Apple versus the FBI – threat analysis and response

Anthony Caruana
25 February, 2016
View more articles fromthe author
AAA
News

Encrypt, security, ios, os x, macworld australiaApple has been in the crosshairs of law enforcement ever since it released iOS 8. With that release, it rendered the iPhone’s encryption nearly impossible to break by encrypting the device and not retaining a key for decrypting devices.

In a sense, it created a lock for your data, gave you all the keys and didn’t create a master key or backdoor.

But, using the All Writs Act, the FBI has found a legal mechanism through which to challenge Apple’s assertion that personal data is private and no organisation ought to have a mechanism for accessing it.

This is despite the fact the iPhone 5c used by terrorist Syed Rizwan Farook became inaccessible after the FBI directed a federal employee to change settings on it, the device was not under any sort of device management and Apple already assisting the FBI significantly from the first days the investigation.

Apple is a pretty smart company. It seems it has conducted a threat analysis as a result of the FBI’s court-issued directive and found that the cause of this that is, in fact, Apple.

So, it is working on remedying this by addressing its capacity to unlock the data.

The iPhone feature the FBI wants to exploit is the ability for the iPhone firmware to be upgraded without the need for any user intervention. This would allow the FBI to install a special version of iOS (which it says is just for this one specific case although it has over about a dozen similar cases pending), which would enable it to execute a brute force attack on the iPhone 5c in question’s passcode.

The New York Times reports that Apple is working to secure this potential backdoor for installing firmware.

Chris Soghoian, a technology analyst with the American Civil Liberties Union, says, “Usually, bug reports come in an email saying, ‘Dear Apple Security, we’ve discovered a flaw in your product’. This bug report has come in the form of a court order.”

This issue is bigger than one court case – despite FBI director James B Comey saying, “The particular legal issue is actually quite narrow. The relief we seek is limited and its value increasingly obsolete because the technology continues to evolve.”

Governments around the world need to debate this, in a balanced way with expert advice from law enforcement and privacy advocates where all the advice is weighed equally. Creating a legal precedent with one court case as the precedent for decades of actions does not serve the community well.

Australians should follow this case closely. Its ramifications will be broad and given comments made by Attorney General Brandis saying Apple ought to comply with the court order, it’s likely that a test case will be floated (manufactured?) in Australia so that we stay lock-step on this issue with our US allies.

Is that what’s best for all of us?

Leave a Comment

Please keep your comments friendly on the topic.

Contact us