Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Apple’s encryption dilemma explained – does giving the FBI access matter?

John E Dunn | March 1, 2016
Apple vs the FBI is a test case that has the potential to redefine the limits of security.

What does the FBI actually want?

The demands are summarised in a writ it submitted to a US court on 16 February but include disabling the auto-erase function after 10 incorrect PIN attempts and getting round any time delays to that process. Contentiously, the FBI also wants Apple to create a special version of iOS for that phone to facilitate the whole guessing process and access the data encrypted behind the device key.

The focus on overcoming PIN security is very important because it was through this mechanism that the FBI thought it could access data on a device-by-device basis without asking for the dismantling of encryption in general. Encryption is incredibly sensitive to theoretical vulnerabilities (including legal ones) and the FBI presumably didn't want to undermine it conceptually for fear of causing more problems down the line.

What does Apple think?

Legally, Apple plans to appeal against the court order: "We oppose this order, which has implications far beyond the legal case at hand," claimed Apple in a public response to the world on 16 February.

As for the technical issues, Apple said the following: "Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software which does not exist today would have the potential to unlock any iPhone in someone's physical possession."

The heart of the matter

"The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control."

Whether what the FBI is proposing would break not only the security on the 5C but the more advanced Secure Enclave is unclear - assuming that is possible. Apple seems to think it would and that sees the undermining of its security architecture as an existential issue.

In other words

Rather than undermining its encryption technology, the FBI is asking Apple to bypass the PIN security, a less important security layer. But Apple thinks the way it is being compelled to do this undermines the encryption anyway, forcing it to design in a gigantic backdoor. Arguably, this wouldn't be a backdoor (i.e. unknown means of access) but a conceptual frontdoor (a known bypass).

Are Apple's fears well founded?

Some security watchers think it is gone overboard over the FBI's approach with several pointing out that the request related to the specific phone in question, which would be accessed by Apple itself and not the FBI. Describing this as mass surveillance sounds like an exaggeration. Assuming that the backdoor/frontdoor bypass is theoretically possible at all, what difference would it make for Apple to use such a facility on one phone?

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.