A showdown between Apple Inc. and law enforcement agencies, which has been brewing for several months, came to a head this week when U.S. Magistrate Judge Sheri Pym signed off on a Department of Justice request to force Apple to unlock a passcode-protected iPhone belonging to Syed Farook, one of the two people who carried out last year’s mass shooting in San Bernardino, Calif.
Judge Pym’s order requires Apple to develop software to defeat a security feature on the newest version of Apple’s iOS operating system that erases data after 10 consecutive unsuccessful passcode entries. However, in an open letter to customers posted on Apple’s website, Apple CEO Tim Cook said the company would oppose the order “as an overreach by the U.S. government” and intends to challenge the FBI’s demands. Apple is expected to file an appeal in the coming days.
Here is a synopsis of the dispute. Right now, iPhone users have the option to set a security feature that only allows a certain number of tries to guess the correct passcode to unlock the phone before all the data on the iPhone is deleted. It’s a security measure Apple put in place to keep important data out of the wrong hands. The FBI wants Apple to disable the security feature, opening up a backdoor for agents to hack into the device by guessing as many combinations as necessary before the code is cracked.
This showdown has the potential of setting an important precedent in the burgeoning arena of mobile security. More broadly, many observers believe it could set a precedent for all forms of encryption in a wide range of technology platforms, possibly helping to determine whether other companies could be compelled to give up encryption algorithms for not just mobile devices, but also encrypted computers, databases, etc. The issues raised here are profound and both sides convey arguments that are quite reasonable on their own merits.
FBI: Protecting the public from terrorist threats
The battle of encryption “backdoors” has been under heated discussion, from Washington to Silicon Valley, for months. The Obama Administration announced last fall that it would not give source code and encryption keys on digital devices to law enforcement and government agencies, for fear it would leave the U.S. open to international attacks. However, the horrifying mass shooting in San Bernardino on December 2nd – in which 14 people were killed – upped the ante for the FBI.
Federal prosecutors looking for more information behind the San Bernardino shootings don’t know the passcode on the work iPhone owned by Syed Rizwan Farook, one of the San Bernardino terrorists. If they guess incorrectly too many times, the data they hope to find will be deleted.
The DOJ request asks for Apple’s assistance with decrypting Farook’s iPhone in order to harvest what may be important intelligence that could prevent additional terrorist threats and better protect innocent Americans.
Apple: Protecting digital privacy
For its part, Apple says helping the FBI will be like providing a universal key that will permit law enforcement to break into anyone’s iPhone. Apple and other tech companies say it would also create a vulnerability that hackers from China, Iran or elsewhere can exploit.
To comply with the court order, Apple would be forced to assemble a team of its own data security professionals to open up the iPhone to what is called a “brute force” attack, in which all it takes is time and patience to submit a large number of passcodes. These attacks are usually carried out with the assistance of a powerful computer, which can automatically input millions of different password combinations until it guesses the correct one.
So Apple views itself as an important defender of digital privacy rights. Cook has previously insisted that consumers should not have to trade privacy for national security and has raised an important question: if the U.S. government is allowed to execute this demand, what is to stop the Chinese or Russian governments from doing the same thing? According to Cook: “We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data.”
Resolving the Showdown
The battle to unlock valuable forensic data from encrypted mobile devices is not new to digital forensic investigators. While the Apple case is a dramatic one, most investigations are made far more routine with best practices and modern tools. For example, the recovery of what was thought to be deleted data from a mobile device calls for the mandatory use of mobile forensics software. Forensic software, such as AccessData’s nFIELD, allows investigators to collect data on the scene with almost no advance training. Anyone on the team can forensically collect and preview data on a mobile device, regardless of the manufacturer or software system.
As for the DOJ-Apple showdown, this drama will almost certainly be resolved in the courts. Both sides in the dispute have important arguments to make and this is clearly an important national conversation with profound implications for the future.