Apple says the fight is about security and privacy for
everyone, about the US government trying to compel a public company,
using a 227-year-old law, to compromise its most important products, and
about setting a "dangerous precedent" that gives the US authority to ask it and other businesses to change their products in the future.
The FBI and the Department of Justice say it's about making sure
Americans aren't in jeopardy, about fighting terrorists who are using
increasingly sophisticated communication tools, and about a reasonable
request to gain evidence from a single iPhone.
Unless Apple CEO Tim Cook gives in or the government backs down, a
February 16 court order requiring that Apple build a custom version of
its iOS software for the iPhone may turn into one of the most important
legal battles over the future of security -- digital security and US
national security. Apple has until February 26 to challenge the court's
order and says it will fight all the way to the Supreme Court if
necessary. Cook argues the "very freedoms and liberty our government is
meant to protect" are at stake. The FBI and DOJ counter that all Apple
cares about is protecting its business model and brand.
The fight has raised a lot of questions about what's at stake,
which technologies are involved and why complying with the government's
request is harder than you might think. We've put this FAQ together to
help you get up to speed, and we'll keep updating it with new questions
and answers. Feel free to add your questions to the comments section
below.
Can you recap how we got here?
Earlier this week, US Magistrate Sheri Pym ordered Apple to unlock
an iPhone 5C used by Syed Farook, one of two terrorists who gunned down
14 people at a party in San Bernardino, California, in December. Apple,
which was cooperating with the FBI to help the agency access data on
Farook's work phone, refused. Cook argues that the order goes too far
and that bypassing the password means creating a "backdoor" in its iOS
mobile operating system that could be used to access every other iPhone.
Why is this particular iPhone so important to the FBI?
The FBI wants to know who Farook was communicating with and which
websites he might have visited in the days leading up to the December 2
massacre. Access to computers and personal phones owned by Farook and
his wife would help, but the couple smashed their personal phones
and removed the hard drive from their computer. Farook's iPhone 5C,
given to him by his employers at San Bernardino County in southern
California, may be one of their last options.
What's the iPhone 5C?
Introduced in 2013, it was Apple's lowest-priced iPhone,
starting at $99 on contract. Though it initially came in models with up
to 32 gigabytes of storage, Farook had the least expensive model: an
8GB version that was often given away for free with a paid, two-year
wireless contract.
Unlike the higher-end iPhone 5S announced the same year, the iPhone 5C doesn't include a fingerprint sensor that you can use instead of typing in a passcode.
Apple
already gave the FBI data that was backed up from Farook's phone to the
company's iCloud online storage service. What's the FBI hoping to find
now?
Apple was able to give the FBI backups only through
October 19, when Farook apparently stopped backing up the phone. That
leaves a one-and-a-half month gap in the data between October 19 and
December 2, when the massacre occurred. The FBI believes Farook might
have intentionally stopped the automatic backups to hide something.
What's stopping the FBI from just browsing through the phone?
It's locked with a passcode. The FBI doesn't have the code, and
neither does Apple. The passcode is stored only on the device itself.
Because of Apple's built-in security, you have up to 10 tries to enter a
passcode. After that, the iPhone wipes itself -- that is, removes all
the data stored on the device.
Why can't the FBI just pop out the memory card or hard drive, or use the fingerprint scanner to unlock the phone?
The iPhone 5C doesn't have any of those things. Data is stored on a
memory chip that's soldered to the phone's motherboard. And the iPhone
5C doesn't have a fingerprint sensor.
Why can't the FBI just use a supercomputer to crack the password or get data off the memory chip?
It's not that simple. iPhones running 2014's iOS 8 software or the newer iOS 9
protect their data using 256-bit AES encryption. That's the same
standard that protects US government computers against brute-force
attacks intended to crack into a device. It could take years to recover
data by attacking the iPhone's memory chip, Stratechery's Ben Thompson explains.
It's important to note, adds Thompson, that "Apple is not being
asked to break the encryption on the iPhone in question...but rather to
disable the functionality that wipes the memory when multiple wrong
passcodes are entered in a row."
What is encryption? Did Apple create 256-bit AES encryption?
Encryption simply means that information isn't stored in a way that
people or computer programs can easily read. It's in code, and to decode
it, you need a decryption key. AES, short for Advanced Encryption
Standard, is a particularly robust form of encryption that the US
government recommends companies use, and one that's been broadly adopted
worldwide since it was introduced by the National Institute of Standards and Technology (NIST) in 2002.
Why can't the FBI crack the passcode on the iPhone?
Farook's iPhone was set to automatically erase itself after 10 wrong
passcodes were entered in a row. That's a commonly enabled feature on
work-issued phones.
Even if the FBI
could disable the auto-wipe function, breaking the passcode could take a
long time -- a very long time. The iPhone requires a minimum delay of
80 milliseconds between each passcode entry, and wrong entries can
extend the delay by minutes at a time. Assuming Farook used a six-digit
passcode, Apple estimates it could take 5.5 years to guess. But he might
have used a custom combination of letters and numbers. We could die of
old age waiting for that.
Besides, there's also the issue of
connecting the supercomputer to the iPhone. A unique key built into the
iPhone means you can enter passcodes only on the phone itself.
What exactly does the FBI want Apple to do?
The court order asks Apple to create a new, custom version of iOS that
runs only on this specific iPhone and that makes three changes to the
software. The first two changes would bypass or disable the auto-wipe
function and the delay that limits how quickly new passcodes can be
entered. The court also asks Apple to add a way to attach a cable or
wirelessly connect to the iPhone so the FBI can automatically enter
passcodes. That way, the FBI can use a supercomputer to bombard the
phone with passcode guesses until it finds the right one.
Is it even possible for Apple to comply with the order?
Security consultant Dan Guido thinks so.
But that's not the point, says Apple's CEO. Cook argues that Apple
can't just bypass those protections for a single phone and expect other
phones to stay safe and secure. "Once created, the technique could be
used over and over again, on any number of devices," Cook wrote in an open letter to customers
earlier this week. "In the physical world, it would be the equivalent
of a master key, capable of opening hundreds of millions of locks."
Even if Apple did produce a version of iOS that could be used only
with Farook's phone, it might be easy for bad actors, like malicious
hackers and governments, to use or rewrite that code for other phones,
senior Apple executives told us Friday.
If only the FBI and Apple have access to the custom version of iOS, how can bad actors get it?
Senior Apple executives believe that if Apple made a "master key" for
the iPhone, it would be an irresistible prize for hackers, and that its
own servers would inevitably be hacked. They referenced a joke often
attributed to former Cisco CEO John Chambers: "There are two types of
companies: those that have been hacked, and those who don't know they
have been hacked."
Apple also worries that employees inside law enforcement, or inside Apple itself, could steal the technology.
Could the software be used on newer iPhones, which have added security features?
According to Apple, yes. Though all iPhones newer than the iPhone 5C (and the iPhone 5S)
have a protection called the Secure Enclave, senior Apple executives
told us the Secure Enclave could be disabled or bypassed using a custom
version of iOS.
Apple's also worried it will create a
precedent if it complies with the government's request; that the
government might ask it to defeat any security feature that keeps law
enforcement from accessing a newer model of iPhone. If you give a mouse a
cookie...
Hasn't Apple complied with requests to unlock phones before?
Apple did help law enforcement officials by allowing them to bypass the lockscreen
-- as long as there was a valid subpoena or a search warrant. It had
data extraction technology that let the company's engineers bypass a
user's passcode and pull information like contacts, calls and messages.
And it did so without having to unlock the phone.
But the
release of iOS 8 in 2014 changed that. The new software came encrypted
by default, which means Apple no longer had the ability to extract data
"because the files to be extracted are protected by an encryption key
that is tied to the user's passcode, which Apple does not possess," the
company wrote in a privacy statement on its website.
The bottom line is that to decrypt the data from Farook's iPhone 5C, you'd need his passcode.
Does the court order let Apple look for another way to get the info the FBI wants?
Yes, it specifically lets Apple find "an alternate technological
means" to help the FBI break into the phone. But that alternative
doesn't have much wiggle room. It still requires that Apple disable the
auto-wipe and passcode delay and create the ability for the FBI to
remotely enter passcodes into the phone. Apple believes introducing
those security weaknesses could jeopardize other iPhones as well.
Apple had another possible solution: If the FBI placed Farook's
phone near a known Wi-Fi network (like the one at his home or his
workplace), it might automatically create a new iCloud backup with the
missing information. That idea was foiled
when investigators reset Farook's iCloud password. Senior Apple
executives said Friday that was their best idea for helping the FBI get
what it wanted. But now we'll never know if it could have worked.
Apple and the FBI also discussed checking to see if the iPhone was
backed up to any other computers, and looking over Verizon call records
to see who else Farook might have called. But the government determined
Farook's phone hadn't been synced with other computers, and the FBI
wanted more data than the carrier's call logs could provide. (This is
detailed in footnote 7, page 18, of the DOJ's filing on Friday, which
we've posted here.)
What kind of data could the FBI get from Farook's iPhone if it defeats the passcode?
The FBI should be able to access Farook's text messages, iMessages,
photos, videos, contact list and call history, plus any audio recordings
he might have made. That's the type of data that Apple has agreed to
help law enforcement recover (PDF).
Separately, the FBI may be able to see if Farook had any additional
email accounts or social-networking accounts. Then the government would
have to subpoena the relevant companies for that data.
Why did Apple turn on encryption in the first place?
There are several theories. The New York Times suggests that Cook personally believes it's part of his civic duty to do the right thing by customers where privacy is involved.
The same NYT report says Apple was growing tired of complying with
law enforcement requests to hack into its own phones, and decided
encryption would "put the keys squarely in the hands of the customer,
not the company."
There's also money at stake. After Edward
Snowden revealed the extent of government surveillance in 2013, many
tech companies were under pressure to show customers that they hadn't
been selling their data to the government. As sociology professor
Kieran Healy notes,
Apple is in a strong position to do that, because the primary thing
Apple sells is hardware -- not information. That might get people to buy
phones from Apple instead of the competition.
What's the 227-year-old law the government is relying on in its case?
It's using the All Writs Act, which was signed into law by President
George Washington in 1789, to get Apple to change its software. The act
helped establish the judiciary system in the US, giving federal courts
the power to issue orders, which were known as "writs" at the time.
Though the law was drafted with quill pens, it's been used in
recent times. In analyzing the current standoff, lawyers and
commentators often cite a 1977 case
in which law enforcement asked for the help of the New York Telephone
Company to monitor phone calls made by suspected gamblers. The Supreme Court ruled for law enforcement in that case.
Over time, use of the All Writs Act has been more or less limited
to situations where no other law, statute or provision can be applied,
usually because it's extraordinary. As Popular Mechanics notes
in an explainer, "the shooter's iPhone passcode is certainly an
extraordinary situation, which explains why a law from 1789 is at play
in a case about smartphones."
Some also believe the
government has been waiting for the right opportunity to force Apple to
give it access to iPhone data. "The law operates on precedent, so the
fundamental question here isn't whether the FBI gets access to this
particular phone," Julian Sanchez, a surveillance law expert at the
libertarian-leaning Cato Institute in Washington, DC, told
The Guardian earlier this week. "It's whether a catch-all law from
1789 can be used to effectively conscript technology companies into
producing hacking tools and spyware for the government."
Where can I read the court order and the DOJ's 40-page request for myself?
We've posted those documents in two stories. You can find the three-page court order here and the DOJ's February 16 request here.
What's next?
Apple had five business days from February 16 to challenge the court's
order, but it asked for a three-day extension. Now it reportedly has
until February 26 to file. There may well be a lot of legal back and
forth, as you'd expect, and the case could even go through the federal
court system all the way up to the US Supreme Court. It's up to Apple
and the government to decide if they want to appeal, but Apple said it
will pursue the case as far as it needs to go, because it's not backing
down.
With reporting by CNET's Shara Tibken, Terry Collins and Andrew Morse.
0 komentar:
Posting Komentar