Krstić: “Here’s how we reduce the chance that even Apple can access or alter X, and here’s how we can make that credible.”

Ross: “Even if you make X cryptographically airtight, the real fight becomes political/physical coercion: ‘ship this or else.’”

Those can both be true at the same time.

I don't understand.

That article (written in 2016) says that Apple will build unbreakable phones in the future. Now is the future. So it seems to imply that Apple phones today are unbreakable.

Also, where does the article discuss "all of these protections"? (HSMs, rate limits, etc.)

> So it seems to imply that Apple phones today are unbreakable.

Indeed. If you don't control the "unbreakable" security though, then the lock is not for your benefit.

> where does the article discuss "all of these protections"?

You could read the danged article, it's pretty clear about the vulnerability of proprietary mitigations. I hate quoting spoilers verbatim but here you go:

  The sharper you get, the more important the work. But the more valuable the work, the craftier — and more determined — your adversaries. Every attack is more novel than the last. [...] By the time you land an engineering gig at Apple, you are a twitchy, tinfoily mess.

  And it is in this spirit that you develop one of the most secure systems the world has ever known. [...] So adversaries be damned: You finally win on the merits. But who said anything about meritocracy? During the champagne toast, Mr. Fart steps from behind the curtain and pulls the pistol of last resort:

  “Don’t ship this. Or else.”

That quote is about building security vs not building security. It's about the government potentially ordering Apple to not build security. It's not about proprietary security vs non-proprietary.

Nothing in the article is saying that HSMs, rate limits, etc are weak.