Apple have taken on the FBI and a federal district judge to say that its users have an interest, and a right to keep the data on their phones private and secure – even when they have potentially committed a heinous crime. In this particular case, the FBI have requested that Apple make it easier for them to access and decrypt data on a shooting suspect’s phone although Apple are claiming that what a magistrate is asking for is tantamount to a back door meaning that it would also make the device more vulnerable to criminals.
The dispute between Apple and the Department of Justice is not clear cut as the DoJ stated it is only asking for access to a single device. In fact what has been asked is for Apple to force a software update which would disable some security features within their OS, the wiping of the device after ten wrong password attempts and the incremental wait time between attempts. In theory the FBI will then use a brute force attack to unlock the phone by trying a different password every 80 m/s, but even if they could it has been estimated that a six character password containing only lowercase letters could take over five and a half years to crack.
The way Apple devices receive updates is by sending their device ID, along with a one time code to their servers asking if there are any updates. If an update is available for the phone, Apple will send it back to the device along with the information it was sent and Apple’s public key, which is compared with the one stored in the devices boot code, so that the device can verify that it is a legitimate update. In theory each Apple device could receive a unique update, but once this has been implemented it would be easy for them to replicate.
Tim Cook (CEO) has hit out in a passionate letter to customers, which may be giving off a false impression over what is being asked of Apple, stating: ‘While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.’
Whilst some may see Apple’s defence of Article 12 (Universal Declaration of Human Rights, Right to privacy), even though the previous owners of the device are now deceased, it was not long before Donald Trump voiced his objection in an interview on Fox and Friends by asking ‘Who do they think they are?’ as in 2015 he announced that Americans need to “take back the internet” from terrorists. In regard to Apple he also stated that he is “gonna get Apple to start building their darn computers and things in this country [America].”
Trump’s views regarding Apple’s stance may be a widely held view when you consider the information may lead to a solid conviction for the slaughtered 14 innocent, defenceless co-workers in an act that has been widely described as an act of terrorism. One also has to question whether Apple is protecting the customer, or their products as Cook’s letter referenced security rather than privacy.
Apple’s stance, although seemingly sincere, may be an attempt to boost their public image in light of competitive companies bowing down to pressure to hand over information on customers without informing them. It is debatable which stance companies should take when lives have been taken, or there is a potential threat to the public, but safeguards are essential to ensure that law enforcement are acting legally within their powers.
It is debatable how much companies actually care as they record our phone, text, email and even location history to sell to third parties such as advertisers. Apple can stand on their soapbox touting of their privacy benefits for now, although they have tried to sell users data when playing with the idea of dissolving their own in-house iAd system in favour of a new publisher driven system. Apple have also admitted that if the device were to be taken to a known WiFi hotspot and automatically back up to their servers that they would hand over the data as they had done with previous backups from the devices in question.
This case has made its way to the House Judiciary Committee, the government body that covers matters relating to how law and order is enforced in the US where FBI Director James Comey told the committee that his organisation was seriously concerned by the growth of what law enforcement describe as “warrant-proof spaces” although California Congresswoman Zoe Lofgren seemed to side with Apple when she stated that “The alternative [to strong encryption]is a world where nothing is private. Once you have holes in encryption, the rule is not a question of if, but when those holes will be exploited and everything you thought was protected will be revealed.”
South Carolina Congressman Trey Gowdy offered the argument how is it possible to live in a world where the FBI has the authority to stick a finger up someone’s rear in search of drugs, but not the power to look at the locked iPhone of that same suspect? Although one has to ask if such an act is likely to be widely used, when a phone is more likely to be exploited by a third party where a vulnerability exists. Although a crass comparison, he did make the point of asking Apple to make clear what it is prepared to do.
Members of Congress expressed that they found it unfathomable that law enforcement cannot reach information locked inside an Apple device. Later in hearings, it was stated that 205 locked iPhones currently held by police in New York alone. It would be interesting to hear the figures for the UK.
A case involving Brittany Mills, an expectant mother who was shot and killed on her doorstep in Louisiana last year whose baby boy died soon after, was brought for comparison. She kept a personal diary on her phone that could contain crucial information about the murderer. The phone is locked, rendering it unreachable by Apple’s encryption software.
“I think about the nine-year-old girl who asked ‘why can’t they open the phone so we can see who killed my mother’,” said Louisiana Congressman Cedric Richmond. Mr Sewell [Apple’s representative at the hearing] said that they had done a lot to help with that investigation, but without creating the kind of tool demanded by the FBI, it would be unable to assist further.
Republican Congressman Darrell Issa said the FBI had not explored all the options for accessing the data and circumventing Apple’s security, and that they should be investing in bringing in people with that expertise, not relying on companies like Apple to do the work for them. This call was backed up by Prof Landau, an independent cryptology expert who argued, that there was no way the FBI’s request could be carried out safely.
Californian Congresswoman Zoe Lofgren called the quest to provide entry into encryption exclusively for law enforcement “a fool’s errand”. Trey Gowdy told Apple he was unimpressed with the company’s contributions to lawmaking and demanded the company draft a bill to address what he characterized as a technology problem. Apple retorted by stating when they draft legislation the government relations oppose it, so why don’t the government propose it and tell them what they could agree to.