By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: February 20, 2016

Saturday, 20 February 2016

New York Times Publishes Report on iPhone Security and China ★

Katie Benner and Paul Mozer, reporting for the NYT and revisiting the topic excised from a report earlier this week:

In China, for example, Apple — like any other foreign company selling smartphones — hands over devices for import checks by Chinese regulators. Apple also maintains server computers in China, but Apple has previously said that Beijing cannot view the data and that the keys to the servers are not stored in China. In practice and according to Chinese law, Beijing typically has access to any data stored in China.

If Apple accedes to American law enforcement demands for opening the iPhone in the San Bernardino case and Beijing asks for a similar tool, it is unlikely Apple would be able to control China’s use of it. Yet if Apple were to refuse Beijing, it would potentially face a battery of penalties.

Analysts said Chinese officials were pushing for greater control over the encryption and security of computers and phones sold in the country, though Beijing last year backed off on some proposals that would have required foreign companies to provide encryption keys for devices sold in the country after facing pressure from foreign trade groups.

“People tend to forget the global impact of this,” said Raman Jit Singh Chima, policy director at Access Now, a nonprofit that works for Internet freedoms. “The reality is the damage done when a democratic government does something like this is massive. It’s even more negative in places where there are fewer freedoms.”

Another way to look at this is a choice between the lesser of two evils. Is it a bad thing if law enforcement loses access to the contents of cell phones as state of the art for security increases? Yes. But it would be far, far worse — for entirely different reasons — if we eliminate true security by mandating back doors.

San Bernardino Officials: Apple ID Password for Terrorist’s iPhone Reset at FBI Request ★

This story keeps getting weirder. John Paczkowski, at BuzzFeed:

The FBI has claimed that the password was changed by someone at the San Bernardino Health Department. Friday night, however, things took a further turn when the San Bernardino County’s official Twitter account stated, “The County was working cooperatively with the FBI when it reset the iCloud password at the FBI’s request.”

County spokesman David Wert told BuzzFeed News on Saturday afternoon the tweet was an authentic statement, but he had nothing further to add.

The Justice Department did not respond to requests for comment on Saturday; an Apple spokesperson said the company had no additional comment beyond prior statements.

The additional wrinkle here is that when the FBI first revealed this, in this footnote (screenshot) of their legal motion (whole motion linked above, on “claimed”), they strongly implied that the San Bernardino Health Department did this on their own, like they were a bunch of yokels who panicked and did the wrong thing. Instead, it turns out, they were following the FBI’s instructions.

The FBI says this happened “in the hours after the attack”. My question: How many hours?