December 2, 2015 – Syed Rizwan Farook and Tashfen Malik entered the Inland Regional Center in San Bernardino California and in a carefully planned attack, opened fire on their co-workers and individuals that considered them friends. At the end of the attack – which also consisted of explosive devices and a manhunt for these two individuals, 14 people were murdered and 22 were injured.
In the aftermath of this attack, law enforcement started to investigate for causes and clues that could prevent further attacks. Among the evidence collected: computer equipment and cell phones. The equipment was destroyed by the two terrorists to the point that data recovery may be impossible. Interestingly enough, the police also found an intact iPhone used by one of the shooters and owned by the county. Somehow, they forgot to smash this phone to destroy the data inside. Thus began the struggle between the FBI and Apple, the manufacturer of this phone.
In the latest version of the iOS operating system (the program that controls the phone), Apple employs security measures, that when combined offer a consumer a pretty good level of protection for their data.
- Password protection
- Throttling on incorrect passwords (if you enter a password incorrectly, it takes an increasingly longer amount of time to try again)
- Data wiping after too many attempts (if you enter an incorrect password too many times, your phone’s data is erased)
- Encryption (your data must be unlocked before it can be used)
With all of the above taken in concert, the iPhone is a decent choice for most consumers concerned about their data. The FBI would have you believe the security is impenetrable, and the only way for them to stop the next terrorist attack is for Apple to violate their own security standards and provide a specialized version of their iOS software that can be forcibly installed by law enforcement that disables most of the protections above. In fact, the FBI was so inept at opening this device and using technology, they sued Apple in federal court.
In an absolutely stunning level of technological ignorance and the shoehorning of existing law never designed for use in these situations (in this case, the All Writs act of 1789 – yes you read that correctly, 1789) a judge ruled that apple must create and provide the FBI with software that does the following:
- Allows the FBI to disable the auto wipe functions of the iPhone on incorrect passwords.
- Allows the FBI to transmit passwords to the phone via any means including: physical connector on the phone, WiFi, Bluetooth, or whatever else the FBI could dream up.
- Disables the throttling mechanism so that the phone accepts passwords just as fast as can be transmitted.
Now, you don’t have to be a computer scientist to understand the danger of this request. If this configuration managed to make its way into the wrong hands, your data might just as well be posted on wikipedia for all to see.
As has been proven in the past, tools designed for any law enforcement or support individual always end up in the hands of those that seek to do you harm. Diagnostic tools for vehicles that can start a chipped engine without a key are owned by car-theft rings. Lock pick kits and instructions are available on Amazon. Master keys for gas pumps are available online and allow thieves to install devices that can steal your credit card data.
Even our own government employees are responsible for leaking data, the infamous Edward Snowden passed vetting and had access to classified data, which he stole and leaked.
The FBI used to be an institution that took the I(nvestigation) seriously. Since the passage of programs such as the NSA bulk-data collection, and the creation of the NSA itself, our intelligence agencies have become accustomed to muttering “national security” and having a master key to access whatever information they want. This is the first time there has been push back against one of these orders and it caught the FBI off guard. Luckily, judge James Ornstein stated that the original court order was basically absurd, and pointed out the crazy power grab in play by trying to apply a 200 year old law to the situation and ordered that Apple did not have to comply. Of course the FBI appealed, after all, this iPhone contains every secret ISIS has ever had! (or maybe just work contacts. Remember this entire warrant is nothing but a fishing expedition).
In an equally stunning turn of events, on the eve of the appeal of Judge Ornstein’s decision, the FBI requested that the court system hit pause on their request because they may have found a way into the phone. This request shows that this case was not about finding terrorists, nor was it about one particular phone. The FBI used the most politically and emotionally charged case they could to attempt to set precedent in the fight against data encryption and your rights to have your data secured.
Instead of immediately contacting specialists in the field of decryption and technology, they ordered the user’s password changed which locked the phones ability to be unlocked by the county, then began demanding that Apple let them in.
When denied by Judge Ornstein and before they would hear their argument destroyed in appeals court, they suddenly figured out another way.
Our intelligence agencies need to put forth at least the same effort that our enemies do. Terrorists have advanced technology experts that do nothing but cryptography, and they even have help desks to provide assistance to John Q Terrorist.
Our intelligence agencies should not admit that the consumer level protection on a 400 dollar phone has stymied them.