Syed Rizwan Farook’s iPhone 5C
Since the San Bernardino shooting, there has been a lot of information and news stories about Apple “refusing” to help the FBI by building software to crack the encryption – what has been referred to as a “backdoor” to the iPhone.
There is a lot of speculation that getting access to the information on Syed Rizwan Farook’s iPhone 5C will not only shed some light on the San Bernardino attacks, but also on any accomplices that may be lurking in the shadows. The view is that the information on this phone could potentially stop other attacks.
While all sides in this case seem to agree that stopping further attacks is in the country’s best interest, this is where the similarities stop. The FBI is trying to utilize emotion, and the tried and tested “national security” argument to convince the courts to order Apple to build software to unlock the phone.
The FBI has made some crucial mistakes to date. Most notably, the FBI directed the County to reset the iCloud password which immediately disabled the backup to iCloud feature of the iPhone. From iCloud, the FBI would have had access to essentially all the data, texts, calls, emails, etc., that Farook had sent in the months leading up to the attack. That one mistake has spurred this entire court battle.
Apple, for the most part, has cooperated with law enforcement. Tim Cook, Apple CEO, stated in an ABC interview that, “Apple has cooperated with the FBI fully in this case. They came to us and asked us for everything we had on this phone and we gave them everything we had.”
Previously Cook had stated, “We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor into the iPhone.”
Apple has refused to build a backdoor into the iPhone because of the implications it would have on personal privacy, as well as the precedent it would set for future cases.
While the FBI is trying to make this case about a single iPhone, Apple and Tim Cook see this case as something much larger. Unlike the FBI, Apple has taken the time to look at this case in the broader context of what this precedent could mean in a post Snowden society. Tim Cook stated, “This case is not about one phone. This case is about the future. What is at stake here is – Can the government compel Apple to write software that we believe will make hundreds of millions of customers vulnerable around the world including the U.S.”
Apple CEO Tim Cook inked his belief in the need for encryption, as well as his stance against creating the software, when he released a letter to the public on February 16, 2016. In this letter, Mr. Cook discussed his concern that if this software is created, it could be utilized to invade the privacy of Americans in the future. He sees the backdoor that law enforcement has asked for as dangerous; for personal liberties, privacy, and data security alike. In his own words he stated, “No one should have to decide between privacy or security. We should be smart enough to do both. Both of these things are essentially part of the Constitution.”
As one of the integral cogs of Silicon Valley, Apple tends to lead the pack for the tech giants such as Google, Facebook, Microsoft. That means that if a precedent is set for Apple in this case it could easily be extended to, and expected of, every other tech giant. For that reason, the leaders of these companies have found it increasingly difficult to stay silent on this matter.
As of late, Sundar Pichai, Google’s CEO, has only hinted towards his opposition to implementing backdoors. He has stated via his twitter account…
Unlike Tim Cook, Sundar currently has the luxury of taking a back seat to this battle. Although in the back of his mind he has to know that Google will probably be effected by the decision of the court.
Of all the companies in Silicon Valley to side with law enforcement, Microsoft, with its track record of building backdoors for the NSA dating back to 2013 (according to documents leaked by Snowden), would be the most likely.
Unlike Cook and Sundar, Bill Gates seems to side with the FBI on the scope of this court case, stating, “This is a specific case where the government is asking for access to information. They are not asking for some general thing, they are asking for a particular case.”
In a later interview on Bloomber Go, Mr. Gates backtracked a little after his original remarks had portrayed stance as aligned with the FBI.
He tempered his previous statements by stating what was needed was “balance” and that, “the government’s taken information historically and used it in ways we didn’t expect” showing that even he does not fully trust law enforcement.
After the Paris attacks and San Bernardino the public unrest resulted in calls for an end to encryption. However, even prominent figures of the U.S. Government have spoken out on encryption and its usefulness in modern society.
One of those people is Admiral Michael S. Rogers. Admiral Rogers is, the Commander of the U.S. Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service. He agrees with Mr. Cook on the necessity of protecting encryption for the future.
Rogers stated during an interview with Atlantic Council that, “Encryption is foundational to the future. So spending time arguing that encryption is bad and we ought to do away with it – that’s a waste of time”.
One of the key benefits of encryption is that it protects the average citizen from being snooped on by the government, hackers, etc. What many people don’t understand is that if certain type of encryption (such as end-t0-end encryption on iPhones) are weakened via the introduction of backdoors. The introduction of backdoors no matter what the circumstances can be sought out and misused by malicious actors. By this reckoning, the people who will suffer most are average Americans.
For criminals, hackers, and terrorists whom privacy of communication is extremely important, there are other forms of encryption, as well as encryption based chat applications such as WhatsApp, and Ricochet. Additionally, there is open source code readily available to create your own encryption. By no means will creating a backdoor on some devices prevent nefarious actors from hiding their communications.
An example of the risk that backdoors create can be seen by taking a closer look at the Juniper fiasco from 2015. Juniper Firewalls’ vulnerabilities seemed to emanate from a repurposed bit of NSA code, as hypothesized by Ralph-Philipp Weinmann, founder of Comsecuris.
Most worrying about this realization is that these vulnerabilities – which had been around for about three years at this point – could have been used to gain access to almost all of Juniper’s clients (which includes The Defense Dep., Justice Dept., FBI, and the Treasury Dept.).
According to Rapid7’s post an employee of Fox-IT was able to ID the backdoor password within 6 hours of Juniper’s advisory. Within 3 days the password was readily available online. That means that within three days, any company who hadn’t updated their Juniper firewall would be susceptible to a hack from virtually anyone.
This is the insecure reality that government backdoors could create. Within 72 hours of implementation, every updated iPhone in the world would be vulnerable.
The conflict between Apple and the FBI has created a valuable dialogue/debate that the whole country has tuned into. The FBI is frustrated with Apple’s non-compliance, but Apple has been steadfast in its resolve. Bill Gates has hypothesized that Apple is just delaying the inevitable, and it seems this case may find its way to the Supreme Court.
In many ways, this case boils down to, if Apple is forced to write the software to be used to crack the encryption on this iPhone… what will happen next? Will the software be deleted? Will the FBI keep it for future use? Will they distribute it to the NSA, DOJ, etc.? Will it be leaked? Will all of our information be potentially viewable by the U.S. government? Hackers? China? Russia? Will Microsoft, Sony, HTC, Samsung, be forced to follow suit?
In conclusion, should the government access the data in the phones used by these individuals to stop potential future attacks? Yes, I think everyone can agree this is in our best interest.
What the government is failing to see here, what they are failing to grasp (or simply ignoring) from the tech industry’s backlash, is that this goes above and beyond one case, and has potentially far reaching and unforeseen consequences.