Cybersecurity practices, privacy policies, intelligence community best practices are all hot event topics on GovEvents.com. These topics are also garnering intense media focus with the ongoing battle between the Justice Department and Apple to provide access to data on the phone of the main suspect in the mass shooting in San Bernardino, CA. While the back and forth between the FBI and Apple has been well documented in the media, it is a complex issue in terms of what it really means for us as citizens and government professionals.[Tweet "Your Privacy and the iPhone -- what it really means for us. #GovEventsBlog"]
The background: Following the San Bernardino shooting, the FBI realized there may be critical evidence on the shooter's iPhone, which they have been unable to access. The FBI hopes this information will shine a light on the motivation and any terrorist ties.
The reason the FBI cannot get into the phone without Apple's help comes down to one setting that anyone can turn on or off in seconds. Within Settings, users enter their passcode to lock the phone. Once that's done, a screen appears with the option to "Erase Data. Erase all data on this iPhone after 10 failed passcode attempts." This makes traditional hacking attempts useless. However, the shooter had an older version iPhone and iOS, which, according to the FBI, means Apple has the ability to override this erase feature and access this phone. Newer phones, and those that have updated iOS, would not be accessible as this 'loophole' was eliminated as part of a 2014 operating system update.
The FBI wants Apple to create new software that would override this security feature. The idea is that it would only be used for extreme cases of national security so law enforcement and intelligence officials can get a full view of the data and connections. While the legal wrangling has been going on, many efforts have been made to bypass Apple to get at the data on the phone. On March 21, 2016, the FBI announced that a party outside of Apple may have found a way to unlock the phone. They are taking two weeks to test out the solution at which time they will decide whether or not to move forward with court proceedings aimed at forcing Apple to create back doors into their technology.
Apple argues that disabling the erase data option and building in a way to hack into the phone via "brute force" opens users up to unacceptable security risks. Essentially, they would be building malware against their own systems, and that technology in the wrong hands is an unacceptable risk.[Tweet "Apple argues that 'hacking' the phone opens users up to unacceptable security risks."] Apple CEO, Tim Cooke said, "the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks -- from restaurants and banks to stores and homes. No reasonable person would find that acceptable."
To put this in physical security terms, this Gizmodo article points out "if the FBI comes across a safe in a house, the warrant and permission do not mean it can force the company that manufactures the safe to create a special tool for opening its safes. Especially a tool that would make other safes completely useless as secure storage."
This is not Apple's fight alone. Amazon, Box, Cisco Systems, Dropbox, Facebook, Google, Microsoft and others submitted briefs to the Federal District Court for the District of Central California, challenging several legal facets of the government's case.
In the end, this case is about more than what one company can do to unlock one phone. It is about setting the precedent for access to any type of electronic data. For now, the technology companies are fighting for consumer privacy while being respectful of security needs. [Tweet "Technology companies and Apple are fighting for consumer privacy. #GovEventsBlog"]
UPDATE: The FBI has now dropped their case against Apple as they were able to use a workaround to get to the needed data. While this battle is no longer active in the courts, it will be an ongoing discussion between the technology community and the government. Look for a lot of activity around creating policies related to intelligence gathering and privacy concerns. We'll be sure to highlight the events and organizations facilitating this collaboration between government and industry here on GovEvents.com