Just over a week ago, at the BlackHat hacker convention in Las Vegas, Ivan Krstić, Head of Security Engineering and Architecture at Apple gave a talk entitled “Behind the scenes of iOS Security,” the slides of which are available here. It’s a historic talk for a couple of reasons. First, Apple is traditionally very secretive about how it technically does security on its devices. Apple also announced its first bug bounty program. So far, so newsworthy. But something else happened at that talk. Unbeknownst to the presenter or anybody in the audience, Apple just reopened the “Going Dark” dispute between the FBI and the privacy community, and it turned the entire dispute on its head. In the cold light of day, I suspect Apple, the US government, and privacy activists are going to be rather unhappy when they digest the sobering implications of the talk, though they will likely be upset for entirely different reasons. In short, Apple built the very thing that they and the privacy community have been saying for years is reckless, dangerous or impossible: a high-value encryption key secured in a vault such that the key can’t be stolen or misused by hackers or malicious insiders. And without a hint of self-awareness Apple’s head of security engineering and architecture went all the way to BlackHat in Las Vegas to boast about how they did it. But I’m getting ahead of myself. Let’s start at the beginning... https://lawfareblog.com/apple-blackhat-reopening-going-dark-debate