You probably know that the FBI sued Apple to make it crack the cell phone used by one of the San Bernardino terrorists. To order Apple to do this, the "All Writs Act" was used. The All Writs Act, passed more than 225 years ago is essentially a way to create a demand by Federal law enforcement when there are no other legal grounds for doing so. |
As you also probably know, Apple refused at first, and took a little while to craft a response to the court so as not to have to give in to the demands of the Feds. And as you may know, some unknown company, individual or group (currently believed to be grey-hat pro hackers) gave the FBI a method to crack it themselves.
So, what the issue here? Apple had cracked many iPhones for the FBI before.
At stake was one of Apple’s main selling points, and that is the security of its flagship device. Apple has cracked its devices in cooperation with government requests previously, but in this case, the device was one of the more modern iPhones, a 5C. Apple baked security into this phone so that even they could not crack it and had no record of its passcode.
In order to crack the phone, the FBI told Apple to create a one-time update that would (in all likelihood) allow infinite attempts to log in to the phone without locking themselves out. Currently, if one too many attempts are made with incorrect codes, the phone locks out the user for hours, days, or months - and in some cases, could wipe the phone clear of data.
So, why does it matter if Apple creates this back door into one guy’s phone?
There are a couple more issues at stake.
First, should Apple create said back door, it would be just matter of time until it was “in the wild.” In a very short period of time, the hack would proliferate, and no one’s phone would be safe from the prying eyes of either the government, or of criminals - including other terrorists!
Second, many knowledgeable people in the fields of security and privacy believe that the NSA had the means and probably would have offered it to the FBI, but that the FBI just wasn’t interested.
Why not? Because forcing Apple to create a back door into its security would set a precedent that would allow the FBI to force all tech company to crack their security as well.
Why would we care if our own government is able to circumvent security on everything?
Well, the concept is a little scary to this author right at the start. But that’s not the only reason to look askance at giving up all of our privacy to our own law enforcement agencies. Once the security / encryption cat is out of the bag, then it’s conceivable that all privacy will become a thing of the past, to our own government, to foreign governments, to crooks and criminals, to terrorists and thugs. It’s believed that we would be opening up a very dark Pandora’s Box.
So, the FBI now has the means to crack that terrorist's iPhone. Can they do everyone’s?
No - at least, not yet. iPhones more modern than the 5C use a different form of encryption that is likely not yet cracked. And although the FBI will likely not tell Apple how the crack worked, Apple will continue to design stronger security to bake into their devices.
Furthermore, this particular 5C used one of the weakest types of passwords. Selecting a stronger, longer password might have stumped the methods used this time around.
The FBI dropped its case against Apple - this time. But since September of 2015, the Director of the Agency has been adamant about the trouble having strong encryption can cause when there is a case involving national security. And this advocacy against strong encryption has been brought into the halls of Congress.
As I write this article, Congress is drafting an anti-encryption bill. It has not yet been brought up for a vote, and it is not guaranteed to pass. there are supporters and detractors on both sides.
Senator Wyden of Oregon (widely considered to be liberal) said, "For the first time in America, companies who want to provide their customers with stronger security would not have that choice – they would be required to decide how to weaken their products to make you less safe."
A Fellow of the Cato Institute (widely considered to be conservative) said, "Burr-Feinstein may be the most insane thing I’ve ever seen seriously offered as a piece of legislation. It is 'do magic' in legalese."
So, it's not over. In fact, the case has brought a public battle to light by its very existence. It's not over by a long shot.
Steve Burgess is a freelance technology writer, a practicing computer forensics specialist and testifying expert witness as the principal of Burgess Forensics, and a contributor to the text, Scientific Evidence in Civil and Criminal Cases, 5th Edition by Moenssens, et al. He is also COO of the Foresight Nanotech Institute.Mr. Burgess may be reached at steve at burgessforensics.com
Related Articles -
Apple vs FBI, mobile forensice, legal technology, computer forensics, privacy, digital forensics,