Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Apple-FBI Clash Ends in Stalemate

The high-stakes legal showdown between Apple and the FBI has abruptly ended, with no resolution to key questions about law enforcement access to devices with strong encryption.

The high-stakes legal showdown between Apple and the FBI has abruptly ended, with no resolution to key questions about law enforcement access to devices with strong encryption.

The US government on Monday said it was able to unlock an iPhone used by one of the shooters in the San Bernardino killing rampage, and withdrew its request for a court order to force Apple to help break into the device.

The case is over, but not the debate on encryption.

It remains unclear how the FBI and its unnamed “outside party” were able to extract the data being sought, and whether this technique can be repeated on other iPhones with newer versions of the iOS operating system.

“Security is a cat-and-mouse game, and there are bugs fixed in every iOS update, so this development is not surprising to us in the security community,” said Joseph Hall, chief technologist at the Center for Democracy & Technology, a Washington advocacy group which has backed Apple in the case.

Hall said that because the US government is pursuing a separate case in New York federal court involving a different iPhone model, that suggests the FBI’s hack of the California device may not work in other situations.

“It seems the newer devices might not be vulnerable to this technique,” Hall said. “So in the legal sense, this moves from San Bernardino to the (court in the) Eastern District of New York.”

Should FBI tell?

Advertisement. Scroll to continue reading.

Some digital rights activists say the FBI should disclose its method, because it represents a vulnerability that could affects tens of millions of other iPhones in use around the world.

While such a move would appear to go against the FBI’s efforts, backers of encryption say disclosure would be in line with a White House policy to inform tech firms of security flaws, to improve overall cybersecurity.

“Since the FBI already got into the phone, it they disclose it to Apple it wouldn’t compromise their position if it were just about one phone and not about setting a precedent,” said Andrew Crocker of the Electronic Frontier Foundation, which backed Apple’s position.

Crocker said the government should release its methods in line with its so-called Vulnerabilities Equities Process revealed in 2014 after a lawsuit by EFF.

“We don’t know for sure if this is a vulnerability because the FBI has not talked about it,” Crocker told AFP.

“But if that’s the case, the majority of the technical community believes it’s generally better to disclose vulnerabilities because we’re all at risk if they are not fixed.”

Tech companies, security experts and civil liberties advocates had vowed to fight the government effort, saying forcing Apple to help break into the phone would set a precedent to compel companies to build “backdoors” into their products.

The government had fired back, insisting that Apple was not above the law and that its request for technical assistance was modest.

A number of security professionals argued that Apple is likely to close any security gap if it has not already done so.

Boost for Apple?

Apple can boast that it stood up to the government to protect data privacy, said Chris McClean, a data security analyst at Forrester Research.

“Unless we hear that this company discovered a fundamental security flaw in iOS, this doesn’t tarnish Apple’s privacy brand much at all,” McClean said.

The government has not revealed the identity of its outside party, but reports have focused on Israeli forensics firm Cellebrite, which has discussed methods for extracting iPhone data.

Computer forensics specialist Jonathan Zdziarski said it remains unclear if the FBI used a “hardware” hack, which would be difficult to duplicate with a newer iPhone, or a “software” method which could potentially work in other devices.

“What is certain, however, is that the only reason this was possible is because (Syed) Farook chose to use a weak form of security on his iOS device — namely, a numeric pin,” Zdziarski said on his blog.

Benjamin Wittes, a senior Brookings Institution fellow and co-chair of a Hoover Institution panel on technology and security, said the truce in the encryption war is just temporary.

Wittes, who has supported the government’s case, said the legal fight will resume “because sometime soon, there will be a phone the FBI can’t break — not even with help from some mysterious outside company.”

He added that the debate is also occurring in other countries, such as France, which is considering a law to require law enforcement access to encrypted devices.

The questions of whether companies can built “warrant proof” devices or be compelled to help decrypt them remain unresolved, Wittes said.

“The resolution of this case does not answer any of the questions the case presents,” Wittes said on the Lawfare blog.

“Until we answer these questions in the many iterations in which they will present themselves, any relief will be temporary and minor.”

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...