044-42641237 +91-9176512111
Apple, The FBI and The Perennial Privacy Conundrum
By Srinivas Seshadri on April 04, 2016
On December 2, 2015, a married couple – Syed Rizwan Farook and Tashfeen Malik, armed with guns and pipe bombs stormed the Inland Regional Center in San Bernardino, California and opened fire, killing 14 people and gravely injuring 21 others. The shooting sent shockwaves through the nation, and was the deadliest mass shooting in America since the Sandy Hook massacre in 2012, when 20 children and 6 staff members were killed.
The couple fired 65 to 75 rounds, and then fled the scene in an SUV. The vehicle was later identified in a residential neighborhood in the vicinity, and both the attackers were killed after a dramatic police chase and an ensuing shootout, which also injured one police officer.
Of all the evidence that was found belonging to the shooters, the iPhone 5C belonging to Syed Farook was considered by the FBI the most important, because they felt that if they could get at the data in the phone, that could give them clues as to whom the shooters were in touch with.
The problem with breaking into the phone, though, was that the security features were set such that all data on the phone would be erased after ten wrong attempts at keying in the passcode. This feature effectively eliminated the possibility of using “brute force” – Engaging computers to try hundreds of thousands of passcode combinations until one eventually worked.
The FBI then asked Apple for assistance, telling the company to build a version of its iOS that could be run on the Random Access Memory (RAM) of the phone, thus bypassing certain security features. The Feds claimed that they had tried every other way to break into the iPhone, and after having exhausted all options, had decided that the only way out was to get Apple to help.
Apple would have none of it, saying that creating what was essentially a backdoor could radically undermine all that the company had worked for with regards to protecting its users’ data.
On February 16th, 2016, the FBI issued a case against Apple, asking a United States Courthouse in Los Angeles, California to force the tech giant to comply with the FBI order of breaking into Farook’s phone.
Apple shall assist in enabling the search of a cellular telephone, pursuant to a warrant of this court by providing reasonable technical assistance to assist law enforcement agents in obtaining access to the data on the Subject Device.
Apple, however, didn’t want to provide “reasonable technical assistance,” and immediately announced their decision to fight the order, citing the security risks that the creation of a backdoor would pose towards their customers. Writing an open letter to Apple users the world over on its website, Apple’s CEO Tim Cook stated,
“We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government. We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.”
The Department of Justice responded immediately, with a new application filed on February 19, 2016, asking the court to force Apple to acquiesce to the FBI’s demands.
“The court should issue an order compelling Apple to comply with the order requiring assistance with the FBI’s search of the Subject Device pursuant to the All Writs Act.
– The FBI
The application also stated that Apple could install the malware at its premises in Cupertino, and once the FBI had used it to hack into the terrorist’s phone, the company could then remove and destroy said malware.
Tim Cook was not convinced with the FBI’s claims that they would use the malware to enter the iPhone in question, after which it would be destroyed.
In the same open letter to Apple users, Tim Cook said:
“The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.
The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.”
And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
Bill Gates, software engineer extraordinaire and founder of Microsoft, said that there needs to be a discussion about when the government should be able to gather information. He argued that if we hadn’t had wiretapping, a lot of criminal cases would still be mysteries. While this is true in theory, there are a number of points that make this a contentious issue.
– Barrack Obama, President of the United States
The FBI promised that it had examined every possible solution to break into the phone, before moving court: FBI Director James B. Comey said at a Congressional hearing that “We wouldn’t be litigating it if we could (get in ourselves). We’ve engaged all parts of the US government to see ‘Does anyone have a way, short of asking Apple to do it, with a 5c running iOS 9 to do this?’ and we do not.”
By itself, this statement seems alright. However, Representative Darrell Issa, Republican Representative for California, quizzed Comey on the specifics, such as whether the FBI used brute force – by removing the data from the phone, making copies of the storage, putting it in with the encryption chip and then attempting different passcodes, flashing the memory before the 10 attempts are up. And once this began, it was easy for everyone present to see that Comey’s confusion meant that he had no idea whether the FBI had indeed tried these things.
Comey replied to the effect that the people at the FBI must have thought of this, and if they haven’t, since they must (he assumes) be watching the event, they will work on it.
“…an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone,” the FBI said in a motion to the court to drop the hearing, on March 22, 2015.
Rumors are rife that an Israeli technology firm, Cellebrite, is the third party behind FBI’s surprising decision. Cellebrite has stated that it works with the FBI, but refused to divulge any more information. Its website, however, states that it has certain tools can extract and decode data from the iPhone 5C – the model in question – among other locked handsets. Apple has refused to help the FBI do this.
From Cellebrite’s website: “File system extractions, decoding and analysis can be performed on locked iOS devices with a simple or complex passcode. Simple passcodes will be recovered during the physical extraction process and enable access to emails and keychain passwords. If a complex password is set on the device, physical extraction can be performed without access to emails and keychain.”
It was reasonably clear, then, that Cellebrite was the chosen one, the company tasked with the job of breaking into Farook’s iPhone.
– John McAfee, Cyber Security Expert and Founder of McAfee Antivirus
FBI’s 180-degree turn begs the question: What did they really want that backdoor for? Comey stated, when the case began, that “Essentially we are asking Apple, ‘Take the vicious dog away. Let us pick the lock.’” But was it as simple as that? Comey’s complete ignorance in the face of Issa’s technical questions, and an indefatigable desire to get at Apple’s data seems uncomfortably reminiscent of the infamous ‘Clipper Chip’ proposition that the NSA devised in 1994, where it was proposed that a chip would record all voice conversations of the citizens of the USA and the data would be placed in escrow, to be accessed by the NSA in special circumstances. The Clipper Chip failed; this doesn’t seem any better.
On March 21st, one day before Apple was supposed to attend a hearing for the ongoing case, the Cupertino-based tech giant held a keynote event at its Infinite Loop conference hall, where new editions of iOS, the iPad and the iPhone were announced.
However, as it turned out, Apple never did attend the hearing. The FBI dropped the case, deciding that it could find help elsewhere in breaking into the now world-famous iPhone.
On March 28th, the FBI filed a two-page report saying that it had hacked into Farooks’ phone, and asked that the charges against Apple be dropped.
“The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple Inc.”
While this may certainly come as temporary respite for the Cupertino-based tech giant, the war is far from over.
Security never sleeps. While we entrust more and more sensitive data to our personal devices by the day – Bank codes, media, important documents – there are engineers striving to stop every possible gap, seal the smallest crevices that could expose users’ privacy. While nothing is ever 100% secure, firms like Apple have certainly come close.
The tech behemoth will have many more fights to face, however; there are more than 50 cases against it, asking for phones to be unlocked per the All Writs Act.
And while legal battles will be fought on one hand, Apple has to worry about exactly how the FBI broke into its phone, on the other. FBI’s successful entry into the iPhone 5C in question only proves the fact that nothing is ever completely secure. And is therefore another argument in favor of Apple.
This is what Apple had to say, when the FBI revealed that it had broken into Farook’s phone:
Can Apple find out exactly how the FBI broke in? Probably not. There is a US Government policy – The US Vulnerabilities Equities Process – that mandates the disclosure of security flaws in technology, if discovered by federal agencies. However, there are no specific rules as to the situations in which the law is applied, and the verdict (if any) is likely to come from a White House group for computer security flaws unearthed by federal agencies formed during the Obama administration.
While tech leaders push the boundaries of security, continuously striving to protect user data, the FBI and other watchdogs have their own agenda – national security, and sometimes intentions that aren’t quite as straightforward as that. And all the while, hackers, terrorists, nebulous organizations that deal in sensitive data, and a plethora of other cyber criminals lurk nearby, just out of reach, waiting for some way to get in.
“First of all, Apple ought to give the security for that phone. What I think you ought to do is boycott Apple until such time as they give that security number.”
– Donald Trump, Billionaire and Republican Presidential Candidate
Juniper Networks, a Sunnyvale, California-based tech firm that provides networking infrastructure to corporate and government institutions the world over, knows firsthand just how badly backdoors can backfire. On December 17th, 2015, the tech giant announced that it had unauthorized code in an operating system that was operating a few of its firewalls.
“At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority,” Juniper said. NSA instructed the company to add a backdoor to its equipment, and put several private and public entities at risk, in the process. If such a calamity were to befall the likes of Apple, the results would be disastrous, given the fact that Apple’s products are used by hundreds of thousands more than Juniper’s are.
This isn’t a simple, open-and-shut case, though. This is a multi-pronged battle whose ramifications extend far beyond technology and into global politics, terror, finance and healthcare, among several others. Who will win this war, or if it will ever be won, remains to be seen.
Update: The National Journal states that the FBI is briefing a few officials in the upper echelon of the government. According to the article, Senator Diane Feinstein, senior United States Senator and a leading Democrat in the Intelligence Committee, has met with the FBI, and the latter has explained to Feinstein just how it broke into Farook’s iPhone. The article goes on to say that the Chairman of the Senate Intelligence Committee, Richard Burr, has” been offered a briefing”, but hasn’t taken it yet.
