[PRIVACY] The Encryption War Just Got Real
On February 16, 2016, a federal magistrate judge ordered Apple to help the FBI unlock an iPhone that belonged to the San Bernardino killers, in furtherance of the investigation into that terrorist act. The next day, Apple refused to comply with the judge’s order, setting up a legal battle that will surely end only at the U. S. Supreme Court. Here's what you need to know, and how it affects YOUR privacy rights…
Apple vs. The FBI
Apple has deliberately locked itself out of its customers’ devices ever since iOS 8 was released in September, 2014, The company’s hardware and operating system software are designed to encrypt nearly everything on a device by default, and only the owner has the key.
Google followed suit in the same month; Android 5.0 and above enabled encryption by default, and Google left itself no way to decrypt its customers’ data. (Note: devices running earlier versions of Android may be encrypted by the user, but Google can decrypt them.)
The entire law enforcement community, from the Justice Department to local sheriffs, have reacted to these measures with all the fury of the proverbial woman scorned. How dare these tech companies refuse to help us fight crime? FBI Director James Comey has invoked the bogeymen of drug dealers, terrorists, and human traffickers in arguing to state and federal lawmakers that tech firms should be required to build “backdoors” into their products through which law enforcement can breach encryption when armed with a court order.
Apple and Google (and every security expert not on a government payroll) agree that any backdoor available to law enforcement would inevitably be jimmied by hackers. Any system designed to be breachable, for any reason, is unacceptably insecure. Lawmakers are lining up on both sides of this controversy.
California and New York lawmakers have introduced state bills that would require exactly what FBI Director Comey asked. On February 10, a bipartisan group of U. S. Congress members responded with the ENCRYPT Act (Ensuring National Constitutional Rights for Your Private Telecommunications), which would ban state-level requirements for backdoors.
In October, 2015, the Justice Department asked U. S. Magistrate Judge James Orenstein to order Apple to provide a backdoor that would unlock an encrypted iPhone. The judge, in his memorandum and order, expressed strong doubts that he had the legal authority to do so under the All Writs Act of 1789, which the Justice Department cited, incompletely and disingenuously.
"[Apple] is a private-sector company that is free to choose to promote its customers' interests in privacy over the competing interest of law enforcement," Judge Orenstein wrote. The judge also ordered Apple to respond to the government’s case; to advise the judge whether the backdoor requested was technically possible; and, if it was, whether providing the backdoor would be “unduly burdensome” to Apple’s business.
Apple’s response was, essentially, “It would be unduly burdensome because it’s impossible” for Apple to create a backdoor in iOS 8 and later versions… and it will remain impossible, Apple has pledged as a major part of its business model.
Judge Orenstein seems loathe to require Apple to provide a backdoor into its products, though he is still considering the Justice Department’s petition. So the FBI has taken a different approach to a different judge in the current case of the San Bernardino killers’ phone, and gotten a different ruling.
"Let's Call it a Side Door"
The FBI did not ask for a backdoor, an unimpeded way to decrypted data stored on the phone. Instead, it asked Magistrate Sheri Pym, in the US District Court of Central California, to order Apple to provide software that will disable the phone’s “self-destruct” mechanism, which erases all data in the event of more than ten failed password attempts in a row. This would give the FBI unlimited attempts to divine the password by brute-force methods, and should not be technically impossible or “unduly burdensome.” Judge Pym agreed, and ordered Apple to provide the software.
Pym’s order requires the software to enable passwords to be tried electronically, not by pressing keys with fingers, via Bluetooth or WiFi. Also, the software must eliminate the enforced delay between “keystrokes” that is part of Apple’s security scheme. Effectively, Pym ordered Apple to open the phone to high-speed brute-force hacking.
Apple’s reply came the next day, February 17, in an open letter to Apple customers penned by CEO Tim Cook. In it, Cook says, “the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create.” He vows to fight Judge Pym’s order.
Even if Apple can create software that disables iOS’ self-destruct feature (and Cook doesn’t admit that’s possible), the company would consider it “too dangerous” to turn over such software to the government, ostensibly for use only on this one phone. Once the software exists and is in government hands, it is all too likely to find itself in widespread use by law enforcement, and eventually into the hands of criminals
In other words, Apple CEO Tim Cook doesn’t trust the U. S. government. Imagine that! But the issue goes beyond encryption and backdoors, says Cook. “If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”
And by extension, the government could compel Google, Microsoft or any other tech firm to do likewise. Apple should be commended for standing up to government in defense of its customers’ privacy. The outcome of this case, and the October case being considered by Judge Oberstein, will define new limits on government intrusion into citizens’ lives. Let’s hope those limits are not extended further.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 18 Feb 2016
|For Fun: Buy Bob a Snickers.|
Geekly Update - 17 February 2016
The Top Twenty
[SECURITY] AntiVirus Test Results
There's more reader feedback... See all 61 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- [PRIVACY] The Encryption War Just Got Real (Posted: 18 Feb 2016)
Copyright © 2005 - Bob Rankin - All Rights Reserved