FBI iPhone terror fight: Apple PR clouding the truth

Apple may be anti-backdoor, but this is far from the first time the company has helped in similar ways. And how can Cook claim that Apple has offered its “best ideas”?

Apple iPhone FBI San Bernadino Tim Cook
Apple, Inc.

A court ordered Apple to unlock the iPhone of Syed Rizwan Farook, a suspect in the San Bernadino terrorist attack, December 2. Tim Cook isn’t happy, but he’s not making sense—he says Apple can’t give the FBI any more help, and claims that utilizing the law justifying the court’s order is “unprecedented.”

Well, no—on both counts. You see, neither statement is really correct: There are recent legal precedents for the use of this All Writs Act for exactly this purpose, and there are other technical avenues that Apple follow to help the FBI gather crucial evidence.

Well, this is awkward. You’d be forgiven for seeing Apple PR as cynically opportunistic.

In IT Blogwatch, bloggers dig into the story. Not to mention: Mike Matas’s “The Brain”...

Your humble blogwatcher curated these bloggy bits for your entertainment. [Developing story: Updated 8:18 am PT with more comment]

What’s the craic? Ellen Nakashima reports—Judge orders Apple to help unlock iPhone used by Calif. shooter:

A federal judge has ordered Apple to help the government unlock the iPhone used by one of the shooters [in] San Bernardino. The government said that the firm failed to provide assistance voluntarily.

The orderdoes not ask Apple to break the phone’s encryption but rather to disable the feature that wipes the dataafter 10 incorrect tries. [So] the government can try to crack the password using “brute force.”

The Silicon Valley giant has steadfastly maintained that it is unable to unlock its newer iPhones for law enforcement. However, U.S. Magistrate Judge Sheri Pym said in her order, Apple can.

The government requested the order under the All Writs Act, a law dating to the colonial era. The Supreme Court in 1977 held that the law gaveauthority to direct a phone company to execute a search warrant.

Some legal scholars, however, said the use of the All Writs Actpresents a slippery slope.

Here’s a pretty pickle, then. Tim Cook speaks, in this Message to Our Customers:

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. [It] calls for public discussion.

We were shocked and outraged by the deadly act of terrorism in San Bernardino. We have worked hard to support the government’s efforts. We’ve offered our best ideas on a number of investigative options at their disposal.

Rather than asking for legislative actionthe FBI is proposing an unprecedented use of the All Writs Act of 1789. The implicationsare chilling. If the government can use the All Writs Act [it] could extend this breach of privacy.

Uh, wait Tim, stop! Your (ahem) “ignorance” of history is noted. Here’s Cyrus Farivar, back in 2014:

DOJ is pursuing an unusual legal strategy to compel cellphone makers to assist investigations. Prosecutors have now invoked the18th-century federal law [which] simply allows courts to issue anorder [that] compels a person or company to do something.

About six weeks after Apple announced that it would be expanding encryption under iOS 8prosecutors asked [Apple] to "assist in the execution of a federal search warrant by facilitating the un-locking of an iPhone." "This Court has the authority to order Apple, Inc., to use any capabilities it may have,"an assistant US attorney, wrote to the court and cited the All Writs Act. "Additionally, Apple has routinely complied with such orders."

In response, Magistrate Judge Kandis Westmore ordered that Apple "provide reasonable technical assistancebut Apple is not required toenable law enforcement’s attempts to access any encrypted data." Westmore’s language is a near-duplicate of a June 6, 2014 order issued byMagistrate Judge Howard Lloyd [who] ordered Apple to assist in the search of an iPad.

Use of the All Writs Act is not as novel as it may seem.

Not only that—it gets worse. Dan Guido says that Apple’s claim of impotence is bogus anyway—Apple can comply with the FBI court order:

Many have argued whether these requests from the FBI are technically feasible. Based on my initial reading of the request and my knowledge of the iOS platformthe FBI’s requests are technically feasible.

The iPhone is the property of the San Bernardino County Department of Public Healthand the FBI has permission to search it. [And] the recovered iPhone is a 5C [which] lacksthe Secure Enclave. [So] nearly all of the passcode protections are implemented in software by the iOS operating system and, therefore, replaceable by a firmware update.

Without the Secure EnclaveiOS can guess one passcode every 80ms. [With] a 4-digit PIN, this speedup will result in recovery of the PIN within a half hour.

Apple has allegedly cooperated with law enforcement in the past by using a custom firmware image. In order to limit the risk of abuse, Apple can lock the customized version of iOS to only work on the specific recovered iPhone.

What about the wider implications, though? Here’s Christopher Soghoian:

Forcing a company like Apple to use its code signing keys to sign malicious software raises a number of troubling First Amendment issues.

Apple's marketing team must be over the moon. That DOJ has to go to court to break the security of iOS is PR that money can't buy.

Surely the NSA can help the FBI do this. That they're going the legal route suggests they just want to set precedent.

If you can circumvent your product security, the gov will force you to do so. Going forward, smart tech companies will tie their own hands.

Update: Installing custom firmware is something only Apple can do. As Nathan “v1” Fisher reminds us:

Unlike firmware updates on many devicesApple iOS devicesrequire the firmware to be "signed", each time it is installed. If it's invalid, the phone's hardware will refuse to install it

Around 1-2 weeks after Apple releases a new iOS, they stop signing the old one. This prevents you from downgrading.

So users cannot hack the firmware. But Apple has the secret part of the key [so] can roll their own custom firmware, sign itand the device will accept it. If Apple really wanted to fully cooperate, it would be trivial.

[But] what if [the FBI] already can access the dataand this is just a show? Right now the terrorists are keeping a close eye on this case, trying to decide whether it's a "good idea" to use the iphone.

Ifthe FBI shrugs and goes away moping, but suddenly has a breakthrough a few months from nowwell, guess what. They want the terrorists to think the iPhone is a safe havenso they continue to have access to it. 

This is a perfect parallel toBritain's cracking of enigma etc. Their greatest efforts went into making sure Germany didn't believe their code had been broken. The FBI is doing exactly the same.

And Finally

Mike Matas’s “The Brain”: A neural network built entirely in Quartz Composer
[hat tip: Andy Baio]

You have been reading IT Blogwatch by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or itbw@richi.uk.
Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.

Copyright © 2016 IDG Communications, Inc.

Shop Tech Products at Amazon