Over the past week or so, we have seen an escalation between Apple and the FBI in regards to unlocking the iPhone belonging to one of the shooters involved in the San Bernardino, California. terrorist attack in December.
The latest on the fight is that both the FBI and Apple CEO Tim Cook have been invited to a hearing of the House Energy and Commerce Committee on privacy and national security “to explain to Congress and the American people the issues at play and how they plan to move forward.”
There are people with strong opinions on both sides of the fence as to what is right and what is wrong in this instance. This is something worth keeping an eye on for anyone who owns a smartphone, is concerned with privacy or works on the Internet. Be sure to stay tuned into Threatpost for all the breaking news on security and privacy.
In case you’re behind on the news, here is a quick overview to help you pick a side in the debate.
— Fabio Assolini (@assolini) February 22, 2016
Reportedly, Apple gave the FBI data that was backed up to the iCloud service from the San Bernardino shooter’s phone. The last copy was made in October 19, when the criminal allegedly stopped backing up the phone. The FBI wants the newer data to fill in the gaps and has a court order, which tells Apple how exactly the company should help with the investigation.
That is to say, the FBI want Apple to:
1) disable the functionality that wipes the memory when more than 10 wrong passcodes are entered in a row;
2) create a software that can enter passwords automatically;
3) disable the delay between each passcode entry.
In other words, the FBI wants to bruteforce their way into the iPhone and ask have asked Apple to turn off all security constraints. If Apple agrees, the FBI could unlock the iPhone in several hours, instead of years.
ICYMI: The FBI is scaring people into being worried about weird implausible theories of terrorism. https://t.co/ymatij7Qk8
— the grugq (@thegrugq) February 20, 2016
Apple CEO Tim Cook published a message to customers saying that the company had already shared with law enforcement agencies all data it had. Cook rightly noted that the FBI asked Apple to make a “master key;” “Now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.”
There are obviously a number of open questions that may need clearing up, so we’ll do our best to summarise below.
What laws is the government relying on, in this case?
It’s a good question. The government is using the All Writs Act that was signed into law in 1789. Basically, this act helped establish the judiciary system in the US, which was rather young at the time. The act was giving federal courts the power to issue orders that do not fall under a pre-existing law. Gizmodo published a detailed review of the act and how it is used by the justice system that is worth the read.
Why does the FBI need Apple to hack the iPhone?
FBI agents aren’t able to do this as Apple’s security measures are too strong.
But there are other facts.
Recently Apple invited journalists to a separate conference call, which was held under strict rules: nobody was to cite Apple experts word for word, or to disclose their names. The company revealed that FBI accidentally reset the San Bernardino shooter’s iCloud password. If the bureau did not do that the phone would automatically synchronise with the Apple iCloud and make a fresh back up and Apple would have been happy to share it with the agents. However, now that the password has been reset, this is no longer possible.
Where do the parties stand?
Apple’s public position was revealed in February 16: the FBI’s idea was equal to the backdoor development. This solution endangered Apple customers, so the company didn’t wish to comply.
The FBI responded quietly with a court claim in February 19. According to the bureau, Apple could help but has decided against in favour of protecting its brand.
Can Apple do what FBI requires?
Maybe. Tim Cook’s announcement doesn’t include a clear response to the question: ‘is it possible?’ Of course, Apple is the developer of the iPhone software and hardware, so they have the full technical know how if they decided to do it. Following the results of the “secret” Skype-call with Apple employees, Gizmodo confirmed that it is technically possible for the company to create this kind of software, if required.
According to the FBI, there is nothing to fear. The bureau claims, that Apple can bound the hack to the terrorist’s iPhone only. Moreover, allegedly the FBI hasn’t asked the company to share this software with their specialists. From Apple’s point of view, if such a solution was created, cybercriminals will devote resources trying to recreate it and produce their own backdoor.
— Kaspersky Lab (@kaspersky) February 19, 2016
This story has landed at the right time and the right place. The Apple vs FBI fight is part of a larger discussion around encryption with privacy advocates concerned about the ramifications of opening up encryption to governments.
So why does encryption matter?
You see, encryption is made of math, not magic. It’s impossible to weaken it for a charmed, or select, circle. As soon as encryption is weakened, it’s no longer safe to use. Period.
— Kaspersky Lab (@kaspersky) February 19, 2016
In fact, every time encryption is threatened, our privacy is put at risk, as well as the security of our data and communications. The consequences to weakening encryption will be damaging to us all.