Apple vs. the FBI – It’s in the Settings
The case of Apple vs the FBI has received an enormous amount of press lately and has raised an interesting and important debate. The U.S government turned to Apple to assist them in their investigation into the San Bernardino terrorist attacks, but to date, Apple has been unwilling to meet their requests. Government authorities want Apple to unlock the iPhone of the deceased San Bernardino shooter Syed Rizwan Farook. More specifically, they are trying to disable an iOS security setting.
The default setting can be found by going to Settings/Touch ID & Passcode and then “Erase Data” and finally “Erase all data on the iPhone after 10 failed attempts.” The setting is disabled by default so, in this case, the user of the phone would have had to enable the setting manually. The government is capable of using brute force tactics to crack the pin but is not willing to take the chance because that tactic would require more than ten attempts. Apple can place the phone in a sandbox and disable the function (if indeed enabled) but this will set a precedent for law enforcement to knock on Apple’s door when they need help unlocking phones in other investigations and could open the flood gates for other countries to approach Apple for assistance.
What should Apple do when they have created the setting to help users keep their information private? Apple is committed to helping customers protect their privacy. They have no desire to become involved with criminal cases as they are strictly in the business of creating products. It is important to note that the FBI tried to bypass Apple and should accept responsibility for that. Before consulting with Apple or reviewing IOS security the FBI attempted to change the iCloud password associated with one of the attacker’s accounts which disabled the function of the iPhone initiating an automatic iCloud back-up of the data which may have altogether bypassed the need to unlock the phone. Had the FBI communicated with Apple first this entire scenario could have been avoided.
In addition, we should all be asking exactly what other measures did the FBI take to try and piece together the data living on the iPhone? Regarding email, was the terrorist using an iCloud account, .Mac account, .Me account or another host service such as Hotmail, or Gmail? Emails not in the Apple ecosystem that live with other hosts may be accessed as email services today use POP3, IMAP or Exchange accounts which are all centralized. This means that they are living on a server somewhere. Do we know if the FBI reached out to other email providers or did they just take the easy route and knock on Apple’s door? What about SMS messages? Who was the service provider? AT&T, Verizon? Have they reached out to cellular services providers asking to help retrieve text messages?
Some opposing views say that Apple should assist the government and unlock the phone which can help lead to potential information and perhaps saves lives. Pressure is mounting for Apple to assist the government. A recent poll shows that 57% of Americans think that Apple should help assist in the investigation. Federal Investigators asked for and received an unprecedented court order requiring Apple to create a new firmware to unlock the device. Apple has formally challenged the court order and the outcome is pending. Legal scholars believe this conflict should only be resolved by Congress clarifying AWA (All Writs Act) written in the 18th Century or by the Supreme Court stepping in to help settle this dispute. Apple can unlock the terrorist’s iPhone but at what price? They want to assure users of their ecosystem will allow levels of privacy.
As the IT Director at Finjan Holdings, I can relate. My department constantly works with BYOD solutions and configuring creative ways to allow employees to use their mobile devices to access enterprise resources. We take pride in our roll-out solutions that can access and control company data on BYO devices without being intrusive. Our employees have the right to keep their data private. If something were to happen to their personal device (lost or stolen) our goal is to be able to wipe only the data that we monitor and that belongs to the company and leave the rest in their hands. Like many others, I continue to closely watch the case of Apple as the end result could greatly influence the way privacy is viewed going forward.
Share this Post