By Doug Porter
The Federal Bureau of Investigation persuaded a judge to order Apple to create a workaround for iPhone security restrictions preventing them from trying unlimited PIN codes to crack into the phone used by one of San Bernadino terrorists.
Apple has said ‘no way’ and likely intends to appeal the order. The FBI and Department of Justice, with the Obama administration’s “full” support, say they are “not asking Apple to redesign its product or to create a new backdoor to their products,” but rather are seeking entry “to this one device.”
What the government’s not saying is that the process of gaining entry to this device once possessed by a TERRORIST (are you afraid yet?) provides a precedent amounting to unlocking all secure phones. They’re banking on judges and the public not grasping the scope of what is going on here. And it turns out they’ve been looking for a way to make this happen for quite some time.
The FBI wants the company to write new software, specifically an automatic update overriding existing limitations on how many times an errant PIN code can be entered. As things stand now–and this is the short version–, the phone in question would wipe itself clean after ten failed attempts. So the government is trying to subpoena or get a warrant for something that doesn’t exist.
The Story of the Terrorist iPhone
The device in question here is an iPhone5C, given to Syed Rizwan Farook by the San Bernardino County Health Department and was used in his job as an inspector. Farook created the unique numerical pass code.
On December 2nd they killed 14 people and seriously injured 22 more at the Inland Regional Center. The perpetrators, Syed Rizwan Farook and Tashfeen Malik, targeted a rented banquet room being used for a Department of Public Health training event and holiday party. It was subsequently learned that they were inspired by–but not associated with– various terrorist organizations.
Farook and his wife deliberately destroyed other devices but didn’t bother destroying this one. The iPhone was backing up to iCloud, and the FBI already has those backups. So the only missing data was created between the last backup and the terrorist attack.
Apple has, in the past, given up data in response to court orders. In a 1977 case involving an investigation into illegal gambling, the Supreme Court ruled said an obscure law passed in 1789 (the All Writs Act) could be used to compel a company to provide the government with existing technology to facilitate surveillance.
From the Los Angeles Times:
This week’s court order was different from those issued in the past, however. It requires Apple to create new software, experts said, not provide technology already at hand.
“This is a new frontier,” said Jennifer Granick, director of civil liberties at Stanford Law School’s Center for Internet and Society. “I know of no other statutory provision that would arguably create an obligation for device manufacturers to help out the government.”
Apple may not have fought orders in the past because “it was easy for Apple to give the data,” she said.
“But the architecture of the phones changed,” she said. “This is about Apple creating a new forensic version of its software to do the job the FBI wants it to do.”
Is Apple the One Crying Wolf?
If you look beyond the specifics of the Apple court order, it’s hard to miss the fact that law enforcement/intelligence agencies have a terrible track record when it comes to misusing and/or subverting every single bit or hardware and/or technology made available to them.
Hick towns in rural areas have armored vehicles. Hell, the San Diego Unified School District tried to get one until it got shamed via news stories. Body cam videos –the recording devices supposed to help weed out abusive cops– are now safely hidden behind the ‘blue wall’ that allowed those bad apples to get their way in the past.
(Yes, I’m aware of the City Attorney’s memo saying the buck stops with the mayor. This changes nothing.)
The FBI’s sharing program with the super-secret Stingray technology–one that spoofs cell phone towers to enable tracking–has been abused and misused at every turn by agencies all over the country.
The feds even required local law enforcement to drop criminal proceedings if evidence gathered was subpoenaed. Crooks walked free. And, rather than use it in the kind of life or death cases (a ticking bomb…your child kidnapped…) apologists like to bring up in debates this technology was used (and hidden) in everyday garden-variety criminal cases.
Here’s Nicholas Weaver (who doesn’t think some backdoors are a bad idea), writing at Lawfare:
The same logic behind what the FBI seeks could just as easily apply to a mandate forcing Microsoft, Google, Apple, and others to push malicious code to a device through automatic updates when the device isn’t yet in law enforcement’s hand. So the precedent the FBI seeks doesn’t represent just “create and install malcode for this device in Law Enforcement possession” but rather “create and install malcode for this device”…
…The San Bernardino case, however, is not a tip-toe down a slippery slope but a direct leap into a dangerous world, one which would compromise all our security under an incredibly ambitious reading of the law.
As the ACLU’s principal technologist Chris Soghoian says:
“Everyone is carefully watching this because if the government gets what they want here, they’ll have the power to conscript tech companies to covertly deliver surveillance software.”
A Broader Government Strategy
This court order didn’t come about because the government believes it will gain significant intelligence; it came about because they were seeking a precedent.
From Bloomberg Business:
In a secret meeting convened by the White House around Thanksgiving, senior national security officials ordered agencies across the U.S. government to find ways to counter encryption software and gain access to the most heavily protected user data on the most secure consumer devices, including Apple Inc.’s iPhone, the marquee product of one of America’s most valuable companies, according to two people familiar with the decision.
The approach was formalized in a confidential National Security Council “decision memo,” tasking government agencies with developing encryption workarounds, estimating additional budgets and identifying laws that may need to be changed to counter what FBI Director James Comey calls the “going dark” problem: investigators being unable to access the contents of encrypted data stored on mobile devices or traveling across the Internet. Details of the memo reveal that, in private, the government was honing a sharper edge to its relationship with Silicon Valley alongside more public signs of rapprochement.
On Tuesday, the public got its first glimpse of what those efforts may look like when a federal judge ordered Apple to create a special tool for the FBI to bypass security protections on an iPhone 5c belonging to one of the shooters in the Dec. 2 terrorist attack in San Bernardino, California that killed 14 people. Apple Chief Executive Officer Tim Cook has vowed to fight the order, calling it a “chilling” demand that Apple “hack our own users and undermine decades of security advancements that protect our customers.” The order was not a direct outcome of the memo but is in line with the broader government strategy.
As is often the case, the real-world bad guys are way out in front of this.
From Conor Friedersdorf, writing in the Atlantic:
The truth is that despite the spread of encryption, law enforcement is living in a golden age of surveillance. In fact, the rapidly increasing capabilities of Big Brother pose a far greater threat to Americans than criminals or terrorists exploiting new ways to “go dark.” Acting surreptitiously is harder than ever in this world.
The final point to bear in mind is how little Americans will benefit if the FBI gets its way here. If iPhones are easy for the FBI to breach, the next San Bernardino shooter won’t just leave theirs on a table, blowing their whole network after an attack. They’ll abandon the iPhone, so that only non-terrorists are vulnerable to having their security breached; they’ll use less mainstream tools to encrypt their data; or they’ll “go dark” the old-fashioned way, by dropping their phone off a boat or tossing it off a bridge or pouring gasoline over the device and lighting a match.
All but the dumbest murderers and terrorists will adapt. And Americans will be left with dramatically less secure devices in exchange for infinitesimally more security. If these are the FBI’s best examples, bad guys “going dark” is a less-costly phenomenon than I had imagined.
Finally, if the government truly believed this current tactic was needed or our national security/safety, they wouldn’t be using an obscure law as their own “back door.” They’d go before the Congress and ask for legislation authorizing this type of surveillance.
The problem is, however, that they already have. And the Congress, responding to a massive email and petition campaign, said no.
____________________
This is an excerpt from Doug Porter’s column at San Diego Free Press, our prodigy and associated online media for San Diego.
{ 0 comments… add one now }