Bill Gates Says Apple Should Unlock the iPhone(techcrunch.com) |
Bill Gates Says Apple Should Unlock the iPhone(techcrunch.com) |
"Some advocates of the government’s order want us to roll back data protections to iOS 7, which we released in September 2013. Starting with iOS 8, we began encrypting data in a way that not even the iPhone itself can read without the user’s passcode, so if it is lost or stolen, our personal data, conversations, financial and health information are far more secure. We all know that turning back the clock on that progress would be a terrible idea."
The last released non-beta iOS is 9.2.
Bill Gates still owns some 13 billions in Microsoft stocks.
> Bill Gates still owns some 13 billions in Microsoft stocks.
Do you really think Gates would dissemble, throw privacy under a bus, and draw the ire of his peers... just for a potential bump in net worth? I think it's far more likely that he believes what he says he believes.
As much as the HN crowd likes to side with Apple on this matter, reasonable people can disagree about what's best. I hope Gates's position causes people to reflect on why they have the opinion they do. Gates doesn't have some shady ulterior motive. He's simply stating his opinion on the matter, and using some hastily-conceived analogies to explain it to the general public. That's all.
> Do you really think Gates would dissemble, throw privacy under a bus, and draw the ire of his peers... just for a potential bump in net worth?
Check which companies sided with Apple this time and which didn't, then compare with some other older cases, for example after Snowden's revelations, then you tell me how you see the current state this time.
Almost certainly the phone doesn't contain anything relevant: it was just a business phone of the killer who actually took care to destroy his private phone and computer, the backup data out of the phone is already owned by the FBI and they just clumsily locked themselves out.
Even if I can imagine Gates believes what he says the context matters and shouldn't be left unmentioned. Interests and affiliations of somebody influential making the public statement are certainly important to mention. Also to compare, Cook was almost presented guilty for trying to preserve the products of his company.
Seriously? It's absolutely different (not to mention his ribbon analogy makes no sense at all). I see all of this more a question of "can Americans actually have anything remain private on a commercial device?". I don't want anyone but me to have unfettered access to my data, regardless of if it's phone records, bank info, or my phone's contents.
Here's hoping that the iPhone 7 has a secure enclave that either 1.) deletes keys on firmware flash, or 2.) doesn't allow it to be upgraded ever.
As far as I understand the secure enclave has been updated a couple times since it's introduction, so I legitimately hope this was a v1, with secure enclave v2 (without update functionality) waiting to be released in Sept.
As a side-note - one of the things I struggle with is I'm not convinced that Apple really had a tangible reason to make it as secure as it is, especially when their main competition was android, which is fairly laughable with security thanks to the OEMs.
Thing is, this entire system is based off of trust. If people lose trust in Apple, then they lose trust product. While even Apple can't decrypt the data, existence of malicious signed code means you can't trust signed code.
FBI would have done better to ask Apple in secret. Apple really made the only possible choice when faced with a public request.
You phrased all that just to get to the conclusion that Apple is an over-controlling company imposing rules on otherwise super tech savvy users. Well sorry to break the news for you, but people decide on their own which smartphone to buy.
Globally, most of the time, it's an Android phone. Globally, most of the time, it's an OLD and cheap Android phone, with firmwares so old and so full of holes that calling it insecure would be an euphemism.
But hey, I suppose they're much better off, since they can DECIDE what phone to buy, right? It's certainly not their income deciding for them... Better, they can even root it! Make it even more insecure! Install pirated software that hides malware and will steal their ids or their money! Now THAT's choice and power to the user!
No! Since iOS8 Apple intentionally encrypts the user's data on the phone in a way that even they don't have access to them.
They have access to the hardware, to be able to reconfigure it, but not the encrypted data on the phone. Because the data is encrypted, intentionally so.
And they have access to the iCloud backup data and they gave that data to the FBI. Then FBI actually locked their access to the phone by changing the iCloud password.
If you hope for that, consider the legal base on which FBI made the current request: All Writs Act, which is, in full:
https://en.wikipedia.org/wiki/All_Writs_Act
"(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.
(b) An alternative writ or rule nisi may be issued by a justice or judge of a court which has jurisdiction."
Note it's not any kind of law that regulates any form of encryption or communication security, a lot of laws with such topics were fought through the years! It's just "we can demand anything we want."
Then consider how long such Secure Enclave will last if this precedent on such use of this Act is now to be made.
As an aside it bugs me to a fairly large degree that we still attempt to apply very old laws to something they were never designed to address the things we put in front of it. It feels very akin to trying to jam a square peg in a round hole.
Ever play with a wifi pineapple? Ever build one yourself? Congrats! You broke a federal wiretapping statute!
https://www.law.cornell.edu/uscode/text/18/2511 https://www.law.cornell.edu/uscode/text/18/2512
It's Americans now, but if Apple gives in, investigators from other big markets might pressure Apple to do the same for them. I think that's what's meant with cutting the ribbon many times.
What I have found even more confusing is why the FBI hasn't asked the NSA for help. The NSA's thousands of skilled hackers simply can't break into an old iPhone?
http://gizmodo.com/justice-department-forcing-apple-to-unloc... The Justice Department is pursuing court orders to force Apple Inc. to help investigators extract data from iPhones in about a dozen undisclosed cases around the country...
And what about when authorities in the UK also have cases where they "need" phones to be unlocked? And how about China? And every other government in the world that may want to have phones unlocked?
"I think he broke the law, so I certainly wouldn't characterize him as a hero," Gates said. "If he wanted to raise the issues and stay in the country and engage in civil disobedience or something of that kind, or if he had been careful in terms of what he had released, then it would fit more of the model of 'OK, I'm really trying to improve things.' You won't find much admiration from me."
Gates said that there "has to be a debate" about government snooping, but indicated that some aspects of government surveillance are best left a secret.
Microsoft has seen quite a bit of controversy regarding its alleged cooperation with the NSA. Last July, the Guardian reported that Microsoft had aided both the NSA and FBI in accessing user data, including providing video and audio conversations from Skype, Microsoft's video chat service. A Der Spiegel report in December also found that the NSA would use fake Windows error messages to spy on people.
Ref: http://www.huffingtonpost.com/entry/bill-gates-snowden_n_496...
http://www.rollingstone.com/culture/news/bill-gates-the-roll...
So how many people flagged this news? Which company IP address range were involved? Keep an eye on that. Thanks.
It's on 285. right now:
Bill Gates Says Apple Should Unlock the iPhone (techcrunch.com)
59 points by phesse14 5 hours ago 91 comments
On 212:
Bill Gates Says Apple Should Unlock San Bernardino Shooter's iPhone for FBI (macrumors.com)
13 points by samstokes 7 hours ago 8 comments
And on 1:
Bill Gates calls for terror data debate (bbc.com)
22 points by lentil_soup 52 minutes ago 4 comments
I disagree with Bill on phone security and agree with Apple's stance, but even so it's pretty clear to me that Microsoft has a stronger case and literally has no choice but to deny the US DOJ access to records held abroad.
not for a second do I suspect mr gates to be stupid or not comprehending situation in full detail, with all possible consequences. and here I thought that he went from most hated IT guy on this planet in '90s to somebody actually concerned about good of the mankind. can somebody shed some light what would be his true motivations for these statements?
...Well, that sums up his understanding of the the encryption technology. Then what are we to expect of the general public, when even Bill Gates sees a "ribbon around a disk drive"?
Unfortunately, there's no way Gates can win here. If he uses technical language, journalists and/or readers won't understand. Or worse: they'll misunderstand his views. If he uses simplistic analogies, he invites mockery from technical readers.
It's not about cutting a ribbon. It's about putting a hard drive in a box that self destructs when you try to open it. What your friends are asking is not to cut a ribbon, but to make the box open safely with a master key. Your government could not even stop wikileaks and your own employee to turn against you -- how do you expect the world to trust them with master key?
Overreaching beyond means and have it blow up in the face is quickly becoming an American virtue in the 21st century.
https://theintercept.com/2015/12/28/recently-bought-a-window...
"There is no future in the Internet." - Bill Gates 1988
Call and message info, okay maybe, but full access? There is no way you can say thats fine.
I have said it in an earlier comment and ill say it again, i think they are inly doing this, on this case, to make a precedent, and only on this case, as few people will want it to be on record, that they are 'siding' with terrorists.
Imho, its bullshit, all the way through.
If our law enforcement cannot understand that terrorists will simply switch to use another encryption tool, then we have a much bigger problem than unlocking a single iPhone. Our security force does not know how to keep us safe. I'd rather they figure that out sooner than later.
He might be a brilliant man, but he clearly doesn't have the vision when it comes to security and privacy.
Hand that feeds you and all that.
The FBI already have the info they need, don't need nsa's help, this is purely about setting a precedent.
Actually, my best hypothesis is that, remembering that the Gates Foundation, which is the organization Gates is actually involved with now, works a lot in government/policy circles, Bill himself might have views that are more common within that circle that within the tech community. Whether that means that he is taking this point because he has more information, less information or just different priorities, I do not know. I don't even remember if Gates took any position on the original crypto wars.
I personally find that the balance of arguments weights much heavier on the side of security and privacy, versus surveillance, and that creating this tool and setting this particular precedent would do more harm than good. I can still imagine a world in which Gates disagrees with that without being knowingly evil, though.
Actually, when it comes to Gates in particular, I admit that when I was younger I spent a long time thinking of him as "knowingly evil" (or at least selfish to a extreme degree) for completely different reasons. Later I realized that he might have simply put priority on different ethical axioms than my high-school self did... and in the balance of things might end up having been a higher positive force in the world than a negative one, by far, see e.g. https://en.wikipedia.org/wiki/Malaria#Eradication_efforts . This doesn't mean I agree with him on the issue at hand, though.
Regardless of the outcome of this case, the best thing that Apple, Google, and everyone else can do is to make sure that it's impossible for them to comply with future versions of the OS.
Most of the NSA hacking has nothing to do with cracking cryptographic keys anyway, it's exploiting weaknesses in systems so you don't even need the keys at all. In this case, it appears they would need the keys.
Second, it's unclear how easy it would be to create firmware that only works on a specific device. What if there's a bug, or what if someone finds a way to spoof the device ID that would probably be checked? It could very well end up being a backdoor for all iPhones after all (or, at least, for all iPhones without a Secure Enclave).
This EFF article has a couple more points[1].
[1]: https://www.eff.org/deeplinks/2016/02/technical-perspective-...
Let's say that Apple crafted an update that does what the FBI wants. That in itself wouldn't put other iPhones at risk, as long as a signed copy of that malicious update didn't leave Apple's custody. The FBI hasn't even asked for that. They say that Apple could do all the work in house. Furthermore, it's unlikely that this malicious update would work on newer iPhones.
But the precedent would be established.
And once the software leaks, which will eventually happen, everyone will be able to do it in every situation.
Moreover, every other government will ask for it, and not all governments meet the same moral standards.
once this is created, apple would pressed HARD by all authorities to re-use it for all iphones captured. these days we know damn too well that people in CIA, aNSA etc don't hold any reasonable moral values when it comes to privacy of about anybody on this planet.
plus it could be taken from this specific phone and very probably copied anywhere, without any apple approval or court order.
if government was playing mr nice guy till now, there would be at least some hope and faith. currently, there is simply none.
Once that update exists, it can be installed on any device because it has been signed by Apple.
What Apple possesses is the somewhat unique ability to design a system that is actually secure by burning the key into the secure enclave and not allowing it to be updated. The only way someone would be able to get to it then is by attacking the physical hardware itself (which I'm sure an NSA-level attacker could do), but it would render this entire thing moot, as even Apple wouldn't be able to unlock the phone if it wanted.
I say unique because they can bake security into the actual hardware design, and tightly control how the entire thing works, which android & windows simply can't do. In order to trust your OS (and in turn, your signed software), you have to trust your hardware first. The security of the entire system falls apart if you can't trust your hardware.
I agree. I will go further and say that I hope Apple would make the same decision in secret. I believe Apple in general and Tim Cook in particular to be not just moral, but "principled", in that I feel like he's unlikely to back down from a moral argument without being beaten into submission. I hope Apple fights this one to the death.
> Thing is, this entire system is based off of trust. If people lose trust in Apple, then they lose trust product. While even Apple can't decrypt the data, existence of malicious signed code means you can't trust signed code.
The question at hand is whether it makes sense to trust a company when their government wants them to do something and may technically have the law (as broken as you or I or even "almost everyone" feels that law is) on their side. This is the same discussion about putting data on servers in other countries run by companies that might bow to the will of some oppressive totalitarian regime, only the server is in your pocket and the regime is the United States through the FBI.
What has changed in the past 2 centuries is the way the law is interpreted by the courts. And if this case keeps going it will probably be another that defines what the limits of that law.
If there is something you should be concerned about with All Writs it is not its age but its scope. Unless Congress provides a more specific legal framework (which we have seen in a number of other technical cases, for good or, often, ill), it will continue to be decided by judges and justices.
No, as far as I understand, this now would be a new and dangerous precedent:
Nobody was ever asked to alter their product using All Writs.
That's what's here all about.
Exactly: the ability for Apple to send a specific user a different firmware update than they send everyone else is extremely brutal and there is absolutely no way the user (no matter how intelligent) could even tell that they were being targeted as the only person who has even remotely powerful access to the firmware being loaded is Apple themselves.
> This late in the game, how can that possibly give Apple user filesystem keys? Those require the PIN or password.
You just brute force this. On the iPhone 4 it took minutes to brute force a 4- digit PIN code, and clearly it wouldn't be a challenge to brute force a 6- digit PIN code (this is still less than a day). If the user has a password, it might take a while (depending on how good it is), but it is still a guaranteed attack. You can quibble with me on the definition of "unfettered", but I maintain that "will take (maybe) some time but almost no effort to get a 100% success rate, and which will complete almost certainly before the statute of limitations expires on the crime" is not usefully "fettered".
You may well be right however that the circle he runs in has influenced his stance on this too, however he has historically taken a pro-government anti-knowledge stance - see http://www.rollingstone.com/culture/news/bill-gates-the-roll... for instance in which he trots out the "Snowden is a traitor who needs to come home for a fair trial" rhetoric.
> Better, they can even root it! Make it even more insecure! Install pirated software that hides malware and will steal their ids or their money! Now THAT's choice and power to the user!
This makes no sense. Sure: someone can make their device less secure if they want. I absolutely support you doing that. They can also try to use vulnerabilities to take back control of their device and make it more secure (though with an iPhone there are some serious issues with this, due to how almost impossible it is to lock Apple out). But what does this have to do with the conversation at hand? Can you connect any of this back with the FBI discussion?
Well yeah, I guessed so. People in Cupertino probably think that's basically your mission :D (I don't, though). What I wanted to say is that building a security platform that completely locks you out of the device you're building is 1) Hard 2) full of political and legal implications. Even then, Apple is the only manufacturer with such a clear roadmap in that. Why are they the only one to be held so strongly accountable for building this king of security while Google Android phone can be snooped upon in an extremely easy way? When they're less secure by design?
That was my objection.
Good, because anyone who thinks that even casually is either completely uninformed or an idiot :/. (I vaguely apologize for the bluntness, but this is an insinuated attack even with the statement that you don't believe it, at which point one would question why you brought it up in the first place.)
> Why are they the only one to be held so strongly accountable for building this king of security while Google Android phone can be snooped upon in an extremely easy way?
You clearly have never been to one of my talks; I outright told an entire audience of people at DragonCon, most of whom used Android devices, that they should not use an Android device if they even remotely cared about security, and sat there and took it as they boo'd me: I am extremely vocal about the flaws in Android devices.
Only today, we are talking about Apple. And today, Apple is being disingenuous: they are making it sound like it would be some herculean effort to build some massive crowbar to defeat their otherwise impenetrable device, when in fact what the FBI wants can be accomplished by Apple in a matter of hours, and that the underlying security of this device comes down to something Apple would rather people believe is a good thing--that they have more access to the hardware you own than you do--than ever even momentarily consider to be a flaw.
Also I'd venture that Saurik is quite the opposite of an "Apple hater", as he created cydia (https://cydia.saurik.com/), and contributed arguably the most to the iphone jailbreak community to date.
And FBI can't decrypt it. They locked themselves out of the phone, actually. And the phone is not the private phone of the killer, he destroyed that one, and his computer too. And note that he didn't care about this phone.
FBI demands from Apple to change their product (iOS) to make the encryption cracking attempts by FBI easier.
> FBI demands from Apple to change their product (iOS) to make the encryption cracking attempts by FBI easier.
... and we should be thankful the FBI didn't simply demand the 4096-bit key Apple uses to sign firmwares, because that's all they actually need--nothing more than 512 bytes of data--in order to accomplish the thing everyone is upset about here.
This is a one line of code change for Apple and would take them a few minutes. FWIW, there are people in the iOS jailbreaking community who could do this without the source code rather quickly. I'll even go so far as to say that we actually already have all the tools for this lying around for the iPhone 4, and with only minimal changes made by even less qualified engineers they would probably work on the iPhone 5C.
> With a sufficiently complex passphrase, the FBI is still SOL.
Most people use the 4- or 6- digit PIN number. One presumes that in this case the user did so (and you can tell, as the UI is different depending on the kind of passphrase used), or the FBI wouldn't be quite so excited to bother here. It takes mere minutes to crack a 4- digit PIN code on the iPhone 4.
> The fact that only Apple is in a position to sign firmware that could do this is a positive thing in this context. The only alternatives are no firmware signing at all (so everyone could run this attack), no updates at all, or enforcing the rate-limiting in a HSM (which is what they're doing on the latest generation iPhones).
You have conveniently removed "allow the user to lock everyone out from firmware updates except themselves" from the list of possible options :/. While I am perfectly happy with the idea that some people might want to allow Apple to update the firmware on their device, I would much rather no one be able to do that unless they go through me, and as I own the hardware and it is my data that is on the line, I should have the right to make that decision. Apple is selling locks, claiming them to be secure, while not only sitting on a master key but now claiming that it isn't really a master key, which is not just disingenuous but outright dishonest at this point.
Firmware signing and how updates are delivered are one thing. I would argue that having only one possible adversary is preferable to everyone being able to create firmware that runs on your device. If there's a practical and secure approach that would allow users to install only firmware updates they approve of, I'd be all for that[1]. In the end - please correct me if I'm wrong - this would require a user-generated key or passphrase of some sort, and then we're back at a brute-force problem and the question of how secure is that passphrase and how are rate-limits enforced.
The iPhone's disc encryption, however, does not rely on this so-called master key. That's why I think calling this a backdoor isn't a fair assessment. It's entirely reliant on the complexity of your passphrase. The iPhone's security architecture, including the firmware signing and in newer versions the secure enclave, make attacks against this significantly harder (or next to impossible, if the secure enclave firmware is actually read-only ... something that definitely needs to be clarified). Compare this to your typical desktop full-disk encryption, where you usually have no countermeasures whatsoever against this kind of thing.
[1]: Speaking as a developer. I'm not qualified to answer this for sure, but my gut feeling is that such a feature in the hands of typical end-users might actually be a bad thing for security.
I think users should be allowed to make the security tradeoffs they consider relevant. Many people leave a key to the door of their house somewhere outside but nearby, yet I don't think the people who build locks should decide that that is never acceptable and decide to play parent and come up with a solution to this problem: I would prefer people to be informed about the tradeoffs they are making, but they should be allowed to do what they want. Meanwhile, this enables the people who want more security than "I trust Apple, all of Apple's employees, Apple's security from hostile third parties, and the government under which Apple does business" to go "above and beyond".
> That's why I think calling this a backdoor isn't a fair assessment.
I am using this term because Apple is using this term: they said "They [the FBI] have asked us [Apple] to build a backdoor to the iPhone." when what the result would be would still require brute forcing a passcode to get the data in question. They make it sound extremely hard, but in fact it is really easy for them to do this: it is a single line of code changed; what makes it possible for them to do this is not that they haven't bothered to build it, it is that they are moral enough to not want to do it, and they are the only people with the key... but the key, fundamentally, is equivalent to the power the FBI wants. The FBI could "build" this backdoor for themselves if Apple handed them that key.
Then there's even less reason to use All Writs to make Apple do it, unless it's to make the precedent to force the device makers to backdoor their products.
Just do it, for all of us, make that tool for 5C. But don't support FBI using this case to make "All Writs able to change products" precedent.
I can build the tool. What I can't do is sign the result. The only thing any of us are missing is the 4096-bit RSA encryption key used to sign the firmware. The way we load this tool onto the iPhone 4 is using a vulnerability in their bootloader that lets us bypass the signature check. There is only 512 bytes of data at question here, not some insurmountable amount of work.
Believe me, I do think your work is phenomenal. Period. I'm sorry I've never been to one of your talks. If you'll ever do one in Berlin in the future I won't certainly miss it. :)
That said, I understand your point but I don't really agree. You're saying Apple is doing all this while basically lying for what? Sheer publicity? Do they really think that this kind of unusual marketing would be good for them?
It's the implications (legal, not technical ones) that are at stake here. Three hours of Apple engineers' time spent working for the government, by the way, would already account as an unreasonable burden, in my book. Especially after they already complied with the FBI requests just to find out they messed up the iCloud password...
Is iOS much more secure that any other mobile platform? Isn't Apple saying just that? And don't you believe it's true? Apparently yes, you do! They do are working towards what you advocate for here (making the users' data completely unaccessible to them). Just look at the evolution of security from iOS 7 to iOS 9. We're still not there, yet. Maybe that's what's brewing for iOS 10, who knows...
By the way, since we're here and you're clearly the best person to ask... I'm curious about how Apple stores and keeps their private signing key for iOS secure. How do they do that? Has anybody ever tried to steal that? That's something nobody's talking about, but I'm really curious about the physical implications of keeping something like that safe.
HSMs generally support signing operations, so it's likely the key doesn't leave the device at all. They might be using a configuration with shared secrets (smart card + PIN, etc.) where at least n shares need to be present to operate the HSM. Those secrets are probably held by a small number of high-level Apple employees.
It's probably similar to the DNSSEC Root Signing Ceremony[1]. Well, hopefully slightly less insane.
[1]: https://www.cloudflare.com/dnssec/root-signing-ceremony/
Shouldn't Apple be allowed to do as it wants?
> what is fundamentally different is only that people realize the government might be able to force Apple to use their key.
The public already knows from the ongoing debate that the current iPhone is unlockable by Apple. What difference does it make if the key does not exist yet, as Apple says, or if it does, as you say? Everyone knows the power is in Apple's hands. We'll all demand better iPhone security as a result of this discussion.
> this enables the people who want more security ... to go "above and beyond".
I understand you are asking Apple for a specific feature that gives more security. Regardless of the existence of this particular case, you would still be trying to raise awareness and gather support for pushing Apple to implement that feature. Is that fair to say? I support you in that effort. I also think this discussion ought to be held separately, perhaps after the case, so that we can focus on not giving the DOJ any means to handcuff the tech companies. The results of this case will have a dramatic impact on all tech, and if you truly care about privacy and security, you will support Apple's stance.
Let's table the debate about how Apple needs to improve its phone security and allow users to update firmware, and focus on matters at stake: whether or not the DOJ should be able to compel Apple to hand over the key. Whether or not that key has been created is irrelevant to the fact that if the DOJ wins this case, it is one step closer to mandating that Apple make all their phones unlockable.
Please make it then for iPhone 5C. You would do the world a favor.
If you claim you don't have the needed RSA key, then you confirm that the encryption actually works. And you know that your "tool" wouldn't work on the copy of the encrypted data, too. Nice for consumers, isn't it, hardware-dependent functioning encryption by Apple.
It's wrong and dangerous, not because only the key, but because the way the whole issue is constructed, the demand to Apple is to "just" change the iOS (Apple's product) "because we say so and we can." Dangerous precedent.
It's not "give us the data from the phone." FBI has the data already. They are encrypted, and FBI locked themselves out. Bad luck.
Ah, so Apple's encryption does actually work.
That's the essence of the good encryption: everything is known, except the key. You are not supposed to have it. FBI, hopefully, isn't supposed to have it too. That's why we have laws. Checks and balances and stuff. Laws made for specific cases, not "we can do anything."
Which is very bad if it is accepted this time.
The FBI wants Apple to create "malicious" code/update/software version that would allow for multiple decryption attempts among other things. Apple CAN comply with these requests, probably easily. However, by doing so they will destroy trust in Apple signed code and set a precedent.
It doesn't matter WHO has the key because Apple will be acting in proxy.
The issue here is if All Writs is a good legal basis for the precedent of "change your product."
I agree with you about All Writs, I don't see any precedent for "change your product". Thanks for pointing my mistake out.
In Cook's words:
http://techcrunch.com/2016/02/22/in-employee-email-apple-ceo...
"We feel the best way forward would be for the government to withdraw its demands under the All Writs Act and, as some in Congress have proposed, form a commission or other panel of experts on intelligence, technology and civil liberties to discuss the implications for law enforcement, national security, privacy and personal freedoms."
It is far from "just one small thing." As far as I understand you've already made some unauthorized changes to Apple products, and I can understand how you see it as "easy" but your technical experience, even if it's notable, is not the topic.
Even if you think I'm wrong (to which I highly recommend you ask some other people, preferably strong developers, as the idea that this is difficult for Apple to build isn't me "estimating" here, it is the kind of idea that should be discarded at the face of it as it is so absurd... this is something they could assign an intern to and it would still be done in a few hours), then we are just talking about some different time period for someone to build the software here: whatever it is, it is fundamentally insignificant in comparison to Apple spending a few minutes to use their key and sign the firmware. The world isn't somehow different once that software exists, even if you think it is hard to build: what is fundamentally different is only that people realize the government might be able to force Apple to use their key.
> The world isn't somehow different once that software exists
It is, if it's made by Apple now, since it makes the legal precedent in how All Writs is accepted by Apple to be used. It even makes it a precedent for other companies too. That's why they question it and rightly so.
That's why if FBI or you would have managed to produce some cracking tool now, without Apple's help, it wouldn't matter. It wouldn't affect the development of even more secure phones by Apple.
Technically-hard-or-not-hard, as claimed by an-intern-or-the-Cydia-author is, once again, irrelevant.
> what is fundamentally different is only that people realize the government might be able to force Apple to use their key.
Government already tried to force them and Cook responded, literally: "We feel the best way forward would be for the government to withdraw its demands under the All Writs Act" so people hopefully already realize what is at stake and at least we discuss it.