Greetings and salutations everyone!
For those of you who are in the Network Security field or are perusing the most recent happenings of our world, you would probably already know of the FBI vs Apple controversy that’s been happening as of late.
For those of you who are not already up to speed on this though, this is a case between the Federal Bureau of Investigation (FBI) versus the company Apple (behind the creation of the iPhones, iPads, Macs, etc…) in regards to unlocking the iPhone of the San Bernardino shooter for investigation. Because of the nature of the encryption of this device (among other iPhones and the like as well), it is not an easy task as the FBI would be unable to break into this device’s encryption under normal circumstances, so they sought to receive assistance from Apple in regards to their source code or to even flat out create an iOS version that is inherently vulnerable so they can break into it.
Now this case goes far beyond just asking them for assistance though. Through the Department of Justice, there’s a 43-page brief filing that contains threats to Apple in regards to demanding of source code to iOS and the signatures needed for these devices to run modified software so that the FBI can create their own version of iOS with security stripped out and have access into the device.
The reason they need this in particular though, is because of the inherent security features located within iOS. The FBI wanted Apple to write software to change the policy on the phone that limits the number of wrong password entries to 10. That policy also erases all data on the phone after 10 wrong attempts.
So under normal circumstances, after about 10 or so attempts, the data located within the iDevice will be formatted, and there would go all of the evidence. Rather than being locked out of the device or having the information needed be lost forever, they would need the vulnerable version to throw onto the device in question to break in without the risk.
So long story short, this whole debacle of FBI vs Apple is a complete legal and ethical case in regards to encryption and data privacy. With the presence of the FBI having source code to iOS and the ability to break into these devices on their own whim, it begs the question of what would they do to take this even further. It’s ethical to help the organization attend to terrorist attacks or other matters that threaten the well being and security of the American people, but at the same point, encryption is everything that we have to protect our information and protect user data. On one side we’re helping the country, but at the other hand we’re dooming the security and well being of millions of people. It’s a double edged sword.
The case however is in even more hot water though, because it was not long ago that the FBI contracted a third-party company who were able to break the encryption and obtain access into the data. The company in question is the Israeli firm Cellebrite, however this was never truly confirmed, but regardless they were able to access the data on the iPhone and asked to drop the case as a whole.
The problem that stems from this however is that the method that they took to obtain access to the device (all of the “technical aspects”) is classified and is not being released, which has cause a huge backlash in the community over this matter. Apple is requesting that the FBI release this new found exploit into their systems, however it’s not looking like they will release it anytime soon.
From the beginning, we objected to the FBI’s demand that Apple builds a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent. As a result of the government’s dismissal, neither of these occurred. This case should never have been brought.
We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated.
Apple believes deeply that people in the United States and around the world deserve data protection, security and privacy. Sacrificing one for the other only puts people and countries at greater risk.
This case raised issues which deserve a national conversation about our civil liberties, and our collective security and privacy. Apple remains committed to participating in that discussion.
-The Full Statement from Apple
It’s definitely an interesting case in world of security and encryption, so I highly encourage everyone to give it a read and formulate an opinion on the matter of security and encryption practices by companies.
Until next time,