Apple and the FBI: What's Happening and Why It's Important

Apple VS the FBI
image credit: Chip Somodevilla/ Staff/Getty Images News

March 28, 2016: The fight is over. The FBI announced today that it had succeeded in decrypting the iPhone in question without involving Apple. It did so with the assistance of a third-party company, whose name hasn't been announced. This is a bit of a surprise, given that most observers thought this wouldn't happen and the FBI and Apple were headed for more court dates.

I'd deem this outcome a win for Apple, in that the company was able to maintain its position and the security of its products.

The FBI doesn't look great coming out of this situation, but it does seem to have gotten the data it sought, so that's a measure of success, too.

The issue is dead for now, but expect that it will return in the future. Law enforcement still wants to find a way to access secure communications, especially in products made by Apple. When another, similar case arises in the future, expect to see Apple and the government back at odds. 

******

Original article:

What's at the root of the dispute between Apple and the FBI? The issue has been all over the news and has even become a talking point in the presidential campaign. It's complex, emotional, and confusing situation, but it's crucial for all iPhone users and Apple customers to understand what's going on. In fact, everyone who uses the Internet needs to be aware of the situation, since what happens here could dramatically influence the future of security for every Internet user.

What’s Going On Between Apple and the FBI?

Apple and the FBI are locked in a battle over whether the company will help the FBI access data on the iPhone used by San Bernardino shooter Syed Rizwan Farook. The iPhone—a 5C running iOS 9—belongs to the San Bernardino Department of Public Health, Farook's employer and the target of his attack.

The data on the phone is encrypted and the FBI can't access it. The agency is asking Apple to help it access that data.

What is the FBI Asking Apple To Do?

The FBI's request is more complicated and more nuanced than simply asking Apple to provide the data. The FBI has been able to access some data from the phone's iCloud backup, but the phone wasn't backed up in the month prior to the shooting. The FBI believes that there may be important evidence on the phone from that period. 

The iPhone is protected with a passcode, which includes a setting that permanently locks all data on the phone if the wrong passcode is entered 10 times. Apple does not have access to users' passcodes and the FBI, understandably, doesn't want to risk deleting the phone's data with incorrect guesses.

To get around Apple's security measures and access the data on the phone, the FBI is asking Apple to create a special version of the iOS that removes the setting to lock the iPhone if too many incorrect passcodes are entered. Apple could then install that version of the iOS on Farook's iPhone. This would allow the FBI to use a computer program to try to guess the passcode and access the data.

The FBI is arguing that this is required to assist in the investigation of the shooting and, presumably, in preventing future terrorist acts.

Why Is Apple Not Complying?

Apple is refusing to comply with the FBI's request because it says it would endanger the security of its users and place an undue burden on the company. Apple's arguments for not complying include:

  • Changing the OS in this way undermines its security efforts—Apple argues that it's put its security measures in place deliberately and with much consideration and strategy. Being forced to create this new version of the iOS goes directly against its work.
  • Undermines user trust—If customers know that this security-compromised version of the iOS exists and that the U.S. government can force Apple to install it on iPhones, there's no way to know whether future versions of the iOS include it. The government could force Apple to secretly include it in all future versions of the iOS. This is particularly worrisome in countries with more repressive governments (more on that later).
  • Increases hacking risks for Apple—If the world knows that this version of the iOS exists, it dramatically increases the likelihood that hackers will attack Apple to get access to the code.
  • Increases security risks for users—If hackers were to succeed in getting the code from Apple, the security risks for users would skyrocket. With the right kind of attack, hackers might be able to trick users into installing the security-compromised version of the iOS on their devices, which would open all kinds of data to hackers. Considering that phones contain passwords, banking details, personal health information, fingerprints, and more, the risk is clear.
  • The request is unprecedented—Apple has routinely assisted the FBI in unlocking iPhones in other cases. Never before has the FBI or another government agency asked Apple to create new software that it believes is not in its, or its users', interests. The idea that the government could force private companies to create products against their will is a dangerous precedent.
  • The FBI's legal basis is questionable—This one will be of most interest to lawyers and fans of this kind of legal/governmental detail, but Apple argues that the FBI's request is based on faulty reasoning. It says that the All Writs Act of 1798, which the FBI is citing as support for its position, doesn't apply and that it is protected by both the 1st and 5th amendments.

Does It Matter That This is an iPhone 5C Running iOS 9?

Yes, for a few reasons:

  • The version of the operating system matters—Apple implemented new, tougher security measures in iOS 8. If the phone were running something older, the security wouldn't be as difficult to break.
  • The model of the phone matters—The iPhone 5C was the last iPhone model that didn't have the Touch ID fingerprint scanner. This is important because all Touch ID models also have a special security feature called the secure enclave. This is where crucial data, like your fingerprint, is stored.

Why Is It So Hard to Access This Data?

This gets complicated and technical but stick with me. The basic encryption in the iPhone has two elements: a secret encryption key added to the phone when it's manufactured and the passcode chosen by the user. Those two elements get combined to create a "key" that locks and unlocks the phone and its data. If the user enters the right passcode, the phone checks the two codes and unlocks itself.

There are limits placed on this feature to make it more secure. As mentioned earlier, a key limit causes the iPhone to permanently lock itself if the wrong passcode is entered 10 times (this is a setting enabled by the user).

Guessing passcodes in this kind of situation is often done by a computer program that tries every possible combination until one works. With a four-digit passcode, there are about 10,000 possible combinations. With a 6-digit passcode, that number rises to around 1 million combinations. Six-digit passcodes can be made of both numbers and letters, a further complication that means that it could take over 5 years of attempts to correctly guess the code, according to Apple.

The secure enclave used in some versions of the iPhone make this even more complex.

Each time you guess the wrong passcode, the secure enclave makes you wait longer before your next attempt. The iPhone 5C at issue here doesn't have the secure enclave, but its inclusion in all subsequent iPhones gives an idea of how much more secure those models are.

Why Did the FBI Choose This Case?

The FBI hasn't explained this, but it's not hard to guess. Law enforcement has been agitating against Apple's security measures for years. The FBI may have guessed that Apple would be unwilling to take an unpopular stand in a terrorism case during an election year and that this would be its opportunity to finally break Apple's security. 

Does Law Enforcement Want a "Backdoor" Into All Encryption?

Most likely, yes. For the past few years, senior law enforcement and intelligence officials have pressed for the ability to access encrypted communications. This amounts to a backdoor. For a good sampling of that discussion, check out this Wired article surveying the situation after the Nov. 2015 terrorist attacks in Paris. It seems likely that law enforcement agencies want the ability to access any encrypted communications whenever they would like (once they follow the proper legal channels, though that has failed to offer protection in the past).

Is The FBI's Request Limited to a Single iPhone?

No. While the immediate issue has to do with this individual phone, Apple has said that it has about a dozen similar requests from the Justice Department right now. This means that the result of this case will influence at least a dozen other cases and might very well set a precedent for future actions.

What Effect Could Apple Complying Have Around the World? 

There's a real danger that if Apple complies with the U.S. government, in this case, other governments around the world could ask for similar treatment. If the U.S. governments get a backdoor into Apple's security ecosystem, what's to stop other countries from forcing Apple to provide them the same thing if the company wants to keep doing business there? This is particularly concerning with countries like China (which regularly conducts cyberattacks against the U.S. government and U.S. companies) or repressive regimes like Russia, Syria, or Iran. Having a backdoor into the iPhone could allow these regimes to squash pro-democracy reform movements and endanger activists.

What Do Other Tech Companies Think?

While they were slow to publicly support Apple, the following companies are among those that have filed amicus briefs and registered other forms of support for Apple:

AmazonAtlassian
AutomatticBox
CiscoDropbox
eBayEvernote
FacebookGoogle
KickstarterLinkedIn
MicrosoftNest
PinterestReddit
SlackSnapchat
SquareSquareSpace
TwitterYahoo

What Should You Do?

That depends on your perspective on the issue. If you support Apple, you could contact your elected representatives to express that support. If you agree with the FBI, you could contact Apple to let them know.

If you're concerned with the security of your device, there are a number of steps you can take:

  • Set a passcode on your iPhone. Use the complex passcode option and create a passcode of 6+ characters, using letters and numbers. A passcode of that complexity is extremely difficult to break. Instructions for setting a passcode
  • Encrypt your backups. iCloud backups are automatically encrypted, but if you use iTunes, follow these steps:
  1. Sync your device with iTunes
  2. Make sure you have the latest versions of iTunes and the iOS
  3. Make sure you have moved all iTunes and App Store purchases to iTunes (File -> Devices -> Transfer Purchases)
  4. On the Summary tab in iTunes, click Encrypt iPhone Backup
  5. Follow the onscreen instructions for setting a password for your backups. Make sure it's one you can remember, otherwise you'll be locked out of your backups, too.

What’s Going to Happen?

Things are likely to move very slowly for a while. Expect a lot of discussion in the media and a lot of badly informed commentators talking about subjects (encryption and computer security) that they don't really understand. Expect it to come up in the presidential election.

The immediate dates to watch for are:

  • March 10—The deadline for the U.S. government to respond to Apple's latest court filing denying the request
  • March 22—Oral arguments on the matter before the U.S. District Court of Central California.

Apple appears firmly entrenched in its position here. I'd wager we'll see multiple lower court rulings and I wouldn't be at all surprised if this case ends up before the Supreme Court in the next year or two. Apple seems to be planning for that, too: it's hired Ted Olson, the lawyer who represented George W. Bush in Bush v. Gore and helped overturn California's anti-gay Proposition 8 as its lawyer.

Was this page helpful?