Yes, some "sides" of some issues are objectively false. But the problem is that even where facts are not in dispute, the mainstream press's strong left-bias influences the facts it chooses to emphasize and the narratives it promotes.
Take the coverage of the Covington High School protest, for example. When the available facts seemed to support the narrative that white, male, MAGA-hat-wearing, anti-abortion Catholic students were racially harassing a defenseless Native American elder, the media was shouting "fascism!" from the rooftops.
But when more facts emerged in the form of a longer video showing the high school students being abused, and with no mere smirk, by a group of overtly racist Black Hebrew Israelites no less--and the Native American elder accosting the students rather than the other way around--suddenly that no longer serves a narrative the left wants to tell, and there's been comparatively little coverage of the aftermath of the mob unleashed by the initial reporting, of the death threats to students and the high school's temporary closure.
This is why it is crucial for the media to present the facts from more than one, very specific angle, even when the facts are largely not in dispute.
"suddenly that no longer serves a narrative the left wants to tell"
Except that that was also reported mostly everywhere. Also, one sided 'evil-looking' harassment is news that is more interesting to most people because it might signal some trend. No-one (left or right) would have found a word-fight between evenly-wrong grey characters very interesting if that was the story in the first place. Because it just isn't.
That doesn't make the mainstream press left-biased. I think it actually isn't.
Except there was no unacceptable behavior from the part of the kids (unless you consider "standing and smiling while being abused by racists and nutcases" unacceptable behavior). That was a complete fabrication to make the story fit the narrative. There weren't two wrongs - there was just one wrong, and it was from the other side than the press claimed it to be.
I agree that cutting the stream was the best thing to do in this situation. But if you want to troll people about lacking reading comprehension, try fixing your grammar and punctuation first?
The reaction to this ad is predictably absurd. The far left's constant push to draw increasingly unremarkable positions like "US jobs should go to US workers" as beyond the pale is why we're stuck with Trump.
For my part I don't even agree with the ad, and I consider myself lucky to work with my H-1B coworkers. But it can be disagreed with minus the pretense that it's equivalent to painting a swastika on the side of a bus.
>The far left's constant push to draw increasingly unremarkable positions like "US jobs should go to US workers" as beyond the pale is why we're stuck with Trump.
Well said. Just like how anti-illegal-immigration (an unremarkable position) is now synonymous with anti-Mexican.
It creates scenarios like the article where you're kneejerk labeled a racist and that's supposed to be self-evident.
> Well said. Just like how anti-illegal-immigration (an unremarkable position) is now synonymous with anti-Mexican.
Have you considered this is because the some of the loudest voices on the right have wrapped up the immigration debate with some nasty rhetoric based on race, nationality and nationalistic emotion, not policy or fact?
Do any of the statements linked below, which were well reported on, seem like productive ways to discuss immigration?
Yes, it is, especially if you're not doing anything to make them not the loudest voices. If you don't like being associated with them, then you need to tell them off, and call them out when they say terrible things like that.
I'm not sure why that isn't an argument to be considered. The fact is these statements (referring to Mexicans as rapists and murders, "shithole countries") keep being made by the president, who historically has some sway over the legislative debate, especially when their party controls both chambers of congress.
I'd like to know, do you think these are reasonable, good-faith openers for debate? I don't, especially when so few on the right seem to be able to rebuke them and move on to a real discussion.
He's saying the definition of the word being used is currently changing.
When racist people start talking about illegal immigrants and they refer to all people of a specific race or nationality, they effectively change the definition of the word.
When the leader of the movement (Trump) was describing the people coming over as "rapists, murders, and drug dealers", then yeah, I'm going to see that as anti-Mexican. And those that agree with his stance are, at the very least, not bothered with that extreme racism.
You want to change that? Then start shouting Trump and his ilk down when you hear stuff like that.
One distinction I like to draw as well is being anti-immigration doesn't mean you're anti-immigrant. Wanting immigration to be limited or criteria changed or whatever doesn't mean that you don't like the people that come to your country via these means.
A lot of the GDPR's provisions are admirable, and fundamentally good for citizens. I'd like (some) similar rules in my country.
I just wish they'd drop the absurd pretense that the EU is somehow capable of imposing their provincial laws on foreign companies with no physical presence in the EU.
I think it makes sense when your activities infringe on the rights of citizens inside their borders.
It's not like the EU is saying "These activities must be abolished from the planet!"; the EU is saying "You can't do these things to our citizens without their explicit consent, and we will punish you if you do, regardless of where you host your website."
Indeed. The idea that a country would zealously protect it's citizens' rights is practically unheard of these days, but that's what's starting to happen. GDPR is a great example, another one was Canada pushing a Right To Be Forgotten ruling worldwide as well.
It's a statement that someone's private data and intellectual property is theirs. You aren't free to steal it just because you're in another country. Google and Facebook have no divine right to people's personal data, and I am thrilled to see countries protecting their people.
>It's a statement that someone's private data and intellectual property is theirs
Private data is data you don't share. Under some very limited circumstances, you might entrust private data to a third party for safekeeping, i.e. Dropbox, Google Photos, iCloud Drive, and it's important that they not leak or abuse it.
But that's only a tiny portion of what the GDPR is about. It concerns records of your interactions with others. It's a statement that one side of an interaction is entitled to force the other side to delete their memory of that interaction, or to dictate the situations under which they are permitted to remember it.
You are anthropomorphizing companies here, and I think it's a pretty poor analogy. Corporations do not have a memory, they have records, and those records comprise the personal data of everyone who encounters them; data those companies don't own. You seem to be characterizing GDPR as unfair towards the corporate end of the interaction, but that ignores the massive power differential that currently exists.
Corporations have incredible power compared to the individual, and before GDPR, it was commonplace for services to require unreasonable privacy violations: And consumers had to either accept it, or be cut off. (In many cases, the companies doing this have monopolies, making this even more problematic.)
Realistically, this is not going to impact small companies a lot. This is about big ad and tech companies, and giving citizens some minor semblance of tools to resist them.
I don't know if it's possible to have a productive discussion about what seems to be a question of fundamental philosophy and values, but that's ridiculous on its face.
If I'm a shop owner and a customer buys something from me, the cash register prints two receipts: one the customer owns, one I own. If a customer writes me an email, I own my copy of that email. If a customer comes in and makes a scene, and I ban him from my stores's premises, the paper I generate telling my staff to call the police if they seem him is mine.
If I follow him around and write down everywhere he goes... at some point a line gets crossed, sure. If I start asking other shopkeepers if they've seen him or what he purchased, yeah, something's wrong. But to claim that my records of the interactions he knowingly, willingly had with me are his property just sounds bizarre.
>Realistically, this is not going to impact small companies a lot. This is about big ad and tech companies, and giving citizens some minor semblance of tools to resist them.
The GDPR does not discriminate by the size of the operation. It's large companies which can reliably afford the consultant, lawyer, and engineering time to understand and adapt to new regulation. The violators are going to be those without security and compliance departments.
Receipts and (most likely) EMails will not be affected. The former since it has to be kept around for tax purposes and the later since they fall under freedom of expression, both are exempted from the GDPR.
The paper you printed to ban someone from you store falls under Art1, §1, Section f of the GDPR; your interest in keeping that person out of the store outweighs their interest in keeping their details private.
To which the entirely reasonable response from anyone without a legal nexus in the EU (or physical products to ship) is "we don't care and you have no legal right or ability to enforce that". And the entirely reasonable response from anyone thinking of creating a legal nexus in the EU without an extremely business-critical reason is "let's stay in our own country where it's safer and we only have one jurisdiction to care about".
For the record, when I build services, I personally don't intend to ever keep any records that aren't absolutely necessary to provide the service. That's a personal decision, a voluntary one, and also one that can be marketed to certain customers, though that isn't the reason. I also believe that if you send data to a website then it becomes subject to whatever terms they want to apply to it, and if you don't like how they use your data then don't send it to them, and block them.
That'll get you an interesting interaction with your bank, which does want to have a branch in the EU, so they'll simply comply and freeze your accounts if the EU requests it.
The US has forced its laws on other countries in this way for decades, always to protect profits, it's great that now another actor enforces its laws the same way, for the public.
And the "reasonable" response to this is to act like China: block those services. China showed it is possible so now the "lol it is Internet you can't stop people accessing things, VPN, crypto blablabla" spiel is proven to do jack-shit for services which need a lot of people and their data.
If I'm a US company, with a non-GDPR compliant website, and a visitor from the EU visits my site, under what jurisdiction does the EU have to reprimand me? Or will my site just be blocked in the EU?
It's unlikely foreign sites catered to foreign viewers would be impacted. When I buy something from a site that only sells in another country's currency, I know I'm probably going outside my own nation's protections a bit.
But if you're a company specifically soliciting EU customers, and especially if you have a presence in the EU physically, expect to have issues if you're collecting data on them without consent.
Bear in mind, the US will extradite people for committing crimes against US entities who live fully within other countries. Presumably if the act is bad enough... that sort of thing starts to play in. (Seriously, if the EU tried to extradite Sundar Pichai... that'd be something, wouldn't it?) The crime has to be befitting such effort though. One EU citizen's data sweeped up in your Google Analytics data does not make you worthy of a legal case. Do it several million times... maybe.
tl;dr: If you're an average company not operating in or marketing to the EU, this doesn't affect you. If you're the size it's likely to be an issue for you, you're likely big enough to handle the additional requirements and do fine.
Extradition typically only applies to things which are crimes in both jurisdictions. Since these things aren't crimes in the US extradition is very unlikely.
> the EU is saying "You can't do these things to our citizens without their explicit consent, and we will punish you if you do, regardless of where you host your website."
The EU has neither the right nor the ability to deliver on that threat. I will continue to ignore the GDPR, as I ignore the ridiculous cookie laws, without worrying about European police raiding my home at night.
I would continue to do nothing special to support the EU's provincial laws. If EU citizens want to send me money, fine. If the EU decides to block its citizens from doing so, that's also fine.
But I will take no actions on my end to implement EU laws, and it's laughable that some people in this thread imagine the EU has the power to coerce me to do so.
Well, if they really really wanted it, they might be able penalize you. How about everytime you travel, make sure the country won't extradite you. How about your employees? Is that risk acceptable and fair to them?
I don't like what is happening here, but when people want a particular outcome strong enough, they tend set aside more principled concerns.
Will you be traveling to an EU country at any point in your life? Imagine fines are levied against you or your company and you refuse or ignore them and continue to operate as before. Could cause you trouble at the border
Against small companies with almost no footprint in EU maybe. But against huge multinational corporations that want access to the 500m+ people market they sure can.
What is your website? And which bank do you happen to use for your company and personally?
Enforcing laws internationally is easy, considering that there are systems designed to allow the police of one country to freeze the assets of citizen of another country.
You might just wake up one morning with your bank accounts frozen and your credit cards revoked if you violate the GDPR.
Governments have previously seized entire airplanes to pay for a single $500 fee that an airline refused to pay, don't expect it won't happen to you.
> You might just wake up one morning with your bank accounts frozen and your credit cards revoked if you violate the GDPR.
Please, spare me. I'm no more worried about EU laws than I am about China seizing my accounts for mentioning Tiananmen Square. You overestimate the EU's reach.
> I just wish they'd drop the absurd pretense that the EU is somehow capable of imposing their provincial laws on foreign companies with no physical presence in the EU.
They aren't capable of doing that, if those companies do not do business within the EU. As soon as those companies have the power to negatively impact EU citizens, however, the EU has the power to protect those citizens.
> This regulation is not limited to companies based in the EU—it applies to any service anywhere in the world that can be used by citizens of the EU.
That's fundamentally incorrect. As a non-EU citizen, I reject the notion that a foreign government has the right to impose their own laws on me, be it the EU or China or anyone else. If the EU thinks it's a problem that I'm offering a service to EU citizens that doesn't comply with laws I have no vote on, frankly they can sod off.
You are aware that this does not make sense, since to do business with people from other countries you already have to comply with their laws in terms of taxes and accounting anyway.
Selling to EU customers as US business already requires you to have a VAT ID in EU, so what does this change for you? In the end the main provision is to only require and store customer data which is effectively needed for providing the services and goods you offer. If you are doing business responsibly, this should not affect you at large as it mainly formalises these processes and requires you to actually write down and document what data you need for what processing steps. If you can not do that, your business is already flawed and not because GDPR does not work for you.
Yes, it's your right to block the EU users. But, if you want their money (and that's up to you to decide), you have to obey to their law, nothing new here.
You don't need any personal data to conduct most of the business.
I work in a place that would be beyond heavily affected by GDPR and I find the legislation a good change as companies should not hoard data they don't need - just in case... or just to sell.
Wouldn't you need personal data to accept payments? Or maybe a broker (like Stripe) would store these and the end business just a reference to payment.
For starters, if you don't take payment and aren't in the EU, EU enforcement power is going to be extraordinarily limited. And even if you do require payment, if you don't have a physical nexus in the EU, it's unclear what exactly the EU can do?
I think the GDPR was basically aimed at some of the scummier adtech practices and businesses like Facebook, and for those, it will be very enforceable.
> You need an EU VAT ID to accepts payments from EU citizens.
This was mentioned before: No, you don’t.
Millions of business around the world accept transactions from EU citizens every day without collecting any VAT or having any relationship with the EU.
personal data in the GDPR has a very expansive definition, and definitely includes things like IP. Processing likewise has an expansive definition, including collection and recording. Lots of sites will be processing and storing this data for internal analytics.
Well, the point of the GDPR is to make you aware that collecting personal data of EU citizens requires their explicit consent. Just ask me for it, that's not a big deal, is it?
If you don't, you're effectively stealing from me and I shall expect my government to go after you to the full extent of the law.
What makes you imagine your government has any jurisdiction over me?
EU citizens can choose to use services offered under other countries' laws, or not. The EU can choose to implement their own Great Firewall to block such services, or not. Frankly I don't care either way.
Uh? This is already how the world works. It does not matter where you are located as long are you are transacting with EU citizens.
In extreme cases of non-compliance, avenues for enforcement that have been discussed reuse existing Anti Money Laundering mechanisms: once flagged in the system, banks will simply freeze your business assets connected to EU countries and you might be arrested upon crossing any EU border.
I have no business assets connected to any EU countries, and I don't have any desire to cross any EU borders. So I will continue to enjoy life in my home country and ignore your provincial laws.
So why are you so nervous? Just ban all those 500 millions "provincial" users and feel free to ignore GPDR. It's nothing new that countries extend protection for their citizens and business entities well beyond its borders, for example, US routinely extradites foreign citizens that have nothing to do with USA for DMCA violations, hacking and whatnot.
Nervous? Not at all. My point is, it isn't my responsibility to ban them or take any other action on my end. That's a problem to be resolved between the EU's governments and its citizens.
>What makes you imagine your government has any jurisdiction over me?
It doesn't. But once you enter Europe expect to be in trouble (if there is anything going on against you). Also forget to do business in Europe (with EU citizens).
So if you don't care about these, then you don't have to care about this law.
Right, hypothetically if I were to physically enter the EU I could expect trouble, and that's the EU's right. But in the meanwhile, if EU citizens wanted to do business with me, that's not my problem.
That is actually not correct, consent is one of several options (and usually not the best option because there are strict requirements for a valid consent).
Yet it is fundamentally incorrect. I'm not an EU citizen, so I have zero reason to care about their laws. I will simply ignore them, and the EU has no recourse, other than possibly mandating that their ISPs block me or something. Which I also do not care about.
If you want to do business with EU citizens, you have to follow EU law. Before the internet, you had to open a shop here, or send your goods over the border. The only thing that has changed is the fact that you provide a virtual service over the internet.
No, if I want to have a physical presence in the EU I have to follow EU law. But if I'm residing entirely in another country, and EU citizens want to do business with me over the internet, I could care less what EU law says. And no amount of whining on this thread will change the fact that the EU has no leverage over me.
>I could care less what EU law says
You need a way to sell to EU (if you wish to do business there).
Digital services (say from US) do require EU VAT registration. If you don't have that and your country has tax agreement with the EU (or some countries from EU), there is a risk to be prosecuted. It won't happen if you get like 1000 customers in each country of the EU (as the latter has no global tax organization like IRS).
Keep in mind also that if you have too much unexplained income your own tax authorities can investigate the case, incl. anti money laundering.
Bottomline is: it's rather hard to sell services (lest goods), in cases where you non-compliant with the laws.
Internet is not a magic wand.
If I break US law over the internet against a US company/person, even though I do no business in the US, have never been there, and don't plan to be there, guess how long before I'm dragged making license plates with words like "liberty" or "freedom" on them in an American rape gulag?
To me this reads with the focus in reverse. The EU's aim is not specifically to regulate or punish non-EU service providers - rather, that's (one effect of) the tool they are using to protect the rights of its citizens which is the real focus here. Since service providers the world over have been unwilling to voluntarily protect those rights, what alternative approach could they take?
Widening our spheres of empathy means we can't predicate empathy on finding a label that fits people into an orthodox feminist understanding of privilege.
The key takeaway from Farrell's book is that men also suffer. We need to become OK with having compassion for men, full stop. Even the men for whom we cannot apply an additional qualifier like "neuroatypical".
> Companies will always comply with valid warrants for data in their possession, and it would be ridiculous to expect them to do otherwise.
Remember, the requirement for a warrent doesn't apply to non-US persons outside the USA. Us europeans have no protection from the 4th amendment for data held in US servers. And in fact, the US gov is trying to claim we don't have protection if it's held in a non-US server run by a US company!
"nor shall any State deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws."
Which sounds like all people should have the same protection from unlawful searches ... as I'm a conditional law novice can someone briefly outline why this doesn't stand, what removed the protections for "all people" (note the preceding section refers to citizens, so all people is clearly a distinct class).
Is it that the federal nature of the FBI means they are above state law?
This could be a good starting point for research: A 2015 study from the European Parliament - "The US legal system on data protection in the field of law enforcement. Safeguards, rights and remedies for EU citizens"[1]
Specifically it says:
> With regard to EU citizens, the [US] Supreme Court has held that foreign citizens resident abroad are not covered by the Fourth Amendment.
It appears to be based on this Supreme Court case[2]: United States v. Verdugo-Urquidez
The 14th amendment is not relevant to actions taken by the FBI. It's an arm of the federal government, and the 14th amendment serves mostly to clarify that state governments (in addition to the federal government) must refrain from violating rights granted to US citizens through the constitution.
However, the FBI must abide by the 4th amendment, which specifies that warrants are needed for searches. The issue of whether data of foreigners located on US soil is subject to warrant-less search/inspection is a matter of interpreting the 4th amendment.
So data from a foreign national held in a computer in a particular State isn't within that states jurisdiction?
If the 4th requires warrants and the 14th requires state to treat all people as having equal protection under the law in their jurisdiction I don't see where the FBI can go [legally speaking] to do warrantless search of foreign nationals.
In short, how then can a State allow the FBI to operate within its jurisdiction in a way that doesn't provide all people equal legal protections. The State would have to prevent the FBI from operating?
> However, the FBI must abide by the 4th amendment, which specifies that warrants are needed for searches. The issue of whether data of foreigners located on US soil is subject to warrant-less search/inspection is a matter of interpreting the 4th amendment.
And the interpretation is that a warrent isn't needed. The 4th doesn't protect me.
Sure, but watch how the message will change from "Company obviously hands over data when given a warrant" to "company doesn't hand over data when given a warrant; they really care about privacy".
What is the alternative available to Apple, or any other technology company, when given a valid warrant for someone's data that isn't blatantly ignoring the law? I'm honestly not sure what you are suggesting.
Apple has already given them Farook's iCloud backups, just not recent ones since they don't exist. If Alice was murdered, and Bob was circumstantially implicated, but had an iPhone that had some kind of data recorded that placed him at the time and location of the murder, what law exists for Apple to protect Bob's data if that data was uploaded to Apple for backup purposes?
This discussion is a bit confused. There are plenty of "valid" subpoenas or search warrants which are squashed after being opposed in court. I'm not sure if the other commenters really believe that no company should ever oppose a search warrant, or if they think "valid" search warrants can't be opposed, or what. But opposing an over-broad or otherwise screwed up "valid" subpoena or search warrant is a necessary part of the American legal system.
Correct. That's what I was trying to deduce, the difference between a valid warrant (eg, a warrant following CALEA for communications data stored on a third party server), and a warrant that is currently being argued as invalid (eg, a warrant for Apple to create software that allows some party to brute force a PIN without restriction).
Sure, it would be nice for Apple to oppose even "valid" warrants for iCloud data backups, because I trust them to keep my data safe on my device, so why should I have a reduced expectation of privacy when using their services. After all, they have billions in cash in some Scrooge McDuck mansion just waiting to be spent on lawyer fees, right? /s
Sorry, do you think the first example shouldn't be subject to opposition? The search warrant could still be over-broad or defective in one way or another, even if it jumps through the CALEA hoops and was signed by a judge. The concept of "valid" that you're using is fuzzy and unclear.
I agree that the second case - court order to create new software - is a lot more obvious and clear, and deserves opposition in court.
The reason I'm being so pedantic is that it's important to disagree with the notion that corporations should roll over in any situation that involves claims of terrorism. Lots of people think that, but it throws away an important part of our legal system.
Absolutely. But if the court challenges fail over this hypothetical warrant, there's a reasonable expectation for compliance. We live in a rule-based society. It works because people, and especially the government itself, are expected to follow those rules.
Apple got a valid warrant here! But they fought back against this one.
I'm not saying they're wrong to obey court orders.
I'm saying that people will be saying that Apple fight against court orders when in fact they don't usually fight the court orders. They normally give out the information.
No - in this case it was clear to Apple that the warrant was not legal, which is why they chose to fight.
When warrants are clearly legal, there is nothing they can do to fight them.
They only give out the information they are legally forced to do, and are doing everything in their legal and technical power to reduce that as much as possible.
Yes. Exactly. Apple and every one else (company or individual) is required, by law, to comply with valid warrants. When one receives a warrant or any kind of legal request that they feel is invalid, the only way to challenge that potentially illegal or invalid request is to not comply and then let the courts decide. If there is existing precedent then they could be held in contempt. If there isn't precedent then hopefully one will be made by the result of the challenge.
The idea that the Govt can only issue "valid" warrants is flawed. The Government is just people, and like everyday citizens like myself, we're perfectly capable of breaking laws, either unintentionally (eg, giving a lift to a friend who has undisclosed controlled substances on their person (state dependent)) or intentionally (eg, murder).
Am I missing something here, or is there no reason the FBI couldn't desolder the 5C's Toshiba NAND flash chip, read its encrypted contents, and perform the desired offline brute-force attack themselves?
- FBI wants to turn Apple's "good security" campaign into something that makes them look like they are not willing to help with the terrorism investigation (thereby, if all goes according to plan, the public will value their own security less than national security).
- FBI wants to be sure the data stays intact. It would be bad for them if they took out the chip and it got cleared. (This is clear in the document; it says the OS should run solely in RAM and make no writes to disk.)
- FBI wants to do this again in the future. Once the software is made and signed, it will be easy for Apple to (a) give it to them so it can be used for other phones or (b) run it themselves on the other phone. If Apple refuses the second time around, FBI can always take out the chip and do it themselves.
- FBI doesn't know everything that Apple knows about where the data is stored on the filesystem, assuming they can get as far as the filesystem. It's easier for them to have a proper UI they can use the phone through.
That's been covered by most of the articles on the topic, but not very clearly in this article.
Removing the storage chips from the device would mean breaking a very strong key, perhaps 128-bit AES, which is not a desirable offline brute-force attack.
That strong key is derived from the PIN combined with a unique device ID which cannot feasibly be extracted from the processor. So an offline attack needs to crack full AES, but an online attack by running modified OS code on the device itself means only the weak PIN needs to be attacked (just 10,000 distinct combinations, roughly equivalent to a 13 or 14 bit key).
Secure chips that store private keys generally keep them on a part of the silicon die that can't be analyzed like the rest of the chip. Any attempt to open the chip package (take off the black plastic/epoxy covering the die) results in the destruction of the secure region and methods of reading state in semiconductors (using electron microscopy) require you to somehow expose the silicon holding the private key.
Apparently this iPhone 5C pre-dates the "Secure Enclave." So the key is somewhere else. Possibly a place vulnerable to a physical readout, possibly not.
Interesting, how does that work exactly? I would've thought with an accurate map of the chip package and a precise grinder you could shave off just what you wanted to expose.
I mean it might take a lot of practice but if you have the time and money and chip samples to practice on...
10k distinct combinations-- if, and only iff, they used a 7 digit all numeric pin. The odds of this are not bad for most people, but in this case the person who had this phone has shown better than the average criminals level of OpSec.
One thing is for sure- for phones with TouchID where you only need to enter the pin on reboot, it makes sense to make the pin something other than numeric and longer than 4 digits.
I've been wondering this as well. Even with the key derivation function, I'd imagine the CPU also has some secure keys stored in it as well, and these keys are so long that it wouldn't be feasible to brute force it. I'm not sure if thats how the architecture works but thats what I'm thinking.
It seems the Justice Department admits that Apple's reputation for privacy and security is of great value to the company. I wonder how it intends to argue, then, that forcing Apple to create a corrupted build of iOS which harms that security and that hard-won reputation does not place an "undue burden" on the company.
They basically argue that Apple is incorrect about security implications and that marketing concerns don't cause undue burden. They also argue that Apple isn't above the law and just because Apple marketed themselves that way doesn't make a burden.
Clearly Apple's security has market value but that needs to be balanced against the benefits to society as a whole. Just restricting this to US law it seems Apple is not defending an existing right to privacy of the "man's home is his castle" sort. Those have been limited from the beginning by warrants and other acknowledged mechanisms of government to poke its nose into people's private affairs in the interest of the general welfare. The "right" that Apple is defending seems new and much more absolute--that you may possess devices may not be opened under any circumstances whatsoever.
The question of whether such rights exist is separate from the question of whether breaking into one device threatens security of all others. If true that seems to call into question the assumptions on which data protection algorithms are based. In other words, assuming you can create truly unbreakable encryption and it only works if there are no backdoors, is that really a data protection strategy that meets the needs of society as a whole? You could argue it's flawed even if the mathematics work perfectly.
What of Yahoo when they allowed Chinese authorities to access an email account? While we might believe in the integrity of the US government, my faith in a backdoor being made available to the Chinese government used responsibly is low.
Opening up accounts as Yahoo did seems like a condition of doing business in that market. It seems unrealistic to expect that Apple will be able to maintain their position against the Chinese government for very long. They will either have to conform or leave the market as Google did. I don't follow how Apple can really win that one if the Chinese government chooses to push the issue.
p.s., I'm not defending the Chinese position in any way. If it were my company I would leave the market.
p.p.s., For anyone down-voting it would be helpful to state your argument for doing so. The Apple case is not as clear cut as some of the learned commentary on HN would have it.
> It is none of my business how other people lead their lives, even if I disagree with their lifestyle, as long as their actions do not harm me or the society as a whole.
Willful deceit and endangering your spouse is not a "lifestyle choice", it's wrong in an objective ethical sense.
Exposing your spouse to sexually transmitted diseases without their knowledge harms society as a whole. In cases where it's a wife cheating on a husband, forcing men to pay to raise children who are not their own harms society as a whole.
I'm not in favor of this kind of vigilantism either, by the way. But I think the relativism you express above, implying that cheating is a personal decision without a victim, is desperately in need of a reality check.
I admit that "lifestyle" is bad wording which sounds way too apologetic towards cheating. Of course there are victims, but society has still decided not to make cheating a punishable crime, nonetheless. My point is that it is not the duty of me to expose my fellow citizen, it is a private matter between that person and his/her spouse.
Take the coverage of the Covington High School protest, for example. When the available facts seemed to support the narrative that white, male, MAGA-hat-wearing, anti-abortion Catholic students were racially harassing a defenseless Native American elder, the media was shouting "fascism!" from the rooftops.
But when more facts emerged in the form of a longer video showing the high school students being abused, and with no mere smirk, by a group of overtly racist Black Hebrew Israelites no less--and the Native American elder accosting the students rather than the other way around--suddenly that no longer serves a narrative the left wants to tell, and there's been comparatively little coverage of the aftermath of the mob unleashed by the initial reporting, of the death threats to students and the high school's temporary closure.
This is why it is crucial for the media to present the facts from more than one, very specific angle, even when the facts are largely not in dispute.