I really wish the poll questions included anything at all asking about whether people understood the potential negative consequences of simply "unlocking the phone". For example, "do you believe Apple that unlocking this phone would compromise security for other users?"
Yeah. The poll does a lousy job of ascertaining the respondent's knowledge. That also shows bias for the DOJ/FBI since most people probably aren't knowledgeable about such a recent case yet.
Another question asks the respondents to judge their own expertise on the subject:
> How much if anything, have you heard about a federal court ordering Apple to help the FBI unlock an iPhone used by one of the suspects in the San Bernardino terrorist attacks? Have you heard
* A lot (39)
* A little (36)
* Nothing at all (24)
* Don’t know/Refused (1)
>The problem I have is with stuff like their answer to the question "Could Apple build this operating system just once, for this iPhone, and never use it again?", which essentially is outright lying: the "master key" in question is their signing key, not some piece of trivial software they develop (and then sign) in order to automate this process for the FBI. Apple already has the only master key of relevance: that key already exists; the idea that the master key is something that they need to "build" and then would have to "protect" is them trying to divert attention from what is actually important.
>The world isn't somehow different once that software exists
The world is very different once compelled speech is accepted, i.e. when the government can force you to use a signing key to produce a digital signature expressing trust in software you didn't voluntarily write and don't actually trust.
Some people are bending over backwards to tell us how easy this will be for Apple. Strangely, none of them are on the hook for that prediction...
Weakened firmware would be a master key. The only hope is that a device-ID check could be baked in well enough to prevent it from being repurposed, etc. In my experience, a hastily designed security feature in a rushed firmware update will always have bugs.
There is a ton of risk to the innocent owners of iPhones, and to everyone from this precedent, and most-importantly, very little benefit from cracking this specific work phone of a dead killer.
The government has failed to make a convincing case.
Every time any recent iPhone is updated, it needs a new signature from Apple specific to that device, and a nonce to prevent replay attacks. Without Apple's key, the firmware is useless.
The point is that every use of it requires a judge to sign off on it. That means it can't be used by "rogue" government officials, nor will "hackers" be able to use the software, because the software is useless without a signature.
I will trust Apple over the government on computer security matters any day of the week.
Even better, when Snowden buys a smartphone, we'll know which one is truly securable by the user.
From an above commenter,
"Handing over the key is worse than being compelled to use it; that's perpetual compelled speech, where the government would be able to declare software trusted-by-Apple forever. Eroding public trust in digital signatures is an attack on the entire 21-century economy."
A judge signing off on compelled speech and conscripted development of software is still unconstitutional (and specifically excluded under CALEA). If the government wants a back door in to the cryptosystems of private companies, they should pursue this through the legislative process.
Handing over the key is worse than being compelled to use it; that's perpetual compelled speech, where the government would be able to declare software trusted-by-Apple forever. Eroding public trust in digital signatures is an attack on the entire 21-century economy.
