Saturday, February 20, 2016

Sunday Musings: Donald, Apple, Encryption and the iPhone





Trump: Boycott Apple
#BoycottApple
#DonaldTrump



I refer of course to the current tech debate that is taking fire and attention away from what we should all be concentrating on, namely MWC (Mobile World Congress).

If you really don't know then start here:

Apple vs FBI intro
Judge orders


In a deeply ironic moment,  Donald Trump, presidential candidate, is known to be using an iPhone for Twitter if nothing else.  



I wonder if he will heed his own advice?



Betting Against Apple
Never bet against the Apple Zealot faithful following as Donald has done.  If you ask the average American to choose between Donald Trump and Apple, it's not going to work for you Donald!  They'll vote for the other guy.  We all know that.


A Geek only Sidetrack
For me backdoors are totally unacceptable.  And the dumbed down Hollywood portrayal or irreverent  journalist representation (or ill informed here ) of them does means the average non technical and non thinking user, who can vote, and be vocal on the Internet, then espouses totally misleading and oft dominating views.  I hate it.

So for geeks only.   



Where is this login screen from?   (Answer is here   )  
Back to the Problem At hand

The common ground is the following

- We agree the Apple iPhone 5C phone was being used by a known terrorist Syed Farook

- We agree that it would be a just and useful thing for the FBI / Government to have sight of the information on the phone because it could lead to assist them in their counter terrorism efforts

- We agree that Apple must not make a backdoor to the government

- That Apple should not leave the Government with technology or information that would allow the Government in the future to bypass Apple security

- That Apple should assist the Government to get the data from this one particular phone, property of the San Bernadino Health Department, and used by Farook


The Apple ID Password

My understanding is
- The Apple phone 5C in question had a 4 digit numeric PIN. 

- Quite separately there is the Apple ID relating to that iPhone and a setting on the phone that backs up information from the phone to the iCloud using the Apple ID credentials

- Apparently, after Farook was killed, somebody at the San Bernardino Health Department i.e. not the FBI changed the password

- So this means that the iPhone would cease to backup to iCloud.   I'm not sure why this is relevant? If it was backing up, then does the data get deleted.  And if not, why can't Apple hand that over?

- Also, presumably it could be that the data on the phone was not backed up to iCloud so the Apple ID issue, is interesting but irrelevant?

- Now the Health Department claims that they worked with the FBI to reset the iCloud password

Can somebody explain?


The Precedent Angle

Governments, particularly US and UK already have wide ranging powers to override the normal enshrined laws via anti terrorist legislation.

If this request is a part of a wider Government initiative to create further legal precedent that will unreasonably tie up or coerce Private companies then this alone should be sufficient reason to rail against it as such Government bullying.


iOS Security Irony
Agata is still an enthusiastic Apple user, whereas Marcus, is an ex Apple user.   Ironically the FBI is now the biggest promoter and validator of iPhone smartphone security.  They might woo me back to their Apple dark [well I mean Smug] side yet






The Options then


  1. Give the phone to John McAfee, who claims he can decrypt the phone. Hmm. I really don't recommend it!
  2. Boycott Apple, achieving nothing
  3. Hand the phone to Apple and let them Blackbox take all the data, and dump it and give that decrypted data in its entirely to the FBI / government.

    One of many ways e.g.Copy the content from the NV memory chips from the original phone to a special iPhone with firmware they have modified (that does not delete after 10 attempts) and brute force break the 4 digit pin.  Etcetera.

    Oh, and for the FBI's confidence, an FBI computer savvy person should be allowed to sit in and witness Apple's efforts, though, not being allowed to take in any writing materials or digital devices, thus effectively making the observers (rather fallible) human memory the only record of how, but not what was done to achieve this feat.

    Oh, and Apple should be able to charge time and materials for this task, at their highest consultancy rates. They are after all not a charity or a social service.  Have you seen Apple prices?





Summary
Don't just take my word for it.  Read the linked articles below and come to your own, informed, non soundbite, opinion.

IMHO:

Boycotting Apple is not the answer.

Apple must not build in any backdoor that is delivered to the Government

Give the phone to Apple and ask them to break the encryption, dump  and return the data, under the visual (only) verification of an FBI person.

And don't whatever you do let John McAfee anywhere near that phone!





Links
Apple vs FBI intro

McAfee says
Apple ID Password
Who changed the Apple ID Password
The contrarian response  (read comments)
Legacy Trailer 2
iOS Security Guide 2015
Tim Cook and Encryption
Tim Cook message Feb 16
Judge order views PBS
More stupid Reuters journalism
Sam Harris initial thoughts (from minute 10)
20160222 More Apple comments
20160223 Google reporting of this case



Legal Notes 
(Example of existing UK legislation)
So could the police require someone to give them the password for their phone? The answer is yes if it is necessary for them to get access to the information on the phone. The relevant law is set out in the Regulation of Investigatory Powers Act 2000. A phone password along with much more technological encryption methods count as a "key". The police can serve a written notice on the person believed to be in possession of the key (so the person with the password) requiring him/her to give it to them. The notice has to contain certain prescribed information (see section 49(4) of the act).

(US Legislation)
It would appear that an Individuals 5th amendment rights not to incriminate themselves are not overriden by the US Patriot Act, though that Act does weaken / override other more traditional US Citizen rights.