The public back-and-forth between the FBI and Apple over the company’s refusal to create a custom version of iOS that would let the FBI access encrypted data on an iPhone belonging to one of the shooters in the San Bernardino massacre has produced a huge amount of rhetoric and confusion. The technical details of what Apple can and can’t do are part of the story, but there are many other aspects to it, as well.
To help put the story and its ramifications in perspective, here’s a guide to what we know about the story so far.
- While investigating the shooting in San Bernardino, the FBI recovered an iPhone belonging to Syed Farook, one of the alleged shooters. The phone was protected by a passcode, and because of the way the iPhone’s security is designed, if the agency had tried to unlock the phone and failed 10 times, the phone would have erased all of the data on it. So the FBI asked Apple for help.
- Apple says it has supplied some information to the FBI in this case, complying with search warrants and subpoenas. But the FBI wanted Apple to unlock the phone, which the company said it couldn’t do. The agency then went to court and got an order that directs Apple to provide “reasonable technical assistance” to the FBI, including methods to bypass the auto-erase feature, a way to allow the agency to brute-force the PIN, and provide a signed software file that can be loaded onto the phone to allow the FBI to access it.
- Apple has refused to comply with the order, saying that doing so was dangerous and would set a bad precedent. “We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone,” Apple CEO Tim Cook said in a letter.
- The company also said that if it created the software the FBI is demanding, other law enforcement agencies in the United States and perhaps abroad would ask for the same assistance in other cases.
- Executives at Apple and security researchers say that it is technically possible to do what the FBI is asking. “Yes, it is certainly possible to create an entirely new operating system to undermine our security features as the government wants. But it’s something we believe is too dangerous to do. The only way to guarantee that such a powerful tool isn’t abused and doesn’t fall into the wrong hands is to never create it,” Apple said in an FAQ on the FBI demands.
- The FBI could have gotten the data it wanted from the iCloud backup of the iPhone, but Farook’s employer, the San Bernardino County Department of Health, reset the iCloud password–at the direction of the FBI. So, no iCloud backup.
- Security experts say that this case has important ramifications for user security and privacy, as well as for technology providers. “I’m puzzled by the argument that Apple’s capability to crack phones proves that key escrow can be done securely. It shows the opposite,” Matt Blaze, a professor at the University of Pennsylvania, said on Twitter. “It turns Apple in to a centralized target. It is a poor security design that Apple has been smartly moving away from.”
- Apple is unlikely to back down. The company has a history of digging in its heels and it has built much of its public image on the notions of security and privacy.
- The FBI is unlikely to back down. It’s the FBI.
Image from Flickr stream of Josh Allen.