I was disappointed by Eugene H. Spafford’s column "The Strength of Encryption" (Mar. 2016) in which Spafford conflated law enforcement requests for access to the contents of specific smartphones with the prospect of the government requiring backdoors through which any device could be penetrated. These are separate issues. Even if the methods the FBI ultimately used to unlock a particular Apple iPhone 5C earlier this year are too elaborate for the hundreds of encrypted or code-protected phones now in police custody, the principle—that it is a moral if not legal responsibility for those with the competence to open the phones do so—would still be relevant.
Unlocking an individual phone would not legally compel a backdoor into all Apple devices. Rather, Apple would have to create and download into a particular target phone only a version of iOS that does two things—return to requesting password entry after a failed attempt, without invoking the standard iOS delay-and-attempt-count code and allow password attempts at guessing the correct password be submitted electronically rather than through physical taps on the phone’s keypad. The first is clearly trivial, and the second is, I expect, easily achieved.
The FBI would then observe, at an Apple facility, the modified iOS being downloaded and be able to run multiple brute-force password attempts against it. When the phone is eventually unlocked, the FBI would have the former user’s correct password. Apple could then reload the original iOS, and the FBI could take away the phone and the password and access the phone’s contents without further Apple involvement.
No backdoor would have been released. No existing encryption security would have been compromised. Other law-enforcement agencies, armed with judicial orders, would likewise expect compliance—and should receive it.
The secondary argument—that should Apple comply and authoritarian regimes worldwide would demand the same sort of compliance from Apple, as well as from other manufacturers—is a straw man. Since Apple and other manufacturers, as well as researchers, have acknowledged they are able to gain access to the contents of encrypted phones, other regimes are already able to make such demands, independent of the outcome of any specific case.
R. Gary Marquart, Austin, TX
Author Responds:
My column was written and published before the FBI vs. Apple lawsuit occurred and was on the general issue of encryption strength and backdoors. Nowhere in it did I mention either Apple or the FBI. I also made no mention of "unlocking" cellphones, iOS, or passwords. I am thus unable to provide any reasonable response to Marquart’s objections as to items not in it.
Eugene H. Spafford, West Lafayette, IN
The What in the GNU/Linux Name
George V. Neville-Neil’s Kode Vicious column "GNL Is Not Linux" (Apr. 2016) would have been better if it had ended with the opening paragraph. Instead Neville-Neil recapped yet again the history of Unix and Linux, then went off the rails, hinting, darkly, at ulterior motives behind GPL, particularly that it is anti-commercial. Red Hat’s billions in revenue ($1.79 billion in 2015) should put such an assertion to rest. The Free Software Foundation apparently has no problem with individuals or companies making money from free software.
We do not call houses by the tools we use to build them, as in, say, "… a Craftsman/House, a Makita/House, or a Home Depot/House …" in Neville-Neil’s example. But we do call a house made of bricks a brick house in a nomenclature that causes no confusion. Why then would it be confusing to call a system with a Linux kernel and a user space largely from the GNU project a "GNU/Linux system"? Including "GNU" in the name seems to be a problem only for people with an anti-GNU bias or misunderstanding of GPL, both of which Neville-Neil exhibited through his "supposedly" slight (in paragraph 10) intended to cast aspersions on the Hurd operating system project and the dig (as I read it) at GPLv3 for being more restrictive than GPLv2. However, in fairness, GPLv3 is more restrictive and explicit about not allowing patents to circumvent the freedoms inherent in a license otherwise granted by copyright. As Neville-Neil appeared disdainful of the GPLv2 methods of securing users’ freedoms, it is not surprising he would take a negative view of GPLv3.
Neville-Neil also suggested the "GNU/Linux" name is inappropriate, as it reflects the tools used to build the kernel. But as Richard Stallman explained in his 2008 article "Linux and the GNU System" (http://www.gnu.org/gnu/linux-and-gnu.html) to which Neville-Neil linked in his column, a typical Linux distribution includes more code from the GNU project than from the Linux kernel project. Perhaps Neville-Neil should pour himself a less-"strong beverage" and read Stallman’s article again. He may find himself much less confused by the "GNU/Linux" name.
Todd M. Lewis, Sanford, NC
Author Responds:
Lewis hints at my anti-GPL bias, though I have been quite direct in my opposition to any open source license that restricts the freedoms of those using the code, as is done explicitly by the GPLv2 licenses. Open source means just that—open, free to everyone, without strings, caveats, codicils, or clawbacks. As for a strong drink and a reread of anything from Richard Stallman it would have to be a very strong drink indeed to induce me to do it again.
George V. Neville-Neil, Brooklyn, NY
Diversity and ‘CS for All’
Vinton G. Cerf’s Cerf’s Up column "Enrollments Explode! But diversity students are leaving …" (Apr. 2016) on diversity in computer science education and Lawrence M. Fisher’s news story on President Barack Obama’s "Computer Science for All" initiative made us think Communications readers might be interested in our experience at Princeton University over the past decade dramatically increasing both CS enrollments in general and the percentage of women in CS courses. As of the 2015–2016 academic year, our introductory CS class was the highest-enrolled class at Princeton and included over 40% women, with the number and percentage of women CS majors approaching similar levels.
Our approach is to teach a CS course for everyone, focusing outwardly on applications in other disciplines, from biology and physics to art and music.1 We begin with a substantive programming component, with each concept introduced in the context of an engaging application, ranging from simulating the vibration of a guitar string to generate sound to implementing Markov language models to computing DNA sequence alignments. This foundation allows us to consider the great intellectual contributions of Turing, Shannon, von Neumann, and others in a scientific context. We have also had success embracing technology, moving to active learning with online lectures.2 We feel CS is something every college student can and must learn, no matter what their intended major, and there is much more to it than programming alone. Weaving CS into the fabric of modern life and a broad educational experience in this way is valuable to all students, particularly women and underrepresented minorities. Other institutions adopting a similar approach have had similar success.
Meanwhile, we have finally (after 25 years of development) completed our CS textbook Computer Science, An Interdisciplinary Approach (Addison-Wesley, 2016), which we feel can stand alongside standard textbooks in biology, physics, economics, and other disciplines. It will be available along with studio-produced lectures and associated Web content (http://introcs.cs.princeton.edu) that attract more than one million visitors per year.
Over the next few years, we will seek opportunities to disseminate these materials to as many teachers and learners as possible. Other institutions will be challenged to match our numbers, particularly percentage of women engaged in CS. It is an exciting time.
Robert Sedgewick and Kevin Wayne, Princeton, NJ
Join the Discussion (0)
Become a Member or Sign In to Post a Comment