Apple vs. FBI – Government Overreach or Apple Protections

There has been much written and talked about in the news regarding the open letter Apple’s CEO Tim Cook wrote about the FBI’s request for Apple to install a back door into the iPhone. When I first read that letter I shook my head and believed that was the wrong decision. I mean the FBI is only trying to follow any lead the investigations bring with the San Bernadino terrorist case. Their goal is to protect us and keep us safe.

But then I decided to take a step back and think about this from other angles. Maybe Apple is actually taking the right stand to protect us and keep us safe. I would think with a pretty strong certainty the FBI could hire some deeply skilled hackers, I mean Information Security Professionals, who could leverage their hacking techniques to gain access into the phone.

iPhone Vulnerabilities by Year

iPhone Vulnerabilities by Year

As a security professional myself, I know there are inherent vulnerabilities in the iOS and the iPhone platforms.  A quick review of “The Ultimate Security Vulnerability Datasource” shows over 800 current vulnerabilities for the iPhone, with 375 just in the last year. There must be some technique or exploitation tool the FBI can use to walk right into that iPhone 5c they are trying to get access to. Do they really need Apple to program a backdoor into the device?

A Wall Street Journal opinion article has some good discussion around the issues at play here. The issues are not simply a matter of technology intrusions. In my opinion they are nothing more than politics gone bad, under the guise of national security. And here is the crux of it as stated in the article, “The CEO has a strong case when he says that backdoors create more problems than they solve.” And he may be absolutely right.

Let’s look at the “back door” issue. At the risk of really oversimplifying the issue, picture your home where you live; your wife is there, your children, and maybe a pet or two. The government (FBI) comes along and demands you put in a special door going into the back of your house. This door is special because only the government can use that door for entry anytime they want or need. It will help keep the country safe. You sit back and think, “well I suppose I could do my part for the safety of the country.” I mean why not? You don’t have anything to hide.

One day you come down into your living room and you discover a man sitting there on the couch with your kids. How the hell did he get in here? He quickly says, “it’s alright, I came through the special door you put in.” With further questioning you discover he doesn’t actually work with the government. He’s one of the guys you told to leave you alone from Nigeria. How the hell did he get the door open? Only the US government is supposed to be able to do that.

Stay with me. Now consider the point—I have nothing to hide on my phone.

Most of us use our smartphone for a great deal more than making phone calls. We have lists of people we know, calendars of activities, access to bank accounts, text messages, and countless other day to day tidbits of our lives contained within that device. I’d like to also point out the phone has a GPS chip in there so it is possible it knows everywhere you have been, alone or with your kids. Let’s say you are one of those parents who provides a smartphone to their kids so they can GPS their children’s location when they need to. Now your phone or your children’s phone is stolen by a pedophile or some other creepy criminal mind. Do you have anything to hide now? Because in the scenario in play today with the FBI wanting a backdoor in your phone, that criminal can now easily find out where your kids hang out, or your spouse or partner.

Those scenarios kind of make you think don’t they?

I came across another interesting article on RT discussing how other companies are starting to support Apple in their stand. Google for instance. In this article is a statement, “We now find ourselves in not just a digital divide but a digital security divide,” Soghoian said, reported the MIT Technology Review. “The phone used by the rich is encrypted by default and cannot be surveilled, and the phone used by most people in the global south and the poor and disadvantaged in America can be surveilled.” I’ve seen FaceBook jumping in too, on the side of Apple. But, that seems like a Red Herring coming from them.

Party LineI don’t know about the class distinction being created. It’s possible in some scenarios. Isn’t it interesting we find ourselves at a divide: keep going in the secure direction vs. let’s open phone systems or devices up like they used to be in the landline days—even get to a party line system. That is what the government is advocating here isn’t it? Is that where we want to be?

In gathering my thoughts on this article I came across this on The Hacker News about steps to take to make sure anyone stays out of your phone. It makes the case for using an 11 digit code, basically setting up a 127 year window before it gets hacked. That’s plenty of time for you to die at least twice. But, then I’d suggest the technology will show up in a few years to open that device. And we still want to be able to access our device easily.

I find myself in unfamiliar territory. As a 20 year navy vet, doing my part in the defense of this country, I have a belief we should do whatever is necessary to protect our people and our territory. However, is compelling a company to actually program in a back door to their devices the way to go? Is that going to give us the security we need? Won’t that set precedent to move beyond the mobile phone? The harsh reality is if there is a back door built into any system, hackers will find it.

And then game over.

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmailFacebooktwittergoogle_plusredditpinterestlinkedintumblrmail
rssyoutuberssyoutube

Jeff Evenson

Jeff is Chief Blogger for Security Friction, writing about the security issues that seem to always have some rough edges when being considered for implementation or integration. Jeff retired from the US Navy as a Chief Cryptologist, worked in the wireless telecommunications and financial sectors. Jeff has spoken at the local college and various community groups.

2 Comments

  1. Well said. In addition, as you eluded to, the government has had their own systems hacked into and now people are at a higher risk of identity theft (otherwise, why would they provide free credit surveillance). So why wouldn’t our phones be at risk. I feel the government is too involved in our private lives as it is. They don’t need a backdoor into our phones.

  2. Great post Jeff. This topic has been on my mind quite a bit lately. I even had a discussion with my wife who dislikes technology conversations of this depth for the most parr. I’ve thought a lot about the legal precedent this would set. I would strongly suggest that is what the FBI is interested more than the phone itself or this one case. The FBI has already tried getting into the phone and mishandled that, locking themselves out even more than they were before. Apple has already been helping them out. Apple doesn’t want to set the legal precedent of the backdoor though. That is where they’ve drawn the line. The backdoor would be exactly as you described. Once it exists, someone else with less than noble intensions would also be able to discover it and use it.

Leave a Reply

Your email address will not be published. Required fields are marked *