasn't 1000 miles away at the time and having to return.

2. The very best deterrent according to the police was to have a dog that barked and sounded big. Rate of entry on those houses was way lower than those without.

147:

So now the FBI is in the business of being the go-to agency for hacking Apple products.

http://www.newsmax.com/TheWire/fbi-arkansas-homicide-iphone/2016/03/31/id/721672/

Looks like the San Berndardino deal was an opportunity for Apple to make it look like only Apple could hack iphones and only with a court order. Their play would have been to take the offer and go on pretending to be unhackable. Now everybody knows iphones can be hacked by the FBI and any of their friends..

148:

Or perhaps this carefully-timed news release is intended to create this impression, when they're actually just using known exploits on older hardware/software.

149:

There is a really good summary of the security issues on the iPhones.

The short answer: Nothing -- at least from the technical aspect of the software to do so -- prevents apple from making a new iOS, and signing it only for that one device, to permit unlimited numbers of PIN attempts. Even if the device *had* the security enclave (the "s" models), that still would not stop them, because while the security enclave is a separate CPU, running separate code, it still runs an apple signed blob that apple can update.

The technical answer: 1: Depending on how Apple stores and accesses their master key, this may be seriously impractical for anything more than a one-off. 2: There is no real difference in this model and earlier models, except for the change that the user-data is protected by a 4 digit PIN, and if there wasn't a software driven counter to restrict PIN tests, the PIN isn't a barrier.

The real answer: This is more about establishing trust in Apple than anything else.

The long details: https://marcan.st/2016/03/untangling-ios-pin-code-security/

That same page shows two ways to attack the iPhone, or any other such system. First, we have the technology to read the CPU's master secret password off the CPU. In the worst case, that can be used to do brute-force attacks on decoding the memory and data with just sufficient GPU/CPU time. The more practical method is the reply attack. Yes, the computer will wipe the storage master key after 10 failed attempts. But you can image the raw, encrypted memory, make 5 attempts, and then restore the raw, encrypted memory and try again.

Newer phones make this procedure more complicated, but not fundamentally different.

"iPhone security currently relies on Apple promising not to release firmware that would break their security model, and the FBI is simply asking Apple to break that promise. The “backdoor” is already there: that Apple can write new versions of iOS and sign them."

"The core issue at hand is that, currently, all iPhones fully trust firmware signed by Apple."

150:

I don't think the issue is that Apple wants to be the next bank.

I think that they want to be the next clearing house / exchange thingie (whatever it's called) that carries all the payment information. After all, even if they only get 10 cents per transaction, that adds up -- and I'm sure that they will charge more (insert complaint about 2% to 5% plus 25 to 40 cents here).

Equally, it is a case of "Trust Linux, where no one will defend you? Trust Google/Android, who at least puts an entity behind Linux / a target you can sue if they mess up? Trust Apple?"

Given the choice of "Do we trust Apple for security, or do we trust Google for security", who would you trust at this point?

Who else is in the market? Samsung? LG? They market Google stuff, and don't keep them up to date. And, Google does co-operate with Law Enforcement rather trivially.

What's next? Will the next version of Android include a file system with encrypted data, and Google refusing to help law enforcement? I actually suspect the answer is yes.

151:

The last 2 google releases have had user encryption support, prior to that some vendors such as HTC were shipping their handsets with encryption apps for the microsd cards.

Problem is none of these were on by default and also androids more easily crackable than iOS.

152:

Note that iPhones default to Simple Passcode (I think that's the default) but allow much longer alphanumeric plus special character passcodes (or passphrases). Plus there is some rate limiting on key exhaustion simply due to the hashing.
An attack on a newer iPhone with a long passcode/passphrase might need to involve a more sophisticated hardware attack.

153:

Talking of FOLLOWING the MONEY .....
What's the "entertainment" value of the "business wikileaks" exposure in Pananma?
I must admit that the "fun" could be an interesting spectator-sport.

154:

Have to admit that the Panama Files ("The Panama Papers") made me laugh Monday morning. Pretty close to everything one could wish for in a leak - embarrassing almost entirely rich and powerful rule skirters and breakers.


155:

@#134:
I used to work with Denny Branstad some years after he left NIST. One time he told me a funny story about the DES, and it went like this: NSA improved the design of the S-boxes to make them more resistant to cryptanalysis because someone 'forgot' to tell them that the DES was going to be a software implementation. Apparently they thought Coppersmith was working on a chip that was going in a special chip IBM was going to make for a thing kind of like a SWIFT terminal. Apparently there was some pulling out of fistfuls of hair and rending of garments when NSA discovered to their horror that they had contributed to the greatly despised software cryptosystem - something they had been strategically aborting with considerable success until DES was endrun around them and published as a fait accompli.

One should never underestimate the wiliness of extremely experienced bureaucrats. They can demolish your strategy and look at you, blinking innocently, and explain "surely you understand this was all done with your approval. After all, you HELPED!"

156:

Well, DES is another of those things like GPS, where the original system design got overtaken by advances in processing power. DES was originally intended for a hardware implementation, and was supposed to be hard to implement efficiently in software. But the DES custom hardware never really happened, as general-purpose processors rapidly got powerful enough that they could handle it natively just fine. Not that long afterwards came the embarrassment: general-purpose processors getting powerful enough to brute-force it. Which is why original-style single DES is never used these days, and instead triple DES is the standard method (ie. DES the data with one key, un-DES it with another, then re-DES it with a third).

Specials

Merchandise

About this Entry

This page contains a single entry by Charlie Stross published on March 28, 2016 11:46 AM.

Brief interlude was the previous entry in this blog.

But it's not April 1st yet! is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Search this blog

Propaganda