What You need to know about the Apple vs FBI row

What You need to know about the Apple vs FBI row

appleencryptionq.jpg

An Apple iPhone is seen in Washington after a judge has ordered Apple to break into a work-based phone used by a gunman in San Bernardino, California.
Photo: AP

Apple Inc is fighting a court order which says it has to help the US government break into the iPhone of Rizwan Farook. He and his wife killed 14 people in a December shooting in San Bernardino, California. The government has described it as a "terror" attack.
So, what's the fuss?

Why does the US government need Apple’s help?

The government wants Apple to help it break into Farook’s phone. Apple's mobile operating system (iOS) encrypts nearly all of its data so that forensics experts cannot access email, text messages, photos or other information unless they enter a password.
The phone needs two digital "keys" to unscramble the data: a passcode entered by the user and a unique 256-bit Advanced Encryption Standard key that is coded into the hardware during manufacture. The hardware key cannot be removed from the device, which prevents hackers from copying the contents of its hard drive and then cracking the passcode with the help of powerful computers.
Apple's mobile iOS system offers an auto-erase function that will wipe the device after 10 failed attempts to unlock it. The government says it is not sure if Farook enabled that function but has not tried to unlock it because it does not want to risk losing the data.

What exactly does the government want Apple to do?

The government has asked Apple to make a new version of iOS that disables the auto-erase function. It also wants the new software to get around a feature that causes delays of up to one hour when nine wrong passwords are entered - making it possible to break into the phone using the "brute force" method of trying millions of different passwords. The government says it is possible for Apple to create software that will only work on the device used by Farook.

Why doesn't Apple want to help?

Apple says such a tool would create a "backdoor" that could be used by the FBI or others to break into any iPhone. Apple CEO Tim Cook, in a letter to customers, cited the possibility of the specially created software falling into the "wrong hands" and didn't believe it would only be used in this single case.
Cook also said the move would establish a dangerous rule. "The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone's microphone or camera without your knowledge," he said.


Apple refuses to open iPhone for FBI


Is Apple right?

It's not clear why Apple would worry about the especially created software being stolen or misused, since the work would take place in Apple's labs and would presumably be no more subject to theft than any other Apple software. Apple is known for its strong security and there are no known incidents of its source code or cryptographic keys being stolen.
Further, the same technique would not work on devices launched after the 5c because they are equipped with a chip known as "Secure Enclave," which helps encrypt data using both the password and a unique user ID that is prepared and equipped for new users during manufacturing and not known to Apple.
The bigger concern is the precedent. If Apple does as it's told, it would mark the first time a software company created a tool to break into its own products from an order from law enforcement. Technology companies and privacy advocates fear an endless stream of similar requests - not just from the US government, but also from foreign governments and even from people in civil cases. Technologists are horrified by the very idea of deliberately creating software that undermines security.

Why can't they just work it out?

Apple is drawing a line in the sand to avoid setting a precedent. In the past it has said no when China's government asked it to reveal user data.

What information does the government want?

Lawyers say they believe data on the phone could help show who Farook and his wife Tashfeen Malik communicated with as they planned the shootings, where they travelled to before and after the attack, and other details about the attack.

Will all the info the government wants be on the phone?

Not necessarily. Even if the government is right in its assumption that the phone was used to plan that attack, Farook may have used encrypted apps that wipe all evidence of communications. For example, Islamic State uses a mobile messaging service known as Telegram for propaganda and recruitment. The service allows the group to broadcast messages to large numbers of followers, then move to private, one-to-one encrypted messaging that likely cannot be seen by forensics experts.

So what about Android?

Smartphones powered by Google’s Android operating system offer a variety of encryption options, depending on the manufacturer and model. Forensic technicians can "bypass" passcodes on some of the devices, according to a November report by Manhattan’s top lawyer. Google can remotely reset the passcodes, when served with a search warrant and an order instructing them to assist law enforcement to extract data, allowing authorities to view contents of a device.
 

Tag: 

Comments

To post comments please
register or