Over the past few weeks Apple has been making headlines due to their ongoing battle with the US Government. There have been multiple cases where the FBI has wanted information on an iPhone but were unable to get past the phone’s encryption. The FBI now wants to strong-arm Apple and have them break their own encryption to get evidence that might be on the work phone of a terrorist. Apple has refused to do such a thing, so this debate has been brought to the courts. The implications and precedents that this dispute carries go much further than any of the individual FBI case. In this article, I’ll lay out how everything went down, take a look at the motivations of the parties involved, and discuss why this is all so important.
The core of the issue is the role of encryption in the justice system. The narrative of needing to get rid of encryption has been going on for a very long time, but the discussion was amplified following the tragic attacks that took place in Paris on November 13, 2015. After this happened, many people were at the throats of tech companies blaming encryption for the atrocities that took place. Despite the fact that it was eventually discovered encrypted SMS was the terrorists’ main method of communication, political figureheads, such as David Cameron, still sought out backdoors and an end to encryption.
A few months later, another tragic attack happened in San Bernadino which once again sparked a heated debate around encryption. In this case, the FBI has possession of the attackers phone but they don’t know the PIN number that unlocks the phone. The FBI turned to U.S. Judge Sheri Pym so they could force Apple to break the encryption on the phone. The CEO of Apple, Tim Cook, responded a day later with an open letter announcing that he will be not be complying with the court and will challenge their decision.
This situation is exposed for what it really is when you consider the motivations behind the FBI’s actions. In reality, the FBI isn’t just concerned about the San Bernardino case. In fact, they had access to a six-week old backup of the phone, and they could have gained an up-to-date backup if they simply took the phone to a recognized network. Instead, the FBI attempted to change the password of the iCloud account which locked them out of the data they wanted. While this specific mistake seems to be due to incompetence on the FBI’s behalf, the US Government is well aware of the implications of unlocking the phone.
By asking Apple to break the encryption on the one phone, they would be weakening the encryption on every other iOS device. Currently there is no one that can get passed Apple’s encryption, not even Apple. In order to get data on the phone, Apple would need to create a backdoor for the government. This can have some really negative consequences because a backdoor is essentially an artificial vulnerability, and once there is a vulnerability in the software it can be attacked by anyone. Considering iPhones are so widely used, there are a lot of people that want access to them for nefarious reasons, and we know that in a lot of cases hackers are one step ahead of law enforcement.
It’s also necessary to take a look at what exactly the FBI wants from Apple. The FBI isn’t simply asking Apple to get into this one phone, but rather create a tool for them that is capable of getting past the encryption. This does not only mean that the FBI can use this tool on any iPhone, but it also means there will need to be a lot of transparency within the legal system. Jonathan Zdziarski is is well versed in this subject matter and has even taught law enforcement agencies about iOS forensics. He recently made a blog post explaining how if Apple was to make such a tool, it would need to be heavily reviewed and explained to the courts. This means the tool and how it works will be known by many people, which makes nefarious abuse of a backdoor much more likely.
Even though the government's war against encryption has only recently began to make headlines, it is something that has been going on for a very long time. Two decades ago, in 1996, the US had encryption export regulations for international devices. This regulation made it so that international software from the US cannot have encryption stronger than 40 bits. This was a fairly significant problem because 40-bit encryption could be attacked via brute force and bypassed using regular desktop computers. A tech company, Lotus, was unhappy with this and attempted to try to create stronger encryption within the government’s standards. They did this by using 64-bit encryption, but gave a 24-bit key to the NSA. This key eventually became public knowledge, so anyone could attack the encryption as if it was only 40 bits.
One thing that is even more concerning than the key itself is how it is referred to within the software. Someone who reverse engineered the software in search for the key found that it is referred to as “MiniTruth”, which is a reference to Orwell’s fictional agency dedicated to propaganda, and “Big Brother”. Now it should be noted that it is likely Lotus who put these names in the software. Regardless, it shows how the NSA was viewed before the modern anti-terrorism narrative. It’s also worth noting that during this time the NSA was a lot more transparent, as Lotus disclosed the relationship they had with the NSA. Ray Ozzie, the man who invented Lotus notes, has recently said, “it pains me to see such a lack of transparency in how our elected officials are running our government.”
By looking at the behavior of the Department of Justice, it’s clear that they don’t necessarily care too much about the San Bernardino phone by itself. They already have had access to the iCloud backups and the phone itself is only a work phone. The reason the FBI has made such a big deal out of this specific case is because it’s an easy way to appeal to the emotions of citizens by utilizing the narrative of a war on terrorism. Of course, no one likes terrorism. The attacks in San Bernardino were tragic and hardly anyone is against the FBI seeing what was on the terrorist’s iPhone. The problem is that weakening encryption isn’t just stopping the terrorists, but it is also impeding the privacy of civilians.
It’s clear that weakening encryption for everyone isn’t the answer when it comes to criminal investigations involving technology. That being said, there still needs to be a discussion to figure out what the answer should be. Unfortunately, the technology we have today is vastly different than what existed when most of the laws and regulations were created. Information is no longer kept on pieces of paper stored in a secure location. Instead, it is stored on devices that are connected to the world wide web and needs to be protected from the potential cyber threats.
As of now, there isn’t a logical way to give law enforcement access and keep the bad guys away at the same time. It is also important to always remember the true motivations behind the government, because us citizens need a way to protect their privacy. Maybe once we see more advancement in encryption and technology together building in backdoors might be a viable option if used properly. Until then, Apple seems to have the right idea by completely locking down their customer’s information with backdoor-free encryption.
Sources: ArsTechnica, Gizmodo, ReCode, USSRBack, Cypherspace, Jonathan Zdziarski, TechCrunch, Y Combinator