Sponsored Links
-->

Thursday, December 7, 2017

Apple vs FBI: NSA reveals why it couldn't hack San Bernardino ...
src: cdn2.itpro.co.uk

The FBI-Apple encryption dispute concerns whether and to what extent courts in the United States can compel manufacturers to assist in unlocking cell phones whose data are cryptographically protected. There is much debate over public access to strong encryption.

In 2015 and 2016, Apple Inc. has received and objected to or challenged at least 11 orders issued by United States district courts under the All Writs Act of 1789. Most of these seek to compel Apple "to use its existing capabilities to extract data like contacts, photos and calls from locked iPhones running on operating systems iOS 7 and older" in order to assist in criminal investigations and prosecutions. A few requests, however, involve phones with more extensive security protections, which Apple has no current ability to break. These orders would compel Apple to write new software that would let the government bypass these devices' security and unlock the phones.

The most well-known instance of the latter category was a February 2016 court case in the United States District Court for the Central District of California. The FBI wanted Apple to create and electronically sign new software that would enable the FBI to unlock a work-issued iPhone 5C it recovered from one of the shooters who, in a December 2015 terrorist attack in San Bernardino, California, killed 14 people and injured 22. The two attackers later died in a shootout with police, having first destroyed their personal phones. The work phone was recovered intact but was locked with a four-digit password and was set to eliminate all its data after ten failed password attempts. Apple declined to create the software, and a hearing was scheduled for March 22. However, a day before the hearing was supposed to happen, the government obtained a delay, saying they had found a third party able to assist in unlocking the iPhone and, on March 28, it announced that the FBI had unlocked the iPhone and withdrew its request.

In another case in Brooklyn, a magistrate judge ruled that the All Writs Act could not be used to compel Apple to unlock an iPhone. The government appealed the ruling, but then dropped the case on April 22 after it was given the correct passcode.


Video FBI-Apple encryption dispute



Background

In 1993, the National Security Agency (NSA) introduced the Clipper chip, an encryption device with an acknowledged backdoor for government access, that NSA proposed be used for phone encryption. The proposal touched off a public debate, known as the Crypto Wars, and the Clipper chip was never adopted.

It was revealed as a part of the 2013 mass surveillance disclosures by Edward Snowden that the NSA and the British Government Communications Headquarters (GCHQ) had access to the user data in iPhones, BlackBerry, and Android phones and could read almost all smartphone information, including SMS, location, emails, and notes.

According to The New York Times, Apple developed new encryption methods for its iOS operating system, versions 8 and later, "so deep that Apple could no longer comply with government warrants asking for customer information to be extracted from devices." Throughout 2015, prosecutors advocated for the U.S. government to be able to compel decryption of iPhone contents.

In September 2015, Apple released a white paper detailing the security measures in its then-new iOS 9 operating system. The iPhone 5C model can be protected by a four-digit PIN code. After more than ten incorrect attempts to unlock the phone with the wrong PIN, the contents of the phone will be rendered inaccessible by erasing the AES encryption key that protects its stored data. According to the Apple white paper, iOS includes a Device Firmware Upgrade (DFU) mode, and that "[r]estoring a device after it enters DFU mode returns it to a known good state with the certainty that only unmodified Apple-signed code is present."


Maps FBI-Apple encryption dispute



Apple ordered to assist the FBI

The FBI recovered an Apple iPhone 5C - owned by the San Bernardino County, California government - that had been issued to its employee, Syed Rizwan Farook, one of the shooters involved in the December 2015 San Bernardino attack. The attack killed 14 people and seriously injured 22. The two attackers died four hours after the attack in a shootout with police, having previously destroyed their personal phones. Although Farook's work phone was recovered intact, it had been locked with a four-digit password.

On February 9, 2016, the FBI announced that it was unable to unlock the county-owned phone it recovered, due to its advanced security features, including encryption of user data. The FBI first asked the National Security Agency to break into the phone, but they were unable to since they only had knowledge of breaking into other devices that are commonly used by criminals, and not iPhones. As a result, the FBI asked Apple Inc. to create a new version of the phone's iOS operating system that could be installed and run in the phone's random access memory to disable certain security features that Apple refers to as "GovtOS". Apple declined due to its policy which required it to never undermine the security features of its products. The FBI responded by successfully applying to a United States magistrate judge, Sherri Pym, to issue a court order, mandating Apple to create and provide the requested software. The order was not a subpoena, but rather was issued under the All Writs Act of 1789. The court order, called In the Matter of the Search of an Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus IS300, California License Plate 35KGD203, was filed in the United States District Court for the Central District of California.

The use of the All Writs Act to compel Apple to write new software was unprecedented and, according to legal experts, it was likely to prompt "an epic fight pitting privacy against national security." It was also pointed out that the implications of the legal precedent that would be established by the success of this action against Apple would go far beyond issues of privacy.

Technical details of the order

The court order specified that Apple provide assistance to accomplish the following:

  1. "it will bypass or disable the auto-erase function whether or not it has been enabled" (this user-configurable feature of iOS 8 automatically deletes keys needed to read encrypted data after ten consecutive incorrect attempts)
  2. "it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available"
  3. "it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware"

The order also specifies that Apple's assistance may include providing software to the FBI that "will be coded by Apple with a unique identifier of the phone so that the [software] would only load and execute on the SUBJECT DEVICE"

There has been much research and analysis of the technical issues presented in the case since the court order was made available to the public.

Apple's opposition to the order

The February 16, 2016 order issued by Magistrate Judge Pym gave Apple five days to apply for relief if Apple believed the order was "unreasonably burdensome". Apple announced its intent to oppose the order, citing the security risks that the creation of a backdoor would pose towards customers. It also stated that no government had ever asked for similar access. The company was given until February 26 to fully respond to the court order.

On the same day the order was issued, chief executive officer Tim Cook released an online statement to Apple customers, explaining the company's motives for opposing the court order. He also stated that while they respect the FBI, the request they made threatens data security by establishing a precedent that the U.S. government could use to force any technology company to create software that could undermine the security of its products. He said in part:

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand. This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.

In response to the opposition, on February 19, the U.S. Department of Justice filed a new application urging a federal judge to compel Apple to comply with the order. The new application stated that the company could install the software on the phone in its own premises, and after the FBI had hacked the phone via remote connection, Apple could remove and destroy the software. Apple hired attorneys Ted Olson and Theodore J. Boutrous Jr. to fight the order on appeal.

The same day, Apple revealed that it had discussed with the FBI four methods to access data in the iPhone in early January, but, as was revealed by a footnote in the February 19 application to the court, one of the more promising methods was ruled out by a mistake during the investigation of the attack. After the shooter's phone had been recovered, the FBI asked San Bernardino County, the owner of the phone, to reset the password to the shooter's iCloud account in order to acquire data from the iCloud backup. However, this rendered the phone unable to back up recent data to iCloud unless its pass-code is entered. This was confirmed by the U.S. Department of Justice, which then added that any backup would have been "insufficient" because they would not have been able to recover enough information from it.

Legal arguments

The government cites as precedent United States v. New York Telephone Co., where the Supreme Court ruled in 1977 that the All Writs Act gave courts the power to demand reasonable technical assistance from the phone company in accessing phone calling records. Apple responded that New York Telephone was already collecting the data in question in the course of its business, something the Supreme Court took note of in its ruling. Apple also asserts that being compelled to write new software "amounts to compelled speech and viewpoint discrimination in violation of the First Amendment. ... What is to stop the government from demanding that Apple write code to turn on the microphone in aid of government surveillance, activate the video camera, surreptitiously record conversations, or turn on location services to track the phone's user?" Apple argued that the FBI had not made use of all of the government's tools, such as employing the resources of the NSA. A hearing on the case was scheduled for March 22, 2016.

San Bernardino County District Attorney Michael Ramos filed a brief stating the iPhone may contain evidence of a "lying dormant cyber pathogen" that could have been introduced into the San Bernardino County computer network, as well as identification of a possible third gunman who was alleged to have been seen at the scene of the attack by eyewitnesses. The following day, Ramos told the Associated Press that he did not know whether the shooters had compromised the county's infrastructure, but the only way to know for sure was by gaining access to the iPhone. This statement has been criticized by cyber-security professionals as being improbable.

FBI withdrawal of request

On March 21, the government requested and was granted a delay, saying a third party had demonstrated a possible way to unlock the iPhone in question and the FBI needed more time to determine if it will work. On March 28, the FBI said it had unlocked the iPhone with the third party's help, and an anonymous official said that the hack's applications were limited; the Department of Justice withdrew the case. The lawyer for the FBI has stated that they are using the extracted information to further investigate the case.

On April 7, former FBI Director James Comey said that the tool used can only unlock an iPhone 5C like that used by the San Bernardino shooter, as well as older iPhone models lacking the Touch ID sensor. Comey also confirmed that the tool was purchased from a third party but would not reveal the source, later indicating the tool cost more than $1.3 million and that they did not purchase the rights to technical details about how the tool functions. Although the FBI was able to use other technological means to access the cellphone data from the San Bernardino shooter's iPhone 5C, without the aid of Apple, law enforcement still expresses concern over the encryption controversy.

Some news outlets, citing anonymous sources, identified the third party as Israeli company Cellebrite. However, The Washington Post reported that, according to anonymous "people familiar with the matter", the FBI had instead paid "professional hackers" who used a zero-day vulnerability in the iPhone's software to bypass its ten-try limitation, and did not need Cellebrite's assistance.


Apple to fight order to help FBI unlock San Bernardino shooter's ...
src: cdn.abclocal.go.com


Other All Writs Act cases involving iPhones

Apple had previously challenged the U.S. Department of Justice's authority to compel it to unlock an iPhone 5S in a drug case in the United States District Court for the Eastern District of New York in Brooklyn (In re Order Requiring Apple Inc. to Assist in the Execution of a Search Warrant Issued by the Court, case number 1:15-mc-01902), after the magistrate judge in the case, James Orenstein, requested Apple's position before issuing an order. On February 29, 2016, Judge Orenstein denied the government's request, saying the All Writs Act cannot be used to force a company to modify its products: "The implications of the government's position are so far-reaching - both in terms of what it would allow today and what it implies about Congressional intent in 1789 - as to produce impermissibly absurd results." Orenstein went on to criticize the government's stance, writing, "It would be absurd to posit that the authority the government sought was anything other than obnoxious to the law." The Justice Department appealed the ruling to District Court Judge Margot Brodie. Apple requested a delay while the FBI attempted to access the San Bernardino iPhone without Apple's help. On April 8, after the FBI succeeded, the Justice Department told the Brooklyn court it intended to press forward with its demand for assistance there, but on April 22, the government withdrew its request, telling the court "an individual" (the suspect, according to press reports) had provided the correct passcode.

In addition to the San Bernardino case and the Brooklyn case, Apple has received at least nine different requests from federal courts under the All Writs Act for iPhone or iPad products. Apple has objected to these requests. This fact was revealed by Apple in court filings in the Brooklyn case made at the request of the judge in that case. Most of these requests call upon Apple "to use its existing capabilities to extract data like contacts, photos and calls from locked iPhones running on operating systems iOS7 and older" (as in the Brooklyn case), while others "involve phones with more extensive encryption, which Apple cannot break" and presumably seek to order Apple to "design new software to let the government circumvent the device's security protocols and unlock the phone" (as in the San Bernardino case).


Gunman's iPhone could reignite FBI-Apple feud over encryption ...
src: 2qibqm39xjt6q46gf1rwo2g1-wpengine.netdna-ssl.com


Reactions

National reactions to Apple's opposition of the order were mixed. A CBS News poll that sampled 1,022 Americans found that 50% of the respondents supported the FBI's stance, while 45% supported Apple's stance. Also, 1,002 surveyed Americans who own smartphones were divided into two sides; 51% were against Apple's decision, while 38% supported their stance.

Support for Apple

The Reform Government Surveillance coalition, which includes major tech firms Microsoft, Facebook, Yahoo!, Twitter, and LinkedIn, has indicated its opposition to the order. By March 3, the deadline, a large number of amicus curiae briefs were filed with the court, with numerous technology firms supporting Apple's position, including a joint brief from Amazon.com, Box, Cisco Systems, Dropbox, Evernote, Facebook, Google, Lavabit, Microsoft, Mozilla, Nest Labs, Pinterest, Slack Technologies, Snapchat, WhatsApp, and Yahoo!. Briefs from the American Civil Liberties Union, the Electronic Frontier Foundation, Access Now, and the Center for Democracy and Technology also supported Apple.

The think tank Niskanen Center has suggested that the case is a door-in-the-face technique designed to gain eventual approval for encryption backdoors and is viewed as a revival of the Crypto Wars.

U.S. Representative Mike Honda, a Democrat who represents the Silicon Valley region, has voiced his support for Apple.

On February 23, 2016, a series of pro-Apple protests organized by Fight for the Future were held outside of Apple's stores in over 40 locations.

Zeid Raad al-Hussein, the United Nations High Commissioner for Human Rights, warned the FBI of the potential for "extremely damaging implications" on human rights and that they "risk unlocking a Pandora's box" through their investigation.

General Michael Hayden, former director of the NSA and the Central Intelligence Agency, in a March 7 interview with Maria Bartiromo on the Fox Business Network, supported Apple's position, noting that the CIA considers cyber-attacks the number one threat to U.S. security and saying that "this may be a case where we've got to give up some things in law enforcement and even counter terrorism in order to preserve this aspect, our cybersecurity."

Salihin Kondoker, whose wife was shot in the attack but survived, filed a friend of the court brief siding with Apple; his brief said that he "understand[s] that this software the government wants them to use will be used against millions of other innocent people. I share their fear."

With Apple's privacy policy for the customers there is no way of getting into a phone without a person's master password. With this policy there will be no backdoor access on the phone for the law enforcement to access the person's private information. This has caused a great dispute between the FBI and Apple's encryption. Apple has closed this backdoor for the law enforcement because they believe that by creating this backdoor it would make it easier for law enforcement, and also make it easier for criminal hackers to gain access to people's personal data on their phone. Former FBI director James Comey says that "We are drifting to a place in this country where there will be zones that are beyond the reach of the law." He believes that this backdoor access is crucial to investigations, and without it many criminals will not be convicted.

Edward Snowden said that the FBI already has the technical means to unlock Apple's devices and said, "The global technological consensus is against the FBI."

McAfee founder and Libertarian Party presidential primary candidate John McAfee had publicly volunteered to decrypt the iPhone used by the San Bernardino shooters, avoiding the need for Apple to build a backdoor. He later indicated that the method he would employ, extracting the unique ID from inside the A7 processor chip, is difficult and risks permanently locking the phone, and that he was seeking publicity.

In an interview for a Time magazine cover story, Cook said that the issue is not "privacy versus security...it's privacy and security or privacy and safety versus security." Cook also said, "[T]his is the golden age of surveillance that we live in. There is more information about all of us, so much more than ten years ago, or five years ago. It's everywhere. You are leaving digital footprints everywhere."

In a March 21, 2016, Apple press conference, Cook talked about the ongoing conflict with the FBI, saying, "[W]e have a responsibility to protect your data and your privacy. We will not shrink from this responsibility."

Ron Wyden, Democratic senator for Oregon and a noted privacy and encryption advocate, questioned the FBI's honesty concerning the contents of the phone. He said in a statement, "There are real questions about whether [the FBI] has been straight with the public on [the Apple case]."

Support for FBI

Some families of the victims and survivors of the attack indicated they would file a brief in support of the FBI.

The National Sheriffs' Association has suggested that Apple's stance is "putting profit over safety" and "has nothing to do with privacy." The Federal Law Enforcement Officers Association, the Association of Prosecuting Attorneys, and the National Sheriffs' Association filed a brief supporting the FBI.

Senator Dianne Feinstein of California, a Democrat and vice chairman of the Senate Intelligence Committee, has voiced her opposition to Apple. All candidates for the Republican nomination for the 2016 U.S. presidential election who had not dropped out of the race before February 19, 2016 supported the FBI's position, though several expressed concerns about adding backdoors to mobile phones.

On February 23, 2016, the Financial Times reported that Bill Gates, founder of Microsoft, has sided with the FBI in the case. However, Gates later said in an interview with Bloomberg News "that doesn't state my view on this." He added that he thought the right balance and safeguards need to be found in the courts and in Congress, and that the debate provoked by this case is valuable.

San Bernardino Police Chief Jarrod Burguan said in an interview:

I'll be honest with you, I think that there is a reasonably good chance that there is nothing of any value on the phone. What we are hoping might be on the phone would be potential contacts that we would obviously want to talk to. This is an effort to leave no stone unturned in the investigation. [To] allow this phone to sit there and not make an effort to get the information or the data that may be inside of that phone is simply not fair to the victims and their families.

Manhattan District Attorney Cyrus Vance, Jr., said that he wants Apple to unlock 175 iPhones that his office's Cyber-Crime Lab has been unable to access, adding, "Apple should be directed to be able to unlock its phones when there is a court order by an independent judge proving and demonstrating that there's relevant evidence on that phone necessary for an individual case."

FBI Director Comey, testifying before the House Judiciary Committee, compared Apple's iPhone security to a guard dog, saying, "We're asking Apple to take the vicious guard dog away and let us pick the lock."

Apples iOS 8 software has encryption mechanisms that make it difficult for the government to get through. Apple provided no backdoor for surveillance without the company's discretion. However, Comey stated that he did not want a backdoor method of surveillance and that "We want to use the front door, with clarity and transparency, and with clear guidance provided by law." He believes that special access is required in order to stop criminals such as "terrorists and child molesters". Many companies such as Apple would not give the U.S. access due to the policies Apple has in place on users' confidentiality.

Calls for compromise

Both 2016 Democratic presidential candidates--former Secretary of State Hillary Clinton and Senator Bernie Sanders--suggested some compromise should be found.

U.S. Defense Secretary Ashton Carter called for Silicon Valley and the federal government to work together. "We are squarely behind strong data security and strong encryption, no question about it," he said. Carter also added that he is "not a believer in back doors."

In an address to the 2016 South by Southwest conference on March 11, President Barack Obama stated that while he could not comment on the specific case, "You cannot take an absolutist view on [encryption]. If your view is strong encryption no matter what, and we can and should create black boxes, that does not strike the balance that we've lived with for 200 or 300 years. And it's fetishizing our phones above every other value. That can't be the right answer."

Proposed legislation

On April 13, U.S. Senators Richard Burr and Dianne Feinstein, the Republican Chair and senior Democrat on the Senate Intelligence Committee, respectively, released draft legislation that would authorize state and federal judges to order "any person who provides a product or method to facilitate a communication or the processing or storage of data" to provide data in intelligible form or technical assistance in unlocking encrypted data and that any such person who distributes software or devices must ensure they are capable of complying with such an order.

Freedom of Information Act lawsuit

In September 2016, the Associated Press, Vice Media, and Gannett (the owner of USA Today) filed a Freedom of Information Act lawsuit against the FBI, seeking to compel the agency to reveal who it hired to unlock Farook's iPhone, and how much was paid. On September 30, 2017, a federal court ruled against the media organizations and granted summary judgment in the government's favor. The court ruled that the company that hacked the iPhone and the amount paid to it by the FBI were national security secrets and "intelligence sources or methods" that are exempt from disclosure under FOIA; the court additionally ruled that the amount paid "reflects a confidential law enforcement technique or procedure" that also falls under a FOIA exemption.


From Fines To Jail Time: How Apple Could Be Punished For Defying FBI
src: images.fastcompany.net


See also

  • Bernstein v. United States?--?a case on software as speech
  • List of United States Supreme Court cases involving the First Amendment § Compelled speech
  • Riley v. California?--?holding unconstitutional the warrantless search of a cellphone during an arrest, noting cellphones' unique privacy implications
  • United States v. New York Telephone Co.?--?holding that law enforcement officials may obtain a court order forcing telephone companies to install pen registers in order to record the numbers called from a particular telephone.
  • Universal City Studios, Inc. v. Reimerdes?--?another case holding software is a form of speech

FBI Decides To Crack Terrorist's IPhone Without Apple | Organizer Data
src: organizerdata.com


References


Apple vs. the FBI: A Complete Timeline of Events | Digital Trends
src: icdn2.digitaltrends.com


External links

  • Burr Encryption Bill Discussion Draft (leaked version)
  • Burr Encryption Bill Discussion Draft (official version)
  • Apple FAQ on the controversy
  • FBI director's comments on the 2016 dispute
  • Online source for legal filings in the 2016 dispute at Cryptome
  • PR Statement of United States Attorney Eileen M. Decker on Government Request to Vacate Order Directing Apple to Help Access iPhone
  • Hardware hack defeats iPhone passcode security

Source of article : Wikipedia