The FBI wants a legal backdoor from Apple, not a technical one

Is the FBI's court ruling about more than getting into San Bernardino killer's iPhone?

A lot of media appear quite confused about a story in which Apple is refusing a US judge's ruling that requires the company to assist the FBI in accessing encrypted data on an iPhone 5c belonging to a man who killed 14 people.

This is understandable, after all encryption is a complicated subject even for those who work in and around the security business. So let's try and clear some of that confusion up, shall we?

That law enforcement would want to access data on the iPhone belonging to Syed Rizwan Farook, who killed 14 people in a suspected terrorist attack in San Bernardinolast December, is a given. That they should be able to is more open to debate, which is why this particular judicial request is so important.

Apple's CEO, Tim Cook, says the US government is asking "for something we simply do not have" and "something we consider too dangerous to create", that something being a backdoor into the encryption used by iPhones.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Indeed, Cook himself states that the FBI "have asked us to build a backdoor to the iPhone".

Cook goes on to suggest that the FBI wants Apple to "make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation".

Obviously, this would be a bad thing' because as I have stated repeatedly, you cannot introduce a weakness into a security product and expect it to only be exploitable by yourself.

However, would it actually be a backdoor in the accepted sense? That's a little less clear. As I understand it, what it being requested by this order that the judge signed is for Apple to disable a security barrier that wipes all data from a phone after 10 incorrect passwords.

Currently, so we are told, FBI data forensic specialists have been unable over the course of nearly three months to get into the iPhone. Brute forcing the password would trip the repeated errors limitation and delete the data the FBI is after.

Here's what the judge wants: reasonable technical assistance' to bypass or disable the auto-erase function, to enable the FBI to submit a passcode to the device without introducing additional delays between passcode attempts.

Advertisement - Article continues below

Not a backdoor, but certainly a path that leads towards it by making brute forcing of the passcode relatively simple. Assuming the passcode is a straightforward PIN, of course, and isn't a hugely complex string instead.

For Apple to obey the court order it would, so it seems, have to rewrite parts of iOS to enable the unlocking of the device by someone other than the device owner.

If it did, and did so within time limits set by the court, then the chances are the resulting code would be buggy. This in and of itself means that it would open up even more risk for the future of encrypted iOS devices.

Indeed, the court order states that as part of the reasonable technical assistance remit', Apple would provide a signed iPhone software file or recovery bundle. It suggests a Software Image File coded by Apple so as to only run on the particular phone in question.

Advertisement
Advertisement - Article continues below

At which point I have to refer back to my you cannot introduce a weakness that benefits only one side' argument.

There are folk within the security industry, and the forensic data recovery business, who would insist (off the record) that it's already feasible to remove data from an encrypted iPhone, thanks very much.

Advertisement - Article continues below

That may well be so, and the fact that this is a 5c model without TouchID and, therefore, without the hardware benefit of the Secure Enclave, getting at the data shouldn't be too problematic with or without the help of Apple.

If it were really that easy, you might imagine, the FBI would have done it by now. Unless you go all X-Files on this one. How about if this was less to do with if it is possible to comply with the FBI request, and more to do with forcing the removal of security functionality without having to bother with that democratic process nonsense?

I mean, why bother with debates and votes to try and change the law when you can just haul something out of the dusty statute books from 1789 (the All Writs Act) and get a lowly magistrate judge to sign off on that instead?

Now that is where the real backdoor in this whole thing comes in, a backdoor that enables political and democratic processes to be side-stepped.

That is what we should be concerned about. Apple is being thrown between a rock and a hard place, where it will find arguing it cannot technically comply because it is technically unreasonable to be very difficult indeed.

Instead it might have to stick with the because it is wrong' argument, and that could prove altogether much harder to succeed with in a court of law.

Advertisement - Article continues below

Or maybe it could just introduce anotherError 53that bricks the phone as soon as it detects any brute forcing by the FBI

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/business-strategy/33311/apple-launches-new-tv-gaming-and-finance-services
Business strategy

Apple launches new TV, gaming and finance services

25 Mar 2019
Visit/hardware/laptops/354509/apple-macbook-pro-16in-review-a-little-bigger-a-lot-better
Laptops

Apple MacBook Pro 16in review: A little bigger, a lot better

10 Jan 2020
Visit/mobile/23617/the-best-smartphones-to-buy
Mobile

Best smartphone 2019: Apple, Samsung and OnePlus duke it out

24 Dec 2019
Visit/hardware/354336/the-it-pro-products-of-the-year-2019-all-the-years-best-hardware
Hardware

The IT Pro Products of the Year 2019: All the year’s best hardware

24 Dec 2019

Most Popular

Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/network-internet/web-browser/354614/microsoft-developer-declares-its-time-to-ditch-ie-for-edge
web browser

Microsoft developer declares it's time to ditch IE for Edge

23 Jan 2020