Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Where Are We Now: Apple versus the FBI

Where Are We Now: Apple versus the FBI
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Feb 26, 2016, 01:00 PM
 
Because there are sometimes stories that are comprised of a lot of disparate information that can unfold or expand over time, the MacNN team is kicking off an occasional column called "Where Are We Now" that will summarize a complex story or series of events in order to provide readers with a comprehensive summary of events thus far. The big story this week -- and one that is very much still developing -- is that of the dispute between the US Federal Bureau of Investigation and Apple.

The conflict has opened up a national discussion on the much bigger questions of the balance between security and personal privacy; an issue that many Americans have wrestled with following the events of September 11, 2001, and at other times as the Internet and technology have given rise to Big Data, along with a number of revelations about the extent of government surveillance. It has become clear, since this story was initially reported, that the case brings up issues that are far larger than the specific request and the specific Apple device at the heart of the dispute.



The background

The controversy began on February 16, when US magistrate judge Sheri Pym surprised Apple -- which we later learned was not present in the court when her ruling was given -- with an order compelling it to provide assistant to the FBI in its investigation into a particular iPhone used by Syed Rizwan Farook, one of the two attackers in the San Bernardino workplace massacre, which killed 14 people and injured another 22. Farook and his wife, Pashfeen Malik, were killed by police in a shootout about five hours after the massacre.

Judge Pym ordered Apple to provide software to the FBI that would both nullify the short delay between passcode attempts, and prevent the iPhone from automatically erasing itself after 10 unsuccessful tries -- effectively defeating the iPhone's ability to protect users from "brute-force" attacks on passcodes, such as those used by hackers, thieves, and authorities who have seized an iPhone for whatever reason. Apple objected to the order, saying the software would create a security risk for all users, and expose the entire contents of the iPhone, which violates both the Fourth and Fifth Amendments to the US Constitution. The FBI, in turn, asked the judge to compel Apple to accept the order without a chance to challenge it.

As far as is currently known, the FBI has not said why it thinks the iPhone 5c -- actually owned by the San Bernardino County Health Department, where Farook worked -- has information that would shed any new light on its investigation. There is evidence to suggest that Farook and Malik were ISIS sympathizers, and might have eventually joined the terrorist group had they lived and escaped prosecution. However, the existing evidence that has been made public suggests that the San Bernardino attack was more an incidence of workplace violence, despite their political leanings.

The agency has already obtained large quantities of data from the carrier and social networks the US-born Farook and his Pakistani immigrant wife, Pashfeen Malik, used -- as well as data provided by Apple in other areas, such as metadata on calls, emails, messages (but not the content of those items, since they are encrypted) and other iCloud-based data. In addition, Apple said that it had been cooperating with the agency on this case since at least January, and had provided engineers that offered numerous suggestions on how to obtain further data from Farook's work iPhone.



The data retrieval effort was complicated by some mishandling of the work iPhone by authorities immediately after the attack. According to various reports, San Bernardino authorities, working under the direction of the FBI, reset the iCloud password Farook had used -- but this rendered the device unable to make an automatic iCloud backup of the contents. Apple engineers told the agency that had it not done that, the iPhone could have potentially been set to make a new iCloud backup, which would have revealed if anything of interest or value was there. This is what led to the FBI asking a judge to compel Apple to write software that would allow it to brute-force the iPhone 5c's passcode; the agency accidentally ruined its best chance to lawfully recover more recent data than the last known backup, which was made in the middle of October.

What exactly does the FBI want from Apple?

Despite repeated claims from the FBI that they are not seeking to create a "backdoor" that would defeat iPhone security or expose anything other than specific data it is seeking, Apple says this is in fact exactly what it is asking for -- since Apple claims the only way (following the botched iCloud password reset) to get into the iPhone to manipulate it now is for Apple to write a compromised version of iOS that does not include the various security and privacy features it currently contains. Currently, there is a method by which it is possible to upgrade iOS on an iPhone without being asked for the passcode -- a flaw Apple will most certainly excise in future updates.

Apple believes that if it wrote a compromised version of iOS for the FBI to use, the code for it would escape into the wild or be misused in other cases by the government itself, and that this would effectively nullify the security and privacy users expect and require for sensitive personal and business data. Because the software would by necessity have to work on all models of iPhone (in order to establish that it worked reliably), there would be no way to ensure that any iPhone could not be compromised by either legitimate or illegitimate figures. Further, creating a "backdoor" system into the iPhone for the US government, even for the best of reasons, would give other countries legal standing to force access to similar backdoors for themselves.



The agency has also previously told the court that if it prevails in the case, it would be only for this particular iPhone and only used once; however, this has also been refuted by the Department of Justice and various other law-enforcement agencies, which have admitted that if a tool to defeat the iPhone's security existed, they would go to court to use it on a large number of seized iPhones they are holding in various criminal cases -- and that they would push for such a tool to be available to use on all mobile devices and computers by law enforcement and government agencies.

Public controversy has broken out over the judge's order, the implications of the FBI prevailing in the case, and Apple's refusal to obey barring a legal challenge. Although there is apparently no particular urgency -- the FBI has already said the two gunmen were not connected to any terror groups or worked with any co-conspirators, and the two attackers are now dead -- the agency has framed the need to get into the work iPhone as an urgent matter, and part of what it has recently reclassified as a terrorism investigation.

Where are we now?

Apple has filed a 65-page formal response challenging the judge's order, citing numerous reasons that the order should be vacated outright -- including arguments based on both the US Constitution and on the various "tests" the courts have mandated for the application of the All Writs Act that was employed by Judge Pym. That law, which was originally drafted not long after the Constitution itself was created, is intended as a "last resort" tool, and has not previously been used to compel remedies from third-parties not directly involved in the crime.

Apple believes the FBI will not be able to meet the four conditions of the original law, or the three further tests issued by the Supreme Court in a previous case. Apple CEO Tim Cook has argued that the FBI should withdraw the case entirely, and instead gain a better understanding of the fuller implications of what it is asking for, possibly through a congressional committee or other body created to explore and make decisions on the line between citizen's rights to privacy and legitimate law-enforcement needs. Even some of Apple's opponents in the matter have acknowledged that more time could be used to approach the questions this case raises more thoughtfully.

Should the FBI's action not be withdrawn or dropped at this stage, Cook has stated that he will take it all the way to the Supreme Court, if need be. While Congress could create legislation to, for example, bar encryption use on smartphones outright, any law of that nature would also likely be challenged in court by civil liberties and privacy groups, among others. Most major technology firms are believed to be preparing to file briefs on Apple's behalf with the court, alongside said civil liberties and consumer privacy groups.

Initial polls indicated that a slight majority (51 percent) of the public sided with the FBI's stance, with 39 percent siding with Apple, and the remainder undecided. Since the initial polling, updated poll numbers have evened out more, with nearly all of the formerly undecided respondents shifting to Apple's side, and 48 percent aligning more with the FBI's viewpoint. A third poll shows that Apple's approval percentage slightly exceeds that of the FBI's. MacNN has written an editorial that takes a Constitutionalist view that supports Apple, and some critics of the FBI have suggested that the agency is using the San Bernardino shootings to advance a long-standing agenda to generally weaken privacy restraints and push legislators and jurists to give law enforcement more power to surveil US citizens.



Late on Thursday, reports emerged that FBI Director James Comey has now admitted that the case will set a precedent on how future judges protect or fail to protect privacy rights, and that the case does indeed have implications and raise issues beyond the narrow scope of the particulars of the San Bernardino shooting -- a walking-back of his previous claims. Comey, who was testifying before Congress under oath on the matter, refused to answer a number of questions on the ramifications of the FBI getting its way by saying he was "not an expert."

He did, however, contradict software engineers by saying that the possibility of compromised code falling into the wrong hands was "not a real thing," saying Apple had already proven through its excellent security track record that it was "good at protecting its code." He also did acknowledge for the first time that the code Apple says it would have to create would, by necessity, have to have the ability to bypass the security on all iPhones, rather than just the one the government is currently interested in. Pundits have dubbed the theoretical compromised system, which Apple says is "too dangerous" to create, as "FBiOS." Apple calls it "GovOS."

Director Comey, along with other current or former government officials, maintain nonetheless that America does not want to defend encryption and other privacy measures when those rights can be exploited by terrorists and other criminals to threaten American lives and security. While mass-surveillance and other efforts by the NSA, CIA, and FBI to prevent potential crimes that were implemented after 9/11 have slowly been scaled back due to legal concerns, the agencies have long pushed for other ways to achieve the same goals, including putting pressure on lawmakers to weaken or overrule existing laws, as they did in 2001 with the FISA and Patriot Acts.



The FBI and the law-enforcement agencies of the US government generally have taken a position that they must use any method legally allowed to fulfill their mission to protect the US and its citizens, up to and including lobbying to change laws to aid its mission. It and the other agencies have been generally charged with "keeping America safe" from the kind of terrorist attacks that are more common outside US borders, and are often blamed when such attacks happen despite their best efforts. It sees the backdoor approach as an important and time-sensitive way to extract information from mobile devices, which are increasingly the storage device of choice for sensitive data (ironically because they are perceived as the most secure), and envisions scenarios in which it might urgently need to get information of an upcoming attack or on behalf of an endangered person.

While most Americans would likely approve of the use of such a cracking method in some specific circumstances like those, the agency's reticence to acknowledge the possibility of misuse or the "slippery slope" of having such a tool available has alarmed privacy watchdogs and others, particularly given the post-9/11 record of the judiciary in rubber-stamping government requests, and setting up secret courts with secret writs that bar participants in investigations from even acknowledging the investigations. Apple was initially unable to respond to some questions about the US magistrate judge's order because of such a "secret gag order" from the Department of Justice.

Civil libertarians and Apple, along with others, believe that the Constitution's amendments -- from the First to the Fifth and beyond -- exist specifically to prevent what they see as government overreach, and that the FBI's demands violate these fundamental laws, give the government generally too much power, and set dangerous precedents that would nullify the protection US citizens enjoy from unreasonable search, the loss of liberty, and the right of citizens to be "secure in their person and papers."
( Last edited by NewsPoster; Feb 29, 2016 at 07:57 AM. )
     
Flying Meat
Senior User
Join Date: Jan 2007
Location: SF
Status: Offline
Reply With Quote
Feb 26, 2016, 01:26 PM
 
Filing for a court order under false pretense? Priceless.
     
sgs123
Junior Member
Join Date: Dec 2005
Status: Offline
Reply With Quote
Feb 29, 2016, 11:21 AM
 
You may find this legal argument useful:

https://cyberlaw.stanford.edu/blog/2016/02/calea-limits-all-writs-act-and-protects-security-apples-phones

http://cyberlaw.stanford.edu/publications/quick-update-apple-privacy-and-all-writs-act-1789

Basically, the last time the government tried to force back doors in encryption (remember the Clipper Chip?), Congress did act and explicitly limited their access.

CALEA explicitly forbids the request the FBI is making of Apple (to modify their product to weaken security).

The FBI misled the court by claiming that CALEA doesn't apply because Apple is not a telecommunication carrier by ignoring the fact the CALEA also also explicitly applies to manufacturers of telecommunication equipment.

AWA explicitly does not apply if any other law addresses the issue, meaning that if CALEA applies, AWA does not and the FBI's request is illegal.

HTH, -Steve
     
sgs123
Junior Member
Join Date: Dec 2005
Status: Offline
Reply With Quote
Feb 29, 2016, 11:25 AM
 
(The post above has formatting issues in Safari)
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 07:03 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,