On the side of Order, I find myself aligning with Trump. The federal government has given a US company an order, and the US company is fighting it. (Amusingly they weren't planning on doing so until another judge suggested it.) Generally speaking, when the entity in charge gives an order, the subordinates should follow it. This is the Way to keep good order and established hierarchies. There are precious few scenarios where it makes sense to rebel instead, and I don't think this is one of them.
On the side of the technical details: even if Apple does what the feds want, that doesn't necessarily help the feds. This is because all they want Apple to do is disable the wipe-device-after-n-passcode-attempts feature, and maybe to also delay any artificial time limits between attempts that aren't inherently due to the key derivation scheme. All this so that they can have an easier time brute-forcing the device. In theory. Yeah they can hire some kid to try 0000-9999 for super cheap, and if that fails inserting a device under the touchscreen to quickly try 000000-999999, but if the passcode is a lot longer, or text-based, then it can quickly become as difficult as brute-forcing "Zero reverberate business digital work most failure offset!" -- that is to say basically impossible. A strong passphrase is immune to Apple working with the feds or not, because Apple has already done the right thing by not storing the plaintext anywhere.
Right now the feds have the technical ability to bypass the lockout feature and input attempts quickly. They can do that by directly connecting their breaking device to the phone's power line and toggling a shutdown after a failed attempt but before the device has recorded an attempt has taken place. They further have the ability to carefully detach the various electrical components and create a copy of the data at rest to work on cracking via a supercomputer. These methods are probably time-consuming and expensive and error-prone, but they are within the capabilities of agencies like the FBI. For really high value targets these methods would be used since there's no point in going to Apple since they don't actually need Apple's help.
Given they have all the tools they need already to crack the phone's data, I'm left wondering why they're pushing this so hard in the first place. I don't think it's so they can justify the precedent for forcing unlocks later, because again they don't need a company's help here. I think their eventual goal that some amount of resources should be spent on fighting is to force companies to insert a backdoor into everything they sell, but this does not seem to lead there except very indirectly by a PR battle with the public that encryption is evil. And even if they get their wish, it actually won't help them in their goals given other countries exist and secure open source software exists.
I can't help but see this all as a weird side show created by and for technologically illiterate people, with Apple taking advantage to gain some extra bonus points among its privacy-minded customers at no real cost to them whether they win or lose. Perhaps it's just the latest saga in a new round of the Crypto Wars, but it was demonstrated in the 90s that no matter what you can't defeat math and hence the Crypto Wars are fundamentally unwinnable for one side. I hope Apple loses for the sake of Order, so that this drama gets behind us as quickly as possible and doesn't set the stage for further drama as tech companies make a show of resisting simple government demands, and for the sake of technological supremacy over government mandate: let the government get everything they want, and let them see how pointless it all was. In many cases I'm all for letting dumb/ignorant people and groups of people experience the consequence of their dumb actions because they cannot see their error without that experience. If they could, they wouldn't be dumb/ignorant.
Posted on 2016-02-25 by Jach