[PRIVACY] The Encryption War Just Got Real

Category: Privacy

On February 16, 2016, a federal magistrate judge ordered Apple to help the FBI unlock an iPhone that belonged to the San Bernardino killers, in furtherance of the investigation into that terrorist act. The next day, Apple refused to comply with the judge’s order, setting up a legal battle that will surely end only at the U. S. Supreme Court. Here's what you need to know, and how it affects YOUR privacy rights…

Apple vs. The FBI

Apple has deliberately locked itself out of its customers’ devices ever since iOS 8 was released in September, 2014, The company’s hardware and operating system software are designed to encrypt nearly everything on a device by default, and only the owner has the key.

Google followed suit in the same month; Android 5.0 and above enabled encryption by default, and Google left itself no way to decrypt its customers’ data. (Note: devices running earlier versions of Android may be encrypted by the user, but Google can decrypt them.)

The entire law enforcement community, from the Justice Department to local sheriffs, have reacted to these measures with all the fury of the proverbial woman scorned. How dare these tech companies refuse to help us fight crime? FBI Director James Comey has invoked the bogeymen of drug dealers, terrorists, and human traffickers in arguing to state and federal lawmakers that tech firms should be required to build “backdoors” into their products through which law enforcement can breach encryption when armed with a court order.

Apple vs. FBI - The Encryption War

Apple and Google (and every security expert not on a government payroll) agree that any backdoor available to law enforcement would inevitably be jimmied by hackers. Any system designed to be breachable, for any reason, is unacceptably insecure. Lawmakers are lining up on both sides of this controversy.

California and New York lawmakers have introduced state bills that would require exactly what FBI Director Comey asked. On February 10, a bipartisan group of U. S. Congress members responded with the ENCRYPT Act (Ensuring National Constitutional Rights for Your Private Telecommunications), which would ban state-level requirements for backdoors.

Point, Counterpoint...

In October, 2015, the Justice Department asked U. S. Magistrate Judge James Orenstein to order Apple to provide a backdoor that would unlock an encrypted iPhone. The judge, in his memorandum and order, expressed strong doubts that he had the legal authority to do so under the All Writs Act of 1789, which the Justice Department cited, incompletely and disingenuously.

"[Apple] is a private-sector company that is free to choose to promote its customers' interests in privacy over the competing interest of law enforcement," Judge Orenstein wrote. The judge also ordered Apple to respond to the government’s case; to advise the judge whether the backdoor requested was technically possible; and, if it was, whether providing the backdoor would be “unduly burdensome” to Apple’s business.

Apple’s response was, essentially, “It would be unduly burdensome because it’s impossible” for Apple to create a backdoor in iOS 8 and later versions… and it will remain impossible, Apple has pledged as a major part of its business model.

Judge Orenstein seems loathe to require Apple to provide a backdoor into its products, though he is still considering the Justice Department’s petition. So the FBI has taken a different approach to a different judge in the current case of the San Bernardino killers’ phone, and gotten a different ruling.

"Let's Call it a Side Door"

The FBI did not ask for a backdoor, an unimpeded way to decrypted data stored on the phone. Instead, it asked Magistrate Sheri Pym, in the US District Court of Central California, to order Apple to provide software that will disable the phone’s “self-destruct” mechanism, which erases all data in the event of more than ten failed password attempts in a row. This would give the FBI unlimited attempts to divine the password by brute-force methods, and should not be technically impossible or “unduly burdensome.” Judge Pym agreed, and ordered Apple to provide the software.

Pym’s order requires the software to enable passwords to be tried electronically, not by pressing keys with fingers, via Bluetooth or WiFi. Also, the software must eliminate the enforced delay between “keystrokes” that is part of Apple’s security scheme. Effectively, Pym ordered Apple to open the phone to high-speed brute-force hacking.

Apple’s reply came the next day, February 17, in an open letter to Apple customers penned by CEO Tim Cook. In it, Cook says, “the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create.” He vows to fight Judge Pym’s order.

Even if Apple can create software that disables iOS’ self-destruct feature (and Cook doesn’t admit that’s possible), the company would consider it “too dangerous” to turn over such software to the government, ostensibly for use only on this one phone. Once the software exists and is in government hands, it is all too likely to find itself in widespread use by law enforcement, and eventually into the hands of criminals

(Un?)intended Consequences

In other words, Apple CEO Tim Cook doesn’t trust the U. S. government. Imagine that! But the issue goes beyond encryption and backdoors, says Cook. “If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”

And by extension, the government could compel Google, Microsoft or any other tech firm to do likewise. Apple should be commended for standing up to government in defense of its customers’ privacy. The outcome of this case, and the October case being considered by Judge Oberstein, will define new limits on government intrusion into citizens’ lives. Let’s hope those limits are not extended further.

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 18 Feb 2016


For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 17 February 2016

The Top Twenty
Next Article:
[SECURITY] AntiVirus Test Results

Most recent comments on "[PRIVACY] The Encryption War Just Got Real"

(See all 61 comments for this article.)

Posted by:

Citellus
19 Feb 2016

Maybe I am out of date, but I have heard that ANY password can be hacked if enough effort is made. So why not put a huge effort into cracking the password?

I, too, am with Apple on this one. But when I see what the banks, AIG, Enron, and other corporations have done to the public, I am more queasy about them than the government.


Posted by:

jJCK
19 Feb 2016

Our national security trumps all privacy encryption in my view! There must be some middle ground


Posted by:

pmwill
19 Feb 2016

I agree with it all, our freedom is our privacy and too often over zealous state and fed law enforcement lay traps and spy on the common and not the criminal.
Funny how the unwitting walk into things and the criminal knows not to tread. We see our fellow Americans in big differences with the government and can and does always go wrong.
These things we see on the news are not actors who walk away afterwards.
Thanks as Always, PMW


Posted by:

Robert K.
19 Feb 2016

Bob wrote: Even if Apple can create software that disables iOS’ self-destruct feature (and Cook doesn’t admit that’s possible), the company would consider it “too dangerous” to turn over such software to the government, ostensibly for use only on this one phone.

-----------------------------

Call me a sceptic, but I don't believe it. This is just a ploy by Apple's Marketing to sell more phones. Corporations understand one thing, and one thing only: Greed.


Posted by:

Old Man
19 Feb 2016

What I’m wondering is why the FBI hasn’t turned to the Dark Web for what they want. Since the phone in question is an older model, most likely programs on how to break the security already exist. The only holdback would be the FBI would be embarrassed to admit using the Dark Web. They couldn’t take credit themselves without evoking an even greater outrage over individual’s privacy. But then again, maybe they did search the Dark Web and couldn’t find what they wanted – yet.


Posted by:

David
19 Feb 2016

Criminals have already written their own encryption software, and they haven't left a backdoor open for law enforcement. Weakening my security will not help catch drug dealers, pimps, or terrorists, but it may well cause me problems.


Posted by:

Old Man
19 Feb 2016

Here's a comment on the court ruling/order.
Courts can issue all the rulings and/or orders they want, but have no power to enforce them. They have to rely on other agencies for that - as has been shown several times in our history. The court can declare Apple in Contempt of Court and levy penalties, but still cannot enforce them themselves.
If other agencies take action against Apple, they could force them out of business in the USA.
As has been addressed in other articles, this case sets a precedence against all tech companies. Once a precedence is established, it is used for all subsequent cases on the same basic topic. Thus the fate of all tech companies hangs in the balance - either comply and lose customers (and possibly go bankrupt), or be forced out of business.
The social and economic impact could be devastating.


Posted by:

David
19 Feb 2016

The FBI really doesn't need this cracking software. All it needs is someone to crack this particular phone for it, like hiring a locksmith. Merely unlocking the phone would not corrupt the chain of evidence.


Posted by:

MRT
19 Feb 2016

Its sad that we have a government that can not be trusted and lies all the time. Its also sad that Apple will not help out by giving the information on the phone to help. Apple could just hand over the information with out exposing its security.
But give a inch and the government will take a mile, so I see Apples point.


Posted by:

Kevin
19 Feb 2016

Freedom of Speech includes freedom to be heard but also to "remain silent" when you choose to. When did it suddenly become necessary, or even acceptable, to guarantee that law enforcement can always hear or see what any citizen is doing? Their next move will be legal restrictions on our ability to encrypt in the first place. To see how wrong this is, consider the fact that there is no reliable way to catch people meeting in person or to overhear them talking softly in each other's ears. Will some judge then conclude that such interactions can be outlawed except when you let a member of law enforcement stand next to you?

The scenarios that well-meaning people use to justify government intrusion are products of their movie-driven imagination. They especially like the cliche of the "ticking time bomb" and torturing a suspect to find and defuse it seconds before it goes off. That may make an exciting plot device for a movie (or every episode of "24") but it has yet to be a real-life scenario, and police would not stumble onto such a case at the last minute anyway. Terrorism is just the latest "indefensible" enemy whose existence is exploited to make us accept the loss of privacy. Apparently law enforcement feels that their previous alarms about rampant child pornography (or drug kingpins before that) proved not scary enough to make us go along with repressive measures against all citizens. The latest turnabout is that they no longer pretend that these special powers will be reserved just for national security. Now we are told they will be used for all sorts of other investigations.

Years of using torture and massive NSA interception of all communications (even done in REAL-TIME) failed to prevent San Bernardino or any other significant terrorist action. There were a few incompetent crazies caught by enticement and entrapment, but that only proves that human intelligence and legwork is what gets results, rather than lazily harvesting all citizens' data or even digging through a terrorist's discarded phone after-the-fact.

The simple reality is that horrible deeds can always be committed by a determined person without anyone finding out in advance. There are a truly infinite number of targets and plenty of ways to plan an attack below the radar. To make things worse, despite ample warning, the West made the stupid mistake of joining in multiple wars between religious sects in the Middle East, and thereby made ourselves the enemy of ALL sides in those conflicts. While our past meddling can't be undone now, we should certainly stop repeating such mistakes. Unfortunately, it appears that our government will instead simply continue trying to control every aspect of communication (and later all movement - guess who will ultimately control driverless cars?) Within 1 or 2 generations everyone will be submissive from the start, having never experienced a free society.


Posted by:

Marc de Piolenc
19 Feb 2016

A quick look at the news will tell you government IS a criminal, the greatest in today's society, and thus cannot be trusted with anything.


Posted by:

Darryl M
19 Feb 2016

I don't know if anyone offered up Benjamin Franklin's quote, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.". Those who would cede their privacy/liberty to obtain Big Brother's "protection" in this list would well heed our founding fathers' concerns about a republic's tendency to over reach and remove freedom.


Posted by:

Cattattitude
19 Feb 2016

I support and commend Apple for their stance!!


Posted by:

Old Man
19 Feb 2016

I wonder if anyone read the shooter his rights, which begin with "You have the right to remain silent ..". Breaking into his phone without his consent could be a violation of those rights.

Previous cases involving passwords prevented the law enforcement agencies from breaking the password without the person's consent.

There is nothing in the governing rules that say dead people have waived their rights under this provision.


Posted by:

Nelson Meaker
21 Feb 2016

I think when the goal is to protect citizens from the actions of terrorists who murdered and maimed innocent people, and we acknowledge that those who would do so are out there, we need all the tools we can to stop the loss of innocent lives. Yes, the government can get out of control with surveillance, we have seen that. But there needs to be a way that allows the information locked in devices that might be able to save many lives to be accessed by those who would protect our very lives from those who would slaughter us. It would seem to me that we could allow the data to be accessed the methodology to be severely restricted or even destroyed such that it can not be misused. I am no big fan of the government acting like big brother watching all we do, but if we want the acts of terrorists to be prevented rather than burying more innocents, we have to, under certain well defined circumstances and order by a judge (not just law enforcement)allow this data to be accessed. Apple and all the others all want to claim for profit motives at least as much as free speech, to be able to state that no one can break into their devices. What cost are we willing to pay? Your family your friends dead when it might have been prevented? We should be able to preserve privacy and be able in certain circumstances get information to protect ourselves from those who would slaughter us. What if information could prevent a dirty bomb or suitcase nuclear weapon attack? Would Apple's or Google's or any one individual's "right" to privacy when a judge orders otherwise be of more value than those lives? There must be a way to have both privacy and the right to protect ourselves from these terrorist threats.


Posted by:

Ron B
24 Feb 2016

Give it to Abby and McGee at NCIS, they'll break into the phone. :D


Posted by:

Wes
25 Feb 2016

Right on Bob. Great article.

Giving the government unfettered access to all of our information would be a (another?) step on the road to a tyrannical government.


Posted by:

Gilchrist
25 Feb 2016

In as much a cryptographic software was subjected to export restrictions as "munitions", why don't all Americans avail themselves to their Second Amendment right to employ encryption.

Why doesn't the adoption of the Thirteenth Amendment's prohibition on "involuntary servitude" in 1865 protect Apple from the operation of the Judiciary Act of 1789?

Methinks the NSA already has a backdoor and the current brouhaha is just a disinformation campaign on the part of the feds to persuade
criminals and terrorists that they can depend on what Apple and Android provide rather than employ secondary means.


Posted by:

Gary
07 Mar 2016

Well said Nelson Meaker! There is nothing to be debated here, Apple is all about plain old greed..... It's so simple - let apple retrieve any info and turn THAT over to the government. Problem solved.


Posted by:

Eric Rossman
17 Mar 2016

I didn't see anyone point out the fact that many cryptographers (like me) keep trying to make: Creating a cryptosystem with a back door will never prevent bad actors from using that back door.


There's more reader feedback... See all 61 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- [PRIVACY] The Encryption War Just Got Real (Posted: 18 Feb 2016)
Source: http://askbobrankin.com/privacy_the_encryption_war_just_got_real.html
Copyright © 2005 - Bob Rankin - All Rights Reserved