six colors

by Jason Snell & Dan Moren

Support this Site

Become a Six Colors subscriber and get access to a special weekly podcast, monthly newsletter, and community.

Linked by Jason Snell

The Secure Enclave is no protection from a court order

Matthew Panzarino at TechCrunch has more information about the FBI’s request of Apple:

There has been some chatter about whether these kinds of changes would even be possible with Apple’s newer devices. Those devices come equipped with Apple’s proprietary Secure Enclave, a portion of the core processing chip where private encryption keys are stored and used to secure data and to enable features like TouchID. Apple says that the things that the FBI is asking for are also possible on newer devices with the Secure Enclave. The technical solutions to the asks would be different (no specifics were provided) than they are on the iPhone 5c (and other older iPhones), but not impossible.

In other words, while it’s true that the Secure Enclave on the iPhone 5s and iPhone 6/6s models would prevent the exploit that’s being requested for the iPhone 5c, the FBI could request that Apple do the same on a phone with the Secure Enclave, and it’s technically possible for Apple to meet that request. (Presumably by updating the software that controls the Secure Enclave to change how it behaves.)

Panzarino also has an interesting bit of conjecture:

I do not believe that will long be the case. Apple is probably working double time to lock it down even tighter.

This is fascinating. Is Apple racing to make its systems even more impenetrable so that the government can’t compel Apple to modify them after the fact?

To take it a step farther, what would happen if Apple was forced to modify iOS more broadly to support government snooping? Would it change how it handles OS upgrades, giving customers the opportunity to downgrade their devices? Would new iOS devices be able to downgrade to earlier, more secure versions?

And, not to get more dystopian on you, but what happens if the day comes to pass that all installations of Android and iOS are known to be compromised? Do we all just shrug and move on with life, knowing that none of the data on our phones is private?

“I don’t have anything to hide” is a poor argument against the formation of a state surveillance apparatus.