FBI vs. Apple: Information is a Weapon

Posted Thursday, March 3, 2016 in Online, Mobile & IT by Scott Jordan

Larry Niven's classic story, Neutron Star, was one of my childhood portals to the world of science fiction.  In it, the mysterious Puppeteer race confronted the deaths of two researchers aboard a spaceship made by the Puppeteers' General Products company.  The ship's hull, constructed of an impenetrable and indestructible material, was undamaged, but its passengers had somehow been rendered into a jellied mess.  They coerced the story's protagonist into a near-suicidal mission to uncover the cause.

Cover: David Niven's Neutron Star

Now, the inscrutable Puppeteers guarded the location of their home planet carefully; their secrets were carefully cloaked.  Yet they were adept at blackmail and arm-twisting and treated information as a weapon.

Which of course it is.

Apple Guards its Customers' Information

The past days' contretemps between the United States Federal Bureau of Investigation and Apple, Inc. reminded me of this great old read from exactly half a century ago.  Each year, Apple's iOS has, like a General Products hull, been made increasingly impenetrable as the company instituted level upon level of sophisticated encryption and anti-intrusion technologies.  They did this for marketing reasons: bluntly, their customers value their privacy and seek a vendor they can trust to keep their data safe as it increasingly traverses and resides in the cloud.  Their implementation is unique, with iOS only allowing installation of software vetted and signed by Apple using sophisticated authentication technologies it guards closely.  As a customer, I appreciate their oversight.  Others find the concept of a walled garden overbearing and abhorrent; fortunately for them there are alternatives they are free to choose.  Of course, there are drawbacks to those choices: the integration across form-factors (desktop, tablet, pocket, wrist) is shallower, the apps riskier, the services funded by the retailing of user data including their behavior, contacts and movements.  

Accordingly, many customers choose Apple for reasons of trust.  And that's well-placed, judging from FBI Director Comey's comments before Congress this week regarding the government-issued iPhone 5c discarded by terrorist mass-murderer Sayed Raheel Farook.  "Comey told Rep. Darrell Issa (R-CA, 49th) that the FBI went 'to all areas of government to see if anyone can unlock the iPhone,' but was unsuccessful.” [http://www.zdnet.com/article/fbi-apple-encryption-testify-judiciary-committee/] 

FBI Made a Series of Mistakes

Now, Comey's complaint came only after the government agencies involved had made a thorough hash of their investigation.  First, understand that iPhone users can choose to have their phone automatically back itself up to Apple's servers whenever they're charging while connected to WiFi.  This feature saved my wife's precious photos in a trip to visit a beloved aunt who was gravely ill; her phone had gotten wet and died mid-trip.  But when its replacement sluiced her data back down from the cloud, there were her pictures.  The phone, in extremis, had uploaded itself.  By trading the privacy of her photos in return for Apple's trustworthy safeguarding of them, she preserved her memories of her visit with her loved ones.  Loss, after all, remains the greatest threat to one's data.

Now, Farook and the County of San Bernardino had taken advantage of this feature too, and Apple had conformed to court orders to provide those backups to investigators.  But the backups ended about ten days before Farook's shocking attack.  The phone was found on the floor of his mother's car; perhaps he had ceased charging it nightly at home, or carrying it at all.

The FBI could have had the phone make a fresh backup by plugging it into a charger in Farooks' home and letting it connect via its familiar WiFi.  But the FBI had unaccountably allowed the press and public to swarm the apartment practically before the victims' blood had dried at the Rudy C Hernandez Community Center.  The apartment WiFi had vanished.  Apple suggested investigators try the WiFi at Farook's office, but that didn't work either [see http://www.wired.com/2016/02/apple-says-the-government-bungled-its-chance-to-hack-that-iphone/?mbid=social_twitter and http://www.zdziarski.com/blog/?p=5834].  It then emerged that some bright light at the county ("in cooperation with the FBI" the County claims) had changed the iCloud password for the account linked to the phone early in the investigation.

This leaves one way to get to the data on the phone, and that was through the phone itself.  And the phone, like a General Products hull, is impenetrable, per Director Comey's sworn testimony.  Apple, it seems, learned well from the Snowden revelations, even for this obsolete, entry-level model.  Its encryption works, its passcode authentication works... and its self-destruct mechanism works too.

FBI Court Order

Apple then learned that a pliant judge had rubber-stamped an FBI demand that Apple provide an actual iPhone hacking tool.  This demand was filed with the court without Apple present and with no opportunity for it to comment or object to the agency's contention of reasonableness.  Here, the FBI showed real cleverness.  Since the current iOS allows an operating system to be re-flashed if an unresponsive phone is placed into a last-ditch recovery mode, they demanded (under the auspices of a law dating to the 1700s) that Apple be conscripted to devise a compromised version of iOS with several layers of anti-intrusion technology removed, allowing investigators to mount a brute-force password attack on the phone without triggering its self-destruct mechanism.  

Meanwhile, against the FBI's initial assurances to the judge that only the Farook phone was to be hacked, the existence quickly emerged of almost two hundred additional phones linked to such non-terror activities as drug dealing.  Plus, knowledgeable forensic consultants such as Jonathan Zdziarski noted that established forensic practices necessitate that any forensic procedure be performed on several devices including controls [http://mashable.com/2016/02/23/apple-vs-fbi-security-concerns].  Even if this were all about this one phone, this would not be about this one phone.

It seems the FBI, like the mysterious Puppeteers, was being less than open before the court.  And why was this phone, of all the locked phones in the possession of law enforcement, chosen?  Farook seems to have regarded the phone as unimportant, given that he did not destroy it along with his other electronic devices.  Even the husband of one of Farook's victims expects nothing will be found on the phone [http://www.buzzfeed.com/hamzashaban/san-bernardino-survivors-husband-to-judge-terrorist-iphone-u?].  But the phone bears the fingerprints of a terrorist mass-murderer and so its utility for demagoguery is nonpareil.

FBI is Demanding Unreasonable Powers

So now we stand on the cusp of a Constitutional crisis.  On the one hand is the impenetrable hull of iPhones like yours and mine; on the other hand is an investigative agency with an agenda to secure a tool to turn any suspect's iPhone possessed by any arm of the government against its owner.  Such a tool cannot be contained.  Not within the FBI, not within American law enforcement, not within the United States.  Not in the age of the Internet, of thumb drives the size of a lozenge.  Not in the age of such governmental follies as more than two million deeply intimate dossiers of security-cleared professionals and military members exposed for years by an Office of Personnel Management run by a political hack.  Not in the era of a Secretary of State who chatted over an unsecured server about the location and movements of a doomed Ambassador.

Apple's CEO, Tim Cook, has his own reasons to value privacy.  He is a formerly-closeted gay man who some years ago received some grim medical news.  Either fact, weaponized by the wrong people at the wrong time, could have ended his career in a flash.  Fortunately, the medical diagnosis was wrong, and Cook is still with us.  But if it seems sometimes that he takes this fight with the government very personally, perhaps it's because of the sleepless nights wondering who might find out and what they might do.  

Information is a weapon.  In the U.S., the government cannot compel you to reveal your passcode to your phone or computer.  They want in anyway.  It's of a piece with the snowballing surveillance state we've learned so much about in recent years.  Enough.  This is America, and it's wrong.

0 comments


Be the first one to comment.

You must be a member to comment. Sign in or create a free account.