By John Gruber
WorkOS: APIs to ship SSO, SCIM, FGA, and User Management in minutes. Check out their launch week.
Julian Sanchez, writing for Just Security:
Consider: Possibly the next iPhone simply eliminates Apple’s ability to assist in any way. But it’s hard to imagine a scenario where the designer and key-holder for a device designed to be used by normal humans can do literally nothing, at the margin, to assist an attacker. That means every improvement in device security involves a gamble: Maybe the cost of developing new ways to attack the newly hardened device becomes so high that the courts recognize it as an “undue burden” and start quashing (or declining to issue) All Writs Act orders to compel hacking assistance. Maybe. But Apple is a very large, very rich company, and much of the practical “burden” comes from the demands of complying securely and at scale. The government will surely continue arguing in future cases that the burden of complying just this one time are not so great for a huge tech company like Apple. (And, to quote The Smiths, they’ll never never do it again — of course they won’t; not until the next time.)
Sanchez makes an interesting point here about Apple being disincentivized from improving iPhone security if they lose this case. Imagine if Apple made safes, but the government could compel them to crack their own safes under warrant. The harder they make these safes to crack, the more work they bring upon themselves when compelled to crack them.
I don’t think Apple would succumb to that and stop improving their device security, but it shows what an untenable position the government is trying to put Apple in. The only easy way out for Apple, if they lose, is to stop making iPhones truly secure.
★ Tuesday, 23 February 2016