Thursday, March 3, 2016

Apple’s Public Dispute With The FBI, Explained

Apple has recently courted controversy over its resistance to a demand by the U.S. Federal Bureau of Investigation (FBI). Namely, the FBI wants Apple to help its investigators hack into the iPhone of San Bernardino shooter Syed Rizwan Farook, and a federal magistrate has ordered the tech giant to comply. Apple CEO Tim Cook has said the company plans to fight the ruling.

The bureau, with the support of the Department of Justice (DoJ) and the White House, argues that its proposal is analogous to a warrant-authorized search. FBI officials speculate that information stored on Farook’s device may help them ascertain the circumstances that led to the San Bernardino tragedy, identify any accomplices the perpetrators may have had, and possibly prevent future attacks by violent extremists. The bureau’s director James Comey has suggested that he is not trying to set a legal precedent by pursuing the Farook case.

On the other hand, Cook contends that a version of the iOS operating system designed to override security features would constitute a “backdoor to the iPhone” and would indeed set a dangerous precedent for digital privacy around the world.

Technically, a backdoor to the iPhone already exists, in the sense that Apple has the ability to create and upload to its devices software that would override security features. The determining factor is whether the author possesses Apple’s secret digital signing key, since Apple devices won’t run software that doesn’t bear this signature.
 
The FBI’s proposal, and why Apple is resistant

Farook’s phone and the data stored on it are protected by a pin number that only the shooter knew. The FBI plans to conduct a “brute-force attack”—in other words, connect a device to the phone that can attempt many numerical passcode guesses in quick succession. But Farook has enabled a security feature that causes his iPhone to temporarily lock after 10 incorrect guesses. Depending on the settings, there is a possibility that data stored on the phone could be automatically erased after the tenth attempt.

The government wants Apple to design and upload onto the iPhone a version of iOS that would allow investigators to attempt an infinite number of passcode guesses without getting locked out, and without incurring the risk of data erasure.

But the company has raised several objections.

  Cook fears Apple’s creation of “backdoor” software could have far-reaching implications. And his concern isn’t isolated to the future actions of American individuals and agencies. Apple is a transnational corporation that does business in dozens of countries around the world, including authoritarian regimes. If the U.S. government can demand that Apple help law enforcement hack an iPhone, what is to prevent a dictatorship from enlisting Apple technicians to break into the electronic devices of suspected dissidents?

  The Farook case is not, in fact, unique. Rather, the U.S. Justice Department has requested Apple’s help to extract data from at least 12 other iPhones. Apple brass have expressed concerns that by writing security-override software on behalf of law enforcement, their company could come to be perceived as an appendage of the national security state—and thereby lose customers’ trust.

  Security-overriding software for the iPhone could empower cyber-criminals. Cook has suggested that by creating a new version of iOS for the purpose of overriding security protections, Apple would run the risk that this software might fall into the wrong hands. However, the existence of Apple’s private signing key already poses a similar threat; armed with that signature, a skilled programmer with expertise in iOS could theoretically hack into any iPhone.

Does the government have ulterior motives?

Last fall, the Obama administration’s National Security Council formalized a “decision memo” which tasks state agencies with finding ways to circumvent digital encryption and security protections. Apple’s authorship of “backdoor” software would be a big step in that direction.

Given the significance and implications of the Farook case, don’t be surprised if an appellate court eventually rules in the tech giant’s favour. But U.S. government agencies’ efforts to gain access to digital devices will surely continue. In fact, through a tool called DROPOUTJEEP, the U.S. National Security Agency probably has backdoor access to at least some iPhones already.