San Bernardino DA Says Seized iPhone May Hold ‘Dormant Cyber Pathogen’ ★

Ars Technica:

“The iPhone is a county owned telephone that may have connected to the San Bernardino County computer network. The seized iPhone may contain evidence that can only be found on the seized phone that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino’s infrastructure,” according to a court filing (PDF) by Michael Ramos, the San Bernardino County district attorney.

Sounds to me like Ramos has watched Skyfall too many times.

Friday, 4 March 2016

Igloo, a Modern Intranet ★

My thanks to Igloo for sponsoring this week’s DF RSS feed. Collaboration can be incredibly fragmented today — files shared one way, messaging via various chat apps, email lists for groups, etc. It can be overwhelming.

That’s why you should try Igloo. It combines department spaces, team calendars, corporate file sharing, internal communications capabilities, social features, and more. It’s really easy both to use and to configure. Igloo is an intranet you’ll actually like. Try Igloo today, free of charge.

Thursday, 3 March 2016

Apple Hosts Public Letter From San Bernardino Victim to Judge Sheri Pym (PDF) ★

Salihin Kondoker:

When I first learned Apple was opposing the order I was frustrated that it would be yet another roadblock. But as I read more about their case, I have come to understand their fight is for something much bigger than one phone. They are worried that this software the government wants them to use will be used against millions of other innocent people. I share their fear.

I support Apple and the decision they have made. I don’t believe Tim Cook or any Apple employee believes in supporting terrorism any more than I do. I think the vicious attacks I’ve read in the media against one of America’s greatest companies are terrible.

The battle is being fought both in the courtroom, and in the court of public opinion. Support like this helps Apple with the latter — which in turn helps with the former.

Box Chief Information Security Officer’s Perspective on Apple and the FBI ★

Joel de la Garza:

I’ve been working to help secure computer systems for the entirety of my professional career. It is incredibly difficult to build computer systems that are not vulnerable to attack. As we’ve seen, a number of companies and governments have had great difficulty protecting the front door of their computer systems. I’ve dedicated my career to making sure our systems are designed, built, and operated to the most secure standards. And even with that tremendous investment, bugs still happen. Due to the many layers of security controls built into our systems software bugs are usually not damaging or catastrophic in nature. But peeling away those layers of control to create a backdoor means that even the most basic security bug could potentially have a catastrophic effect. This reality is missing from our current debate about the FBI’s order to Apple in the San Bernardino tragedy.

@AppleSupport ★

Neat: Apple has a new Twitter account for tips, tricks, and support. Right now they’re answering 3-4 questions per minute.

Full Frontal With Samantha Bee ★

Four episodes in and I’m loving this show. The no-desk thing threw me off at first — the staging has a Tosh.0 vibe — but it works. The show has a fast pace and Bee jabs hard. A desk is leisurely, and Full Frontal is anything but.

Wednesday, 2 March 2016

The Talk Show: ‘Occupy Portland’ ★

Special guest John Moltz returns to the show. Topics include the Apple/FBI encryption fight, Apple’s upcoming event and the products they’re expected to announce. And Campo Santo’s fantastic new video game Firewatch.

Tuesday, 1 March 2016

Silvia Killingsworth Takes Over The Awl ★

The Awl:

We’re thrilled to announce that Silvia Killingsworth will be joining us here in April. Silvia is currently the Managing Editor of the New Yorker, where she has spent the last seven years managing the workflow of the magazine. (You may also know her from the web’s greatest food vertical, De Gustibus.) Silvia’s breadth of experience and wealth of ideas and just genuine enthusiasm (an emotion you may have noticed as being in short supply over the last, say, seven years here) about things make her the clear and obvious choice to head The Awl as it evolves into its next stage of life.

Great hire. Go Awl.

Update: And in more media industry news, Nick Bilton has left The New York Times to become a special correspondent for Vanity Fair. Another great hire.

The Q4 2015 Smartphone Scorecard: Apple Gazes Down at the Rat Trap ★

Smart piece from Charles Arthur on the state of the handset industry.

Steve Ballmer Dunks During Clippers Halftime Show ★

Not sure about the Clips’ new mascot, though.

Monday, 29 February 2016

Apple Wins Major Court Victory Against FBI in a Case Similar to San Bernardino ★

Glenn Greenwald and Jenna McLaughlin, reporting for The Intercept:

Judge Orenstein applied previous legal decisions interpreting the AWA and concluded that the law does not “justif[y] imposing on Apple the obligation to assist the government’s investigation against its will.” In a formulation extremely favorable to Apple, the judge wrote that the key question raised by the government’s request is whether the AWA allows a court “to compel Apple — a private party with no alleged involvement in Feng’s criminal activity — to perform work for the government against its will.”

The court ruled that the law permits no such result — both because relevant law contains limits on what companies like Apple are required to do, and because Congress never enacted any such obligations. Moreover, the judge said of the government’s arguments for how the AWA should be applied: “The implications of the government’s position are so far-reaching — both in terms of what it would allow today and what it implies about congressional intent in 1789 — as to produce impermissibly absurd results.”

This seems like great news for Apple and supporters of civil liberties in this case.

Read Orenstein’s decision here.

San Bernardino Survivor’s Husband to Judge: Terrorist iPhone ‘Unlikely’ to Hold Valuable Information ★

I hope I don’t have to keep repeating this, but this is the wrong argument to make. The implication is that the result should be different if the iPhone in question was “likely” to contain valuable information. That’s wrong. Civil liberties apply equally in all situations.

Don’t get me wrong — I’m glad they’re saying this particular iPhone is unlikely to actually contain useful information. But someday there will be a locked iPhone that is either likely or certain to contain useful information.

Fred Wilson: ‘The Twitter Contradiction’ ★

Fred Wilson:

I just don’t understand the narrative around Twitter. “It is in trouble. It isn’t growing. It’s time has come and gone. The kids all use Snapchat and Instagram.”

That last part is true, to a degree. But it isn’t as simple as that.

The presumptive Republican nominee for President of the United States has largely conducted his campaign on Twitter and in massive public appearances that feel like rock concerts. He has avoided the traditional media channels and taken his message direct to the people on Twitter. Not on Facebook. Not on Instagram. Not on Snapchat. Not on Pinterest. Not on his website or mobile app. On Twitter.

He makes a good point, but I don’t think there’s a contradiction. On the one hand, Twitter is a powerful publishing platform that has become the de facto official medium for famous people to make public statements about what is going on right now.

The problem is, that’s not the description of a social network. It’s a description of a publishing platform. Twitter’s trouble is that it’s being viewed by investors as a social network.

Getting Called Up From the Big Leagues ★

M.G. Siegler, on Bill Simmons putting his new publication, The Ringer, on Medium:

In a way, it almost feels like the thing to do now is the opposite of what is typical in professional sports. In most leagues, athletes play in minor leagues (or college) before graduating up to the big leagues. In our new era of publishing, writers may start at the big leagues, building up their skills and brands, before venturing out on their own (or with a group of peers).

The Washington Post on Industry Support for Apple in Encryption Fight ★

Ellen Nakashima, writing for The Washington Post:

Former Justice Department official Jennifer Daskal said both sides are overstating their arguments. “The government is wrong to say this is just about one case,” said Daskal, a law professor at American University. “On the other hand, it is wrong to say that if Apple loses this case, there’s absolutely no limits to what the government can order a company to do” in cases involving encrypted communications.

This is false equivalence. The government really is wrong about this case being about just this one particular phone. But nobody (and certainly not Apple) is using words like “absolutely no limits to what the government can order a company to do” to describe what will happen if the government wins and sets precedent. The results will be significant, and I think chilling — but not limitless. This is just a bullshit quote to make the story sound “balanced”.

One argument that companies and civil liberties groups are expected to make is that if the government’s order is upheld, then the FBI might be able to order a technology firm to create, say, malicious software to send to a user’s device in the form of a routine update. “That is the third rail for tech companies — to be forced to deliver a software update that breaks the security of the device,” said Alex Abdo, a staff attorney for the American Civil Liberties Union, which is also filing a brief in support of Apple.

This would be one of the worst case scenarios I can imagine.

The State of Apple Music Connect ★

Dave Wiskus:

If Connect is a social network, it fails miserably. There’s nothing inherently social about the experience, which feels more like a local bulletin board than a way for artists to engage with fans.

It’s also not a very good broadcast medium. Sure, I can post to Connect and share out to Twitter and whatnot, but why? There’s nothing unique or powerful about Apple’s system that makes it a good hub. Because I have no idea how many followers we have, I can’t even make a numerical argument for Connect-first posting. And since we can’t even invite people from other places to follow us on Connect, there’s no incentive to try.

As a fan, it’s a confusing mess. As an artist, it’s a black hole. All media, no social.

Connect was a big part of the Apple Music introduction back in June, but I haven’t heard a word about it since other than when Dave writes about it.

Apple’s Statement to Congress on the FBI Warrant Fight ★

Apple general counsel Bruce Sewell testifies before Congress tomorrow. From his prepared opening statement:

As we have told them — and as we have told the American public — building that software tool would not affect just one iPhone. It would weaken the security for all of them. In fact, just last week Director Comey agreed that the FBI would likely use this precedent in other cases involving other phones. District Attorney Vance has also said he would absolutely plan to use this on over 175 phones. We can all agree this is not about access to just one iPhone.

The FBI is asking Apple to weaken the security of our products. Hackers and cyber criminals could use this to wreak havoc on our privacy and personal safety. It would set a dangerous precedent for government intrusion on the privacy and safety of its citizens.

It Doesn’t Matter Whether the San Bernardino iPhone Contains Useful Information ★

Jeff Gamet, writing for The Mac Observer:

The iPhone recovered from Syed Farook after he shot and killed 14 coworkers and then died in a shootout with police most likely doesn’t hold any valuable information. So says San Bernardino police chief Jarrod Burguan. Chief Burguan was asked about the phone during an NPR interview and he replied:

I’ll be honest with you, I think that there is a reasonably good chance that there is nothing of any value on the phone. What we are hoping might be on the phone would be potential contacts that we would obviously want to talk to.

There’s a small point to be made here, insofar as it suggests the FBI is being disingenuous. They’re saying that it’s not about precedent, it’s just about this one phone, this one investigation. But the real reason they’re making a big deal out of it is that it’s politically useful. The phone itself likely isn’t important but the situation surrounding the phone — “terrorism” and the tragedy of 14 innocent people being killed — lends sympathy to their desire for access to encrypted devices all the time.

But for those of us on Apple’s side, this is not a point to hang our hats on. Even if law enforcement claimed to know with certainty that the phone contained useful information, Apple’s arguments would all still stand. Eventually there will be such a phone.

And, likewise, I’m glad law enforcement is doing their best to check the contents of the phone. We want law enforcement to pursue all leads — within the confines of the law — even those that are unlikely to produce useful information.

Dan Frommer Named Editor in Chief at Recode ★

Kara Swisher:

As Re/code has grown and morphed, we have always been on the lookout for great talent to take the site to a new level.

That’s why I’m very excited to announce that we’ve hired Dan Frommer as the new editor in chief of Re/code. Dan brings our site the energy, curiosity and tech-savvy we need to succeed in digital publishing, an industry that gets more exciting — and challenging — daily.

Congratulations, pal.

Saturday, 27 February 2016

Apple Product Event: Monday March 21 ★

Kara Swisher, writing at Recode, broke the news:

Attention Apple nerds, investors, media and everyone else who needs to know when Tim Cook’s next product event is going to be held: It’s going to be the week of March 21.

Or to put it another way, it’s not going to be on March 15, the time frame that other outlets previously reported, according to several sources. It is not clear if the event was moved or if this was the same timing as Apple had always planned.

Swisher doesn’t have the exact date, although the <title> tag on her story reads “Apple Product Event Will Be Held March 22”. John Paczkowski (who usually gets these leaks first), confirms the week change, and says the event will be on Monday 21 March:

Sources in position to know say the company has settled on March 21st as the date it will show off a handful of new products. These people declined to say why Apple postponed the date by a week, but it’s worth noting that it is one day prior to the company’s March 22 showdown with the government over a motion to compel it to help hack the iPhone used by one of the San Bernardino terrorists.

For what it’s worth, last year’s March event was on a Monday as well.

Update: Jim Dalrymple:

This sounds right to me.

Friday, 26 February 2016

Manuscripts and Findings ★

My thanks to Nucleobytes for sponsoring this week’s DF RSS feed. Nucleobytes is a fascinating company. They specialize in creating Mac and iOS software for scientists and researchers, and they do it with great style — their apps have won multiple Apple Design Awards.

Their latest creations are two apps for researchers, useful for anyone who researches anything from lab results, cooking recipes, or research for blog posts: Manuscripts and Findings.

Manuscripts is a writing tool that helps you concentrate on your story. Outline, plan and edit your project, insert figures, tables and math, then format citations using a killer workflow. Manuscripts supports both importing and exporting Markdown, Word, LaTeX, and HTML.
Findings is a lab notebook app that helps you keep a journal of your research, connected to notes, photos, and files. Plan your week, track progress, and share your findings with your colleagues or the world.

Try the free basic versions, and use coupon DARINGFIREBALL for a special discount on the unlimited versions, this week only. (They have an even better offer for students.)

Donald Trump Vows to ‘Open Up’ Libel Laws ★

Hadas Gold, writing for Politico:

During a rally in Fort Worth, Texas, Trump began his usual tirade against newspapers such as The New York Times and The Washington Post, saying they’re “losing money” and are “dishonest.” The Republican presidential candidate then took a different turn, suggesting that when he’s president they’ll “have problems.”

“One of the things I’m going to do if I win, and I hope we do and we’re certainly leading. I’m going to open up our libel laws so when they write purposely negative and horrible and false articles, we can sue them and win lots of money. We’re going to open up those libel laws. So when The New York Times writes a hit piece which is a total disgrace or when The Washington Post, which is there for other reasons, writes a hit piece, we can sue them and win money instead of having no chance of winning because they’re totally protected,” Trump said.

Not worrisome at all. No sir.

Most Android Phones Are Not Encrypted ★

Jose Pagliery, writing for CNN Money:

Although 97% of Android phones have encryption as an option, less than 35% of them actually got prompted to turn it on when they first activated the phone. Even then, not everybody chooses that extra layer of security.

A Google spokesman said that encryption is now required for all “high-performing devices” — like the Galaxy S7 — running the latest version of Android, Marshmallow. But only 1.2% of Android phones even have that version, according to Google.

By comparison, most Apple products are uniformly secure: 94% of iPhones run iOS 8 or 9, which encrypt all data. Apple (AAPL, Tech30) makes its devices, designs the software, and retains full control of the phone’s operating system.

“If a person walks into a Best Buy and walks out with an iPhone, it’s encrypted by default. If they walk out with an Android phone, it’s largely vulnerable to surveillance,” said Christopher Soghoian, the principal technologist at the American Civil Liberties Union.

Google is moving in the right direction, but here’s an area where the slow uptake of new versions of Android has a serious effect.

9to5Mac: ‘Apple Likely to Drop the “5”, Call New 4-Inch Model the “iPhone SE”’ ★

Mark Gurman:

In January, we reported that Apple is preparing a new 4-inch iPhone that is essentially 2013’s iPhone 5s with upgraded internals. At the time, we heard that Apple would call the device the “iPhone 5se” based on it being both an enhanced and “special edition” version of the iPhone 5s. Now, we are hearing that Apple appears to be going all in on the special edition factor: sources say that Apple has decided to drop the “5” from the device’s name and simply call it the “iPhone SE.” This will mark the first iPhone upgrade without a number in its name and would logically remove it from a yearly update cycle.

A few points:

Apple was never going to call this phone the “5 SE”. I don’t know where Gurman got that, but that was never going to happen. Why would Apple give a new phone a name that makes it sound old?
Isn’t it more accurate to think of this as an iPhone 6S in a 4-inch body than as an iPhone 5S with “upgraded internals”? Other than the display, aren’t the “internals” the defining characteristics of any iPhone?
Dropping the number entirely fits with my theory that this phone is intended to remain on the market for 18-24 months.

Gogo Wi-Fi and Email Security ★

Reporter Steven Petrow published a scary first-hand tale in USA Today, claiming that his email was hacked by another passenger on a Gogo-enabled flight. The implication was that you shouldn’t use email on Gogo unless you’re using a VPN.

But Petrow’s email didn’t get intercepted because of some flaw with Gogo. It got intercepted because he wasn’t connecting to the POP or SMTP servers via SSL. In fact, his email provider, Earthlink, doesn’t even support SSL for email.

Robert Graham at Errata Security explains:

Early Internet stuff wasn’t encrypted, because encryption was hard, and it was hard for bad guys to tap into wires to eavesdrop. Now, with open WiFi hotspots at Starbucks or on the airplane, it’s easy for hackers to eavesdrop on your network traffic. Simultaneously, encryption has become a lot easier. All new companies, those still fighting to acquire new customers, have thus upgraded their infrastructure to support encryption. Stagnant old companies, who are just milking their customers for profits, haven’t upgraded their infrastructure.

You see this in the picture below. Earthlink supports older un-encrypted “POP3” (for fetching email from the server), but not the new encrypted POP3 over SSL. Conversely, GMail doesn’t support the older un-encrypted stuff (even if you wanted it to), but only the newer encrypted version.

Gogo is far from perfect, but it certainly wasn’t at fault in this case.

Update: Like a lot of you, I’m not even sure I buy the whole story. Whole thing seems fishy.

Thursday, 25 February 2016

Google, Facebook, Twitter, and Microsoft Plan to Support Apple ★

Deepa Seetharaman and Jack Nicas, reporting for the WSJ:

Several tech companies, including Google parent Alphabet Inc., Facebook Inc. and Microsoft Corp., plan to file a joint motion supporting Apple Inc. in its court fight against the Justice Department over unlocking an alleged terrorist’s iPhone, according to people familiar with the companies’ plans.

At least one other tech company plans to be included in a joint amicus brief next week generally supporting Apple’s position that unlocking the iPhone would undermine tech firms’ efforts to protect their users’ digital security, these people said. Twitter Inc. also plans to support Apple in a motion, though it is unclear if it will join the combined filing, another person familiar said.

Microsoft President and Chief Legal Officer Brad Smith told Congress on Thursday that his company would file a motion supporting Apple.

Nice.

Apple’s Motion to Vacate FBI Order ★

A clear, cogent read. I often shy away from reading legal motions because they’re so often written in dense legalese, but this one is clear.

This stuck out to me:

Congress knows how to impose a duty on third parties to facilitate the government’s decryption of devices. Similarly, it knows exactly how to place limits on what the government can require of telecommunications carriers and also on manufacturers of telephone equipment and handsets. And in CALEA, Congress decided not to require electronic communication service providers, like Apple, to do what the government seeks here. Contrary to the government’s contention that CALEA is inapplicable to this dispute, Congress declared via CALEA that the government cannot dictate to providers of electronic communications services or manufacturers of telecommunications equipment any specific equipment design or software configuration.

In the section of CALEA entitled “Design of features and systems configurations,” 47 U.S.C. § 1002(b)(1), the statute says that it “does not authorize any law enforcement agency or officer —

(1) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.

(2) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.

What Apple is arguing is that the All Writs Act is intended only to fill the gaps covering scenarios not covered by other laws, but CALEA (the Communications Assistance for Law Enforcement Act) is a law that was passed specifically to cover exactly this sort of scenario. This strikes me as a very compelling argument.

Microsoft Will File Amicus Brief Supporting Apple ★

Dina Bass, reporting for Bloomberg:

Microsoft Corp. backs Apple Inc. in its fight with the U.S. government over unlocking a terrorist’s iPhone, said President and Chief Legal Officer Brad Smith.

The company will file an amicus brief to support Apple next week, Smith said at a congressional hearing to discuss the need for new legislation to govern privacy, security and law enforcement in the age of Internet-based cloud services.

Nice.

Apple to Tighten iCloud Backup Encryption ★

Tim Bradshaw, reporting for the Financial Times:

Apple is working on new ways to strengthen the encryption of customers’ iCloud backups in a way that would make it impossible for the company to comply with valid requests for data from law enforcement, according to people familiar with its plans.

The move would bolster Apple customers’ security against hackers but also frustrate investigators who are currently able to obtain data from Apple’s servers through a court order. Apple has complied with thousands of such orders in the past.

Developing such technology is in some ways more complex than adding the kind of device-level security that Apple introduced to the iPhone in 2014 with its iOS 8 update.

Building new protections that mean Apple no longer has access to iCloud encryption keys may inconvenience some customers. Such a change would most likely mean that customers who forget their iCloud password may be left unable to access their photos, contacts and other personal information that is backed up to Apple’s systems.

The Dangerous All Writs Act Precedent in the Apple Encryption Case ★

Amy Davidson, writing for The New Yorker:

It is essential to this story that the order to Apple is not a subpoena: it is issued under the All Writs Act of 1789, which says that federal courts can issue “all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.” Read as a whole, this simply means that judges can tell people to follow the law, but they have to do so in a way that, in itself, respects the law. The Act was written at a time when a lot of the mechanics of the law still had to be worked out. But there are qualifications there: warnings about the writs having to be “appropriate” and “agreeable,” not just to the law but to the law’s “principles.” The government, in its use of the writ now, seems to be treating those caveats as background noise. If it can tell Apple, which has been accused of no wrongdoing, to sit down and write a custom operating system for it, what else could it do?

Lost amid the technical debate over encryption is the legal debate over this incredibly broad application of the All Writs Act.

Twitter’s Missing Manual ★

Eevee:

Here, then, is a list of all the non-obvious things about Twitter that I know. Consider it both a reference for people who aren’t up to their eyeballs in Twitter, and an example of how these hidden features can pile up. I’m also throwing in a couple notes on etiquette, because I think that’s strongly informed by the shape of the platform.

Sharp Accepts Foxconn Takeover Bid ★

Huge news for both companies. Interesting for Apple, too.

Update:

A deal to take over Japanese electronics giant Sharp by Taiwanese manufacturer Foxconn, has been thrown into question by a last minute delay.

Foxconn said it had received new information from Sharp which needed to be clarified.

Whoops.

On the San Bernardino Suspect’s Apple ID Password Reset

Sunday, 21 February 2016

The latest news in the Apple-FBI legal fight has resulted in much confusion. John Paczkowski, reporting for BuzzFeed:

The FBI has claimed that the password was changed by someone at the San Bernardino Health Department. Friday night, however, things took a further turn when the San Bernardino County’s official Twitter account stated, “The County was working cooperatively with the FBI when it reset the iCloud password at the FBI’s request.”

County spokesman David Wert told BuzzFeed News on Saturday afternoon the tweet was an authentic statement, but he had nothing further to add.

The Justice Department did not respond to requests for comment on Saturday; an Apple spokesperson said the company had no additional comment beyond prior statements.

Here is what the FBI wrote in its legal motion, in a footnote on the four ways Apple suggested they obtain the data they seek:

(3) to attempt an auto-backup of the SUBJECT DEVICE with the related iCloud account (which would not work in this case because neither the owner nor the government knew the password the iCloud account, and the owner, in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup);

To unpack this, the “owner” is not Syed Farook, the shooter. The iPhone at the center of this was supplied by Farook’s employer, the San Bernardino County Department of Public Health. They are the “owner”. The “government” is the federal government: the FBI and the Department of Justice.

The iPhone had been configured to back up to iCloud. However, at the time of the attack, it had not been backed up to iCloud for six weeks. Under warrant, Apple supplied the FBI with the data from that six-week-old backup. The FBI (for obvious reasons) would like the most recent six weeks of data from the phone, too.¹

iCloud backups are triggered automatically when the phone is (a) on a known Wi-Fi network, and (b) plugged-in to power. Apple’s suggestion to the FBI was that if they took the iPhone to Farook’s office and plugged it in, it might trigger a backup. If that had worked, Apple could supply the FBI with the contents of that new backup, including the most recent six weeks of data.

It is not clear to me from any of the reports I have read why the iPhone had not been backed up in six weeks. It’s possible that Farook had disabled iCloud backups, in which case this whole thing is moot.² But it’s also possible the only reason the phone hadn’t been backed up in six weeks is that it had not been plugged-in while on a known Wi-Fi network in six weeks. The phone would have to be unlocked to determine this, and the whole point of this fight is that the phone can’t be unlocked.

The FBI screwed this up by directing the San Bernardino County Department of Public Health to reset Farook’s Apple ID password. They did not, and apparently could not, change anything on the phone itself. But once they reset the Apple ID password, the phone could not back up to iCloud, because the phone needed to be updated with the newly-reset Apple ID password — and they could not do that because they can’t unlock the phone.

The key point is that you do not have to unlock an iPhone to have it back up to iCloud. But a locked iPhone can’t back up to iCloud if the associated Apple ID password has been changed.

Again, there are two password-type things at play here. The Apple ID (iCloud) password, and the four-digit device passcode locking the iPhone. The county, at the behest of the FBI, reset the Apple ID password. This did not allow them to unlock the iPhone, and, worse, it prevented the iPhone from initiating a new backup to iCloud.

How did the county reset Farook’s Apple ID password? We don’t know for sure, but the most likely answer is that if his Apple ID was his work-issued email account, then the IT department at the county could go to iforgot.apple.com, enter Farook’s work email address, and then access his email account to click the confirmation URL to reset the password.

In short:

The data the FBI claims to want is on Farook’s iPhone.
They already have access to his iCloud account.
They might have been able to transfer the data on his iPhone to his iCloud account via an automated backup, but they can’t because they reset his Apple ID (iCloud) password.

The only possible explanations for this are incompetence or dishonesty on the part of the FBI. Incompetence, if they didn’t realize that resetting the Apple ID password could prevent the iPhone from backing up to iCloud. Dishonesty, if they directed the county to do this knowing the repercussions, with the goal of setting up this fight to force Apple to create a back door for them in iOS. I’m not sure which to believe at this point. I’d like to know exactly when this directive to reset the Apple ID password was given — ” in the hours after the attack” leaves a lot of wiggle room. ★

Much (or all?) of the data stored on Apple’s iCloud backup servers is not encrypted. Or, if it is encrypted, it is encrypted in a way that Apple can decrypt. Apple has a PDF that describes the information available to U.S. law enforcement from iCloud, but to me it’s not clear exactly what is available under warrant. I would bet a large sum of money that Apple is hard at work on an iCloud backup system that does store data encrypted in a way that Apple cannot read it without the user’s Apple ID password. ↩︎
Another possibility: Farook’s iCloud storage was full. If this were the case, presumably Apple could have granted his account additional storage to allow a fresh backup to occur. But again, this became moot as soon as the county reset the Apple ID password at the behest of the FBI. ↩︎︎

Apple’s App Problem

Wednesday, 3 February 2016

Following up on Walt Mossberg’s column regarding the quality of Apple’s first-party apps, Jim Dalrymple writes:

I understand that Apple has a lot of balls in the air, but they have clearly taken their eye off some of them. There is absolutely no doubt that Apple Music is getting better with each update to the app, but what we have now is more of a 1.0 version than what we received last year.

Personally, I don’t care much about all the celebrities that Apple can parade around — I care about a music service that works. That’s it.

If Apple Music (or any of the other software that has problems) was the iPhone, it would never have been released in the state it was.

Software and hardware are profoundly different disciplines, so it’s hard to compare them directly. But it seems obvious to me that Apple, institutionally, has higher standards for hardware design and quality than it does for software.

Maybe this is the natural result of the fact hardware standards must be high, because they can’t issue “hardware updates” over the air like they can with software. But the perception is now widespread that the balance between Apple’s hardware and software quality has shifted in recent years. I see a lot of people nodding their heads in agreement with Mossberg and Dalrymple’s pieces today.

We went over this same ground a year ago in the wake of Marco Arment’s “Apple Has Lost the Functional High Ground”, culminating in a really interesting (to me at least) discussion with Phil Schiller at my “Live From WWDC” episode of The Talk Show. That we’re still talking about it a year later — and that the consensus reaction is one of agreement — suggests that Apple probably does have a software problem, and they definitely have a perception problem.

I’ll offer a small personal anecdote. Overall I’ve had great success with iCloud Photo Library. I’ve got over 18,000 photos and almost 400 videos. And I’ve got a slew of devices — iPhones, iPads, and Macs — all using the same iCloud account. And those photos are available from all those devices. Except, a few weeks ago, I noticed that on my primary Mac, in Photos, at the bottom of the main “Photos” view, where it tells you exactly how many photos and videos you have, it said “Unable to Upload 5 Items”. Restarting didn’t fix it. Waiting didn’t fix it. And clicking on it didn’t do anything — I wanted to know which five items couldn’t be uploaded, and why. It seems to me that anybody in this situation would want to know those two things. But damned if Photos would tell me.

Eventually, I found this support thread which suggested a solution: you can create a Smart Group in Photos using “Unable to upload to iCloud Photo Library” as the matching condition. Bingo: five items showed up. (Two of them were videos for which the original files couldn’t be found; three of them were duplicates of photos that were already in my library.)

My little iCloud Photo Library syncing hiccup was not a huge deal — I was even lucky insofar as the two videos that couldn’t be found were meaningless. And I managed to find a solution. But it feels emblematic of the sort of nagging software problems people are struggling with in Apple’s apps. Not even the bug itself that led to these five items being unable to upload, but rather the fact that Photos knew about the problem but wouldn’t tell me the details I needed to fix it without my resorting to the very much non-obvious trick of creating a Smart Group to identify them. For me at least, “silent failure” is a big part of the problem — almost everything related to the whole discoveryd/mDNSresponder fiasco last year was about things that just silently stopped working.

Maybe we expect too much from Apple’s software. But Apple’s hardware doesn’t have little problems like this. ★

Why Apple Assembles in China

Wednesday, 20 January 2016

Arik Hesseldahl, writing for Recode on Donald Trump’s “we’re gonna get Apple to start building their damn computers and things in this country, instead of in other countries” campaign promise:

Any honest presidential candidate regardless of party should say clearly and indeed proudly that America doesn’t want these jobs to come back. Final assembly jobs are low-skilled, low-paying occupations; no American would wish to support a family on what the jobs would pay. Workers at China’s Foxconn, which manufacturers the iPhone, make about $402 per month after three months of on-the-job probation. Even at the lowest minimum wage in the U.S. — $5.15 an hour in Wyoming — American workers can’t beat that.

It’s not that simple. These jobs are certainly menial, but they’re not low-skill. As Tim Cook said on 60 Minutes:

Charlie Rose: So if it’s not wages, what is it?

Tim Cook: It’s skill. […]

Charlie Rose: They have more skills than American workers? They have more skills than —

Tim Cook: Now — now, hold on.

Charlie Rose: — German workers?

Tim Cook: Yeah, let me — let me — let me clear, China put an enormous focus on manufacturing. In what we would call, you and I would call vocational kind of skills. The U.S., over time, began to stop having as many vocational kind of skills. I mean, you can take every tool and die maker in the United States and probably put them in a room that we’re currently sitting in. In China, you would have to have multiple football fields.

Charlie Rose: Because they’ve taught those skills in their schools?

Tim Cook: It’s because it was a focus of them — it’s a focus of their educational system. And so that is the reality.

Wages are a huge factor, but for the sake of argument, let’s say Apple was willing to dip into its massive cash reserves and pay assembly line workers in the U.S. a good wage. Where would these U.S.-made iPhone be assembled? A year ago Apple sold 75 million iPhones in the fourth quarter of calendar 2014. There is no facility in the U.S. that can do that. There might not be anywhere in the world other than China that can operate at that sort of scale. That’s almost one million iPhones per day. 10 iPhones per second. Think about that.

You can say, well, Apple could dig even deeper into its coffers and build such facilities. And train tens of thousands of employees. But why would they? Part of the marvel of Apple’s operations is that they can assemble and sell an unfathomable number of devices but they’re not on the hook for the assembly plants and facilities. When iPhones go the way of the iPod in 10 or 15 or 20 years, Apple doesn’t have any factories to close or convert for other uses. Foxconn does.

The U.S. can’t compete with China on wages. It can’t compete on the size of the labor force. China has had a decades-long push in its education system to train these workers; the U.S. has not. And the U.S. doesn’t have the facilities or the proximity to the Asian component manufacturers.

The only way Apple could ever switch to U.S. assembly and manufacturing would be if they automated the entire process — to build machines that build the machines. That, in fact, is what NeXT did while they were in the hardware business. But NeXT only ever sold about 50,000 computers total. Apple needed to assemble 35,000 iPhones per hour last year.

So long as assembling these devices remains labor intensive, it has to happen in China. And if someday it becomes automated — if the machines are built by machines — by definition it’s not going to create manufacturing jobs.¹ ★

I do wonder about the purported Apple car. Would that be assembled in China, too? The U.S. does have automobile manufacturing expertise. And a car is so utterly unlike any product Apple has ever made that I feel like anything is possible. ↩︎

Ads via The Deck