If you're feeling confused about the Apple vs. the FBI saga, relax. That's perfectly normal. Over the past couple of weeks it's been a dizzying and challenging saga, even for tech observers. And, it's been a hard one to write about because every day it seems like there's a new twist.
So, perhaps, the way to cut through all that is to think about what is at stake, rather than what has taken place. In short, for me the case comes down to this question: should citizens be able to know something that the government cannot get access to?
But to back up for a bit first. Here's the Cole's Notes on the situation. The FBI is currently in possession of an iPhone used by Syed Rizwan Farook, one of the shooters in the San Bernardino attack on December 2 of last year. The phone was owned by the San Bernardino County Department of Public Health, Farook's employer and the site of the shooting in which 14 people were killed and 22 were injured. As an important aside, Farook and his wife (the second assailant in the tragedy) both had personal phones, which were destroyed.
The iPhone that survived is protected by a password probably only known to Farook, who was killed by police after the attack. The FBI believe the phone may contain information about who, if anyone, Farook was in contact with prior to the attack. Or, they argue, it may contain other information that may aid in the investigation. Keep in mind Farook had a personal phone, which was much more likely to contain information about the attack. Someone who plans a mass killing with his wife isn't that likely to keep the details of the plot on a company phone. And, if the couple were part of a larger plot or a sleeper cell, the chances of them keeping terrorist contacts and plans are next to zero.
Breaking the lock on an iPhone
Nonetheless, the FBI have asked Apple to assist them in getting access to the phone. Apple has so far refused because the only way to get access is for Apple engineers to write a specific version of the phone's operating system that would make it possible for the FBI to do what is called a "brute force attack" on the phone. That is, to try thousands or possibly millions of numeric combinations that might be the password.
The FBI and other government agencies also have as many as a dozen additional phones in other cases, including one owned by a murdered pregnant mother, it would like Apple to give them access to in a similar fashion. Apple could have given the FBI a recent iCloud backup of this phone's data, but due to a spectacular screw-up by the investigation agency, that data isn't available.
And, because the chain of evidence needs to be unbroken, it's not as simple as Apple just taking the phone from the FBI, installing the code needed to allow a brute force attack, letting the FBI use the attack to get access to the phone, extract the data and then destroy the phone and any trace of the code Apple used to give the FBI access. If that happened and there was evidence of collaborators on the phone, those collaborators' lawyers would want to see forensic evidence that the data on the phone was not tampered with nor added to at any point when the FBI and/or Apple had the phone in their possession. In turn, that would force Apple into becoming a de facto forensics software company, a business it is currently not in. That, according to Apple, puts an undue burden on the company. The FBI, even though it is using the All Writs Act as legal justification for its demands, cannot compel a company to do something that places an undue burden on it. And given that there is a waiting list for phones the government wants access to, the argument that this is a "one off" is disingenuous at best.
To complicate things even further, if there is "actionable" data on the phone, the FBI may have no idea if the data is useful because it may be encrypted with software above and beyond the encryption Apple has placed on the same data. There are a number of other encryption schemes that could have been used on the phone, some in the public domain. And, Apple argued last week in a brief to the District Court of the Central District of California, the FBI haven't demonstrated that they have done everything possible before coming to Apple. In short, Apple is suggesting that the NSA should have been approached first since they seem to be so good at hacking data.
Because of all the deep math involved in secure encryption, it's hard to find a real-world analogy to this situation. There is not unbreakable lock or safe in the real world. But the complicated dance of software, math and the way the hardware and software in iPhones talk to each other, it is possible to create unbreakable encryption.
The limits on access to data
And this brings me to the question I first asked, because the closest thing we have to the iPhone situation is the human brain. Short of mind-reading techniques that currently don't exist, there is no way for the government to legally extract the information in our heads. Torture doesn't count. In the U.S., the Fifth Amendment also prohibits courts from requiring that individuals give up incriminating evidence. So, the question remains, do citizens have the right to know something the government can't itself know? Should it be possible for us to secure, in our digital devices or in the wetware of our brains, information that is wholly private and unobtainable? If the answer is yes, then Apple is correct in opposing the FBI. If no, then the FBI is overstepping.
And, finally, the issue of security as well as privacy is in the mix. Given that there has to be a chain of evidence and that the FBI already has a queue of other phones it wants unlocked, it is very likely the unlocking code will be in the wild. Or, more likely, once the U.S. government is granted permission to force Apple's hand, China, India and every other country where the iPhone is sold will also demand they can get access to encrypted phones as well, when needed. That makes the U.S. encryption weaker than encryption used by other countries. And, it makes U.S. data stored on iPhones more vulnerable to attack. So, in a single-minded attempt to get access to an encrypted phone and set a legal precedent for future decryption, the FBI is exposing the U.S. to future cyber assaults. As tech analyst Ben Thompson has observed, given that the NSA has a strong offence game against foreign encryption, it seems counterproductive for the FBI to weaken the country's defence.
It is probably also the case that the FBI doesn't believe there is any important data on the phone. It's not about the phone, or the data. It's about establishing a legal precedent and it's about the agency's belief that it is entitled to data, no matter how secure and no matter that they need to conscript a company to write code against its principles and best interests.
I think there is information to which the government has no right. If their ignorance of that data results in bad things happening, that is the sad price of liberty. And if believing that bad things will happen means we give up liberties a bit at a time, over and over, then bad things will start to happen, to us. And that shouldn't take a mind reader to figure out.
Original Article
Source: rabble.ca/
Author: Wayne MacPhail
So, perhaps, the way to cut through all that is to think about what is at stake, rather than what has taken place. In short, for me the case comes down to this question: should citizens be able to know something that the government cannot get access to?
But to back up for a bit first. Here's the Cole's Notes on the situation. The FBI is currently in possession of an iPhone used by Syed Rizwan Farook, one of the shooters in the San Bernardino attack on December 2 of last year. The phone was owned by the San Bernardino County Department of Public Health, Farook's employer and the site of the shooting in which 14 people were killed and 22 were injured. As an important aside, Farook and his wife (the second assailant in the tragedy) both had personal phones, which were destroyed.
The iPhone that survived is protected by a password probably only known to Farook, who was killed by police after the attack. The FBI believe the phone may contain information about who, if anyone, Farook was in contact with prior to the attack. Or, they argue, it may contain other information that may aid in the investigation. Keep in mind Farook had a personal phone, which was much more likely to contain information about the attack. Someone who plans a mass killing with his wife isn't that likely to keep the details of the plot on a company phone. And, if the couple were part of a larger plot or a sleeper cell, the chances of them keeping terrorist contacts and plans are next to zero.
Breaking the lock on an iPhone
Nonetheless, the FBI have asked Apple to assist them in getting access to the phone. Apple has so far refused because the only way to get access is for Apple engineers to write a specific version of the phone's operating system that would make it possible for the FBI to do what is called a "brute force attack" on the phone. That is, to try thousands or possibly millions of numeric combinations that might be the password.
The FBI and other government agencies also have as many as a dozen additional phones in other cases, including one owned by a murdered pregnant mother, it would like Apple to give them access to in a similar fashion. Apple could have given the FBI a recent iCloud backup of this phone's data, but due to a spectacular screw-up by the investigation agency, that data isn't available.
And, because the chain of evidence needs to be unbroken, it's not as simple as Apple just taking the phone from the FBI, installing the code needed to allow a brute force attack, letting the FBI use the attack to get access to the phone, extract the data and then destroy the phone and any trace of the code Apple used to give the FBI access. If that happened and there was evidence of collaborators on the phone, those collaborators' lawyers would want to see forensic evidence that the data on the phone was not tampered with nor added to at any point when the FBI and/or Apple had the phone in their possession. In turn, that would force Apple into becoming a de facto forensics software company, a business it is currently not in. That, according to Apple, puts an undue burden on the company. The FBI, even though it is using the All Writs Act as legal justification for its demands, cannot compel a company to do something that places an undue burden on it. And given that there is a waiting list for phones the government wants access to, the argument that this is a "one off" is disingenuous at best.
To complicate things even further, if there is "actionable" data on the phone, the FBI may have no idea if the data is useful because it may be encrypted with software above and beyond the encryption Apple has placed on the same data. There are a number of other encryption schemes that could have been used on the phone, some in the public domain. And, Apple argued last week in a brief to the District Court of the Central District of California, the FBI haven't demonstrated that they have done everything possible before coming to Apple. In short, Apple is suggesting that the NSA should have been approached first since they seem to be so good at hacking data.
Because of all the deep math involved in secure encryption, it's hard to find a real-world analogy to this situation. There is not unbreakable lock or safe in the real world. But the complicated dance of software, math and the way the hardware and software in iPhones talk to each other, it is possible to create unbreakable encryption.
The limits on access to data
And this brings me to the question I first asked, because the closest thing we have to the iPhone situation is the human brain. Short of mind-reading techniques that currently don't exist, there is no way for the government to legally extract the information in our heads. Torture doesn't count. In the U.S., the Fifth Amendment also prohibits courts from requiring that individuals give up incriminating evidence. So, the question remains, do citizens have the right to know something the government can't itself know? Should it be possible for us to secure, in our digital devices or in the wetware of our brains, information that is wholly private and unobtainable? If the answer is yes, then Apple is correct in opposing the FBI. If no, then the FBI is overstepping.
And, finally, the issue of security as well as privacy is in the mix. Given that there has to be a chain of evidence and that the FBI already has a queue of other phones it wants unlocked, it is very likely the unlocking code will be in the wild. Or, more likely, once the U.S. government is granted permission to force Apple's hand, China, India and every other country where the iPhone is sold will also demand they can get access to encrypted phones as well, when needed. That makes the U.S. encryption weaker than encryption used by other countries. And, it makes U.S. data stored on iPhones more vulnerable to attack. So, in a single-minded attempt to get access to an encrypted phone and set a legal precedent for future decryption, the FBI is exposing the U.S. to future cyber assaults. As tech analyst Ben Thompson has observed, given that the NSA has a strong offence game against foreign encryption, it seems counterproductive for the FBI to weaken the country's defence.
It is probably also the case that the FBI doesn't believe there is any important data on the phone. It's not about the phone, or the data. It's about establishing a legal precedent and it's about the agency's belief that it is entitled to data, no matter how secure and no matter that they need to conscript a company to write code against its principles and best interests.
I think there is information to which the government has no right. If their ignorance of that data results in bad things happening, that is the sad price of liberty. And if believing that bad things will happen means we give up liberties a bit at a time, over and over, then bad things will start to happen, to us. And that shouldn't take a mind reader to figure out.
Original Article
Source: rabble.ca/
Author: Wayne MacPhail
No comments:
Post a Comment