On December 2nd 2015, the city of San Bernardino experienced terror like never before. Two individuals stormed into a Holiday event at the Inland Regional Center and opened fire with semi-automatic weapons. The perpetrators fled the scene in a black SUV but not before leaving behind an explosive device intended to detonate remotely and cause bodily harm to the emergency responders. Luckily, the device failed. Fourteen people were killed in the shooting and 24 others suffered non-fatal injuries resulting from the shooting. Rumors were immediately flying about who could have committed such a heinous act. Many speculated that this could have been workplace violence, where an employee had a grudge against the employer while others began suspecting terrorism as bits and pieces of information began to pour through the countless news media that provided non-stop reporting of the event. It wasn’t until much later that day that we began to learn of the identity of the perpetrators after police tracked down the black SUV and a shoot out ensued. After 5 minutes of gunfire, both perpetrators were killed. The shooters were 28-year-old Syed Rizwan Farook and 29-year-old Tashfeen Malik - a married couple with a six-month-old daughter. T was quickly determined that this was indeed a terrorist attack and that the couple was inspired to carry out these attacks by foreign terrorist organizations. Although the couple was not tied to any particular cell, ISIL referred to them as supporters. This shooting has led to massive searches and in depth investigation into the couple’s life. However, one significant controversy surrounding this investigation involves phone decryption.
An Apple iPhone 5C is at the center of this controversy and the battle lies between the U.S government, specifically the Federal Bureau of Investigation (FBI), and Apple, Inc. However, the device itself is not really what is central to the case, but the operating system that is running on the phone in question. The operating system is iOS 9, which Apple takes great pride in its new security features. New iOS security features most concerning to the FBI include:
- Default passcode is 6 digits with iOS 9, which increases the amount of possible combinations from 10,000 to 1,000,000 possible combinations. You have three options when setting up your code from a custom alphanumeric, custom numeric, or 4 digits. However, the default is the 6-digit code. A six digit alphanumeric code can take 5 1/2 years to crack.
- Data reset after 10 failed passcode attempts.
- After 5 failed attempts, the iPhone is disabled for a certain amount of minutes based on the number of failed attempts.
The FBI has reason to believe that the phone in question contains pertinent data related to the attacks, despite the fact that two destroyed phones belonging to the attackers were recovered in dumpsters behind their home. Investigators were able to access Farooq’s iCloud account and see that the last iCloud backup on his phone was October 19, 2015, leaving a gap of nearly six weeks that has the FBI scrambling for answers as to what communication and activities were conducted on that phone in that lapsed time. Authorities believe that Farooq turned off the automatic iCloud backup feature just a few weeks prior to the attack. However, the FBI ordered the county to reset the iCloud password, which has caused a new controversy as many state this was a huge mistake. Resetting the password prevents the iPhone from automatically backing up to the cloud. Although it is suspected that Farooq turned it off, it is not a certainty as there are several other reasons as to why the phone may have not backed up. Investigators are looking to gain access to his phone in order to gain insight into this attack as well as any other potential terrorists he may have been in contact with. Brute force passcode retrieval could essentially brick the iPhone 5c, causing the encryption keys necessary to access the data to erase and information to be destroyed forever. The FBI is also concerned about the time it would take to even attempt to recover the passcode due to the escalating time delays after entering incorrect passcodes. Currently, the time frames are as follows:
- 1-4 Attempts - None
- 5 Attempts - 1 Minute
- 6 Attempts - 5 Minutes
- 7-8 Attempts - 15 Minutes
- 9 Attempts - 1 Hour
- 10+ Attempts - Black Screen and Wiped Device
Although there is no way to tell by examining the exterior of the phone if the “erase all content” feature is turned on, the FBI feels certain that the feature is enabled. The iPhone 5c owner is the San Bernardino Department of Public Health, who issued the phone to Farooq as part of his employment with the department with the feature already enabled. Also, Farooq’s iCloud account showed that this feature was turned on. All of these security features built into Apple’s iOS have caused quite a burden for the government, causing them to seek assistance from Apple to decrypt the iPhone. However, this has not come without a great battle between Apple and the U.S. government.
On February 16, 2016, the United States filed a motion with the U.S District Court asking the court to compel Apple to assist them by providing the FBI with a custom signed iPhone software file, recovery bundle, or other software image file that can be loaded on the device in order to override built in security features. The primary functions of this file would be the following:
1. Bypass or disable the auto erased function
2. Allow the FBI to submit passcodes electronically as opposed to entering them manually
3. Disable the time delays between failed passcode attempts
The government relied on the All Writs Act in order to get this passed and cited previous cases as precedence. On the same day that a Federal Judge ordered Apple to build software that overrides these security features, Apple’s CEO, Tim Cook, issued a public letter to all customers stating that Apple will oppose the order due to the implications this would cause, the precedent it would set, and the threat to privacy and data security. Cook further states that Apple has spent decades trying to build security measures such as the ones now provided in the new iOS and that asking their engineers to develop a new iOS that undoes all of this hard work is unacceptable, as it weakens security and safety for all users.
Apple has received some backlash over their stance, but Apple does indeed have supporters on their side, many who have grown distrustful of our government after Edward Snowden exposed NSA surveillance operations in 2013. Many, including Tim Cook, feel that if Apple is forced to create this software that would create a backdoor to users personal data, what would prevent the government from using this same software or precedent for future cases? Despite the FBI stating that the software would only be used on this device, the precedence would be set and the technology would exist and can potentially end up in the wrong hands. As it stands, when presented with a warrant, companies are compelled to provide plain text versions of data. However, such law does not exist for encrypted data. In 2010, the Obama administration began working on such a law that would force companies to provide unencrypted data. However, this work took a screeching halt in 2013 after Snowden released his information on the NSA. This has many people wondering if their obsession over a state department issued phone is truly what is important to the government or is this just a ploy to create this precedence, especially since Farook and Malik went out of their way to destroy two phones that they already recovered. Why would Farook use a business issued phone to conduct any terrorist activities and then not destroy that phone along with the others? Although sympathetic to the tragedy that occurred that day, I have to question the motives of our government.
Tim Cook’s stand against the FBI is not one that is taken lightly. What has been happening around the globe with regards to terrorist attacks is truly devastating. However, allowing the government to play loosey-goosey with people’s personal information has significant implications and dire consequences. Just as the U.S Government cited previous cases to win their case and ask the court to compel Apple to write new software, who is to say that this very case will not be used in the future to gain access to other data, compel a company to access a phones microphone feature to listen in on conversations, enable a camera on a phone, access real-time GPS tracking, among various other features that we, as users, feel are safe and inaccessible by anyone? In an age where almost everything is controlled electronically, this could set a very dangerous precedent and make many Americans feel uncomfortable as they go about their daily lives. With smart homes becoming ever more popular, this order could pave the way for governments to request to tap into home cameras, smart home hubs to control home devices, Bluetooth locks, Amazon Echo’s, etc. As our devices become “smarter” and more connected, encryption is key and is considered the number one goal of tech companies. Allowing the government to compel these companies to decrypt information and loosen their security measures puts everyone’s information and security at risk. As Tim Cook mentioned, the technology could end up in the wrong hands and who knows if the very people we are trying to protect this country from could one day use the technology Apple would be compelled to create against us.