> Of course, trying to regulate crypto will bring everyone against (individual) privacy and freedom out in opposition, and forcing companies to not tie functionality to their private keys / force them to make public those keys would also make you an enemy of the "security" industry.
This seems easy to solve. Just mandate that the end-user/purchaser of the hardware should have the same level of control over the code execution as the manufacturer does after the sale. Whatever the manufacturer can do to your own unit after it's in your posession, you should be able to do as well.
No need to get into restricting crypto. After the aforementioned regulations are passed, it will be up to the companies to figure out how to implement them.
>Just mandate that the end-user/purchaser of the hardware should have the same level of control over the code execution as the manufacturer does after the sale. Whatever the manufacturer can do to your own unit after it's in your posession, you should be able to do as well.
I don't see how this changes much except to mandate Apple or any other hardware manufacturer to leave privilege escalation bugs in their software for the lifetime of the device.
Also, updates are generally user-initiated. If the unadvertised "functionality" of unauthorized code execution is patched, the user has only himself to blame, not the manufacturer.
The point of the regulation would be to force manufacturers to officially give users the same level of code execution that they have over the sold devices as themselves.
If Apple, via software updates, can control what software runs on the iPhone of the user, then the user should also have that control, to install whatever OS/bootloader they desire, the same way as Apple can.
You're shifting goalposts. You were arguing for the same level of code execution after sale of the device, not at point of compilation. By the time every iPhone leaves the factories in China and India, they're already locked down. The consumer only has as much ability to execute code as any bugs allow in the initial OS release.
Also, Apple doesn't have the ability to install any OS/bootloader as the hardware is specifically tailored to one OS. Even if you had an Apple-sanctioned root mode, it's likely the hardware won't run AOSP images or android compatible bootloader as it's only guaranteed to work with iOS. The same can be said of game consoles.
The code execution is locked down with a private key that only Apple has.
Apple can therefore sign any executable for any iDevice that exists, and it will run without issues. They could make a completely new bootloader/OS combo from scratch while mantaining compatibility with the hardware.
The bar is then: "Is it technically and officially possible for Apple to install any OS/bootloader that's compatible with the iPhone hardware?" The answer to that is yes, it is.
So, if it is possible for Apple to do so (by them having the private key used to sign the OS images) even after they sell it to me, then it should be legally mandated for me to have the same level of official posibility to do the same via the same means.
> The code execution is locked down with a private key that only Apple has.
And digital signatures for the various drivers that only work in iOS.
> Apple can therefore sign any executable for any iDevice that exists, and it will run without issues. They could make a completely new bootloader/OS combo from scratch while maintaining compatibility with the hardware.
That Apple can does not mean it should be compelled to. In addition, Building an entirely new OS is separate from the issue of being regulated to provide equivalent access after sale.
> The bar is then: "Is it technically and officially possible for Apple to install any OS/bootloader that's compatible with the iPhone hardware?" The answer to that is yes, it is.
Then this is no longer about consumers having the right to do as they wish with a device they have purchased. Instead, this is about compelling Apple into providing protected information or forcing the company to design an open OS. This runs afoul of many constitutional protections not the least of which is compelled speech.
> So, if it is possible for Apple to do so (by them having the private key used to sign the OS images) even after they sell it to me, then it should be legally mandated for me to have the same level of official posibility to do the same via the same means.
That they have a private key, does not mean they're obligated to share it nor should they. I fret for the precedent this would set. Arguing for control of your own device that you can root yourself is not the same as forcing a manufacturer to allow arbitrary access to the OS at first swipe.
Apple shouldn't be the one doing the signing for every user or giving out any private keys of theirs. What should happen is that they should be forced to design their devices in such a way as to allow an authorized user to change the public key used for signature verification.
All this is a disgression however. The point is that the law should simply mandate that manufacturers design their devices in a way in which what the OEM can do to an already-sold device in terms of code execution/control also be possible for the new owner to do.
This seems easy to solve. Just mandate that the end-user/purchaser of the hardware should have the same level of control over the code execution as the manufacturer does after the sale. Whatever the manufacturer can do to your own unit after it's in your posession, you should be able to do as well.
No need to get into restricting crypto. After the aforementioned regulations are passed, it will be up to the companies to figure out how to implement them.