Two Islamic terrorists came into the United States. Syed Rizwan Farook moved to San Bernardino California, made friends with people at his place of employment, and served the numerous elderly patients there. When the time came, he murdered a number of people, shortly after those same people had thrown for him a birthday party. “Animal”, “Scum” are two appropriate words for Farook.
In the course of the investigation it was determined that the terrorists used an iPhone. The FBI wants to read its contents. The problem is that Apple’s iPhone security prevents access. If someone more than ten times uses the wrong pass code to access an iPhone, it will erase itself.
At the core of the problem is the reality that Apple’s technology for the iPhone is actually secure. No one, not Apple, no one, has access to the encrypted personal information held on your iPhone. That is why ApplePay is so successful. When it is used, the merchant never knows your identity or even your credit card number.
The FBI through a court order is asking Apple to develop software that would disable this protection mechanism. It would allow a brute force cryptologic attack against the iPhone. The term “brute force attack” refers to the submission of different codes over and over until the right code is found, then the phone will be unlocked.(*)
So far, Apple is resisting the court order. The argument on Apple’s side is that (1) Apple is not being asked to provide information, but instead is being asked to write software for the FBI; (2) If the US government forces Apple to do this, then any government (read China, Russia) would start to demand the same thing; (3) if this happened, then the iPhone no longer would be secure because eventually the secrets of how to dismantle its protection would leak out to hackers; (4) Apple would be put at a disadvantage because it would be unlikely that a foreign phone maker such as Samsung could be forced to comply. And there are other reasons also.
One hacker has argued that it is easy for Apple to break the iPhone security:
“On a technical level, Apple could carry out the order by creating a RAM disk signed by the company’s production certificate for the specific ECID of the suspect’s iPhone. This solution would allow Apple to use existing technologies in the firmware file format to grant access to the phone ensuring that there is no possible way the same solution would work on another device.” (comments of Will Strafach, “Legendary iPhone hacker weighs in on Apple’s war with the FBI“)
There also are broader issues involving the balance of national security and privacy. Where should the balance be, and who is to make that determination? This is going to be a difficult problem to solve.
What should be the power of governments to protect their people? And what rights or privileges should be sacrificed in order for the government to accomplish this objective?
There are powerful arguments on either side. But the way this is heading is fairly clear: Secure systems might eventually be made illegal.
Note (*) The Order Compelling Apple, Inc. To Assist Agents in Search, No. ED 15-0451M, In the Matter of the Search of An Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus IS300, California License Plate 35KGD203 relies upon the All Writs Act, adopted in 1789 and listed as 28 U.S.C. § 1651. It says that: