Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Apple-FBI Clash Ends in Stalemate

The high-stakes legal showdown between Apple and the FBI has abruptly ended, with no resolution to key questions about law enforcement access to devices with strong encryption.

The high-stakes legal showdown between Apple and the FBI has abruptly ended, with no resolution to key questions about law enforcement access to devices with strong encryption.

The US government on Monday said it was able to unlock an iPhone used by one of the shooters in the San Bernardino killing rampage, and withdrew its request for a court order to force Apple to help break into the device.

The case is over, but not the debate on encryption.

It remains unclear how the FBI and its unnamed “outside party” were able to extract the data being sought, and whether this technique can be repeated on other iPhones with newer versions of the iOS operating system.

“Security is a cat-and-mouse game, and there are bugs fixed in every iOS update, so this development is not surprising to us in the security community,” said Joseph Hall, chief technologist at the Center for Democracy & Technology, a Washington advocacy group which has backed Apple in the case.

Hall said that because the US government is pursuing a separate case in New York federal court involving a different iPhone model, that suggests the FBI’s hack of the California device may not work in other situations.

“It seems the newer devices might not be vulnerable to this technique,” Hall said. “So in the legal sense, this moves from San Bernardino to the (court in the) Eastern District of New York.”

Should FBI tell?

Some digital rights activists say the FBI should disclose its method, because it represents a vulnerability that could affects tens of millions of other iPhones in use around the world.

While such a move would appear to go against the FBI’s efforts, backers of encryption say disclosure would be in line with a White House policy to inform tech firms of security flaws, to improve overall cybersecurity.

“Since the FBI already got into the phone, it they disclose it to Apple it wouldn’t compromise their position if it were just about one phone and not about setting a precedent,” said Andrew Crocker of the Electronic Frontier Foundation, which backed Apple’s position.

Crocker said the government should release its methods in line with its so-called Vulnerabilities Equities Process revealed in 2014 after a lawsuit by EFF.

“We don’t know for sure if this is a vulnerability because the FBI has not talked about it,” Crocker told AFP.

“But if that’s the case, the majority of the technical community believes it’s generally better to disclose vulnerabilities because we’re all at risk if they are not fixed.”

Tech companies, security experts and civil liberties advocates had vowed to fight the government effort, saying forcing Apple to help break into the phone would set a precedent to compel companies to build “backdoors” into their products.

The government had fired back, insisting that Apple was not above the law and that its request for technical assistance was modest.

A number of security professionals argued that Apple is likely to close any security gap if it has not already done so.

Boost for Apple?

Apple can boast that it stood up to the government to protect data privacy, said Chris McClean, a data security analyst at Forrester Research.

“Unless we hear that this company discovered a fundamental security flaw in iOS, this doesn’t tarnish Apple’s privacy brand much at all,” McClean said.

The government has not revealed the identity of its outside party, but reports have focused on Israeli forensics firm Cellebrite, which has discussed methods for extracting iPhone data.

Computer forensics specialist Jonathan Zdziarski said it remains unclear if the FBI used a “hardware” hack, which would be difficult to duplicate with a newer iPhone, or a “software” method which could potentially work in other devices.

“What is certain, however, is that the only reason this was possible is because (Syed) Farook chose to use a weak form of security on his iOS device — namely, a numeric pin,” Zdziarski said on his blog.

Benjamin Wittes, a senior Brookings Institution fellow and co-chair of a Hoover Institution panel on technology and security, said the truce in the encryption war is just temporary.

Wittes, who has supported the government’s case, said the legal fight will resume “because sometime soon, there will be a phone the FBI can’t break — not even with help from some mysterious outside company.”

He added that the debate is also occurring in other countries, such as France, which is considering a law to require law enforcement access to encrypted devices.

The questions of whether companies can built “warrant proof” devices or be compelled to help decrypt them remain unresolved, Wittes said.

“The resolution of this case does not answer any of the questions the case presents,” Wittes said on the Lawfare blog.

“Until we answer these questions in the many iterations in which they will present themselves, any relief will be temporary and minor.”

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Cybercrime

The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe

Privacy

Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.