Everything You Need to Know About Apple Versus the FBI
What do you need to know about the argument over the iPhone owned by the San Bernadino shooter?
This past week there has been a huge battle brewing between Apple and the FBI. The war is being waged over a single iPhone. That iPhone belonged to one of the attackers in the San Bernadino shooting on Dec. 2, 2015, in which fourteen people were killed and another twenty-two were injured. The police believe that the phone may contain more information about the shooter, including any contacts, or messages he sent to any other conspirators or terrorist organizations.
What’s the Issue?
The shooter’s phone was backed up six weeks before the attack to iCloud, and the FBI does have access to this backup, however, the six weeks before the event are what investigators are most interested in. The attacker was killed in a shootout with police, so they can’t just ask for the passcode. The phone was also a model 5C, which doesn’t have a finger print scanner, so even if they had his finger, the FBI still couldn’t unlock the phone.
The issue is that the phone is encrypted automatically with the passcode, and there are safeguards in place that slow down attempts to unlock it. For example, iPhones will only allow a couple of passcode tries before the phone makes you wait to try again. It could take as much as an hour between guesses, which makes trying to brute force the pass code a very slow process.
But that’s not all: there’s another security feature on the iPhone where, after ten tries, the phone completely erases itself. That’s right: the phone basically self-destructs, leaving any data inaccessible for investigators. Now this is great for people who don’t want our personal information in the hands of a thief, but for the FBI, this feature poses a large problem—mostly because they don’t know if this feature in enabled.
So, that’s why the FBI asked for Apple’s help in unlocking the phone.
The FBI’s Argument
A Federal Judge ordered Apple to help the FBI unlock the phone last week, and this is where everything went public. The FBI wants Apple to create a custom firmware to put on the attackers iPhone 5C that will bypass the time limitation (the one that locks the phone for an hour between each guess). It also wants Apple to allow input onto the phone from another device so that some poor intern doesn’t have to spend the next three months manually typing in passwords. The last request is that it wants Apple to remove the self-destruct feature from that specific phone.
In short, the FBI is not asking for a direct crack of the encryption of the phone. They simply want to make it a little bit easier to break into the phone. The goal of the FBI is to create a device that will brute force the pin (by trying every pass code 0000 all the way to 9999). Now if the one-hour limit were in place, it would take the FBI over a year to try every pin. The FBI would mail the phone to Apple, which would set the custom firmware on it, and then ship it back to the FBI. Apple would not be giving the FBI the custom firmware that could be used on any other iPhone.
Apple’s Response
On February 16, 2016, Apple published a public letter to its customers detailing the situation it was being forced into by the FBI. It’s really well written, and I highly recommend that you read it. Whether you like Apple or not, their phones are built extremely well with secure encryption running under the hood.
The FBI is asking Apple to write a program to completely undermine the protections that they put in place. This puts Apple in an awkward position, because they have created a secure product, which not even the FBI can penetrate. However, now they are being forced to create software that will break all of their own safeguards.
Even though Apple would have only created this new operating system for this one purpose, once the software is written, they have weakened their own product. Furthermore, the FBI cited the All Writs Act of 1789 in order to justify their request. Can we just take a moment to think about the fact that the FBI is using a law from over two hundred years ago to justify their request?
What Else Do You Need to Know?
The FBI wants access to the phone presumably so they can search for secure messaging applications that are different than normal phone calls, texts, and email. These secure apps are used for encrypted communications, and the FBI likely hopes that they can see what other apps the attacker may have installed— plus, they’ll be able to investigate if there was anyone else involved in the attack or who may have helped plan it.
Next the iPhone in question is a model 5C (the most up to date version of the iPhone is two generations ahead, the iPhone 6S). What’s different here is that the 6 and 6s have many more protections in place that would make the FBI’s job even harder. In these newer models of the iPhone, there’s a new section of it called the secure enclave, which makes any outside tampering almost impossible.
Last but not least, the FBI made a mistake that possibly could have let them unlock the phone, or at least get more information. If an iPhone is plugged in, connected to a known Wi-Fi network, and configured to automatically back up, the phone will automatically backup to iCloud, which the FBI can then request from Apple.
However, during the investigation, the FBI requested that the password be reset. This means that the iPhone would no longer be able to backup to iCloud. This is a pretty big oversight, which may not have given the FBI everything that they wanted.
Who Is Right?
So, who is right? It’s hard to say. On one side, the FBI is asking for this to be a single instance. After all, the attackers are dead, and any extra knowledge or information about the six weeks leading up to the attack would be extremely useful to the investigation. However, is it reasonable that Apple is being forced to undermine protections that they have put in place? How do we balance security and privacy? Should we destroy privacy so that the government can find a terrorist? Should we build stronger encryption to keep everyone’s data safe and make prevention and investigations of future attacks harder for law enforcement? What is reasonable?
This is definitely something we will see get more news attention in the future. As it stands, Apple is not complying with the FBI’s request. As time goes on, it will be interesting to see what other tech companies come forward to support Apple, such as Facebook and Google.
If you have any thoughts about this podcast, I’d love to know what your opinion is!
Be sure to check out all my earlier episodes at techtalker.quickanddirtytips.com. And if you have further questions about this podcast or want to make a suggestion for a future episode, post them on Facebook QDTtechtalker.
Until next time, I’m the Tech Talker, keeping technology simple!
You May Also Like…
About the Author
Tech Talker demystifies technology and cutting edge devices so that even the most tech illiterate can understand what’s going on with their computer or gadget — and what to do when something goes wrong.
