Thursday 25 February 2016

San Bernardino iPhone Unlocking Would Leave Us All Less Secure

All eyes will be on Apple this Friday, the day the company is due to respond to a court-ordered unlocking of an iPhone 5c.

Of course, it’s not just any iPhone; it’s the iPhone of Syed Farook, gunman in the December 2015 shooting in San Bernardino, California that led to the death of 14. And it’s not just any court order. It’s a court order with serious potential ramifications for the future of security worldwide.

The current round of the privacy/security battle between Apple and the United States Federal Bureau of Investigation (FBI) has enlisted the All Writs Act of 1789, obscure legislation that exists for extraordinary circumstances otherwise uncovered by law. In this case, the government is asking Apple to develop software that would allow a brute force bypass of Farook’s phone’s security passcode. Thus far, Apple has refused.

An impassioned Lawfare post by FBI Director James Comey argued that the demand is a special exception not to be repeated: “The relief we seek is limited and its value increasingly obsolete because the technology continues to evolve. We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land. I hope thoughtful people will take the time to understand that.”

Recent polls have concluded that the thoughtful people of America remain unsure. In a Pew Research Center poll, 51% of respondents favored Apple helping the FBI, 38% were opposed and 11% were indifferent. A conflicting poll released by Reuters/Ipsos listed 46% of respondents as supporting Apple’s refusal to comply, 35% in support of the FBI and 20% indifferent.

In all this, one thing is for sure: it was Apple CEO Tim Cook—and not James Comey—who had the support of a protest rally behind him on Tuesday.

San Bernardino, Apple, data privacy, security, VPN, secure messenger, SumRando Cybersecurity
A San Francisco protest in support of Apple's commitment to privacy. [Source: Eric Risberg/AP]

Cook clarified Apple’s stance in a February 16 post:

“Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
“The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.
“The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”

Nate Cardozo of the Electronic Frontier Foundation went one step further and made explicit that this is more than just an American issue: “If China [today] demanded that Apple put in a backdoor, Apple would say no. That equation changes once Apple accedes to an FBI order. If the FBI can compel Apple to do it, and it’s publicly known that Apple has given the FBI this key, then China has a very different calculus…The PR around a Chinese demand gets a lot better for China, and a whole hell of a lot worse for Apple.”

Come Friday, Apple is expected to resist the court order on grounds that it is a violation of free speech and an inappropriate use of the All Writs Act, and also to ask that Congress, not the courts, be in charge of such matters. Given that Apple has been asked to extract data from 12 phones since September 2015, it’s hard to believe that the case of Farook’s iPhone is an isolated event and not a precedent waiting to be set. For the sake of all of our security, let’s hope this is one phone that remains unbroken.

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

No comments:

Post a Comment