{"id":12157,"date":"2016-02-25T05:20:50","date_gmt":"2016-02-25T11:20:50","guid":{"rendered":"http:\/\/hcstx.org\/?p=12157"},"modified":"2016-02-25T05:20:50","modified_gmt":"2016-02-25T11:20:50","slug":"why-you-should-side-with-apple-and-not-the-fbi-in-the-san-bernardino-i-phone-case","status":"publish","type":"post","link":"https:\/\/thetacticalhermit.com\/index.php\/2016\/02\/25\/why-you-should-side-with-apple-and-not-the-fbi-in-the-san-bernardino-i-phone-case\/","title":{"rendered":"Why You Should Side With Apple and Not the FBI in the San Bernardino I-Phone Case"},"content":{"rendered":"

I have the utmost respect for Bruce. The man knows his stuff and is the final word in topics of this sort. -SF<\/strong><\/em><\/p>\n

\"iphone\"<\/p>\n

By Bruce Schneier<\/strong><\/em><\/p>\n

Earlier this week, a federal magistrate ordered Apple<\/a> to assist the FBI in hacking into the iPhone used by one of the San Bernardino shooters. Apple\u00a0will fight<\/a> this order in court.<\/p>\n

The policy implications are complicated. The FBI wants to set a precedent that tech companies will assist law enforcement in breaking their users\u2019 security, and the technology community is afraid that the precedent<\/a> will limit what sorts of security features it can offer customers. The FBI sees this as a privacy vs. security debate, while the tech community sees it as a security vs. surveillance debate.<\/p>\n

The technology considerations are more straightforward, and shine a light on the policy questions.<\/p>\n

The iPhone 5c in question is encrypted. This means that someone without the key cannot get at the data. This is a good security feature. Your phone is a very intimate device. It is likely that you use it for private text conversations, and that it\u2019s connected to your bank accounts. Location data reveals where you\u2019ve been, and correlating multiple phones reveal who you associate with. Encryption protects your phone if it\u2019s stolen by criminals. Encryption protects the phones of dissidents around the world if they\u2019re taken by local police. \u00a0It protects all the data on your phone, and the apps that increasingly control the world around you.<\/p>\n

This encryption depends on the user choosing a secure password, of course. If you had an older iPhone, you probably just used the default four-digit password. That\u2019s only 10,000 possible passwords, making it pretty easy to guess. If the user enabled the more-secure alphanumeric password, that means a harder-to-guess password.<\/p>\n

Apple added two more security features on the iPhone. First, a phone could be configured to erase the data after too many incorrect password guesses. And it enforced a delay between password guesses. This delay isn\u2019t really noticeable by the user if you type the wrong password and then have to retype the correct password, but it\u2019s a large barrier for anyone trying to guess password after password in a brute-force attempt to break into the phone.<\/p>\n

But that iPhone has a security flaw<\/a>. While the data is encrypted, the software controlling the phone is not. This means that someone can create a hacked version of the software and install it on the phone without the consent of the phone\u2019s owner and without knowing the encryption key. This is what the FBI \u2014 and now the court \u2014 is demanding Apple do: It wants Apple to rewrite the phone\u2019s software to make it possible to guess possible passwords quickly and automatically.<\/p>\n

The FBI\u2019s demands are specific to one phone, which might make its request seem reasonable if you don\u2019t consider the technological implications: Authorities have the phone in their lawful possession, and they only need help seeing what\u2019s on it in case it can tell them something about how the San Bernardino shooters operated. But the hacked software the court and the FBI wants Apple to provide would be general. It would work on any phone of the same model. It has to.<\/p>\n

Make no mistake; this is what a backdoor looks like. This is an existing vulnerability in iPhone security that could be exploited by anyone.<\/p>\n

There\u2019s nothing preventing the FBI from writing that hacked software itself, aside from budget and manpower issues. There\u2019s every reason to believe, in fact, that such hacked software has been written by intelligence organizations around the world. Have the Chinese, for instance, written a hacked Apple operating system that records conversations and automatically forwards them to police? They would need to have stolen Apple\u2019s code-signing key so that the phone would recognize the hacked as valid, but governments have done that in the past with other keys and other companies. We simply have no idea who already has this capability.<\/p>\n

And while this sort of attack might be limited to state actors today, remember that attacks always get easier. Technology broadly spreads capabilities, and what was hard yesterday becomes easy tomorrow. Today\u2019s top-secret NSA programs become tomorrow\u2019s PhD theses and the next day\u2019s hacker tools. Soon this flaw will be exploitable by cybercriminals to steal your financial data. Everyone with an\u00a0iPhone is at risk, regardless of what the FBI demands Apple do.<\/p>\n

What the FBI wants to do would make us less secure, even though it\u2019s in the name of keeping us safe from harm. Powerful governments, democratic and totalitarian alike, want access to user data for both law enforcement and social control. We cannot build a backdoor that only works for a particular type of government, or only in the presence of a particular court order.<\/p>\n

Either everyone gets security or no one does. Either everyone gets access or no one does. The current case is about a single iPhone 5c, but the precedent it sets will apply to all smartphones, computers, cars and everything the Internet of Things promises. The danger is that the court\u2019s demands will pave the way to the FBI forcing Apple and others to reduce the security levels of their smart phones and computers, as well as the security of cars, medical devices, homes, and everything else that will soon be computerized. The FBI may be targeting the iPhone of the San Bernardino shooter, but its actions imperil us all.<\/p>\n

CORRECTION:\u00a0<\/strong>An earlier version of this post incorrectly stated that the vulnerability the FBI wants Apple to exploit has been fixed in later models of the iPhone. In fact, according to Apple, that is not the case: There are some differences in the details of the attack, but all of its phones would be vulnerable to having their software updated in this manner.<\/em><\/p>\n

Bruce Schneier<\/a> is a security technologist and CTO of Resilient Systems<\/a>, Inc. His latest book is Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World<\/i><\/a>.<\/strong><\/p>\n

Read the Original Article at Washington Post<\/a><\/strong><\/p>\n

<\/div>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

I have the utmost respect for Bruce. The man knows his stuff and is the final word in topics of this sort. -SF By Bruce Schneier Earlier this week, a federal magistrate ordered Apple to assist the FBI in hacking into the iPhone used by one of the San Bernardino shooters. Apple\u00a0will fight this order…<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[2122,74,1317,4126,883,1814,1635,3553,3986,4764,398,1132,1189,65],"tags":[4793,1719,4794,4795,4796,4797,4798,4731,4799,3766],"jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/posts\/12157"}],"collection":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/comments?post=12157"}],"version-history":[{"count":0,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/posts\/12157\/revisions"}],"wp:attachment":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/media?parent=12157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/categories?post=12157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/tags?post=12157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}