Analysis
Ping!
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
Posted on 03/27/2016 12:05:09 AM PDT by Swordmaker
The government’s issue over access to personal data will likely come up again.
Earlier this week, the FBI stalled its impending court date with Apple after it revealed that it might have found a way to unlock the San Bernardino shooter’s iPhone without Apple’s help. Just 24 hours before the hearing, the FBI’s filing stated that it would use alternate means to access the data on Syed Rizwan Farook’s iPhone. Since the filing, it has been reported that Cellebright, a provider of mobile forensic software, will be the third-party aiding the FBI. But without any specification as to what specifically Cellebright will do, everyone has been left to wonder what those methods may be. More importantly, many are concerned about what this means for personal privacy.
Could this be viewed as the government essentially hiring someone to hack into personal data? What kind of precedent does this set, and should companies other than Apple be worried? The short answer is that this is not a new issue. Governments around the world, including our own, have been hacking into devices long before this case. It’s inevitable, especially in high-profile criminal or terrorist cases like this one that pose risks to national security.
As such, vendors need to prioritize user privacy — either create the most secure products possible to safeguard their customers or risk losing the trust of consumers. For their own part, consumers should continue trusting both in the products and the laws meant to protect them. Privacy should not be a problem as long as consumers stay out of trouble.
Worries about the possible implications of the government hacking their way into this particular iPhone are unfounded. While the act itself can be debated over—whether it’s wrong or right—the fact of the matter is that it’s been happening for years and will continue to happen as more of our lives become entrenched in the digital world.
In many cases, it’s the only way to stay ahead of threats that jeopardize national security. A single user’s privacy does not outweigh the safety of thousands of individuals. The counter-argument lies more in the principle — just one exception can lead to uncontrolled chain reactions of abuse of knowledge and power. Regardless, governments will continue to do what they need to do for national security and businesses will continue to be modeled around this paradigm.
The infamous Hacking Team, for instance, is a prime example of a company that makes its money selling malware to government and law enforcement entities across the world. They are essentially a malware-as-a-service vendor. Exploit brokers also do something similar, buying exploits from researchers or finding them on the Dark Web so they can then provide them to their “customers.” One such company, Zerodium, offered a $1 million bounty late last year for an exploit that could bypass Apple’s iOS security controls.
What is unique about this case is that the FBI took Apple to court instead of finding its own way to break into the phone. Perhaps the FBI assumed that it would be easy to pull off. If you need to get into a house, it makes sense to ask for the keys first before breaking down the door. Fortunately, Apple stood its ground and the Department of Justice (DOJ) blinked first.
An important distinction to make in this case is that it’s not a debate over encryption, intercepting communication or spying on the masses. It’s about being able to pull the information from a device that they have in their physical possession. How it will likely achieve this won’t be available for mass use, but even the possibility of a workaround strongly influences groups to focus on zero-day discovery and reverse engineering efforts.
As such, it’s possible that the FBI managed to gain one of these successful exploits from Cellebright that can be leveraged with the device in hand. If so, it’d likely need time to confirm the exploit works and then pay for it—a likely reason behind the FBI’s ask for a two- week grace period. Another compelling theory comes from computer scientist Jonathan Zdziarski. The idea itself has been circling for some time—the DOJ likely found a way to replicate a key chip in the iPhone. It grants them the ability to replace the chip and essentially brute force their way in without worrying about losing data due to the auto-swipe feature. This method requires valuable time, expert resources, and, most importantly, possession of the device. Consumers at home shouldn’t worry (yet).
More importantly, there are laws and regulations in place meant to protect against a “Big Brother” outcome, especially after the Edward Snowden incident. For instance, wiretapping can’t be done domestically, interception of communications can only be performed with a warrant, and devices can’t be seized without a warrant or reasonable cause. Whether these actions unlawfully happen in the background is not relevant to this particular case or its implications.
What we can learn from this is that vendors need to design and build devices with the utmost degree of security possible. Security must be a priority—not an afterthought or added feature—so that if the situation arises, the government or other entities can’t easily probe them. In the same vein, consumers need to be able to trust the laws and vendors, while also understanding that any data on any electronic device is potentially at risk.
In all, Apple won (for now)—but expect the DOJ to bring this issue to the forefront again.
Jay Kaplan is CEO of Synack, a cybersecurity firm based in Silicon Valley. Kaplan and his firm are not investors of the companies referenced in this article.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
“For instance, wiretapping can’t be done domestically, interception of communications can only be performed with a warrant”
Does anybody believe, even for a minute that it has stopped? All they did was some sort of sophistry scheme. So they don’t intercept it anymore. They require carriers to keep and store it all for them, and then they get a warrant from a secret court.
Or they say metadata isn’t data, so they keep doing that. This bunch lied to congress about it.
They do exactly what they were doing before, and simply legalized it.
Personally I suspect this particular case might be virtually over.
Judges typically do not like their time wasted in court. However, the FBI made an unusual and urgent request to the court, and then put the court on hold, citing (in effect) a change in urgency, from immediate to “hold on.” I sense from that that the FBI is searching for a way out of the legal mess. I wonder if the third party is even real, or if it is real, is the way that it proposed to crack the iphone feasible.
In the long term, yes, I do agree with the author that the FBI might return. Most of LE folks are not exactly the smartest guys in the room. So even if they realize they made a mistake today, since they are not very bright they do not have much institutional memory and so they will follow the same line of thinking in the future that led them to this point today.
“What kind of precedent does this set”
None. There is no problem with police hiring someone to force a safe open.
There is a huge problem compelling the safe manufacturer to do itunder duress, publicizing elements of how to, and demanding matter keys be created and handed over.
A catch: once another company touches the phone, Apple will refuse all involvement as they won’t know what was done to it.
matter = master
“Earlier this week, the FBI stalled its impending court date with Apple”
Who’s the defendant here? Does the FBI have the power to
suspend a trial indefinitely? Wheres the defendants right
to a speedy trial.
Personally I want to see how the federal government takes
another chip out of the 4th. amendment.
“There is a huge problem compelling the safe manufacturer to do itunder duress, publicizing elements of how to, and demanding matter keys be created and handed over.”
Good point. But if they get their way, what are they going
to do to the exploding black market of tools used to reverse
those backdoors (keys)?
As far as:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, .....
Encryption is our last defense.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.