Yottabytes: Storage and Disaster Recovery

Feb 19 2016   3:03PM GMT

FBI Finds ‘Perfect Test Case’ to Force Apple iPhone Encryption Issue

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

Tags:
Apple
Encryption
FBI
iPhone
privacy
Security
smartphone

Okay, it’s another government vs. encrypted smartphone situation. But this one is different.

Syed Rizwan Farook and his wife Tashfeen Malik, who last December killed 14 people and injured 22 others in San Bernadino, had an Apple iPhone 5c. The Federal Bureau of Investigation (FBI) wants to see what’s inside the phone, and it’s asking Apple for help.

So far, this sounds like your standard encryption case – Apple says it doesn’t have the password, and can’t decrypt the phone, so the FBI is out of luck.

What’s different in this case is that that’s not what the FBI is asking for. Instead, the FBI is asking Apple to write a new version of the phone’s operating system that will make it easier for the FBI to break into the phone.

The iPhone in question has several security features to help protect it against attacks, such as wiping the phone after 10 incorrect password attempts in a row, forcing passwords to be entered via the phone screen, and implementing a pause in-between password attempts. The FBI wants Apple to write software for that phone – and, it claims, only that particular phone – to eliminate those restrictions, so the FBI can more easily implement a brute-force attack against the device.

(Now, if the shooters had used a fingerprint rather than a passcode to encrypt the phone, the FBI would be in the clear. In fact, they could have even used the fingerprint from the dead shooter to open his phone.)

For the policy wonks, the FBI is using an ancient law called the All Writs Act of 1789, which is intended to compel a third party to help with a criminal investigation. Let’s say you stole something and put it in my safe. All Writs can be used by law enforcement to make me open up my safe to retrieve the stolen property.

Apple, though, is refusing, claiming that were it to write such an operating system hack, it could get out into the wild and be applied against any iPhone. (Including, Apple now says, against more modern iPhones that have even more security features built in.) “World War II, especially in the Pacific, turned on this sort of silent cryptographic failure,” writes Ben Thompson in Stratechery. “And, given the sheer number of law enforcement officials that would want their hands on this key, it landing in the wrong hands would be a matter of when, not if.”

Moreover, Apple is concerned about the implication of using the All Writs law in this fashion. “If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data,” writes Apple CEO Tim Cook in an open letter. “The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”

Also, having once let the genie out of the bottle, what’s to keep the FBI from coming back and requesting this software hack again, in a different case? Or even, writes Farhad Manjoo in the New York Times, prophylactically? “Once armed with a method for gaining access to iPhones, the government could ask to use it proactively, before a suspected terrorist attack — leaving Apple in a bind as to whether to comply or risk an attack and suffer a public-relations nightmare,” he writes.

Apple could also be subjected to the same pressure from other governments, Columbia University computer science professor Steven M. Bellovin (who has just been appointed the first technology scholar for the NSA’s Privacy and Civil Liberties Oversight Board) told CNN.

Naturally, the FBI is using one of the more heinous recent cases of record to force the issue. Terrorism is right up there with child pornography in terms of being one of those crimes that of course you don’t want to be seen supporting. “For the administration, it was perhaps the perfect test case, one that put Apple on the side of keeping secrets for a terrorist,” writes Matt Apuzzo in the New York Times.

One could even speculate that the FBI doesn’t actually need the information on the iPhone, but is simply using this case to establish the precedent.

But having once established the precedent, the software could be used again. Already, notes the New York Times in an editorial supporting Apple, another federal magistrate judge in New York is considering a similar request to unlock an iPhone, this time in a narcotics case. The editorial also pointed out that Apple had already given the FBI data from the phone’s iCloud backup, and that the All Writs Act has a provision against unreasonable burdens. (Manjoo also notes that future versions of the iPhone could potentially close any such loophole.)

At this point, the usual suspects are all lining up on one side or the other on the situation, with some agreeing with Apple and others saying that the company is overreacting. For example, Apple is calling the FBI’s request a “back door,” but is it really? It depends on the definition you use, Thompson writes. “Cook is taking a broader one which says that any explicitly created means to circumvent security is a backdoor,” he writes. But to some, a back door is a way to bypass encryption specifically, which is not what the FBI is asking for, he explains.

Some observers believe that, thus far, Google is equivocating in its support for Apple. What makes it interesting is that Google, along with Apple, was the other company that announced in 2014 that it was turning encryption on in phones by default. Does that mean, if criminals used a Google phone, Google might be more likely to cooperate in breaking the phone’s encryption?

Apple may also feel freer to take a stand on the issue because, unlike Facebook, Google, and Twitter, its business model isn’t as strongly predicated on gathering data from users, write Nick Wingfield and Mike Isaac in the New York Times. In addition, Apple has fewer government contracts that could be at risk than do some of its competitors, they added.

Apple has received an extension from the original February 23 deadline and now has until February 26 to agree to comply.

Or not.

27  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • jconne
    Excellent summary. The context is appropriately considered as exceptional - an act of war in current historical context. The principle of individual right to privacy and the threat of our government's accelerating abuse of individual rights in general must be taken seriously. In this case, setting precedents is a matter of principle. Do we want enemies of free people to think they can hide from justice with this technology? Do we want to enable those abusing their proper role in government of protecting our rights?
    20 pointsBadges:
    report
  • Larmire1

    My two cents worth - Apple is more concerned with its bottom line than the security of the country that allowed it to become the company it is today.  Apple is putting the 'security' concerns of a few iPhone users over the security concerns of our country.

    I have to side with the FBI on this one.

    50 pointsBadges:
    report
  • Ricken67

    Many are mistaking this as a simple case that affects only 1 phone; rather it would affect ALL Apple phones. If you trust our government with this much information, go ahead and give them the combinations to your safe and other private belongings.

    10 pointsBadges:
    report
  • VisionaryGEE
    If both parties can come to an agreement that would maintain the privacy of the customers that would be great. However government agencies continues to show lack of professionalism in maintaining privacy of its customers and workers with various breaches within those government agencies. My support is with apple.  Government need to develop a universal encryption solutions consisting of flexible encryption engines for work around's that would only pull information from hardware, software and content.
    10 pointsBadges:
    report
  • Gigabob635
    Why is this about AAPL vs FBI?  I see a clear issue with Congress being allowed to abdicate its responsibility to develop legislation to address national needs.  The president proposes, Congress disposes - they decide details on how to implement policies for Cybersecurity, immigration, health care, education.  So far the job does not seem to be getting done.  Even if the FBI gets its wish in this very special case I don't see the "answer" occurring for another year or more - after this issue goes to a potentially deadlocked Supreme Court.  Oh isn't Congress supposed to hold hearings on Court Nominees?
    120 pointsBadges:
    report
  • guyfleurant
    Pure Stupidity by lazy peoples. The law of less efforts.
    10 pointsBadges:
    report
  • Gigabob635
    I disagree this is simply about AAPL's bottom line.  Realize that in the process of adjudicating this case it will become clear that the easiest path to avoid the "privacy dilemma" associated with a possible iPhone 5x hack - its to move to the much more difficult to hack iPhone 6 and use the fingerprint access.  This would seem to be a major win for AAPL. Instead they are drawing a line here and calling for a debate, both on legal grounds and in the court of public opinion.
    120 pointsBadges:
    report
  • TheRealRaven
    This is clearly not about AAPL's bottom line. It's sad how short-sighted so much of the public is. A favorite line of their's for years has been "If you've done nothing wrong, you have nothing to hide." That's total fantasy ans only shows how little is understood by those who make such arguments.

    In the U.S.A. as well as other countries, privacy and secrecy are cornerstones of entire economies. Most segments of civilized life rely on them. Lawyers giving advice to clients, voting preferences, doctors and patients, investigative reporters (especially investigating corrupt governments), businessmen making deals,... those and more are only possible in private. It rarely has anything to do with whether or not someone has done something wrong.

    I can see that there is a chance that some small bits of useful info might be retrieved from the target phone. It seems very unlikely that any of it will uncover a significant network of terrorists that was previously unknown. It seems almost certain that this was just one more individual (couple) who made a personal choice.

    IMO, there doesn't seem to be nearly enough to be gained in exchange for what would be given up. The FBI should be refused.
    21,845 pointsBadges:
    report
  • Gigabob635
    I quite agree with your position - except that the plausibility of gaining any useful information from the target phone is highly suspect.  This was the terrorist's work phone - and was not destroyed - but his two burner phones were totally destroyed.  Odds are they had more than enough discipline to assure segregation of activities between the public persona seen in the work phone and the secret communications destroyed in their burner phones.  That is why there is no real urgency with this effort and goes to the point this is a test case specifically chosen by AAPL and the FBI to test in the court and use the create law in the absence of legislative action.
    120 pointsBadges:
    report
  • kdhfjdhg
    I find it quite contradictory that Apple retail stores willingly unlock any password protected Apple computer that you bring them, (without requiring proof of ownership), but it’s against their corporate policy to unlock a device for a criminal investigation. According to Apple employees, it’s not their job to verify someone requesting access to a device has the right to do so or not. Perhaps the people protesting outside Apple Stores should be more concerned that local store policies are far more likely to put their personal information at risk than legitimate federal investigations. Additionally, for every stolen device unlocked by Apple, a victim will likely purchase a brand new Apple replacement - what a coincidence?!?
    40 pointsBadges:
    report
  • TheRealRaven
    @kdhfjdhg Can you provide any verifiable citation for Apple retail stores unlocking devices on request? We should follow that up to see how it works. Naturally, if that was a common happening, an FBI agent could simply hand-carry the phone to a nearby Apple store and say "I lost my password."
    21,845 pointsBadges:
    report
  • kdhfjdhg
    My daughter's computer was stolen about 2 years ago and we were lucky enough to get it back, but the password had been changed.  We took it to the Apple Store in Ardmore PA and they reset the password no questions asked.  I was quite surprised at this and posed the question "what if this was a stolen device?" The employee told me "it wasn't their job" to police ownership because devices change hands all the time ,and it would be too difficult to figure out. He said it was Apple's policy, regardless of the store. I had no idea they did this, but my teenage kids were well aware of the policy. I never tried it with a phone, as I said in the post, it was a computer.  If you want to verify, take a laptop to your local retail store & see what happens.  
    40 pointsBadges:
    report
  • Larmire1

    Seems the more you read about exactly what the FBI is asking of Apple, the more it appears that Cook is feeding the media BS about this ''backdoor hack'.  Apple store policies and Tim Cook's stance appear to be a bit contradictory.

    Seems like the further this fiasco goes, the more Tim Cook is in it for the attention the media is giving Apple.  Should it come to pass that the FBI wins this battle of 'who can hold out the longest' and Apple is found in contempt, perhaps Cook should spend some time in handcuffs or jail.  Maybe then he might come to appreciate the opportunities this country has given him and his company.

    As for as the privacy thing goes, a friend of mine put it this way, 'If you are naïve enough to believe that you can carry around all of your worldly secrets in a device that can be so easily lost of stolen, well....................

    50 pointsBadges:
    report
  • TheRealRaven
    Changing a password is radically different from bypassing a password to retrieve protected data. They are effectively unrelated.
    21,845 pointsBadges:
    report
  • Larmire1
    You are absolutely correct.  The two processes are radically different. But the end results is the same. Had the FBI simply walked the phone into an Apple store and asked a service rep to change the password, we would not be having this discussion would we?
    50 pointsBadges:
    report
  • TheRealRaven
    @Larmire1: Of course Cook's comments were mostly "BS", as they needed to be. The comments so far have been directed to the general public. IT professionals were not the intended audience since they should already know whyat's at stake and how a 'solution' would work inprinciple. (Those that don't possibly are in the wrong industry.)

    Cook can hardly be expected to speak to the "average American" and give explanations that make clear technical sense. It takes years to understand the foundations, and that understanding cannot be presented in 10 minutes or even 10 hours. So, "BS" with simplistic analogies is required and should be accepted as a 'given'.

    As far as trusting personal info to a device that can be lost or stolen, it should indeed be expected to be safe when the info is encrypted and hardware protected. People have carried checkbooks around for many decades with far less protection (i.e., "none"). And whenever advances such as debit cards protected by PINs come around, people naturally begin migrating to the technology that seems safer. Try asking people around you to see how many carry a wallet small enough to be lost or stolen. (Ask you naive 'friend', too.)

    Few people believe that any of that comes with an absolute guarantee. However, most will claim that they believe in protections such as the 6th Amendment. Question now is how many are willing to act as protectors of the Amendment and others?

    It's hard to be sure "how many", but it's interesting to note that there apparently is a slightly higher percentage of Republicans (and Independents leaning towards Republican) than Democrats who support the FBI's side in this. What makes that interesting to me is that that political leaning has generally been that government has become too powerful and needs to be cut back on its powers. Yet here's another example of increasing actual power in a secret way, and the majority of those who think government is already too powerful think it now needs more. No wonder Donald Trump openly courts uneducated voters.
    21,845 pointsBadges:
    report
  • TheRealRaven
    @Larmire1:The issue of the Apple Stores is probably moot since there is zero evidence that it can be done and almost overwhelming evidence that it can't be done.

    Maybe the strongest evidence is that not a single past or present Apple Store employee has volunteered to do it. Such an employee might be either simply disgruntled with Apple or overly "patriotic". There are plenty available (in and out of country), but apparently are capable.
    21,845 pointsBadges:
    report
  • TheRealRaven
    Sheesh... "not capable"... How nice would a simple edit function be?
    21,845 pointsBadges:
    report
  • Larmire1

    Alas, the politics of it we can both agree on. Personally I believe if words such as 'Democrat', 'Republican', 'Liberal' and 'Conservative' and phrases such as 'along party lines' were stricken from the dictionary, we might just be better off as a country.

    But I digress.  I believe eventually the FBI will get whatever information they seek from the phone.  I only hope it is not too late or hold information that could have been used to prevent similar incidents.

    50 pointsBadges:
    report
  • kdhfjdhg
    Changing a password is perhaps a more simplistic method, but it’s certainly not a different issue. It’s a total privacy breech, just on another level. The Apple store effectively gives an unauthorized user access to information that the original user intended to keep private. And it’s not a single employee, it was modus operandus, Apple Store policy. At least it was at the time. As for evidence, has anyone tried to do this lately?
    40 pointsBadges:
    report
  • Azstec
    We have dug up some information that indicates that the iPhone in question has already been cracked and that this supports Sharon's contention that this is a test case and in fact may be a "thin edge of the blade case" Plus other legal summaries.
    https://articles.azstec.com/
    40 pointsBadges:
    report
  • wolfgang2
    This is a non-US-American view, so don't take it too seriously.

    Thirty years ago, when I was young, the basic view about the US was the stronghold of civil rights and the USSR was exactly the opposite. Now I'm biased. My wife is from Bearus - where the "last ditator of Europe" rules. I have been several times in this country, live there for about two or three month a year. I have seen parts of the US, too. I was working for about one year in Oklahoma in the pre 9/11-USA. This country was different than the USA of 2016. In the 1990ies there was a mood not to trust these guys in Washington and to do something about this. Nowadys Americans swallow the loss of their rights in an exchange for more security - which is, as proven by the Boston bombers, an empty promise.

    Today I see something different. The ways the government and their helpers in these two countries are hardly to distinguish. Mentioning that there is no privacy, see the article - the Belarussian government is most probably delighted about that argument. I'm not. I don't care who wants to intrude my privacy, I do everything to keep them out and I don't give a damn... - you know what - whether these guys have a badge from the NSA, the KGB, the FSA, a chinese, french, german or whatever...

    Then the misuse of the word terrorist. Who is a terrorist? A legal definition is missing in the so called civilized world until today. The British tried only to recognize that their definition made their own prime minister a terrorist and all the pilots of the unmanned aerial vehicles in the Pentagon, too. So to make things easy the declaration who is a terrorist is done by the government - Belarus agrees! All that spying on the citicens - Belarus would like to have PRISM&partner programs. Belarus has state security laws formulated so imprecisely... like, to take just one example, the anti spy laws of the US. The upper ranks of the governmental organisations may lie to the public - see Jaspers not knowing anything about mass surveillance - and nobody cares while the lower one go behind bars for decades. Like in Belarus. Even the border controls are so similar and last comparable time... There are differences. Waterbording is called torture in Belarus, but not in the US. One gets much more prison years in the US for telling the truth about bad behaviour of the government than in Belarus.

    But to the topic: As an business man I have to hide something. Calculation of prices of my products, for example. The detailed informations about my patents. Of course I don't want nobody different than the ones who have to know about that - which is nobody outside my enterprise and my family. For that reason is real encryption a must. If the FBI must break these iPhones, O.K., but as a consequence these mobiles don't deliver what is a basic need for me. What's next? No secret talks via Skype?

    No, my dear Americans, go back to your roots. The land of the free is over.
    50 pointsBadges:
    report
  • TheRealRaven
    @wolfgang2: A lot of Americans still agree with you. One point -- "the word terrorist". Following from that is the ridiculous application of the term "national security" to the San Bernardino case due to "terrorist" involvement.

    There isn't the slightest chance that the U.S.A. will cease to exist because of such cases, so
    "national security"doesn't have a part in it and shouldn't be invoked as a justification. Even the 9/11 attacks were far from shattering actual "national security". It's more accurate to say they shattered the "(falsely held) national sense of security".

    The infringement on basic human rights is where the bigger threat to "national security" lies. And the evidence is in how many Americans are willing to allow it.
    21,845 pointsBadges:
    report
  • Larmire1

    @TheRealRaven:  I agree that ‘the infringement on basic human rights is where –a significant degree of the threats – to national security lies’.  All the way to the point where it happens to you or your loved ones.  One of the multitude of tasks that our law enforcement agencies has on its plate is the responsibility to protect the citizens of these United States.  If they are prevented from doing so by tapping into the resources of the technology companies who live and thrive in these United States in order to accomplish this then I certainly don’t want to hear you cry when your family and loved ones become the victims of radicalized idiots such as the San Bernardino incident.  Particularly when it may have been prevented by the simple task of allowing law enforcement access to data inside the devices of such characters, all in the name of profits, $$$!

    Having been in IT for 25+ years, I applaud the cutting edge companies and their contributions to technology, albeit in the name of greed sometimes.

    Having been in law enforcement in a past life for 10+ years – and I by no means always agree with their methodologies, I am aware of their (law enforcement agencies) constraints, their lack of cutting edge technologies and their backwards thinking sometimes.

    I say again, if Cook and company refuse to assist law enforcement by simply allowing them access to data in these devises all in the name of protecting their (Apple) bottom line and continuing to profess that they are ‘protecting the user’s privacy’, then let him 1. Spend a few weeks, months in incarceration or 2. Move himself, his family and his precious company to another country.  Perhaps then it will open his eyes to the plight of the victims, past, present and future of his ignorance and lack of loyalty and appreciation to the country that allowed him (Apple) to become the company they are today.

     

    50 pointsBadges:
    report
  • Sharon Fisher
    I was interested to read an article in the New York Times saying that law enforcement already has another dozen or so cases queued up where they want to demand that Apple provide access. It belies the contention that their request is only for this single phone. 

    And sure, this would make law enforcement's job easier. But there's all sorts of things that would make law enforcement's job easier that we don't do.
    9,095 pointsBadges:
    report
  • Gigabob635
    One thing to keep in mind is that phones and wallets are rapidly converging in a world of global e-commerce.  When your new Wallet-Phone is decrypted - or a backdoor opened - feds, criminals or terrorists have access to your funds, bank accounts and a running record of everything you buy.  That I feel is the larger concern that has caused the impasse between AAPL and the FBI.  Previously it was limited to isolated systems and getting some key data.  Now the FBI is asking for a more generic tool applicable to a class of objects.  If that is granted for one class - the precedent is set for future classes.  American protection in the event of a cyber theft is pretty porous.  The last thing we need is another hole in the dike, especially when we, America, are the most vulnerable.  The next first strike on American soil will be made with bits not bullets.
    120 pointsBadges:
    report
  • TheRealRaven
    @Larmire1: "Move himself, his family and his precious company to another country." Exactly what I think should be done by those who keep wanting to weaken our rights for the very tiny chance of increased personal safety.

    We can save far more lives merely by better enforcement of common traffic laws, so asserting that this has anything to do with "national security" is hardly anything but B.S. We can save more lives by stopping our meddling in parts of the world far outside our borders. We can save more lives by better attention to toxic waste dumps, by more mature attitudes about climate effects, by even partially rational approaches to drug addictions or to inner city youth gangs or to almost any national issue we might name.

    This specific issue is almost trivial except for the element of privacy, and that goes to effects potentially involving all citizens for perhaps the next century or more.

    As for Apple's "bottom line", that's another bit of smelly B.S., since there's no evidence of any relationship at all. It's just another talking point with no substance. If that was of any significance, Apple could have done it all quietly. Further, if they eventually are forced to go along, the very likely probability will simply be a new generation of iPhones to sell that have much more hardware enforcement that no software will be able to get around.

    Apple would possibly be glad to need to bring more advanced, more secure gadgets to market. Their "bottom line" is far more likely to benefit from their losing this challenge.
    21,845 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: