What is to stop the DOJ from requiring them to produce a phone that has a hardware backdoor? If they are required to produce a software backdoor then building an iphone which is immune to such vulnerabilities seemingly solves that problem but I don't see the leap towards compelling Apple to build vulnerabilities into hardware as a large one.
I'm not well versed in security so excuse me for my ignorance but what if there were a way to solder chip onto the board that allows access to the secure enclave. Every time an iphone is made a companion chip is produced that contains some kind of access key which only works for that device and someone is required to foot the bill for storing them.
The DoJ doesn't really have the power to do that. They can get a judge to issue a warrant to search an existing device, and the judge can in some circumstances compel other parties to cooperate in that search. But generally any requirement that Apple insert a generalized backdoor into a product will need to come from new legislation.
Actually the FBI's current argument is very close to saying that the All Writs Act has no limits, and can compel literally anything the FBI thinks would "help" them with investigations.
The FBI's argument doesn't come anywhere close to saying that. What the FBI's motion actually says[1] is:
Pursuant to the All Writs Act, the Court has the power, "in aid of a valid warrant, to order a third party to provide nonburdensome technical assistance to law enforcement officers."
The most important limitation here is that nobody, including the FBI, is claiming the All Writs Act grants the court any power at all in the absence of a search warrant. Nobody really disputes the statement above, or the validity of the warrant in question.
Again: if the FBI wants Apple to preemptively insert a generalized backdoor into their products they'll need to lobby to have new legislation passed. They've tried that and it hasn't gone much of anywhere. In my opinion lets try and keep it that way.
I'm not a lawyer so obviously I'm not exhaustively well read on the law but in the case that All Writs did allow any action to be demanded to help with an investigation it would still require there to be an investigation in the first place.
To preemptively demand a back door is almost akin to guilty until proven innocent, youre assuming that there will be an investigation in the future where a governments ability to hack a device is required.
This is something Apple practically guaranteed by using platform DRM to turn themselves into a critical single point of failure.
CALEA was extended to ISPs once ISPS consolidated enough; now that Apple has consolidated central control of mobile devices in a similar fashion, it seems quite likely that extending CALEA to cover smart phones will be on the table.
I'd be extremely surprised if Apple's management wasn't very aware of the CALEA precedent, but they chose to go down this road anyway. I find that rather unsettling.
All writs is for current investigation. FBI could theoretically compel Apple to produce a single backdoored phone that will be exchanged with evil maid attack with original device when they have ongoing investigation and a warrant.
But unless you can point at - This is Bill, we are targeting Bill, we have a warrant for Bill, we need 1 phone that we will make sure becomes Bill's - All Writs cannot help.
If Bill mails order a new iPhone they can compel apple store to give him compromised device. They could probably put FBI team presenting themselves as store employees in every store if Bill is high value enough target and expected to buy iphone today.
But they cannot say - compromise all of SF Bay Area iphones because we expect one of them to be bought by Bill.
Some of the lawyers here correct me if I am too wrong.
What if another agency already has an NSL in place requiring exactly the same (backdoor, weak crypto params, weak by design secure enclave) and they simply are under a gag order to talk about?
NSLs can only ask for information, not force a company to build a product. That kind of request would have to come through legislation and apply to all US companies in a similar situation.
"Room 641A is a telecommunication interception facility operated by AT&T for the U.S. National Security Agency"
As long as you have a backdoor, and Apple does, shady government agencies can and do come knocking. We've got plenty of shady government agencies, and can never guarantee that we won't have more in the future.
Yea NO. NSL's can't do that. At worst they will tell you to release and data that you have and your private keys. At best they will tell you to make sure you archive everything and don't permanently destroy records in case they are required in the future.
They cannot force you to add backdoors or create a weak crypto , although they can indirectly suggest you to do that and its then on the company if they do so.
I'm not well versed in security so excuse me for my ignorance but what if there were a way to solder chip onto the board that allows access to the secure enclave. Every time an iphone is made a companion chip is produced that contains some kind of access key which only works for that device and someone is required to foot the bill for storing them.