FBI Tells Apple, "Just This Once." Why a One Time Exception is a Slippery Slope - ITS Tactical
 

FBI Tells Apple, “Just This Once.” Why a One Time Exception is a Slippery Slope

By Matthew Sharp

apple-encryption-03

Major news outlets and social media are ablaze today, with self-proclaimed pundits offering their analysis on Apple CEO Tim Cook’s recent Message to Customers.

A US District Court has issued a court order in an attempt to force Apple to “assist law enforcement agents in obtaining access to the data” on deceased San Bernardino terrorist Syed Rizwan Farook’s iPhone 5C.

Typical with any large-scale public event, much of what passes as informed opinion is, in fact, not so well-informed as it might pretend to be. In this article, I intend to take a look at the facts of the case, before digging into the ramifications of the court order and whether or not it’s technically feasible for Apple to comply.

A Situational Overview

apple-encryption-02

First, a little background information is in order. FBI data forensics have had this iPhone 5C in their possession for about two months, this is clear by backtracking to the date of the San Bernardino incident. Based on the contents of the court order, it can be presumed that the’ve been thwarted from gaining access to the contents of the device, due to the software lock on the phone. Circumvention of this software lock is the primary documented goal of the order, from which “technical assistance” has been demanded from Apple, the manufacturer of the device.

It can also safely be assumed that the version of the OS on the phone is greater than iOS 8, which was the first iteration of iOS to include “full encryption” of data contained on the device. This is also not the first time the Federal government has demanded that Apple assist them in dealing with encrypted devices made by Apple. The outcome of that case has still not been decided and Apple has requested that the court make a decision on whether the government can compel Apple to assist with the unlocking or not.

So understandably, the FBI feels that there’s information on the phone that may be useful either as part of the San Bernardino investigation, or in discovering evidence of future, or aborted attacks of a similar nature. Though they won’t know this without unlocking the phone first.

The nature of this potential evidence wouldn’t already be known, though useful information could have already been gathered. Information like the call records of Farook, (who he called, who called him, when and with what frequency) could have already been obtained from Verizon via court orders or subpoenas. Similar information about the electronic correspondence between the shooter and his contacts may have already been obtained directly from the service providers he used (eg: Google, Yahoo, other email providers.) Unless of course, Farook ran his own private email server like certain Presidential candidates, which is unlikely.

From the official narrative, we are to believe that the FBI has been manually attempting to unlock the iPhone in question over the last two months and have failed thus far. They’ve made no mention of other avenues of attack, despite there being a number of commercially available (and in at least one case, Federal intelligence-community funded) forensics tools in existence.

They then requested that the US District Court issue a court order, compelling Apple to provide the “technical assistance” they claim they need to access the data on the phone. Apple has issued their own response, in public, to that court order and it’s safe to assume that they’ve also replied, or will within the five day window provided by the court order, through more official channels.

The Court Order

Next, let’s take a look at the court order, itself, ED 15-0451M, as issued by the United States District Court for Central District of California:

For good cause shown, IT IS HEREBY ORDERED that:

  1. Apple shall assist in enabling the search of a cellular telephone, Apple make: iPhone 5C, Model A1532, P/N: MGFG2LL/A, S/N: FFMNQ3MTG2DJ, IMEI: 358820052301412, on the Verizon Network, (the “SUBJECT DEVICE”) pursuant to a warrant of this Court by providing reasonable technical assistance to assist law enforcement agents in obtaining access to the data on the SUBJECT DEVICE.

  2. Apple’s reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcode to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE; and (3) it will ensure that when the FBI submits passcode to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.

  3. Apple’s reasonable technical assistance may include, but is not limited to: providing the FBI with a signed iPhone Software file, recovery bundle, or other Software Image File (“SIF”) that can be loaded onto the SUBJECT DEVICE. The SIF will load and run from Random Access Memory (“RAM”) and will not modify the iOS on the actual phone, the user data partition or system partition on the device’s flash memory. The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE. The SIF will be loaded via Device Firmware Upgrade (“DFU”) mode, recovery mode, or other applicable mode available to the FBI. Once active on the SUBJECT DEVICE, the SIF will accomplish the three functions specified in paragraph 2. The SIF will be loaded on the SUBJECT DEVICE at either a government facility, or alternatively, at an Apple facility; if the latter, Apple shall provide the government with remote access to the SUBJECT DEVICE through a computer allowing the government to conduct passcode recovery analysis.

  4. If Apple determines that it can achieve the three functions stated above in paragraph 2, as well as the functionality set forth in paragraph 3, using an alternate technological means from that recommended by the government, and the government concurs, Apple may comply with this Order in that way.

  5. Apple shall advise the government of the reasonable cost of providing this service.

  6. Although Apple shall make reasonable efforts to maintain the integrity of data on the SUBJECT DEVICE, Apple shall not be required to maintain copies of any user data as a result of the assistance ordered herein. All evidence preservation shall remain the responsibility of law enforcement agents.

  7. To the extent that Apple believes that compliance with this Order would be unreasonably burdensome, it may make an application to this Court for relief within five business days of receipt of the Order.

Technical Feasibility of the Court Order

To examine the technical feasibility, we must first have a solid understanding of what’s being demanded here. In examining the actual text of the court order, it becomes fairly clear that what the FBI wants is a means to circumvent the iOS software lock setting to automatically wipe the phone after ten failed attempts at entering a passcode.

It’s not clear whether they know if that setting is currently on or off and they may honestly not know, having not risked ten consecutive unlock attempts at a time. They also want to be able to enter the passcode electronically, rather than having someone sit there and type one passcode attempt at a time. They’ve demanded that the ability to enter passcode attempts via the Lightning port, Bluetooth or WiFi, be added to the phone. Finally, they’ve demanded that the passcode entry process not incur any non-hardware defined delays.

All of these features they’re demanding Apple provide, by means of creating a bootable version of the iPhone operating system, “iOS,” which either the Feds or Apple would install via the “firmware update process,” a “recovery mode” or some other unspecified “mode” of installation. They’ve gone ahead and specified that this modified version of the operating system, which does not currently exist, be created and then loaded only into the device’s RAM and not the flash memory.

What they haven’t actually demanded is that Apple provide a “backdoor key” to the encryption used by the device. Instead, they’ve asked that an entirely new version of the OS be developed to only run on this particular iPhone and that this version allow them infinite chances at brute forcing their way into the phone by electronic means, without defaulting to a self-reset of the entire device.

Is it possible for Apple to create a brand new version of the iOS that could turn off the auto-destruct feature? Technically and probably, yes. Is it possible for them to allow for unlocking attempts by some electronic means other than finger-on-touch-screen? Possibly, though this is more complicated than the layman may expect.

Finally, is it possible to make sure that no software-induced delays to the brute forcing attempts to break into the phone are introduced? Sure. But doing these things is neither simple or fast. Worse yet, the creation of this entirely separate iOS version for one-time Federal use is both a bad idea and sets a bad precedent for future uses, despite a one-line half-assed assurance in a poorly-worded court order that they only want it for this one phone, this one time.

Ramifications of Compliance with the Court Order

Despite the documented intent to have this “tool” for use only in this one case, this isn’t the first time they’ve asked for help in circumventing “locks” on smart phones from Apple. Once a tool like this exists, it will exist forever. Much like saying something stupid on the Internet, once it’s out there, it stays out there.

You can delete bad data, but chances are good there’s a copy of that data floating around from now until the end of time. Once you give the FBI a means of circumventing safeguards, they’ll either modify that one-time-use software to use again, or they’ll demand another one-time-use version of the operating system be developed the next time there’s a “unique case” that “requires” it.

Worse still, once that tool exists, can you trust that it won’t propagate? Are the FBI’s systems so secure that no bad actor could ever obtain a copy of that tool and use it with malicious intent? For that matter, can you even trust that no one within the FBI would never surreptitiously copy it and use it for their own personal reasons?

Currently, decryption is a computation-intense process. In time, as we get closer to having functional quantum computing power (and the Federal government is going to have it before anyone else does), decryption will become nearly trivial. In that sense, we’re in a societal window wherein encryption, for the moment, can be trusted to safeguard a person’s data against unlawful or even lawful attempts to thwart those protections provided by it.

Encryption does not make a distinction about the intentions of the encryption user; it works mathematically to render the encrypted data unreadable by anyone without the authority to decrypt it, whether that person is good or bad, engaged in lawful or illegal behavior. Encryption protects the privacy rights we all have.

Demanding that a corporation provide a loophole, or “back door” into that process is a dangerous precedent to set, for several reasons. First, it may not even be possible to do and second, once that “back door” is open, even if those who demand it promise to never do it again (and believe me, they will do it again), it remains open forever.

Other Options for Law Enforcement

It seems somewhat strange to think that the FBI has merely been tinkering at guessing the passcode for this particular phone, when forensics tools for just these purposes already exist. Pulling a copy of the entire device’s memory would be a good first step (and, in fact, is the Standard Operating Procedure when performing forensics on a data device), then using tools like Black Bag Technologies’ “Black Light” to analyze that data would help.

As an interesting side-note, “Black Bag Technologies” received funding from the CIA’s investment venture capital firm, In-Q-Tel, so their product suite is definitely a known quantity to the US Intelligence Community. There are other tools available as well, like Oxygen Forensics set of tools. Pulling useful data from seized devices is a known science and there are a number of experts in this field that would be more than willing to help.

All that said, I’d like to believe that the FBI is much more capable of analyzing data on the devices of criminal suspects than this court order would indicate. It either inspires little confidence in the technical forensics abilities at the federal agency, or is indicative of a political agenda to set a legal precedent for demanding major corporations go to ridiculous lengths to allow “back door” access that they make promises to never misuse in the future.

In that sense, I applaud Apple responding in the manner in which they have. As they’ve stated, they’re more than willing to comply with court orders for data contained on their own internal servers if legally mandated to, but providing a proverbial “one time key” for this sort of thing is a bad idea, both technically and ethically. By refusing to do so and making the public case for their refusal, they’re bringing the issue to a wide audience, who should rightly be involved in any such public discussion about the ramifications of such access and what it means to each of us, both criminal and non-criminal.

No one wants more terrorism in this country or anywhere else (well, no one but terrorists), but we have processes in place that preserve the liberty we currently enjoy and whittling those protections away is bad for all of us.

Update: In an attempt to answer more on the questions being raised on this issue, Apple has released the following information here: http://www.apple.com/customer-letter/answers/

Are you getting more than 14¢ of value per day from ITS?

Thanks to the generosity of our supporting members, we’ve eliminated annoying ads and obtrusive content. We want your experience here at ITS to be beneficial and enjoyable.

At ITS, our goal is to provide different methods, ideas and knowledge that could one day save your life. If you’re interested in supporting our mission and joining our growing community of supporters, click below to learn more.

Discussion

72 comments
OnTheHook
OnTheHook

This is my surprised face.


Justice Department Seeks to Force Apple to Extract Data From About 12 Other iPhones


The Justice Department is pursuing court orders to force Apple Inc. to help investigators extract data from iPhones in about a dozen undisclosed cases around the country, in disputes similar to the current battle over a terrorist’s locked phone, according to people familiar with the matter.

The other phones are at issue in cases where prosecutors have sought, as in the San Bernardino, Calif., terror case, to use an 18th-century law called the All Writs Act to compel the company to help them bypass the passcode security feature of phones that may hold evidence, these people said.

The specifics of the roughly dozen cases haven’t been disclosed publicly, but they don’t involve terrorism charges, these people said. The 12 cases remain in a kind of limbo amid the bigger, more confrontational legal duel between the government and the company over an iPhone seized in the terror case in California, these people said.


http://www.wsj.com/articles/justice-department-seeks-to-force-apple-to-extract-data-from-about-12-other-iphones-1456202213

Brian Faranato
Brian Faranato

Matthew N Sharp I agree with you, my contention is with apple. Apples objection is based on data security and "protecting" people's privacy. That was my point. I agree with your position on court mandating production of something that does not yet exist. This should be done in regulations on the industry. I don't think it should be done at all to be frank, I don't like big government interfering in business outside of consumer protection and fair trade. Let free market determine these things. Most of what I have seen on this issue is apples position of protecting our data security which is a hot button for a lot of people. Peoples objections for the most part were based on this not on mandating action to create a new product. No I don't think Apple created the situation. This issue of accessing data has been going on for more than a year with Apple and the DOJ. This is not new. The court order is the FBI trying to improperly force the issue. Apple is part of a larger fight on a larger issue and their stated objections are not what yours are...so yes they are using the situation to gather support, using data security as the focus. They could have kept the argument on what your issue is and the courts would probably agree with you. Look into the background of the ongoing fight with DOJ. In my opinion this is about that larger issue. If legislation is passed mandating a method exist to recover any and all data from a cell phone upon production of a court order there is no issue here. Legislation has not caught up with tech.

Alfonso Vacamora
Alfonso Vacamora

They want to know who payed the phone bill and what bank cards are tied to that phone and they do not know till the account from apple is given or in this case the phone is opened to show the FBI said bank cards you follow the money and you know we're they come from hands down !!!

Chris Green
Chris Green

I know...just curious about the 70+ other times since 2008 that Apple has unlocked data for authorities. Why are we just now up in arms about it.

Jonah Mcclung
Jonah Mcclung

The FBI wants Apple to create a back door program just to use this one time. Lol. Yeah right. They would use it on every phone on earth.

Milena Schir
Milena Schir

Kelly Murray in your case, I say, I agree with FBI, in my case I agree with Apple, happy now? Do not question my patriotism, you do not know me and I do not want to know you. You are unquestionably a perfect person

Keith D. Kall
Keith D. Kall

This situation exemplifies the state of our security when the government can't hack an off the shelf iPhone....

Kelly Murray
Kelly Murray

Way to be completely non committal! So either way you can say "i was right, told you so" ...patriotism needs more lime you...oh wait, we have a Congress full of ppl like you NM!!

Kelly Murray
Kelly Murray

The problem the dept. Of justice faces is not just bypassing security... but cracking existing security with all existing information intact! Its not hard to jail break an iPhone, but to defeat the security while preserving the info on the phone is another matter. This is the department of justice's dilemma... if they brute fore the phone they lose the existing information... thank you apple! At least one mega corp has the end user in mind still...unlike google, yahoo, tumble, microsoft, facebook....the list goes on!

Jon Maxwell
Jon Maxwell

Brian Faranato Actually no. They can't force you to open it. They can get a warrant, physically take it and open it themselves. But the 5th amendment allows you the right to not provide the combination.

Chris Green
Chris Green

Apple has unlocked phones in the past. Everybody feeling real patriotic today or something?

zim964
zim964

 If there are other options then wouldn't it suggest that there is a reason the FBI is going to unusual lengths to investigate the device?  Just my two cents.

Jonah Mcclung
Jonah Mcclung

Lol just this one time guys\U0001f602\U0001f602\U0001f602

Jon Maxwell
Jon Maxwell

Merle Basquez I doubt the FBI's best and brightest can beat Apple's best and brightest. That's why the guys at Apple have more zeros in their paycheck

Matthew N Sharp
Matthew N Sharp

Brian Faranato For the record, as the author of the article in question, my primary objection is the nature of a court order demanding that something be created that does not exist by a third-party non-governmental organization, for use by a government organization. Maybe, in this instance, what they're demanding *is* possible to create. Maybe it isn't. But if it is, how long until the next time the government decides they want something that doesn't exist built for them, and issues a court order, demanding that someone build it, only to run into the problem wherein that thing they've demanded *can't* be built, at which point the court system starts meting out punishment to citizens or corporations (and the distinction here is minimal) for not doing something impossible to do? The means to demand this sort of thing is at the government's disposal; legislate it. Write a bill, have it debated by elected representatives (ideally with the public's knowledge and input into that debate about whether the idea is a good one or not), and voted on by the Senate and the House, and then have it signed by the executive branch, and turned into law. Demanding someone build something for you in a court order is fishy, given that they had to expect the response they got, and speaks to a larger political motive which may very well play out over time. Maybe this is just an effort to start pushing public opinion towards the legislation of just such a "back door" option for access for law enforcement, maybe it isn't. However, suggesting that this is simply a "PR move" by Apple is a little ridiculous. Unless you're earnestly suggesting that Apple used undue influence to get the District Court to issue a court order against Apple so that they could then publicly respond in the manner they did (which seems *extremely* unlikely to me, and if you have any evidence of this, I'd love to see the source), the District Court for Central California started this when they issued the order they did.

Gary Warren
Gary Warren

I support Apple's refusal on this issue. Their commitment to protect their customers from the invasion of privacy should not be compromised, not even one time.

Carl Krauss
Carl Krauss

The FBI is looking for 18 minutes of deleted data from the phone. If they could retrieve it on their own then the FBI would have. Apple has retrieved data from locked phones for LE in the past. Apple does not have to divulge any trade secrets in the process and they never have in the past. This is Apple getting free advertising.

Harry Salem
Harry Salem

This is probably just some Obama or democratic bullshit to take the spotlight off Hilary while the FBI probe her fat ugly ass for more treasonous material. We all know she probly will step down soon, she's as guilty as sin.

Harry Salem
Harry Salem

You know it's not really that hard to break into a phone. A Turkish phone company I know can pretty much bypass any locked phone when people get locked out of their phone. All you need is a programmer that can bypass a security code and and reset a password. Besides, the FBI has a team of cyber infiltrators that can download files onto clouds via wireless interface.

Derek Beyer
Derek Beyer

So.....the fuckin FBI aka the government cant break into an iPhone....but can simultaneously monitor millions of US citizens and foreigner terror targets....

Darrin Whitsman
Darrin Whitsman

Great article. We're going to trust the hack tool with the same people who couldn't keep their SF-86s from applicants and employees secure? VERY slippery slope.

Cameron Benz
Cameron Benz

Once a code template is created, it'll be out on the net for exploitation.

Cameron Benz
Cameron Benz

So, let me get this straight... The FBI wants Apple to get them access to this phone...supposedly for one time use (but since it involves code, chances are good it would end up being a template that could then be exploited by anyone with the knowledge)...meanwhile there is a giant NSA facility that cost a gazillion dollars to build that probably intercepted all of the communications off the tangos phone... Do I have this right? Is the FBI thinking Apple will be easier to deal with than NSA?

Cameron Benz
Cameron Benz

Those who would surrender liberty for security deserve neither.

ODIN
ODIN

We don't have any liberty or security anyways so no one even knows what you're talking about.  

Milena Schir
Milena Schir

In case like this, I agree with both, yet know if there is another killing I do not want to hear any complaining how this could have been prevented

Bob Sacamano
Bob Sacamano

Those who sacrifice freedom for security will get neither.

Andrew Atwood
Andrew Atwood

It is an interesting dilemma but in this scenario give me liberty over security. In my opinion the Government should not be granted any power they want simply by uttering the word Terrorism.

Merle Basquez
Merle Basquez

There is no way the FBI cannot already crack the lock screen with their best and brightest. This is a so called crisis to allow more governmental overreach that the sheeple will accept.

MichaelCheng1
MichaelCheng1

FBI do not know how to pride Apple but China know how to put $$$$$ on Apple pocket.......

Michael Hedden
Michael Hedden

What they want is an OS without the 10 time data reset. So you trust the people who have admitted private agent abuse of the Patriot Act to not abuse this? Once that safeguard is disabled, it will take a laptop seconds to unlock it. You don't think you can remotely clone a phone? They don't need the phone in their hands. This is 4th Amendment privacy stuff. If they hadn't already admitted to abusing this kind of power, then maybe. But they have, and they do. So I'm not OK with this. Maybe, maybe if they would five the phone to Apple to pull the data and give it to them, but they want the power, not just the result.

Scott Lebherz
Scott Lebherz

And he is dead. It isn't Apples job to make the case for the Feds. It's the Feds job to make their case.

Steve Hupe
Steve Hupe

I also lead a boring life. The many pictures of my wife and cat would inspire a new insomnia treatment. However, I'm inclined to keep those to myself. I'm with Apple on this one.

Brent Driscoll
Brent Driscoll

Its my phone. Its my data. Piss off FBI. I can't even legitimately access my kids phone, but Mulder and Scully can?

Brent Driscoll
Brent Driscoll

It also means that those of us who aren't in the US are just as vulnerable to the US anagram agencies or that the rest of the five eyes team end up with the same access.

Lars Mårten Rikard Nilsson
Lars Mårten Rikard Nilsson

Brian Faranato No they can't they want Apple to change the operating system, not give them a way in in itself. As an analogy imagine a house with a lock on the front door that blow up the house if you use the wrong key three times. (along with anything inside so it doesn't get stolen, yeah I know overkill right?) Now the FBI tells the contractor to build all the houses they're making (and have made) with a secret lock with unlimited tries on it. They'll still need a locksmith to get in, but they can make as many faulty keys as needed.

Brian Faranato
Brian Faranato

Nope but with a court order a person would be required to open it or go to jail.

Mark Procacci
Mark Procacci

It is about national security. He was a terrorist. This needs to happen.

Charles Cusanno
Charles Cusanno

The fact is that for the court to issue an order, an investigator had to submit an affidavit of probable cause to support said order. Now Apple does NOT have to give anything to the FBI in order to unlock the phone. Apple tech people can do it in compliance with the order and not give anyone a "key" to their proprietary technology. Further, any expense incurred by Apple in compliance will be reimbursed.

Dave H
Dave H

I second Jon on this. This isn't compelling Apple to share their information. This is compelling Apple to share someone else's secured information. It's a very slippery slope to start sliding down. The device isn't an apple owned device. If Apple builds a software to do this it will be available through the soft white underbelly of the Internet moments later, giving anyone that access. Once the proof of concept is out it will be replicated.

Jon Maxwell
Jon Maxwell

They've actually had a huge problem with the new iPhones. A lot of it was designed after the Edward Snowden leaks

Jon Maxwell
Jon Maxwell

It's the age old problem of security vs intelligence. The NSA and other other alphabet soup agencies have been creating vulnerabilities for themselves to use for years. The problem is, other countries can use these vulnerabilities as well. We are more likely to be cyber attacked from other countries, with the vulnerabilities they make to keep us safe from the physical attacks, then we are to stop the physical attacks before they happen. The DOD and NSA have been at odds over this for years. The FBI can't even keep their own personal data safe this program would be out in no time.

Dave Williams
Dave Williams

A very good and intelligent overview (exactly what i would expect from you) and I am in agreement with you and Apple regarding the long term ramifications of their request.  

Jon Maxwell
Jon Maxwell

Should we require that all safes have a master key so the law-enforcement can open them?

Jon Maxwell
Jon Maxwell

My problem is using the court to compel a company to build a product that compromises their own products. This has been brewing for years. The government is just hoping that this case with the magic word terrorism is enough to open the phones. They purposely chose this case.

Chad Barker
Chad Barker

And google just gives all your data they won't fight the government at all.

Do you have what you need to prevail?

Shop the ITS Store for exclusive merchandise, equipment and hard to find tactical gear.

Do you have what you need to prevail? Tap the button below to see what you’re missing.