What do you do when you’re at work, and your boss asks you to do something that you find to be unethical? Maybe you go over his head, and talk with his boss, or even someone in HR. But what happens when the US government gives you an order to do something like that? If you’re Apple, you can’t really go over the government’s head. But you can go to the people.
You probably already know that last week, Apple’s CEO Tim Cook wrote a letter to customers, explaining what the government had asked them to do. The letter also outlined the company’s stance on encryption, and data security. The long and short of it was that the company wanted to protect the data of their customers, and believed that by complying with the government’s order, they would be compromising the security of their customers.
Since that letter was published last Tuesday, quite a bit has happened. One of the biggest things is that it was discovered that FBI had ordered that the iCloud password for the phone had been reset. This is an important piece of information, because this was actually the worst thing that they could possibly do.
When the court order to Apple first came out, it was thought that there was still a way to retrieve the information. All that needed to be done was to connect the device to a trusted network, and let it backup to the cloud. Apple has already provided previous iCloud backups of the device to the FBI. However, it had been some time since the phone was last backed up. By letting it back up to the cloud, Apple would have been able to provide the FBI with everything they wanted/needed.
There were some other methods that also would have been useful in gaining access to the device’s information. Unfortunately, they all required that the iCloud password not be reset. By resetting that password, the device was cut off from all of Apple’s services, until it could be entered. And you can’t enter that password until you’ve already unlocked the phone.
So the FBI shot themselves in the foot as soon as the investigation started. They made a critical error, and in order to fix it, they are attempting to strong-arm Apple into creating an entirely new operating system for their phones, which will allow the government to crack open any locked iPhone with relative ease.
Some conspiracy theorists might say that the FBI did this on purpose. After all, they would need to ensure that they had no other options for getting inside of the terrorist’s phone. And since terrorism sells, it’s the perfect way to obtain a tool that will give them a way to access every iPhone that comes into their possession.
The conspiracy theory might not be as far-fetched as some I’ve heard, but it’s more likely that someone was just following a procedure that involved resetting passwords. After all, what might be worst than someone logging in and remotely wiping the phone? Regardless of the motive, they have a brick in their possession, and they want Apple to write a completely new version of iOS that will allow them to brute force the passcode, and Apple still wants nothing to do with the idea.
Today, Apple has decided to continue their open dialogue with the public. Rather than simply fighting the FBI in court, they’re hoping to inform the general public on the situation. This time, they have decided to answer some of the most frequently-asked questions. Essentially, they wrote an FAQ for the San Bernardino case.
They start off the letter by addressing exactly what the government wants them to do, and why they object to it. The main point is that by complying with the order, they believe they will compromise the security of their customers’ data. Doing so will also set a dangerous precedent, where security would be sacrificed in the name of law enforcement. This is something we’ve seen in other areas of life in a post-9/11 world. So this isn’t a far-fetched idea in any way.
They also go on to say that they do possess the technical ability to create the new operating system that the government wants. They’re just choosing not to, because they believe it to be too dangerous. It’s dangerous because of the precedent that it could set, but it’s also dangerous because the newly-created software could potentially fall into the wrong hands. They equated it to creating a master key that could open hundreds of millions of locks.
They also made a very good point about cybersecurity, by citing the recent attacks on the IRS systems. After all, if those systems can be breached, who’s to say that the systems protecting a copy of this new iOS couldn’t also be breached? The only way for Apple to keep this software out of the wrong hands is simply to not make it in the first place.
Perhaps the most interesting piece of information from the FAQ is that Apple has complied with government orders to open up phones in the past. That’s right, they have employed methods that unlocked and exposed all of the information on an iPhone without needing the passcode.
The difference between those other cases and this one is that all of the phones accessed in this manner were running older versions of the iOS software. Apple can and will open up a phone for the government when ordered, as long as it isn’t running iOS 8.0 or higher. With the newer versions, they utilized passcode-based encryption, which prevented anyone, themselves included, from accessing the information contained within. They specifically wanted to ensure that only someone that has the passcode could open the phone and see the data.
The whole FAQ is interesting and worth reading. You can see it here. This case is far from over, and we’ll be keeping an eye on it, and reporting on it as new information becomes available.