cyberarmscontrolblog

International Agreement for Control of Cyber Weapons

Month: February, 2016

Apple v. FBI

Two Islamic terrorists came into the United States. Syed Rizwan Farook moved to San Bernardino California, made friends with people at his place of employment, and served the numerous elderly patients there.  When the time came, he murdered a number of people, shortly after those same people had thrown for him a birthday party.  “Animal”, “Scum” are two appropriate words for Farook.

In the course of the investigation it was determined that the terrorists used an iPhone. The FBI wants to read its contents. The problem is that Apple’s iPhone security prevents access.  If someone more than ten times uses the wrong pass code to access an iPhone, it will erase itself.

At the core of the problem is the reality that Apple’s technology for the iPhone is actually secure. No one, not Apple, no one, has access to the encrypted personal information held on your iPhone. That is why ApplePay is so successful.  When it is used, the merchant never knows your identity or even your credit card number.

The FBI through a court order is asking Apple to develop software that would disable this protection mechanism.  It would allow a brute force cryptologic attack against the iPhone.  The term “brute force attack” refers to the submission of different codes over and over until the right code is found, then the phone will be unlocked.(*)

So far, Apple is resisting the court order. The argument on Apple’s side is that (1) Apple is not being asked to provide information, but instead is being asked to write software for the FBI; (2) If the US government forces Apple to do this, then any government (read China, Russia) would start to demand the same thing; (3) if this happened, then the iPhone no longer would be secure because eventually the secrets of how to dismantle its protection would leak out to hackers; (4) Apple would be put at a disadvantage because it would be unlikely that a foreign phone maker such as Samsung could be forced to comply. And there are other reasons also.

One hacker has argued that it is easy for Apple to break the iPhone security:

“On a technical level, Apple could carry out the order by creating a RAM disk signed by the company’s production certificate for the specific ECID of the suspect’s iPhone. This solution would allow Apple to use existing technologies in the firmware file format to grant access to the phone ensuring that there is no possible way the same solution would work on another device.” (comments of Will Strafach, Legendary iPhone hacker weighs in on Apple’s war with the FBI“)

There also are broader issues involving the balance of national security and privacy. Where should the balance be, and who is to make that determination?  This is going to be a difficult problem to solve.

What should be the power of governments to protect their people?  And what rights or privileges should be sacrificed in order for the government to accomplish this objective?

There are powerful arguments on either side.  But the way this is heading is fairly clear:  Secure systems might eventually be made illegal.

Note (*) The Order Compelling Apple, Inc. To Assist Agents in Search, No. ED 15-0451M, In the Matter of the Search of An Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus IS300, California License Plate 35KGD203 relies upon the All Writs Act, adopted in 1789 and listed as 28 U.S.C. § 1651. It says that:

(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.
(b) An alternative writ or rule nisi may be issued by a justice or judge of a court which has jurisdiction.
Note: The rule nisi is means that the ruling of a court is final unless one or both parties show cause for it not to be. (Black’s Law Dictionary)

 

 

Advertisements

Cyber War in Outer Space

The Director of National Intelligence, James Clapper, has warned that Russia and China have been working hard at developing capabilities to shoot down U.S. satellites.  This purpose of building this capability is to has the capability to disable U.S. military communications.

In the United Nations Charter, signed on 26 June 1945 in San Francisco, it always has been recognized that the cut off of communications is an important sanction that can be imposed against a nation states.  For example, Article 41 states:

“The Security Council may decide what measures not involving the use of armed force are to be employed to give effect to its decisions, and it may call upon the Members of the United Nations to apply such measures. These may include complete or partial interruption of economic relations and of rail, sea, air, postal, telegraphic, radio, and other means of communication, and the severance of diplomatic relations.”

China is developing so-called “Satellite Killers“.  In addition, there is a fear of electromagnetic pulse (EMP) effects from high-altitude nuclear bombs. EMP has the potential to wipe out large parts of the entire telecommunications and computing infrastructure of the United States.

All of these developments show that in the future, if there is war, then attacks against the cyber infrastructure will be as important as those against any other target.

It is difficult to see how these developments could be controlled with a cyber arms control treaty.