I take perverse pleasure (note to self: discuss with analyst!) in parting company with my libertarian/lefty buddies on the issue of the FBI’s demand that Apple assist in accessing an iPhone phone of the San Bernardino shooter.
The shadow of the People’s Republic of China—and the demands it plans to impose on US vendors of telecom/IT equipment in China once the Obama administration has established the benchmark for law enforcement intrusion—hangs over the whole debate.
And I believe the Obama administration has done a pretty canny job of getting law enforcement’s foot in the door while not letting the CCP panda completely in the tent.
First off, some techy details, as I understand them. (If I misunderstand them, and somebody points them out, I will happily and humbly correct.)
On older iPhones, if the user was lazy and stuck with a four position numerical passcode instead of choosing a fancier, longer option, local enforcement could attach a “crappy Chinese box”, in the words of an iPhone forensics expert (costing a mere $355 and well within the reach of local cops), to brute force the passcode. i.e. input four-digit numbers into the phone until it hit the right combo. No more.
A few years ago, Apple updated its security strategy and created unique difficulties to law enforcement. Specifically, the phone’s memory is wiped (actually the decryption key needed to access the encrypted data gets “forgot” by the phone) if 10 unsuccessful attempts are made to enter the passcode.
To make things extra difficult, Apple installed a separate processor on the new iOS8 iPhones in an area called “Secure Enclave” to handle the passcode/encryption duties. It includes some circuitry with burned-in random numbers (unique to each phone and “forgotten” i.e. subsequently unknown by Apple) that can’t be read for the purpose of “mirroring” or copying the phone’s memory. If the phone’s memory can’t be mirrored, it can’t be loaded into a computer or a bazillion computers to attack the mirrors simultaneously to try to hit the passcode.
There are tech rumblings that the burned-in numbers might be vulnerable to physical inspection i.e. peeling off the chip’s epoxy coating without destroying it and reading the circuits with a scanning electron microscope for mirroring. But not yet.
Supposedly, even if Apple helps out by disabling the wipe function, the FBI still can’t mirror the new phones for parallel attacks; the only phones they’ll be able to break are the ones that a) they have in their physical possession and b) have rather lame, un-terrorist-worthy four digit numerical passcodes that can be bruteforced through sequential attempts on the phone itself. Gotta wonder if this is really the case, given the FBI’s avid interest in this capability.
The government’s demand that Apple provide a firmware update that will disable the wipe function on this one phone has elicited a chorus of heroic squealing both from Apple jefe Tim Cook and the privacy/tech/Apple-adoring segments of the Internet, complaints that I find unconvincing and, I suspect, the Obama administration finds rather irritating.
A lot of thought, I believe, has gone into the government’s case, and it is designed to split the baby into three parts that satisfy a) privacy advocates b) law enforcement and c) the US government’s anxieties about inevitable PRC demands for reciprocal treatment from US tech companies.
The symbolic/precedent setting character of this demand is clear from the fact that the specter of the terrorist bogeyperson has been unleashed by invocation of the San Bernardino shooting even though it’s not terribly likely that Farouk kept a lot of vital info about his rampage on his employer-provided/four digit passcode phone (a phone, by the way, that could have been made transparent to his employer with a $20 piece of software); and the fact that the FBI made its demand public instead of just talking to Apple privately.
I will also add my suspicion that the FBI already knows what’s on the phone, or simply doesn’t care. Supposedly, in some goof-up during the investigation, the FBI botched a password reset attempt to gain access to the iCloud account linked to the phone, so that the phone couldn’t back up its precious contents to the cloud–where Apple apparently can help extract them. Oops, so sorry, here comes the All Writs Warrant for Apple to create the firmware bypass to the 10-and-out function on the phone itself.
Anyway, the US government is not demanding a back door that would enable the FBI to eavesdrop on the phone covertly while it’s in the hand of the user; instead it wants Apple to develop a utility that allows the FBI to attack an encrypted phone that is in its physical custody and obtained, presumably, under color of law in a criminal investigation. And it’s only asking for a one-time firmware update prepared by Apple itself and then destroyed, with Apple exclusively handling its signing certificate, thereby denying the US government a real “backdoor” tool, the ability to deliver certified firmware updates into any and all iPhones.
So, no apparent surveillance capabilities (unless the assumption is that the government will do some TAO operation, acquire a target phone, spend a few days burning it up to read the hardwired factors and bruteforcing the passcode, extract the encrypt/decrypt key, and then covertly return the phone to the hapless enduser in order to spy on him or her; yes, inevitably there will be plans of this sort, but only at the outer limits of practicality), to keep the privacy advocates happy; a legup to the FBI on a rather knotty encryption problem; and relatively limited benefits to the PRC, which craves a universal backdoor into the iPhone for nefarious realtime surveillance of targeted individuals and, instead can only occupy itself with extracting one-time assistance from Apple for single phones in law enforcement custody, presumably only for the noblest and best-articulated of reasons.
And I think Apple understands it too, and what we are seeing with this massive Apple-polishing privacy campaign is an elaborate piece of kabuki whose major purpose is to demonstrate both to its customer base and to the PRC government that it will not provide phone-forcing utilities unless it’s a one-phone deal in response to categorical formal legal compulsion, and executed only by Apple and not by turning over the software fix (probably not terribly fancy) and, most importantly, its signing certificate over to some government agency for repeated use at the government’s discretion and maybe without crossing the search warrant/due process/human rights Ps and Qs.
If I was Apple (and the Obama administration and, for that matter, people who worry about PRC bullying of US IT firms for access to source code, surveillance utilities and the like) I would look for a graceful way to cave in response to a one-time demand through a court in a single case. Better to button up this issue now, in other words, rather than open the door for the Congress to pass a CALEA-style law with a blanket obligation for Apple to cooperate on issues of this sort–a precedent that would make the PRC pretty happy.
Cynic that I am, I would not be surprised if this public spectacle was paralleled in private by a side deal between Apple and the US government to diddle with the physical encapsulation of the Secure Enclave chip to make it accessible to the FBI, and maybe get more liberal with sharing the signing certificate. After all Apple, though a relatively insignificant provider of goods and services to the US government compared to behemoth spook servicers Google and Microsoft, is facing uncomfortable scrutiny over a $30 billion/year income tax diddle it’s conducting through its (physically nonexistent) Irish affiliate; so the Apple executive agenda probably doesn’t include scorched-earth opposition to the United States or, for that matter, against the People’s Republic of China, which now accounts more than 25% of Apple profits.
In other words, a solution cleverly designed to completely please no own. And, by that criterion, apparently a signal success!