The confrontation between the FBI and Apple over decrypting an Apple iPhone 5C used by Syed Rizwan Farook, one of the San Bernardino terrorists, who murdered fourteen and injured twenty two more on December 2, 2015, is a very interesting story.
At first blush the story seems quite simple. The FBI clearly wants to know what is on Farook’s phone, as it could potentially tell them if the terrorists had accomplices, as well as if they were in touch with other potential terrorists before the attack. Everyone involved (other than perhaps their accomplices if they exist) wants the FBI to get the information on the phone.
In fact, Apple assisted the FBI in getting all the information backed up to iCloud, and offered advice on how to retrieve the data from the locked iPhone. That advice was simply to plug in the phone in the presence of a known WiFi network, which might have triggered an automatic backup to iCloud of the more recent data. This would not have been affective if Farook had disabled backups, but otherwise would have sent a backup to iCloud that Apple would have been able to provide the FBI.
The reason this method didn’t work for the FBI was that they had the Farook’s employer, the San Bernardino County Department of Public Health, change the iCloud password for Farook’s phone “in the hours after the attack”. That action prevents the iPhone from automatically backing up to iCloud. In this case, it means that the most recent six weeks of data is not backed up, and now cannot be accessed without the user’s screen lock passcode. As part of the iPhone’s security, Apple automatically disables the phone is too many wrong passcodes are entered into the phone. That means the FBI cannot just enter the 10,000 possible passcodes sequentially until they get the correct one. It is this security feature – the disabling of the phone for repeated passcode attempts – that the FBI wants Apple to remove from the phone.
Let’s take a step back. Apple offers very clear guidelines to law enforcement, explaining what data Apple can provide them with with a proper warrant. The guidelines provide the exact text which they say needs to be in the search warrant for Apple to be able to comply, which is the following:
“It is hereby ordered that Apple Inc. assist [LAW ENFORCEMENT AGENCY] in its search of one Apple iOS device, Model #____________, on the _______ network with access number (phone number) _________, serial3 or IMEI4 number __________, and FCC ID#_____________ (the “Device”), by providing reasonable technical assistance in the instance where the Device is in reasonable working order and has been locked via passcode protection. Such reasonable technical assistance consists of, to the extent possible, extracting data from the Device, copying the data from the Device onto an external hard drive or other storage medium, and returning the aforementioned storage medium to law enforcement. Law Enforcement may then perform a search of the device data on the supplied storage medium.
It is further ordered that, to the extent that data on the Device is encrypted, Apple may provide a copy of the encrypted data to law enforcement but Apple is not required to attempt to decrypt, or otherwise enable law enforcement’s attempts to access any encrypted data.
Although Apple shall make reasonable efforts to maintain the integrity of data on the Device, Apple shall not be required to maintain copies of any user data as a result of the assistance ordered herein; all evidence preservation shall remain the responsibility of law enforcement agents.”
Note that Apple writes in the text that they “may provide a copy of the encrypted data to law enforcement but Apple is not required to attempt to decrypt, or otherwise enable law enforcement’s attempts to access any encrypted data.”
The FBI clearly already had such a search warrant issued, and Apple clearly already complied with it and provided them with the data that was more than six weeks old from the iCloud backup. Now the FBI wants that encrypted data, which Apple is fighting. Why is Apple fighting this? If they could access the data, then why wouldn’t just hand it over to the FBI like they did the iCloud backups? The answer is complicated. The short version is they have never done it, and if they do it now, they’ll be opening up the floodgates to probably thousands of iPhones in the possession of law enforcement that they want hacked.
The long version is that Apple looks at this as a civil rights issue. Apple has worked hard to make their devices secure for their customers. People trust their phones with all kinds of personal information, and don’t want that information available to the outside world. In addition, the FBI has used the All Writs Act of 1789 to pursue their unprecedented request for Apple to break into the iPhone in question. Apple feels that this is an attempt by the FBI to expand its powers using the 1789 law in a way that was never intended.
Now begins the real battle. I think a few scenarios are worth taking a look at here.
- Recently there have been a number of articles written wondering what would have happened if the phone in question had been an Android phone. The general consensus seems to be that the security of Android isn’t as strong as the iPhone’s, and it’s likely the phone would have been able to be broken into by the FBI without any help from the manufacturer. Part of the problem is that Android phones are not updated as regularly as Apple devices. Many Android phones get stuck at a certain Android version and never get updated. Apple has a much better record of getting their older phones updated with newer operating systems. In fact, the iPhone 5C in question here was released with iOS 7, which did not offer the level of encryption that is dogging the FBI right now. Only when the phone was updated to iOS 8 did the stronger encryption features kick in that are at the center of this case.
- The cost of Apple to create an alternate version of their OS that is hackable is never really discussed. How many people work on iOS? How many people would be needed to implement this change? How much would it cost to keep such a version secure from other users cost? Apple wouldn’t have any problem doing any of this, but what if the device in question had been created by a startup? What if complying with the request would make them miss a market window (perhaps shipping in time for the holidays) and that could potentially send them into bankruptcy?
- What would happen in the hacked version of iOS got out into the wild? Apple could build all kinds of safeguards into the software, such as only enabling it to work on Apple’s internal network, needing to get permission from a central server to operate, being linked to specific hardware, etc. but all of those things could be circumvented. It’s also clear that if it did get out into the wild, the people using it would be criminals, not the FBI. Criminals pay a lot better than the FBI.
- The WSJ is reporting that the Justice Department already has a dozen iPhones it wants cracked by Apple, and none of those phones have anything to do with terrorism. This is the crack in the dam that Apple wants to make sure gets plugged. Apple knows they cannot offer to crack the phone in this case, and not crack the others if their requests are all based on the same All Writs Act.
- This out out there, but worth considering. What if this is all an act? What if Apple already agreed to crack the phone, but wants cover from the FBI to insure their customers don’t know they’ve done it? In this stream, criminals and terrorists would probably switch to iPhones over Android phones, knowing Apple had fought the FBI successfully to prevent access. If Apple was secretly providing the data to the FBI, then this would be a great way to encourage switching to the devices that the FBI already has access to via Apple. If it seems the FBI and Apple are both making too big a deal of this issue, dragging into the public sphere what is usually very discrete, then this makes a lot more sense. For the record, I don’t believe this is the case, but in some ways it makes a lot more sense.
In light of the above, I thought it curious timing when I plugged in my iPhone to my computer and was presented with the following pop-up:
Now it’s possible this is coincidence. I don’t always have an iPhone cable in my office to connect to my computer. Maybe I haven’t plugged in my iPhone to my computer in a long time. The timing does make me wonder if other people have been asked by iTunes if they want to turn on backup encryption since San Bernardino entered the news. Have you seen this message recently? What are your thoughts on the Apple, FBI, and encrypted data?