[Infowarrior] - my thoughts on .... Apple ordered to help FBI bypass iPhone security

[Richard Forno]

Apple ordered to help FBI bypass iPhone security
By Richard Forno on February 17, 2016 at 6:59 am

https://cyberlaw.stanford.edu/blog/2016/02/apple-ordered-help-fbi-bypass-iphone-security

As I've said many times over the years, on matters of technology policy and Internet security, sometimes I wonder if the US government ever left the 1990s.

Last evening a federal magistrate directed Apple to work with the FBI in facilitating their access to the seized iPhone of one of the San Bernadino attackers.

The text of the court order is here.  Although it does not direct Apple to break the encryption per se, it asks the company to disable features that make it more difficult to brute force the device security capabilities --  such as the function that disables (er, self-destricts) the device after multiple attempts to enter a PIN number. 

While that sounds innocuous enough, it is likely such access cannot be granted on a device-by-device basis upon demand by law enforcement, although some technologists believe it possible.  Rather, unless Apple demonstrates the technical, economical, or temporal infeasability of complying with the judge's order or gets the order lifted, the consequence may well be an update/patch to IOS that would implement that proverbial "backdoor" feature that certain law enforcement officials -- specifically, FBI Director James Comey -- allege is needed to protect the country, citizens, and (think of the) children from Any Number of Evil-Sounding Things That May or May Not Be True(tm).  By contrast, NSA Director Admiral Mike Rogers has already stated publicly there is no need for such backdoors or law enforcement access, and that strong Internet security features are more of a benefit than risk to society -- despite that perennial and selectively sensational hand-wringing by prominent law enforcement and/or intelligence officials. Meaning, we can't discount the notion that Comey's quest for such access is little more than a turf battle between the FBI and NSA over computing capabilities, something that surveillance maximalists in Congress are only too happy to support.

Wired's Kim Zetter notes that this request suggests the FBI is confident in its ability to brute-force passwords and PIN numbers. Perhaps that's true --- although I can't help wonder if the FBI would otherwise be forced to delegate such duties to more computer-savvy organizations such as the NSA, potentially under a secret cybersecurity cooperation agreement relying on the controversial practice of parallel construction.  (Conspiracy theory? Maybe.)

Apple CEO Tim Cook has already responded to the issue in an open letter to customers, reiterating their defense of strong product security and condemning government's renewed attempts to weaken encryption and/or mandate backdoors to customer data.

--
It's better to burn out than fade away.