My recent activist posture has spurned some negative thoughts about me that I am happy to counter. Names have been removed.
Here is the technical* and legal** primer on the situation. (*Disclaimer: I am an engineer and so am happy to discuss the technology. **Disclaimer: I am not a lawyer, but I have watched plenty of lawyer movies including ‘Better Call Saul’ the Breaking Bad lawyer’s spin off show, “Bridge of Spies” – another Tom Hanks and Steven Spielberg movie, and my sister and daughter have each married one, if that counts for anything).
TECHNOLOGY PRIMER: IPHONES ARE SAFE FOR HUNDREDS OF MILLIONS OF USERS.
Apple makes iPhone hardware, software and services. Hardware is the actual device. Software is the intellectual property that tells the device what to do. Services are intangible capabilities that provide useful value, often from computers elsewhere in the Internet. Apple has purposefully decided to NOT make any $ from users’ private information (like what TV shows you watch, what topics your emails are about, how old you are, where you live, work, what you search online for (like Google or Facebook)). They chose a different path to instead make every one else in their ecosystem – service providers, software developers and naturally themselves – serve the user and require the user’s permission to capture and use privacy-sensitive components and services (the users’ location, address book, microphone, camera, credit cards, passwords, Apple ID). I should also point out that the software provider has to submit their offering to the Apple store review, which checks among other things the ‘gozintas’ and ‘gozoutas’ for compliance with these policies. Apps are routinely rejected for breaking these rules.
This practice also has the neat effect that there are exactly zero instances of malicious iPhone software. Android (the operating system of your device), however, does not have these policies and has earned the dubious distinction of being the world’s largest purveyor of malicious software for smartphones. Google does try to ‘trim the weeds back’ by removing offending apps from Google store after the fact, but the cat’s already out of the bag at that point and thousands/millions of users have been infected by then.
Naturally, many people find the Apple approach attractive. To safeguard the device and user, Apple decided in iOS 8 (2014), to use legally available and widely publicized encryption technologies to further enforce this privacy policy and practice. Four other asides:
- It is somewhat counter-intuitive to think that using widely publicized encryption technology is actually stronger than using secret technology. You’d think it would be the other way around. However, in cryptography, the lessons of history have shown that all crypto-technology attracts intense engineering scrutiny and weaknesses are routinely thusly discovered and publicized and patched. There is a standardized crypto-think about what’s strong and what’s weak and how to compensate for the weakness of any given technology. In info security, as in door locks, the goal is not to make it impossible for bad actors to keep out, but instead to make it so expensive to get in, that the bad actors spend their precious time and effort focusing on easier targets.
- iOS 8 also destroyed the market for stolen iPhones. Users could toggle a software switch in the iPhone that would require the user’s password in order to complete the software wiping of the device. No password? It’s a brick. Forgotten password? Visit appleid.apple.com and you can reset it sending a link to the email address you surely have access to associated with the Apple ID.
- I’ve witnessed the good and the bad of these iOS 8 features. The good: somebody with a stolen iPhone can’t get it to do anything except ask for the password so they take it to the Apple store. I’d go through the software restore process and at the prompt for the password for the users’ Apple ID of “a*******[email protected]” they give me a blank stare. I tell them that I don’t know what that is, can’t discover what that is, and only the owner of the iPhone knows. So, again, I tell them that the iPhone is a brick until they can get that password. I explain a procedure where they can reset the Apple ID password and that’s where I learn they don’t have access to that email account… so they are done. That’s the last iPhone they ever steal.
- The bad: a kid’s younger sister inserted a new passcode on their older brother’s iPod. They’ve attempted to crack it for 10 times. The iPod now says you have to wait 1,382,495,330 minutes to try again. They come to the Apple store and show the device. I let them know that whatever was on there is gone forever, or at least to the point of their last back up to iCloud or to a computer. I then remind them that they don’t have to pay for apps or for music that they previously purchased from Apple, and that their high scores are saved to Game Center and text messages are available. Their selfies that were taken since the last backup (if there was one) are sadly toast.
FACTS: APPLE MORE THAN MET IT’S LEGAL OBLIGATIONS. THE COURT ORDER WOULD FORCE APPLE TO BECOME AN AGENT OF THE GOVERNMENT. THAT’S BAD.
The terrorist in question, before his death, destroyed the other mobile phones and computers in his possession. This device, an iPhone 5c, was the property of San Bernadino County, his employer. It was not similarly destroyed. Was it spared because it had nothing useful to offer? A backup of the device had been made on October 19, 2015. The contents of this backup have been provided to the government as required by their proper search warrant.
After the iPhone had been retrieved by the government, the password on the device was changed, which prevented it from subsequently backing up to iCloud or backing up to a known-to-the-iPhone computer since October 19. It would have been from that backup that all the info on the device since October 19 could have been captured.
Apple was served with a legal search warrant to provide information to the FBI about the user in question. They gave them the contents of the last backup of October 19, 2015. In fact, it was a same day service for each FBI search warrant.
In the USA, we are a country of laws, not of dictates by the director of the FBI. Apple doesn’t work for the FBI and doesn’t accept contracts to do so from them. There is, at the present time, no law that says Apple has to do more than what they have already done. In fact, Apple could be legally liable by class action lawsuit for any damages, other users experience, if they help the government any more than required by law.
There is no information on the iPhone that the government can’t get anywhere else that would be useful in an anti-terrorism response or legal case.
The iPhone records the numbers of all his calls. Wait, the phone company has this.
The iPhone has a record of all his text messages. Wait, the phone company has this.
The iPhone has a record of all his emails. Wait, the employer has all this.
The iPhone has a record of his calendar. Wait, the employer has this.
The iPhone has a record of all his FaceTime video sessions. Wait, Apple provided that.
The iPhone has a record of all the places he’s been with the iPhone. Wait, the phone company has this.
The iPhone has a record of all his amazing exercise sessions. Wait, MapMyRun has that.
The iPhone has a list of the tunes he was listening to when he died. Really, we need to know that?
What if, you say, the iPhone had a few notes and photos of his plans to attack some other place, should he survive, which he never shared with anyone. Good riddance. He’s dead. There’s zero legal value and since it was never shared via email or text, it’s a novel the world will never see.
WHAT’S AT STAKE: THE FUTURE OF E-COMMERCE.
Mobile devices such as the iPhone are in fact a really ‘personal’ computer. They are capable of capturing and storing photos and movies, and are increasingly tied, whether we like it or not, to a person’s identity and personal security. Many users store all their various passwords, social security numbers of themselves and their family members, their credit card details, banking information and all manner of records that even I don’t recall, like date/time and for how much the last time I purchased something at Panera Bread, and which Panera Bread it was. These are used to control home appliances, heating systems, start your car, lighting, garage doors and the like.
The smartphone is poised to become the truly unique digital wallet, as the only key required to unlock a plethora of convenient, new and provocative services that hold the promise to change our economy and accelerate entire industries. If this were to become the case, and all manner of trends suggest we’re heading in that direction, the protection of that information security will have to be of the impervious kind. Why so strong? Because the speed and power of the Internet could enable attacks from great distance without people even knowing, until its too late. Why hasn’t this economic attack happened yet? Because the benefit of doing so is low and the cost of doing so is high, at the moment. Apple wants (as do I) the cost to remain high, while the FBI wants to lower the costs. We need strong technologies here or else we run the risk of repeating the credit card fiasco that is credit card fraud today (0.1% of all credit card transactions were fraudulent in 1999).
Don’t forget that it was only in 1995, the theft of mobile phone numbers over the air was a $700 million/year fraud problem for the wireless industry. Technology shifting from analog radios to digital radios changed all that. Let’s not go back to those sorry days.
APPLE’S ACTUAL MECHANISM IS TOUGHER THAN WINNING THE POWERBALL.
To gain access to the contents of the iPhone the user has to enter a four digit code with a maximum of 10 bad guesses before the device is erased. Statistically, (I had to get this in), there are 10,000 possible combinations. But, with the risk of data loss, they really have to be the right 10 guesses. What are the odds you say? How about 2.7 x 10^33. That’s pretty tight. You ARE definitely better off, buying and winning a lottery.
With iOS 9, the passcode has been expanded to six digits which greatly increases the odds.
So, enough of the preamble, let’s dig into your questions below.
Hi. I find it amazing that you would let assassins and people who want to destroy your home and country go free?
You may not know this, but the man who used the iPhone in question is quite dead. I don’t think’s he’s free at the moment. His living co-conspirators have been arrested and are already marching down the path of terrorist trials and convictions. So, nobody’s going free in that case.
All the FBI are asking is for Apple to open 1 phone that has been used to commit a crime.
I hope you realize by now that no, there isn’t just one iPhone and there isn’t a simple way for Apple to ‘open the iPhone’. Maybe in a decade, we’ll be able to crack that iPhone like eggs, but we’re not there. The Manhattan DA says he’s got 150 he’d like to get cracked open. The Boston Police Commissioner says he’s got one and so on. This really is a slippery slope. As explained above, there’s a lot more at stake than one iPhone.
Other ideas people have bandied about, forget that the methods used to get the iPhone open, if such a thing were possible, will have to be provided and explained in open court, just like DNA testing has to be explained. Which of course, makes us all LESS SECURE.
Apple doesn’t have the ‘key’ to open the iPhone because there isn’t one. For the court to order Apple to create technology of this type is frankly, unAmerican. That’s why many leading technology companies in the world – Microsoft, Facebook, Google – support Apple. It’s not up to the FBI to tell software and services companies what legal technologies they can or can’t put into their products and services. And it’s not the court’s job. Believe it or not, it’s actually Congress’ job. The FBI actually tried to upgrade the laws here, but Congress couldn’t agree on how or if to proceed with it.
If that was me or one of your kids that had been murdered, I would hope you would do all you can to find and prosecute the people responsible for the death.
As smart as you might think I am, I am not a policeman, so I’ll tell you now, I will do what I can to help, but I’ll definitely leave building the case up to the professional police. Please if I get killed this or any way, I hope you will do the same.
What are you hiding?
Actually, I’m not hiding anything. In fact, I’m standing on the street corner expressing myself as you saw on TV. I’m relying on the good ol’ US Constitution (there’s an app for that and I’ve got it on my iPhone) to protect me.
In closing I’ll share a nice quote from Ben Franklin (he’s on the $100 bill) once said, “Those who sacrifice personal liberty to gain security will have neither.”