Last year, December 2, 2015, Syed Farook and his wife Tashfeen Malik walked into a gathering of San Bernardino County Department of Public Health employees and killed 14 people while wounding 22 others. Syed worked for the department as a health inspector. Within about 4 hours after the attack, the police encountered the couple, a shootout ensued where both Syed and Tashfeen were killed.
Reportedly, both Syed and Tashfeen had pledged allegiance to ISIS and were devout Sunni Muslims.
Following the shooting and as part of the investigation, the police confiscated over 300 items, one of which was an iPhone 5c that had been issued to Syed from the San Bernardino County Department of Public Health. This phone had a number of technologies that has prevented the police and FBI from being able to access the phone and view it’s contents. To be clear, the FBI does not know if there is anything of value on the phone but, due to the lack of access, is unable to view any of the phone’s contents.
As part of the investigation into the iPhone, the FBI then worked with the San Bernardino County Department of Public Health employees to reset the password for the phone. Not only did this not work, but it also prevented the phone from backing up it’s contents to the iCloud as the password for the iCloud and the iPhone were now out of synch. This left the FBI with a phone they could not access. At this point the FBI went to court and invoked a 227 year old law, the All Writs Act of 1789 that essentially commanded Apple to produce a version of their IOS that would allow the FBI to access the phone.
What the FBI did not ask for was for Apple to de-encrypt the data on the phone. The FBI essentially wants Apple to create a custom version of the IOS that allows them to guess as many times as they want the current password. As the iPhone uses a 10 key keyboard and passcodes tend to be 4 numbers, this requires up to 10,000 guesses. The problem on the iPhone is that after 10 guesses, the phone resets, all data is lost and it essentially becomes a brick.
Apple argues that the effort to create such an IOS is overly cumbersome, and in fact, today they argues that it would take up to 10 engineers and employees 4 weeks to create such an IOS. Apple has also argued that this has nothing to do with selling phones but is a 1st amendment violation of it’s freedom from of an arbitrary deprivation of its liberty by government and a 5th amendment violation of its freedom of speech as it would be forced to produce software that is contrary to it’s existing software functionality.
Should You Care?
If you are a privacy advocate, absolutely as anything the Apple creates in this case could potentially be used on other phones. Is that likely? Probably extraordinarily remotely so, as Apple would most likely need to have the device in it’s own facility to load the software, so the custom IOS would not be in the FBI’s hands. Additionally, the custom IOS version needs to be written tailored to this particular phone. So the IOS, as written, could not work on any other device. Apples stance that this is not, at least partly, a marketing ploy to show how strong they are willing to stand on encryption of their devices is likely a bit disingenuous. But also keep in mind that other countries watch our privacy rulings with great interest, think China and others, and that if Apple can de-encrypt 1 phone for our government then their government should be able to demand the same. So the FBI’s demand could cut both ways in the long run.
If you are more concerned about stopping bad actors like Syed and Tashfeen, you should also care as being able to forensically view encrypted content is becoming a significant challenge in law enforcement, which is why many groups (ISIS included) are using communication methods that encrypt all communications by default. This is a risk, as once an incident happens, the media tends to question why the someone in the government did not know. If the communication method was encrypted, the government would have no method (or none that we the people are aware of) to view the contents of those communications.
That’s my take for the day. I’ve oversimplified the Apple encryption for an easier read, hopefully without dumbing it down too much.