1. 8

  2. 11

    This whole saga has some combination of “quit while you’re ahead” and “don’t poke the bear” all over it.

    Apple probably could have tightened up iPhone encryption over time without ever attracting FBI attention. FileVault or whatever the Mac disk encryption thing is went through a few iterations where it only protected some files, then eventually the whole disk, but that was years ago and therefore didn’t attract “NSA proof” headlines (or unwanted FBI attention).

    But here in post Snowden world, it’s become impossible to just quietly improve security. First, it’s suddenly become a market differentiator. Who’s the most NSA proof? Nobody is going to turn down free marketing. Second, even if you tried to do quietly, all the tech “journalists” out there are going to be blowing the story up anyway.

    The really stupid thing is that storage encryption doesn’t even do anything about the NSA. They intercept data in transit. They’re not pilfering phones out of people’s pockets to peek at their photos (at least not “everybody”, fairly obviously). Or they use targeted remote exploits, which bypass encryption anyway.

    I would have liked to have seen solid encryption arrive on my phone without all the fuss and fanfare. I’m pretty sure Apple was getting here anyway if you look at the roadmap. Touch ID, Secure Enclave, etc. Some of the pieces were being put into place quite a while ago.

    But then we had to go and poke the bear in the eye and shout “neener neener”. And now the bear is mad and wants to eat our crypto. All this just to spite an enemy (the NSA) that doesn’t even care about the changes being made. Nicely done.

    1. 1

      Apple probably could have tightened up iPhone encryption over time without ever attracting FBI attention.

      Not while obtaining the moral high ground and marketing advantage. They need the attention for it to be a competitive advantage.

    2. 7

      Reminds me of the old days when strong encryption was illegal to export… govt fought tooth and nail for that.

        1. 2

          From that link:

          the BIS must be notified before open-source cryptographic software is made publicly available on the Internet, though no review is required.

          Who knew?

      1. 2
        1. 2

          I don’t understand how anyone would agree with the fact that all our information should be insecure, or open to someone else to help catch criminals, who may not even be in the wrong (I guess someone who is like alleged). While I understand the importance of stopping criminals maybe we should live in a preventative society instead of a reactive (in terms of handling crime).