THE FEDS ARE GOING AFTER YOUR iPHONE DATA
…The latest Apple iPhone
Apple is telling the Feds “No” for
cracking the iPhone’s security.
You may or may
not have an opinion on whether the Feds should be allowed to gather data on
everyone’s phone calls and e-mails.
However, there is another privacy issue that has arisen that could be
much closer to home, and could be much more important.
In the
investigation of the terrorist shooters in December’s attacks in San
Bernardino, a magistrate judge in Riverside, California has signed an order
asking Apple Co. to do something that could affect all of us that own an Apple
iPhone.
You may not be
aware that the Apple iPhone has a feature that wipes out all the data on the
phone after 10 incorrect tries at entering a password. So far, the FBI has not been able to crack
into the iPhone of one of the San Bernardino terrorists. But the signed order is not asking
Apple to break that particular phone’s encryption. They are instead asking Apple to disable the
feature that wipes out the data. The
government requested the order under the All Writs Act. This is a law that dates back to the colonial
era and it has been used for decades as a source of authority to issue legal orders.
Now on the
surface, this request sounds OK. But
what they are really asking for is for Apple to build a backdoor to all
iPhones, that would apply now and in the future.
The Apple CEO,
Tim Cook has posted a strongly worded open letter on the company’s website
saying “Up to this point, we have done
everything that is both within our power and within the law to help them,”
it continued. “But now the U.S.
government has asked us for something we simply do not have, and something we
consider too dangerous to create. They have asked us to build a backdoor to the
iPhone.”
The Justice
Department sought the order “in the hopes
of gaining crucial evidence” about the Dec. 2 shooting rampage, which
killed 14 people and injured 22.
According to
industry officials, Apple cannot unilaterally dismantle or override the
10-tries-and-wipe feature. Only the user or person who controls the phone’s
settings can do so.
If Apple were
to agree to do what the Justice Department has asked, the government would be
able to bypass the password issue and use “brute
force” by attempting tens of millions of combinations without risking the
deletion of the phone’s data.
The reason for
the order is that the FBI Director told Congress that the bureau has not been
able to open the phone belonging to one of the killers. “It has been two months now, and we are still working on it.”
The problem is
of course, once this happens, the technique could be used on everyone’s iPhone.
Per Mr. Cook’s
letter, the phone’s security could be severely weakened. “Once
created,” he wrote, “the technique
could be used over and over again, on any number of devices. In the physical
world, it would be the equivalent of a master key, capable of opening hundreds
of millions of locks — from restaurants and banks to stores and homes. No
reasonable person would find that acceptable.”
Apple has
steadfastly maintained that it is unable to unlock its newer iPhones for law
enforcement, even when officers obtain a warrant, because they are engineered
in such a way that Apple does not hold the decryption key. Only the phone’s
user, or anyone who knows the password, is able to unlock the phone.
The US
Magistrate Judge said in the signed order that Apple can write software that
can bypass the 10 times feature. In addition, the federal prosecutors stated in
a memo accompanying the order that the software would affect only the seized
phone.
But because
the software could be reused, the Apple CEO has said that “opposing this order is not something we take lightly. We feel we must
speak up in the face of what we see as an overreach by the U.S. government.”
The phone in
question is an iPhone5C, which is the model I also own.
The phone was used by Syed Rizwan Farook, who with his wife had opened
fire at a holiday party at the local Inland Regional Center. The couple, who
had pledged loyalty to the Islamic State terrorists, died a few hours later in
a shootout with police.
The director
of the Regional Computer Forensics
Laboratory, has said he believes there may be “relevant, critical communications and data” on the phone from
around the time of the shooting.
However , the
former National Counterterrorism Center
Director Matt Olsen, has asserted that the government has other ways to obtain
data without creating a backdoor into devices. Per Mr. Olsen: “If the auto-wipe function is suspended, the
FBI can run a massive number of combinations of letters, symbols and numbers
until the right combination is found.”
Unfortunately, doing this
has some serious complications. If the combinations are run on the phone
itself, the process can be painfully slow, taking according to Apple, 5 ½ years
for a six-digit lower-case password mixing numbers and letters.
A cryptography
expert at Johns Hopkins University, said the FBI could crack a six-digit
numeric code in about 22 hours. “But once there’s numbers and letters, that’s
when things get interesting. It might
take 10 years to crack a strong password on the phone, which means they might
be stuck till 2026.”
But the
reality of the situation is that by using the All Writs Act in the California
Apple case, it presents a very slippery slope. “If the All Writs Act can compel Apple to write customized software to
unlock a phone, where does it end?”
If this is
allowed, the government could use it to compel Facebook or Twitter or Instagram to
develop software for similar uses. It’s
not clear where any line could be drawn, or if any line could be drawn at all.
It must be
noted that the US Supreme Court in 1977 held that the courts have the authority
to direct a phone company to execute a search warrant for numbers dialed by a
particular customer. If the government
were to win this one, it could go much further than just showing the numbers
dialed on a phone.
Copyright G.Ater 2016
Comments
Post a Comment