Are you willing to have your privacy put at risk to help the FBI fight terrorism? Americans might not have a choice, depending on how Apple vs. FBI pans out. While televised news focuses on the presidential primaries, online tech and data pundits have taken to social media to unpack 4th amendment rights, data encryption and the tools available to government — post-smartphones.
A quick recap:
Hours after the San Bernardino shooting in late 2015, the FBI seized a locked iPhone 5c belonging to one of the shooters (who died, as events unfolded). Wait, scratch that last part. Technically, the shooter’s employer — the San Bernardino Health Department — owns the phone.
What happens next gets a bit messy: Pressed for answers, federal authorities request the local health department act on behalf of the assailant and reset the iPhone’s iCloud password. Why, you might be asking? To access the phone’s contents from the cloud without having to know the shooter’s passcode. More so, to potentially connect the attack to ISIS and do data discovery on a potential third shooter. There’s even speculation that the actual device might be a weapon.
Remotely resetting the password caused two things to happen: It paused the auto-backup process until someone enters the right passcode and it activated the auto-destruct feature that will wipe the iPhone’s encrypted data after 10 consecutive incorrect attempts. And no one [alive] knows the correct passcode.
The complicated request:
To prevent unintentional action, the FBI went to Apple for help and requested a brand new software capable of doing the following to the iPhone 5c running iOS 8 firmware:
- Temporarily disable the auto-destruct feature on the phone
- Allow unlimited successive attempts to break the phone’s encryption
- Loop through a list of possible passcodes and automate the trial and error process
Asking a private company to develop software for a federal investigation steps into new territory.
Though Apple offered the FBI recommendations on how they might develop this software using government resources, they formally refused to co-create a flaw in their own end-to-end encrypted network. Note: Apple does have the technical know-how and resources to do what the government is asking, but that would mean dismantling a competitive advantage.
Federal authorities argue that newer iPhone models have updated iOS encryption systems that run in tandem with passcodes — now 6 digits instead of 4, for added security — to implement Touch ID encryption and to validate fingerprints. The FBI argues any vulnerabilities to the network that emerge from breaking this one phone would only affect legacy devices running the same version of iOS as the iPhone in question.
Points to consider as we let the encryption conversation marinate:
- Very few consumers use the iPhone 5c. Same goes for iOS 8.
You’re more likely to bump into someone with a 4s than someone with a 5c.
iOS 8 has several bugs. For one, it’s known to mess up the Touch ID feature on the iPhone 6 and iPhone 6 Plus, and also causes Wi-Fi, Bluetooth and battery issues. From what I’ve read, hackers can exploit these bugs to gain remote access to a person’s iPhone (using the built-in Handoff feature, for example). Unfortunately, this happened to me once. These security threats (along with an overall like for iOS 7) might explain why consumers seem hesitant to switch from iOS 7.
Should Apple just discontinue the iPhone 5c and iOS 8 and help the FBI?
- Apple’s slowly losing smartphone shares to Samsung.
Apple is already in a vulnerable position. In terms of market share, Apple mobile trails Samsung mobile as of last Christmas. And data shows Apple’s mobile sales might plateau. There might be losses for Apple in Asian markets (where iPhones tend to be adopted most rapidly), should a decision intended to impact only Americans, in fact threaten the data security of the entire iOS ecosystem.
After Apple refused, the FBI filed a motion with a magistrate judge using the All Writs Act to obtain a warrant that would force Apple’s compliance. Apple filed a counter motion and published a letter to customers explaining their stance. The conversation then moved to Congress and a 5-hour-long hearing (yes, 5 hours) ensued to listen to both sides.
Some questions (mixed with hearing highlights):
Walk with me while I ponder a few lingering questions after the hearing.
- Should the FBI [be able to] do this themselves?
So far, results from the FBI’s research demonstrate a need for more research. What they’re asking for might already exist. Cydia, for instance, a platform used to jailbreak phones and extend functionality is legal and readily available to even lay consumers. Jailbreaking might open up an entire ecosystem of apps to help do the work. Maybe the phone’s already jailbroken. Based on the specs we’ve seen, it’s possible. A brief Google search on the topic can teach you a lot.
And shouldn’t the FBI want to know how to figure out this problem for themselves? Say the courts decide in their favor. Wouldn’t they need to know more about accessing the iPhone’s root to find the data they’re after? The FBI’s general lack of knowledge on passcodes suggests that smartphones (and cloud technology) might be outpacing authorities.
- Should cloud storage be warrant-proof?
Authorities can search your house. They can crack your padlock safe. The FBI can even obtain a warrant to search a body (according to one member of Congress), with probable cause. Should cloud storage be any different? Should private companies be able to offer customers warrant-proof cyber storage, even if stored contents end up being criminal evidence? I’m not quite sure.
- Will this case set a precedent for other cases involving seized iOS devices?
Undoubtedly. The government has other iPhones they’d like to break. Even though the FBI insists Apple’s compliance in this one instance will only affect the overarching San Bernardino case, Congress counters that this decision will hold weight and set a precedent for all other cases related to smartphones and privacy.
They asked Director Comey straight up: Would the FBI use this technology to unlock other iPhones in possession? Director Comey’s response? Ppotentially, yes.
Two cases will likely influence #ApplevsFBI: a drug trafficking case in New York involving an iPhone 5s/iOS 7 pairing and a tragic murder, where the victim’s diary (stored on an iPhone, encrypted by a passcode) might hold clues leading to potential suspects. Investigations involving iOS 7 work differently, however, because Apple can extract data from iPhones running iOS 7 without knowing the end user’s passcode.
- How should the All Writs Act work when it comes to technology?
As US Magistrate Judge James Orenstein from the NY drug trafficking case puts it, going down this path with All Writs could create a “virtually limitless expansion of the government’s legal authority to surreptitiously intrude on personal privacy.”
Overall, Congress seemed to agree with this sentiment and questioned whether or not this case steps outside the scope of All Writs.
Several tech entities side with Apple on this debate and government’s limitations:
Something else I found interesting: Mark Cuban’s idea for Congress and Apple to work together and form a new law that settles the issue. This made me think, “wait. YES!” The private sector and government should collaborate on special cases. I’m wondering if this will come up at all during the presidential race.
I’m also wondering if it would help both Apple and the FBI to create a new bar of Apple geniuses to work on special cases. Maybe this would create more tech jobs and help make the iOS network more safe for consumers.
- How will this decision impact civil asset forfeiture?
Then there’s the systemic issue of civil asset forfeiture abuse. Given our current climate, would this type of technology be dangerous in the hands of local law enforcers from states already reporting high profit margins on civil asset forfeiture? What would stop law enforcement from continuing this trend and misusing this type of technology for profit?
Over to you:
Now that you’re somewhat caught up, what do you think? The next hearing will be happening later this month in Riverside, CA. Share your thoughts through the #ApplevsFBI opinion poll (or through the comments section) below.
AnnMargaret Tutu (developer and co-founder at Blaqbox, LLC) takes special interest in open source, open web and open conversations. She also loves learning through experience, writing thought pieces on cyber security, the blockchain, and digital art. Follower her on Twitter and check out her Medium.