Security
March 1, 2016

Apple has no choice but to fight the FBI

Creating a tool to bypass critical security features would not only open the door to a stream of law enforcement and intelligence agency requests, but also more generally demonstrate that the attack is technically possible. Both would be bad news for Apple and their customers.

Strong cryptography is clearly required to protect sensitive government, business, and personal information. But it also sometimes makes it difficult for law enforcement and intelligence agencies to obtain information they need. The United States government has been publically struggling with this issue since the mid-1990s, when the painful sinking of the Clipper Chip initiative demonstrated that the American public would not tolerate government-mandated key escrow, and that forcing it on vendors had the potential to cripple tech-sector exports.

Legislators have essentially refused to address the thorny issue, resulting in law enforcement agencies using any available avenues. Recent litigation between the FBI and Apple has brought the issue to a head, and the case is being carefully watched worldwide at the watercooler and the boardroom table.

The FBI is investigating an act of terrorism. Instead of seeking Apple’s advice from the beginning, they apparently made a serious error that denied them access to data stored on an iPhone via the iCloud backup mechanism. It is obvious why the FBI wants to view all data on the phone, and why they are willing to use any legal means at their disposal, including a catch-all law from 1789, in an attempt to force Apple to create a special tool to hack it.

There is a far more troubling aspect to this story. According to the Guardian, “For months, the FBI searched for a compelling case that would force Apple to weaken iPhone security – and then the San Bernardino shooting happened…this carefully planned legal battle has been months in the making, US officials and tech executives told the Guardian, as the government and Apple try to settle whether national security can dictate how Silicon Valley writes computer code.”

It would be naive to believe that this case is about a single iPhone; it is about whether the government can force a vendor to create a backdoor to their product. According to the Guardian, Manhattan District Attorney Cyrus Vance said he wants similar judicial orders to access 175 locked iPhones. If the FBI succeeds with this case, a long line will form at Apple’s door. If the United States can compel Apple to create this tool, so can every other country in which Apple has a physical presence.

Creating a tool to bypass critical security features would not only open the door to a stream of law enforcement and intelligence agency requests, but also more generally demonstrate that the attack is technically possible. Both would be bad news for Apple and their customers.

Most coverage of the FBI vs. Apple case has focused on the legal and public opinion aspects, and many observers have correctly pointed out that Apple is acting in the best interests of itself, its customers, and the general public. Missing from many of those discussion is that using the tool requested by the FBI should not be possible in the first place.

Apple has made significant security improvements in the iPhone, including mandatory data encryption. Users have the option of enabling a feature to erase all data on the iPhone after 10 failed passcode attempts. This is clearly effective given that the FBI’s request is for a custom version of the operating system that disables the erase feature and allows the passcodes to be entered by computer instead of by hand.

In other words, the FBI believes that the only way in is to brute force the passcode, and that is good news for iPhone owners. But a properly designed product should not allow an operating system update (or any other security-related software change) while the device is locked. Perhaps what the FBI wants is indeed not possible and Apple is fighting the order to demonstrate commitment to their customers and prevent a dangerous precedent.

In any event, the outcome of this case will have significant consequences for the entire US technology sector and Canadian vendors with a US presence. Apple has no choice but to strenuously fight the FBI’s demands.

About this author

Avatar

Eric Jacksch

Eric Jacksch is a leading cybersecurity analyst with over 20 years of practical security experience. He has consulted to some of the world's largest banks, governments, automakers, insurance companies and postal organizations. Eric is a regular columnist for IT in Canada and was a regular columnist for Monitor Magazine and has contributed to several other publications.

0 comments

There are no comments for this post yet.

Be the first to comment. Click here.

Security
 
Governments around the world are increasingly relying on cloud-based IT services...
 
For a few years now, there’s been a throwaway metaphor bounced...
 
According to a 2018 study led by Dr. Michael McGuire, Senior...
 
Cloud technology is a game changer! Successful implementation in both the...
 
For over two days at the end of January this year,...
 
Earlier this month I had the privilege of testifying as an...
 
Canadian Government Executive Media, (CGE) publisher of Canadian Government Executive magazine...
 
In the last few years, we’ve seen various federal governments warning...
 
Canadian Government Executive is excited to announce the agenda for TechGov...
 
In the wake of the WannaCry outbreak, corporate executives, IT professionals,...
 
Facebook Pages can be an essential tool for businesses and charities,...
 
Cybersecurity professionals have sounded the alarm for years, and they are...
 
CBC deserves full credit for exposing the presence of IMSI catchers...
 
Security professionals have an obligation to communicate risks and recommendations to...
 
Over the decades, technology has been grafted into governments around the...
 
In this episode, J. Richard Jones talks about being candid about...
 
Criminals have reportedly threatened to take over 250 million Apple accounts...
 
In this episode, hear more about how Canada is a prime...
 
While the incoming administration of President-elect Donald Trump is being buffeted...
 
In the world that we are living in today, free and...
 
The RCMP adopted a new media strategy earlier this month by...
 
What would tomorrow’s cybersecurity look like? That’s an intriguing question to...
 
Terrorism operates with deadly regularity. In June 2016, a gunman who...
 
Just as the federal government has begun consultations on cyber security,...
 
Efforts by the government to counter the radicalization of young Canadians...
 
Canadian healthcare organizations and businesses in the financial industry are the...
 
Global market trends are accelerating to increase the pressure on commercial...
 
A recent report suggests several strategies how governments and the private...
 
The latest information from IBM Cloud covers: Consolidating Complex Environments Consolidating...
 
IBM Cloud is the first cloud provider to use Intel TXT...
 
Signaling a realignment of Canada’s involvement with NATO, Prime Minister Justin...
 
United States President Barack Obama, speaking before Parliament last night, urged...
 
Yes, according to the former head of the Canadian Security Intelligence...
 
Early this morning, Philippine police confirmed that the severed head found...
 
The challenge is clear: a fast-paced industry pressures organizations to simultaneously...
 
As populations grow and age, the demand for services increases. As...
 
The agency responsible for safeguarding the Pentagon and several other buildings...
 
By Michael Murphy Not all assets can and should be equally...
 
Government agencies, international businesses, as well as, European organizations that comply...
 
The Royal Canadian Mounted Police (RCMP) is poised to launch an...
 
One of Canada’s largest integrated oil companies said it is not...
 
Associates of Russian President Vladimir Putin, the king of Saudi Arabia,...
 
Now more than ever, organizations in both the public and private...
 
The Federal Bureau of Investigation announced that it has managed to...
 
IT organizations, especially those in healthcare facilities and government institutions that...
 
Last year, the Canada Revenue Agency rolled out a pilot program...
 
Strong cryptography is clearly required to protect sensitive government, business, and...
 
As the battle between the FBI and Apple continues to escalate,...
 
“I don’t think that backdoors into encryption is going to increase...
 
Hackers are zeroing in on users of SSL/TLS encryption and no...
 
Meet Bob Heart.  He is an outstanding employee who works hard...
 
The CEO of Google Sundar Pichai has come out in support...
 
A new study released yesterday, Securing the C-Suite, Cybersecurity Perspectives from...
 
Application, operating system, and device logs contain essential security information, but...
 
Yesterday, Ontario Supreme Court Justice John Sproat ruled that the Peel...
 
I wrote about accountability more than a year ago. Recently, a...
 
Intelligence agencies have had widespread and long-running programs to gather, analyze...
 
What concerns me is whether or not we’ve got the balance...
 
One of the consequences of the Information Age in which we...
 
In March of 2011, the east coast of Japan was rocked...
 
BYOD is hot! But is it for you? If yes, which...
 
Protecting critical infrastructure from cyber threats is the shared responsibility of...
 
In numerous interviews with senior military commanders over the past several...
 
In early February, James R. Clapper, the U.S. director of national...
 
The widespread adoption of mobile devices as enterprise-level tools is occurring...
 
CGE Vol.13 No.2 February 2007 Public security, once a task relegated...
 
CGE Vol. 14 No.4 April 2008 In recent years, policy makers...
 
The changing face of public and personal privacy in the face...
 
The announcement regarding the establishment of Shared Services Canada (SSC) was...
 
What role should governments and public servants play in safeguarding personal...
 
L’univers de la sécurité des TI évolue rapidement. À mesure que...
 
The world of IT security is rapidly evolving. As quickly as...
 
There was probably a day in spring of AD 72 that...
 
Cyber attacks don’t have to look highly sophisticated. Hackers are purposely...
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
 
Some title Some author
Some excerpt
Governments around the world are increasingly relying on cloud-based IT services...