What, disabling a system that contains personal data if it appears the device has been tampered with? So what you're basically asking for is for the data protection act to be repealed?

The fact that Apple designed a device to react when it's secure infrastructure has been tampered with is entirely logical and reasonable. The mistake is that they've not communicated the fact at all and the 'interface' for it is terrible. if you think about it for a minute, if someone nabbed your phone and tampered with it to get into it, what would you want them not to have access to? Pretty much every bit of it, frankly. You might not be bothered if they played a bit of Crossy Road but you wouldn't want them to have access to the major functions of the phone, either to read your information or to pretend to be you. So frankly the best thing to do if the secure access components get tampered with is brick the phone, or at least make it unusable to the point where the difference between that and bricking is academic at best.

What Apple have done wrong here is a) not tell people this will happen if they tamper with the touch ID sensor and b) the error message/information on the screen when it happens is useless. If poor interfaces are to be made illegal, there isn't a phone you're going to end up being able to buy.

If you could take the touch sensor off one phone and put it on another and then get into that phone no problem (for example) people would be bleating like mad that iPhones were insecure. Here's some cake, you can have it or eat it, pick one.

Disabling someone else's property puts an expensive product out of use permanently, it has the same effect as smashing the phone on the floor for them. Something can be illegal while being useful. For instance, putting bear traps on your property to stop burglars.

Isn't permanently disabling someone else's property without their permission vandalism? As I see it, this can happen when the genuine owner is still in possession of the phone, and there has been no dishonest attempt to steal the information. So without the evidence of a crime, or the permission of the rightful owner, it is my position that Apple should have no legal right to brick the phone. What section of the DPA provides Apple the right to do this?



My argument was not that a device shouldn't have security features.



Does this work? And what is the justification for not being able to reverse it, should the owner be able to prove it is theirs?



Come on now.



Even if I concede that bricking the phone is necessary to prevent tampering. You still have to deal with the below:

1) This was not a feature of the phone before the update, and so the owner may have been acting in total ignorance, honestly. Should Apple have the right to destroy someone's phone, based on retrospective 'rules'. If the rules were in fact already in place when the 'tampering' took place, why wasn't the bricking put into effect until this update?
2) Destroying a piece of very expensive property, with the justification of increased safety of information, feels disproportionate. Wouldn't taking scissors to someone's broadband cable be an equivalent act, if it was detected that someone may have entered the house, at some point in the past, without permission?

I am open to this being justified as being legal behaviour, and if I was getting paid to research it, it would be an interesting legal question to argue in Court.

This is dubious, even before you consider the massive amount of money Apple charge for officially sanctioned repairs, the fact that those repairs are often not available outside the UK, and anti-competition laws.

A rather dramatic analogy . This is much more like one of those safes with a system where if the safe gets cracked the money inside gets sprayed with dye and can no longer be spent. That's perfectly legal and generally accepted, I think. In both cases the owner is inconvenienced but the damage caused is considered to be less onerous than the damage prevented. And this is completely ignoring the fact that if you take your phone to an official Apple repairer to get it fixed you will not have this problem, because they have systems to revalidate the touch ID sensor when they repair it.
Again, the actual problem here is that Apple didn't tell anyone they had this system in place. If they had, people would have known that they had to go to an authorised repair centre for this specific fix and nobody would have a problem.

This is more like someone taking their car to back street garage to get it fixed and then when the engine gets damaged they blame the car manufacturer (although again, that's not a perfect analogy).


No it isn't. If something was being physically damaged then it might be criminal damage and/or (if the thing was on public property) public nuisance. But the fact is nothing is actually being physically damaged, something is being made non functional via software. I'm not even sure the UK law has anything to cover this, to be honest.


How does the phone know that?


The DPA requires storage of personal information to be secure, and stipulates various restrictions and requirements that end. To have a device ignore the fact it's security system has been tampered with makes that storage insecure.


But that not having checks on those security features should be illegal?


That is a fair question. Let me ask you the corollary question to that - how does the person holding the phone prove they are the legitimate owner of the phone to a sufficient level of acceptability, given the fingerprint sensor can't be trusted? That's the root of the problem - you have to re-establish authenticated use, how do you do that?


You're the one asking for people to be thrown in jail.



I can't give you a definitive answer that question since I don't write the iPhone OS. I'd actually agree that the validation check should be more frequent than it appears to be, but my instinctive answer is this : for most phones, the only time they'll ever be switched off/rebooted is during a firmware update. So that's the only time the state of the phone can be assumed. I stand by the point that the fact this system is in place should have been properly communicated so then people could at least make an informed decision. That, I think we can agree, was a cock up. But it's not something people should be thrown in jail for.

By the way, I (and I suspect both of us) don't actually know if the phone has been 'destroyed'. It has been made non-functional, but in fact it's not damaged in any way. I think part of the story which nobody seems to have found out is if you take such a phone to an official repairer and get it properly officially fixed, can it then be restored to full function using a backup/restored from the cloud? The fact Apple's statement is that 'Apple has advised users facing the problem to contact Apple support.' suggests there either are remedial measures - which I'd be unsurprised if Apple charged for - or maybe they would be wiling to offer replacements. Until know that part, the actual loss/damage to the owner is actually unknown.


As above, I quibble with the use of 'destroyed' until we know the whole story. Your point about proportion is interesting. I think possibly those involved in security as a job tend to be more bothered about it than the population as a whole. It's possible that someone whose job is keeping things secure would err on the side of caution/over reaction (depending on your perspective) compared to joe smith in the street.

As I say, I definitely think this is something that should have been highlighted/shouted - one so people would know they had to act in particular way to avoid this happening and two because if the majority of users thought it was disproportionate, they would almost certainly have informed Apple of the fact in no time at all.


It doesn't have the justified as legal. You have to show something is illegal or it's OK, that's our legal system works. I suspect is any repair caused this issue then you'd have an 'of merchantable quality' argument, but the fact people have taken their phones to unauthorised repair shops, and thus voluntarily violated the terms of warranty, means they won't stand a cat in hell's chance of getting anywhere in court. And I also suspect there's a get-out buried in the iOS 9 terms of use.


IIRC the legal situation - with car repairs for example - is that you are allowed to take your car to any repairer, but your warranty is voided unless that repairer used officially sanctioned parts and officially sanctioned procedures. I'd be very, very surprised if anyone could prove that was true of getting your phone fixed at one of those shops with a window full of neon. So the spirit of the law seems to be 'unauthorised repairs = you accept the risk of any consequences'. Apple could probably argue that triggered anti-tamper mechanisms in these circumstances is proportionate. Whether the effect of Apple's anti-tamper system is proportionate (and whether it's' reversible) are legitimate questions, but even then I strongly suspect you're talking civil law rather than criminal law, and nobody is going to jail under any circumstances.

So every other phone on the market ever has been illegal? It has nothing to do with the data protection act.


Except the "secure infrastructure" is a sub-component of the CPU. The sensors themselves are just that, they are sensors. Replacing them should not affect the integrity of the security. Replacing the ARM processor would be a valid reason for refusing to boot. But replacing a damaged touch screen or non-functioning home button should not render the device useless. This is the equivalent of replacing the brake pads on your car at home and it refusing to start, because they weren't fitted by a dealer and now you have to buy a new car.


This stinks of protectionism. Ford, Audi, BMW etc. cannot refuse you the right of repairing your vehicle yourself or using an independent garage. The most they can do is refuse the garantee on the affected parts.


But the Touch-ID sensor is just a sensor, moving it from one device to another won't do anything, you will still need to use the finger registered to the device, the finger is registered to the secure section of the CPU, the sensor just gives the contact points of the finger placed on the sensor to the operating system.

But in the case of the money, if you take it to the bank and can prove it is yours, it is replaced. In the case of the iPhone, if you can prove it is yours, then Apple should revalidate the connections and let you carry on using the device. A fiver for running reseting it would be adequate. Disabling the device and not letting the legitimate owner re-enable it is wrong, period.


No. That would be the equivalent of taking it to a back street garage to get it fixed and then trying to claim on the manufacturer waranty, when it goes wrong and the manufacturer not saying that the waranty isn't valid, but saying, because a non-main-dealer mechanic opened the bonnet, that they will have to scrap the car on your behalf, and no, you can't take your personal possessions out of the car first.


Where is the difference. Whether it is physically disabled or disabled through software against your express will, the result is the same.


But Apple knows this, when presented with the phone and the purchase information. If they can disable the hardware, then they should be able to reset the phone.


That Apple cannot reverse them, when the official owner can prove the device has not been tampered with, but repaired, that should be illegal. If I have bought the device outright, it should be up to me to decide, whether to brick it or not.


This is something that should have been shown in big, bold letters, before the upgrade, if they are changning the rules so dramatically, that they are retrospectively bricking the hardware, without the user having a choice.


Violating the terms of the warrants would give Apple the right to refuse to repair or replace the device on a subsequent malfunction. It wouldn't give them the right to brick somebody else's property.


What does a warranty / guaranty have to do with bricking the device. Again, I would understand if they refused to replace or repair the device for free, if it had been to a third party for repairs, but bricking it is bang out of order. I have a colleague at work, he has spent the last 5 years repairing smartphones for friends. They have always worked flawlessly afterwards. Why should this suddenly change, now that iOS9 has appeared.

*Sigh*

OK Dave, I apologise for this but.. I did reply to you in detail but the quoting got screwed up and frankly, I don't think this discussion is going anywhere fruitful anyway so I can't be bothered to sort it all out. You are obviously entitled to have your view on this story and while I disagree with parts of it I think there's been enough said by now.

Have a nice Sunday.

I've been told there's a chance I could be moved from my agenty zero hours contract to a full time M&S contract in may.
I hope so. These two day weeks are killing me financially.

Hope that comes through Lev.
Apple's take on the error 53 thing:https://uk.news.yahoo.com/apple-says-controversial-iphone-breaking-100313924.html

Yet again I find myself alone in the office, while the rest of the team is on a training course. I am aware that my contract is scheduled to end at the end of March, but the Head of service has already told me that four new roles are being created and I will be able to apply for them. This brings the following question to mind... If I will be invited to apply for a new role why not give me the training at the same time as everyone else? One colleague, who is attending the training today, has been seconded to another project for a year, so won't be supporting the system in question.

The fact is that I'm being made to feel as though they are merely counting down the days until I go. Working for an infrastructure Manager who has always treated me with what I can only describe as contempt is bad enough, but why do they feel the need to give me half truths and rumours, instead of just saying that I've got 6 weeks left then I'm gone?

Better start applying for new jobs...

To a certain extent, and assuming they can't have nobody in your team available to deal with emergencies, someone was going to have to miss the training to maintain cover. However, I totally see your point if there's someone else who could have skipped it and they were serious about you being able to apply of the new positions with a reasonable chance of getting one of them. Sounds like you're going to be better off out of there tbh, a conclusion you seem to have reached yourself anyway.
I do occasionally wonder if some management training courses involve someone from HR armed with a red hot knitting needle burning out the bits of the brain that deal with things like empathy and not behaving like a twat.

A little bit of background information is in order... The organisation I currently work for has merged with another housing association and we are going to start using the housing management software that our new colleagues are currently using. there are two engineers at another site who already use the software in question and I had to transfer the phones to their office earlier, as I had to leave the office for an hour this morning. They could easily have covered the phones for the day, as I have done for them on many occasions, when they have been off sick or in meetings.

That's fine though... I know when I'm not wanted!

This. Again. Just checked up with the lot who I put a load of quotes in last year. Seems that they are pretty much all dead in the water from where I am. So plugging details into Reed’s web site - see what comes of that (hopefully some part time work to tide me over). Will have to locate my old school (which was shut down and became an academy), find what the exam board has morphed into and request O level certificate copies I guess. Are employers bothered about O levels from 1984?

I don't think I've ever been asked for my GCSE or A-Level certificates for any of the jobs I've applied for.

Generally speaking I suspect employers are bothered about two things in terms of qualifications - standard of literacy and numeracy and then whatever your most recent qualification is. They're certainly not bothered that you managed to get GCSE geography 15 years ago if you're going for an IT job. In fact, I think I'd very possibly run a mile from any employer that did make a fuss about historical qualifications. If their recruitment mechanisms are that daft/lazy, think what the rest of the place is going to be like.

Interesting... I've received an email which regarding a 3 to 6 month contract, which I am prepared to bet a small amount is my job. As in the job I am doing now, for the company I am currently working for.

I will be phoning the person in the morning, and if it is indeed my current job, my boss is going to have a very uncomfortable conversation in store.