The iPhones of terrorists
On December 5, 2015, Syed Farook and his wife, Tashfeen Malik entered the banquet room in the Inland Regional Center in San Bernardino, California wearing ski masks and holding semi-automatic pistols and rifles. They shot and killed 14 people– parents, spouses, children who will never return to their loved ones.
It is the right, and indeed the duty of the FBI to investigate this horrendous crime, and to collect information on the shooters and any of their connections and actions. Some of this information resides on an iPhone that belonged to Farook, and the FBI is asking Apple to write and digitally sign code that will extract this information. As much I understand the reasons behind this request, I believe the courts should not grant it, and signed an amicus brief organized by the EFF supporting Apple’s position (see here for more briefs).
Why? First and foremost, I think that if not reversed, the court’s order to grant the FBI’s request creates very perverse incentives. Companies will learn that there is no length the government wouldn’t go into to force them to break the security of their own products. As a corollary, the more secure they make their products, the harder they will have to work to break them at the government’s request.
Moreover, this particular request is that Apple digitally signs a piece of deliberately insecure code as an authentic software update. Even if it is possible to restrict this code to work only for this particular phone, the end result will seriously undermine the trust users all over the world have in the signature of Apple and other companies. These digital signatures form the foundation of a trust ecosystem that we have come to rely upon and makes all our devices and products more secure.
Finally, while I have zero expertise on this matter, I have my doubts on whether the government truly needs Apple’s help. Extracting the information the FBI is looking for is not a matter of breaking the iPhone’s encryption, but rather its tamper resistance (or else no piece of code could help). While the iPhone’s tamper-resistance protections may deter an identity thief with a screw driver, I find it hard to believe that they are a match for the world’s greatest superpower. Indeed. from a quick search it seems that the iPhone is certified as compliant with FIPS 140-2 level 1 tamper-resistance. This is the lowest level of physical security. If Level 1 is strong enough to resist the best efforts of the U.S. government then what are levels 2,3 and 4 for? Alien technology?
Update: If you want to get some technical information about how the iPhone encryption works see Matthew Green’s and David Schuetz ‘s blog posts (written after Apple upgraded their security but before this case). The bottom line is still the same: security relies on the physical tamper resistance of the microprocessor (and in newer models than Farook’s iPhone 5C, the “Secure Enclave”) on the phone, that contains the so called UID or ” unique salt” that is used (together with the user’s password) to derivr the key encrypting the phone’s storage.