Monday, February 29, 2016

Apple vs the FBI and what you need to know

As many people may know, Apple is in a battle of security versus privacy with the FBI over the San Bernardino shooters locked iPhone 5c.

While I won't claim to be a legal expert by any means, I will attempt to break down what's happening with this case and why it should matter to you.

This is going to be a long post but bare with me...

I wrote a few weeks back on the US Magistrate court ruling in California that Apple needs to aide the FBI in creating a new OS for the terrorist's iPhone allowing the FBI unlimited attempts to unlock his phone.

This topic has been written about many times in the tech world and construed many different ways.  The FBI isn't asking Apple to "hack" the phone or give them access to the data stored in iCloud.  Apple is supposed to create a new OS with a backdoor that allows the FBI unlimited attempts at cracking the password.  The information stored on the phone is encrypted so just getting the iCloud data isn't enough to allow them to see anything.  They need to unlock the phone, in order to un-encrypt the data inside so they can see if the terrorists were talking to other possible terrorists.

It must be noted that the husband and wife both had other personal iPhones that they destroyed before committing murder.  So, the chances that they left information linking to other terrorists on a work issued iPhone is probably moot.  But regardless, the FBI want's into this phone.

The FBI claims that they only need access to this one phone and the public is supposed to assume that this is a true statement.  But what isn't told is that the FBI actually is trying to get data from hundreds of iPhones they are investigating.  Granted Apple has worked with the FBI in most cases in giving access to iCloud data but this one case is different and here's why:

 The FBI isn't asking for access to the iCloud backed up data as in many cases.  The FBI ordered the San Bernardino county to change the iCloud password remotely.  The problem with that is, they can't access the phone itself to change the iCloud password on the device.  Since the they can't change the password on the device, it can't sync.  So now, since the phone belonged to the county and not Syed Farook, the FBI has the iCloud data but can't do anything with it.

I know this is all confusing but bare with me

So, now that all of those details are out of the way, here is why this case matters to you and basically everyone in the United States.

Most people say that they were terrorists and Apple should just do as ordered, which is a great point.  They killed innocent people and if getting into their phone means saving lives, Apple should give up the goods.

What people don't understand is that doing as ordered by the court has massive consequences that I doubt many people want to understand.

Many tech companies have officially supported Apple, and stand by the fact that they shouldn't create this new OS.

There are two sides (or reasons) why this OS shouldn't be created.  There's the Legal side and the Hacker side and both of them are very, very valid points.

Legal side

Lawyers are very grimey people as many know.  Whoever has the most money can probably win almost any court case.  Good (expensive) lawyers can argue moot points that ultimately mean nothing but cause the case to be continued forever resulting in the poorer person to just quit and give in.  Lawyers can argue that these criminals committed a crime and therefore unlocking their phone was necessary.  What defines a crime?  Breaking the law of course.  Is speeding breaking the law?  Yup, it is.  So when you get pulled over for speeding, is your phone subject to unlocking and exposing your secrets?  Maybe...

Now I know many people will argue that they have nothing to hide and they welcome increased security at the risk of privacy.  But what about that picture your spouse sent you to get you ready for date night?  Would you want that exposed?  How about your financial records because you accessed your bank account on your phone?  How about your sexual preferences?  Would you want that exposed because you were speeding?  Ah, now we're getting to the point of things.

Additionally, what makes anyone think this new OS will only be used on one phone?  If the FBI gets their hands on it, why wouldn't they use it on every phone they have?  The public doesn't have to know.  They don't have to disclose how they run the FBI so how would you ever find out if they used it once as they said or 1,000's of times over the next few years?

This is the slippery slope that many people have talked about, so what do you not want other people to know about you?

Hacker side

The hacker side of the argument is just as bad.  If Apple were to create this OS with the "backdoor" it will have to be vetted by courts and other organizations to verify that the data was not altered.  How will that happen?

Once the new OS is created, it will have to be tested by other people.  Some will be within Apple, some will have to be outside of Apple.  Once it passes those tests, it will have to be presented to the court as the method to be used.  More vetting will have to happen within the court system.  I don't know any judges who are techies, developers, testers, coders so guess who gets to vet the OS?  Yeah, all of the guys I just mentioned.

Now once all of that happens, the FBI will have to pass the OS through their channels to ensure that it does what they need it to do (bypass the reset option if too many passwords have been tried).  When all's said and done, this new OS will have been seen, viewed, broken down, vetted, and scrutinized by no less than 100 or more people to ensure it can do what it's supposed to do without corrupting the data it's supposed to allow access too. This it means it will be tested on multiple phones so that "one phone" concept is out the window.

How many of those 100 or so people can be bought off by hackers to get a "look" at the code?  Even one person is too many since once it gets into hackers hands, it could be used to expose every single iPhone ever.

These are the reasons why you should care about Apple defending your privacy as they are doing.  Most people only care about the hacker part but if it's allowed, they should also care about the legal part since it could affect them years down the road.

I'm not normally a #teamApple guy but I am in this situation.

No comments:

Post a Comment