Thursday, February 18, 2016

The Worm Inside the Apple

Apple is in a battle with the FBI—one with potentially huge repercussions. Apple was ordered by a federal magistrate to comply with an FBI request: create a new version of the iPhone OS that would bypass several security features and allow the unlocking of any iPhone. The request stems from the December 2015 attack in San Bernardino, CA, that cost 14 people their lives. The FBI intends to unlock one of the attackers’ iPhones.
Despite the legal merit, Apple CEO Tim Cook has his reservations: “The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.” The software would disable the limit imposed on incorrect passcode entries; normally, 10 incorrect passcode entries will wipe an iPhone of all its data. Disabling this feature would allow the FBI to unlock the iPhone by brute force, trying endless passcodes using computers.
            The US government claims this tool would be used just this once. But Tim Cook disagrees. Once created, he says, this tool could be used repeatedly on any number of devices. Cook equates this tool with a master key—capable of unlocking any iPhone with relative ease. Says Cook: “The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”
Even the Department of Justice has entered the fray, filing a motion compelling Apple to comply with the magistrate’s order. Says the US Attorney’s Office: “Rather than assist the effort to fully investigate a deadly terrorist attack by obeying this court's [previous order], Apple has responded by publicly repudiating that order.” The Justice Department claims that Apple has complied similarly in the past so “to facilitate a warrant is therefore not unprecedented.” In response, Apple noted that the passcode on the iPhone was changed less than 24 hours after the government took possession of the phone—meaning, the government could have accessed the desired data. Apple also claims to have been in regular contact with the government since early January to propose four different methods of data recovery that didn’t necessitate a backdoor. One method involved connecting the iPhone to a Wi-Fi network.
This should raise eyebrows as well as problems. The FBI’s inability to not only decrypt the iPhone, but to also recover the data when given the opportunity, suggest cybersecurity ineptitude. Furthermore, Apple proposed four methods to recover the data and yet the data still hasn’t been recovered. The FBI seems intent on the backdoor for its own ends, moreso than the ostensible data recovery. How is the FBI to be trusted both with this tool and with keeping our country safe?
            Prominent companies have come out in support of Apple: Google, Facebook, Twitter, Reform Government Surveillance (RGS), and WhatsApp. John McAfee, the man behind the iconic McAfee anti-virus software, even offered to decrypt the iPhone for free so that Apple doesn’t have to create a backdoor. Google CEO Sundar Pichai, meanwhile, said forcing Apple to comply with the FBI "could be a troubling precedent." Pichai also said, "We build secure products to keep your information safe and we give law enforcement access to data based on valid legal orders. But that's wholly different than requiring companies to enable hacking of customer devices and data."
            Without question, this presents one of the most serious personal security issues in the modern communicative era. Each side has merit: deterring an attack against fellow humans versus maintaining privacy. But it’s indisputable that allowing the government to, quite literally, reach into our pockets is concerning at best.


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.