I was watching part of the Congressional hearing investigating the conflict between Apple and the FBI. Both sides have an arguable point of view, which I’ll touch on, but what really struck me was that this issue is a direct consequence of our digital media world. What’s at stake here has never been at stake before.
It’s also an example of a theme I’ve hammered on several times here: It was not ever thus. This is an example of a new thing. Never have we put so much of our lives in a digital vault that depends completely on digital encryption for security.
The outcome of this debate is crucial to our future!
For one thing, this could go all the way to the Supreme Court, and with SCOTUS in balance due to missing a judge, suddenly the political side of this rises to the foreground. Who ends up replacing Scalia could be instrumental to how this case is decided.
Another thing interesting about this is how it requires a level of technical knowledge to understand. And therefore also to judge. If you don’t understand the issues involved, your opinion on them is pretty meaningless.
The good news is that the knowledge required isn’t out of the reach of any intelligent person willing to pay attention. It’s not like math is involved.
(Although, since we’re talking encryption, it can be if you want it to be.)
But the point is that this is an important modern technology issue that does require some degree of genuine understanding. (And it’s certainly not the only issue facing us that does.)
Let’s start with exactly what the FBI is asking of Apple…
Actually, at the risk of tipping my opinion early, let’s rephrase that as: What is the FBI using a court order to try to force Apple to do against its will?
They want them to create a new version of the phone’s O/S (operating system) with three modifications:
- Disable the phone’s setting to delete all data after 10 failed passcode attempts.
- Disable the time delay forced by the phone between passcode attempts.
- Add a new capability to allow passcodes to be entered electronically rather than by hand
The combination of these items (especially #2 and #3) would allow the FBI to use their computing power (which is considerable) to brute force the passcode. That is, to try all possible combinations until they get it.
That would give them access to whatever is on the phone. Which, as in Geraldo Rivera’s infamous vault, might be nothing. Keep that in mind. The FBI doesn’t know what, if anything, is on the phone.
The FBI’s basic position is that, while of course they support the right to privacy of all Americans (duh!), a court order can overcome that right. In principle, such a court order can overcome any and all privacy rights.
For example, a judicial order can compel a DNA sample or even surgery to recover needed evidence (such as a bullet). It can certainly make available all your personal and business information.
But a key point Apple makes is that court orders compel existing work product or evidence. They cannot, generally, compel you to create new work product (or evidence) to satisfy the ruling.
As such, the court cannot compel Apple to require its workers create a new version of the operating system.
The FBI counters with the example of compelling a landlord to create a new key allowing access to one of the building units.
(I would counter with how that’s not a new key, that’s a copy of an existing key. It’s like ordering a business to provide copies of their documents.)
So it does seem the FBI is asking for something out of the ordinary when they try to force Apple to create a new work product.
A big part of Apple’s resistance comes from the fear that, once this modified O/S is created, there are two dangers:
- Despite the FBI’s claim this is a one-off, there will be other requests to repeat this trick.
- The wrong people might get their hands on the modified O/S.
The way out of those dangers, Apple says, is to never make the modified O/S!
I’m less supportive of the second danger (I suspect Apple is very careful about the security of its O/S code), but the first one is bad enough.
Other law agencies have already said they want in on this.
And what happens when England or Germany or Israel asks us to help stop a terrorist plot by cracking a terrorist phone? Do we say no?
What happens when China asks? Or Iran? Would we help Iran crack the phone of an ISIS terrorist? What if the plot was against the USA?
Very often in the world, once a thing is done once, once the virginity is lost, so to speak, doing it again is much, much easier. This is true for many things in life. The first time is the challenge.
If this were a matter of getting into some terrorist communications it would be much less of an issue. But today people put their entire lives on their smart phones.
Someone with access to your phone might also have access to your banking, your medical records, your utilities, your home security, your social media and anything stored in the cloud, even your car.
And consider how much information is available through the phones of government workers and business men.
The stakes here are extremely high, so we all need to educate ourselves about this and pay attention!
And, if it isn’t obvious, I do side with Apple on this.
One last note: This modified O/S is not a “backdoor” to encryption, although some of the same issues do apply.
Encryption is the mathematical process of turning the numbers representing the plaintext (readable text) into other numbers (the ciphertext, which looks like random noise).
Decryption reverses the process, restoring the plaintext.
The encryption and decryption processes use private (and sometimes public) keys. The idea being that only those with the key can read the text.
A backdoor is a bit of secret code in the encryption-decryption algorithms that allows those who know about the backdoor to read all encrypted text without knowing the key!
Backdoor code is considered very, very bad, because (unlike a modified O/S) the bad guys only have to know about the backdoor. Once that secret is out, all your encrypted traffic (that used that process) is dead beef.
The FBI counters (accurately) that they’re asking Apple to just remove the guard dogs so they can try to pick the lock. No backdoor involved.
In closing, there are some questions I have about this case (please speak up if you know any of the answers):
Why would a locked phone allow its operating system to be replaced?
If that’s possible, why doesn’t the FBI hire someone to do that?
Is it the case that the phone’s O/S can be uploaded but not downloaded (and studied to determine how to modify it)?
So why doesn’t the FBI demand the (existing) source code for the O/S (or at least the relevant sections) along with the (existing) technique for uploading a modified O/S and do the work themselves?