Apple and the FBI

So I've not seen the debate reach the Hall yet, so I figured this was a good time to put in my $0.02 about it.  And I don't suppose my opinion on the matter will surprise anyone.  That said, let's first explain exactly what the situation is.

The FBI wishes to get into the San Bernadino shooter's work phone (he destroyed all of his personal phones prior to the attack, this is the only one left) in the hopes of finding some kind of evidence that would point to co-conspirators.  They do not know that the phone contains this information, or that it is even likely to.  But they'd like to be sure.  Because the phone is an iPhone, this presents certain challenges.

One, the data on the phone's hard drive is encrypted.  Normally, you can remove the hard drive from an electronic device and simply access the data without knowing any passcodes or passwords. I can myself do this with most computer hard drives rather trivially.  But since the hard drive is encrypted, you still need the passcode, else the data is unreadable.  Furthermore, the decryption key is bound up with the passcode used to unlock the phone.  So without that, you have nothing of any use.

Two, Apple's security system on the phone is such that after 10 failed password attempts, the device wipes the hard drive.  This is actually a key selling feature for the device to businesses.  Even if a phone is stolen by a corporate spy, they cannot access your company data without that passcode.  But this means that attempts to break the passcode through "brute force" (attempting every combination of numbers available) will permanently destroy the data on the 10th failed attempt.  This is built into the operating system, and cannot be circumvented, even by Apple (as of right now).

OK, so that's the challenge, so what's the issue?  A court has ordered Apple to assist the FBI in accessing that data.  For Apple to do so, they must have a team of engineers write a firmware update to circumvent the security they've built into their devices.  Apple has refused.  Now, contrary to some reports, Apple has not refused to help the FBI in their investigation.  In fact, Apple has already given the FBI full access to all of the shooter's data they have access to.  They only balked at being ordered to develop a brand new firmware patch that has no purpose other than to defeat their own security measures.  And I agree with their refusal.  It's the why that I want to get into.

First, I believe the judge had no idea what he was ordering when he told Apple to do whatever it takes to get into the phone.  This isn't like asking a locksmith to unlock a specific lock.  This is asking a locksmith to manufacture a skeleton key which will open any lock made by that specific manufacturer, regardless of the fact that such a thing does not currently exist.  Such a thing is not a 5-10 minute operation, it would require man-weeks of effort to make such a piece of firmware.  Furthermore, because this code does not currently exist, no one can use it (which ought to be self evident), but once this code is made, it cannot be unmade, and anyone who has access to it can use it.  Now, some people think this is just paranoia, that we can trust the FBI to only use the code on this one phone or alternatively, have Apple apply the firmware, unlock the phone, give the FBI the data, then remove the firmware destroying the firmware forever.  Now, if you believe the first scenario, then you are a more optimistic person than I.  But let's assume that's true, or that Apple applies the firmware to this one phone and then removes it after.  The problem is that firmware patch is not a physical item that can be passed only from one trusted human being to another.  Along the way (and during development) it passes through many electronic devices and many hands.  And all it takes is one security slip up, or one dishonest person who has an unreasonable desire to become rich, and that code will find its way into someone else's hands.  And at that point, Apple's got a security disaster on their hands.

Second, I am uncomfortable with the government ordering companies and their employees to labor on the government's behalf for no compensation and against their wishes.  This surely falls afoul of the Thirteenth Amendment.  Requiring uncompensated (or forced) labor outside the context of a draft of military service ought to be anathema.  Doing so on what amounts to a fishing expedition strikes me as doubly foul.  This is not a "ticking timebomb" scenario, this is a purely dubious hunt for potential information.

In effect, the judge has ordered a US company (and its employees) to labor under duress to defeat that company's security protocols (put in place and sold to customers based at least partly on how secure it was) despite the incredible future security risks (at not just the government's hands, but potentially a foreign power or even just criminals) all for the potential that it might lead to another criminal conspirator?  Thanks, I'll have none.


Grim said...

What do you think the odds are that the firmware patch really doesn't exist? It has to be a target for intelligence services worldwide.

MikeD said...

I'd currently say it is approaching 100% that it does not exist. And not because I have such faith in Apple as much as I believe that programmers do not do an ounce more work than is necessary, especially if no one pays them to do so. And given that such a firmware patch can only come from Apple (by virtue of how an Apple device will not run an unsigned firmware patch), and given that those kinds of digital signatures are not something that one person can approve, I really do think that it has never been created.

*edited for egregious typos

Grim said...

You could be right. I would have assumed that the NSA would have made it a priority to build such a patch, along with an appropriately forged digital signature. The FBI may not have access to it (if it exists), or it may be that the NSA doesn't want the capability to become public knowledge; or it may just be that the government wants to send the message to the world that Apple will bow down on this point.

Or it could be just as it appears: that Apple really does have a leg up on the Feds, and that there's nothing they can do about it without Apple's cooperation.

raven said...

After the botched crime scene investigation at the home, and letting the press walk right in, I can't believe the FBI gives a hoot about this investigation. Especially with all the deliberate head in sand PC out of DC.

The FBI does not care about THIS phone. They are using it as an excuse to force apple to give them a key to ALL phones.

Eric Blair said...

I think Raven has the sense of it, and the fact that the work phone *was not* destroyed argues that there is nothing of value on it.

E Hines said...

There's also the chain of custody question involved in any evidence the FBI might pull, should they succeed in dragooning Apple into producing the bypass. The particular bypass won't work on any phones other than the particular one; it's tied the phone's key identifier (whatever the thing is called), but with the bypass in the FBI's IT hands, it's an easy thing to adjust the bypass to any phone that uses the bypass algorithm.

The FBI has offered to let Apple do the unlock, download the data, and then destroy the bypass--when the government is done with the need of it at the end of the trial and all of its appeals. But to maintain chain of custody proof satisfactory to the prosecutor, the judge, and especially the defenses lawyers, the judge, the FBI, and the lawyers will need to be present with their respective IT forensic experts and watch--and record the process. Now the FBI has the bypass.

Eric Hines

MikeD said...

You could be right. I would have assumed that the NSA would have made it a priority to build such a patch, along with an appropriately forged digital signature.

The trouble is, the encryption is a two step. One part is bound in the device's hardware, the other in the PIN code to access the phone. Remove either of those, and you can't access the data (you've only got half a key). It's what makes Apple's encryption so brilliant. Added to that is the protection against brute forcing the PIN by wiping the very data you seek on too many failed attempts. Now, could the NSA have cracked this? Anything is possible. But I highly doubt it.

The particular bypass won't work on any phones other than the particular one; it's tied the phone's key identifier (whatever the thing is called), but with the bypass in the FBI's IT hands, it's an easy thing to adjust the bypass to any phone that uses the bypass algorithm.

Close but not quite. What the FBI has requested is that Apple develop a firmware patch which would override the lockout block on too many failed attempts. This is built into the OS of the phone. In order to overcome that, you must patch the OS of the phone (which is NOT bound up with the device's hardware ID). The encryption on the iPhone's hard drive is what is bound up with the hardware ID (to prevent you from slapping the HD into a different iPhone that you've jailbreaked in order to get around the PIN, for example). This is why the FBI doesn't simply pull the device's hard drive to read it. But the firmware patch that the FBI wants Apple to write would 100% be usable on any iPhone running that OS.

And again, we're talking about a master key that does not currently exist. Once created, you can't put that genie back into the bottle (short of Apple rolling out a new OS to all iPhone users which specifically blocks this firmware patch, which would cost them millions, plus the damage it would do to their security reputation). And again, they want this to investigate the off chance that there's some useful data on this dead terrorist's work phone, the only one he didn't bother to destroy.