said by ChiefTom :

What you seem to be failing to realize here is that prior to the 3.1 patch your iPhone was reporting to Exchange that id had Hardware Encryption when it did not. In other words, it was lying! It was tricking Exchange so it would allow data the data owner had decided needed to be encrypted at rest to be downloaded and stored without hardware encryption.

That my friend IS cause for a Lawsuit.

said by ChiefTom :

What you seem to be failing to realize here is that prior to the 3.1 patch your iPhone was reporting to Exchange that id had Hardware Encryption when it did not. In other words, it was lying! It was tricking Exchange so it would allow data the data owner had decided needed to be encrypted at rest to be downloaded and stored without hardware encryption.

That my friend IS cause for a Lawsuit.

said by Matt :

Exchange 2007 SP1 was released in May of 2008, you bought your iPhone 3G in November of 2008. It is not Apple's fault you didn't research this issue before buying one.

said by wingrider01 :

/rofl so speaks one that has not used Exchange 2007 in a large environment

said by rradina :

Does anyone know why you have to have a "hardware encryption chip" to encrypt e-mail on the iPhone? I understand that asking the general purpose CPU to perform this task may cost battery life and performance but isn't it possible to offer this to pre 3GS users and still adhere to the Exchange policy?

The iPhone supports HTTPS which is at least 128-bit encryption. Are there requirements from Exchange that specify it has to be something only a hardware encryption chip can perform?

This seems senseless on Apples part for not being able to perform software encryption of the e-mail. Perhaps I'm just twisting in the wind because I don't understand the complexities but it just seems like the hardware chip would enable the 3GS to perform faster and use less battery life when working with encrypted e-mail. Great -- that's part of the allure of a 3GS, it's faster. This doesn't mean pre 3GS users have to get locked out of Exchange. Surely some form of minimal and efficient software encryption can be performed on pre-3G phones that adequately protects corporate e-mail.

said by itguy05 :

quote:

---

Shouldn't the server know its on an encrypted connection?

---

Yes but you are talking about crappy MS software (Exchange) here and like with all things Microsoft, it's neither reliable nor stable.

said by Daemon :

I work at a health care research institution. Even though none of our lab members ever handle patient data, we still have to be trained and aware of HIPAA rules, and ensure that HIPAA-protected data does not end up on our machines, because we are not following the more strict set of protection standards.

It's been several days since we last heard from our exchange server administrators. I suspect they are weighing HIPAA against the complaints of a thousand or more faculty and students grousing they no longer have exchange connections. (They haven't disabled the required encryption policy yet)

said by ssj4android :

Just curious, what about iPods? Do the new 32 and 64 GB support encryption while the rest don't?
And I do think it's stupid Apple isn't even giving people the option of using software encryption.

said by avd706 :

The same guy in charge of MMS was in charge of encryption? Why cant the unit encrypt a folder or two with software?

said by Daemon :

Yes, but the feature we are talking about is not the connection between the server and the device when downloading emails (SSL), it's encrypting the data on the device after it's downloaded. It's so that in case the device is lost or stolen, someone can't remove the data storage chips/drive in the device and download all of the information on it, bypassing the password. If it's encrypted, they'll need the password or the data will just look like a garbled mess.

It's like encrypting your home directory on a mac.

said by Youngjm :

Some industries such as Health Care require mobile devices to be encrypted. This just fixes that setting so that admins be assured of compliance with outside agencies.

IMHO.

said by avd706 :

Shouldn't the server know its on an encrypted connection?

said by Daemon :

Aside from Microsoft issuing signed certificates to handset makers to include on ActiveSync devices, how would Microsoft enforce it on the server side? Devices could just claim to be encrypted. I suppose since ActiveSync already requires licensing, having a Microsoft-maintained 'whitelist' wouldn't cause too much grousing, but MS already takes a lot of flak for not being interoperable.

said by avd706 :

Shouldn't this be enforced on the server end and not the client end anyway? This is just poor design by Microsoft.

said by Daemon :

Functionality wasn't taken away per se. Microsoft added a feature to the Exchange 2007 system. Apple then started supporting that feature, which is to prevent connections when the Exchange server forces encryption.

The 3G has NEVER supported encryption. Nothing was taken away.

It's a hell of a lot worse for Apple to just let 3Gs connect to the server anyway. Having a bunch of non-encrypted devices connected to an exchange server that is supposedly requiring encryption is a nightmare for IT managers and companies that have sensitive data in emails.

said by PhoenixDown :

However... if the IT group did allow it, and I saw the iphone supported exchange syncing (I'm sure I saw it for the 3G, not 100% about the original) -- I would've bought the phone on that assumption and been REALLY pissed if that functionality was taken away in an update like this.

said by PhoenixDown :

However... if the IT group did allow it, and I saw the iphone supported exchange syncing (I'm sure I saw it for the 3G, not 100% about the original) -- I would've bought the phone on that assumption and been REALLY pissed if that functionality was taken away in an update like this.

said by godlikesme :

Asking the IT department of a major corporation or government agency to relax it's security settings for individual users would be like forcing TV stations to continue broadcasting in analog. (emphasis mine)

said by bbarrera :

[
Secondly the Enterprise Deployment Guide provides a list of Exchange ActiveSync policies that are enforced on the device. Again, if EAS policy enforcement was vital then someone reviewed the document and quickly determined if the subset supported by Apple was sufficient. I see no 'crime' when Apple's enterprise deployment guide makes it clear what policy are enforced on the handset.

said by godlikesme :

I am not sure if you all read my first few posts but in case you didn't let me give you the gist of my argument.

I have no problem with the whole hardware encryption thing. Personally I think it should be a requirement for all corporations and government agencies. The beef I have with Apple is that they knowingly manufactured, marketed and sold a product that they knew was missing a vital feature

said by NOVA_Guy :

OK, so there is a difference there. Thanks for clearing that up.

Is there some way that encryption/decryption for this purpose can be done by software, or is it a hardware-only option? If hardware-only, then it's pretty hard to fault Apple. If not, then it still seems like a problem that Apple has the responsibility to fix.

said by godlikesme :

Again, I think the absence of new email notifications for messages in subfolders is a much, much, much bigger issue than anything people are complaining about right now. As much as I want Flash, I can "somewhat" understand the issues that might be causing the delay but with the whole subfolder thing there's just no excuse.

said by godlikesme :

Maybe I am over-reacting a bit. It's barely been 24 hours since the update was released and I should at least give Apple a chance to respond to the issue.

If a reasonable solution can be implemented then great. I would be totally amicable to some form of settlement that would either allow me to get out of my contract without penalty or upgrade to a 3GS for free or at a reduced price. I am a reasonable person. I have been using my current iPhone for almost 10 months and it wouldn't be fair for me to demand a "free iPhone 3GS". Perhaps Apple could have some sort of "Exchange for Exchange (i.e. MS Exchange)" program.

said by godlikesme :

I purchased the 3G back in December of 2008 only because I was told it supported MS Exchange. There was no literature about it not having hardware encryption that if implemented by my IT department would not allow me to access corporate email.

said by godlikesme :

You are entitled to your opinion but I feel pretty cheated.

said by godlikesme :

Not to jump the gun here or anything but I think this may be grounds for a class-action lawsuit for 3G owners. [snip] There was no literature about it not having hardware encryption that if implemented by my IT department would not allow me to access corporate email. [snip] Either way, this is bad news for all the 3G corporate users out there and something must be done. Anyone for starting a petition?

said by Daemon :

Previous versions of Microsoft would have thought 'requiring X when not all devices in Y may support X would break stuff, so we'll disable it by default for maximum compatibility'. New Microsoft says 'leaving X as an option by default may cause many people to never enable it, leaving things less secure, so we'll turn it on by default'.

My perspective is the new M.O. is a good thing-- make people acutely aware that allowing compatibility may cause security holes.

said by Matt :

That setting is the default in Exchange 2007.

said by Daemon :

See my edit above, which was a simulpost with yours.

said by Matt :

Hrm, luckily I'm the Exchange 2007 Admin and I do believe there is a policy setting for encryption on mobile devices. I always assumed that my iPhone honored that setting ... I'm going to investigate now.