Bullies famously run away from fair fights.
Thus it should be no surprise that the FBI backed down after it became obvious that it picked the wrong target to push around in Apple and its CEO, Tim Cook. Cook is a passionate defender of customer privacy, and his company has the resources to fight back effectively against FBI and Justice Department pressure.
So less than 24 hours before last week's scheduled court hearing to determine whether Apple would be forced to help the government break the encryption on the San Bernardino terrorist’s iPhone, the FBI requested that the judge cancel the hearing altogether. The bureau said it might no longer need Apple’s help after all, since a third party had come forward with a possible way around the phone’s security. Then the government announced yesterday that it had, in fact, broken into the Apple device, making its earlier demand for the company’s help moot.
The identity of the third party and the method in question remain secret, though security experts have speculated on possibilities for the latter ranging from exploiting a software bug to physically de-soldering the phone’s memory chip in order to give the FBI an unlimited number of chances to guess the passcode without the risk of erasing the phone’s contents.
Regardless of the proposed method, as well as the veracity of the investigators’ claimed success – which need not necessarily be taken at face value – the result is essentially the same. It is reasonably clear the government realized it picked a fight it could not win and took the opportunity to back off.
Had the FBI pursued the matter in court, there were two possible results. First, Apple could have convinced judges not to force it to unlock the iPhone in question, in which case the Justice Department would have set a terrible precedent for its own purposes. Alternately, the fight could have taken so long, going through so many levels of the court system, that the FBI’s key argument – that the phone might contain information needed to prevent an imminent attack –would have been rendered self-evidently ludicrous. The bureau has already held the phone for over three months, and its own initial blunder of asking a technician to reset the password for the phone’s iCloud backup account may well have kept the FBI from getting the information it wanted, without controversy, under a subpoena.
Therefore it is unlikely the FBI will return to court to resume this particular fight, regardless of whether it actually succeeded at unlocking this particular iPhone. Instead, the next time agency looks for someone to push around over encryption, it will probably seek out a significantly weaker counterparty.
Yet the story of the FBI’s ill-conceived fight with Apple is not over. Federal policy allows Apple to call on the FBI to share the weakness it exploited with the company. A relatively new rule requires the government to disclose this sort of security flaw unless it can demonstrate to a group of administration officials that there is a substantial national security reason for keeping the company in the dark.
This process, called an equities review, imposes a specific time frame within which government officials must alert companies of exploitable flaws. “The equities process is supposed to apply to anytime the government discovers, learns of, buys or uses vulnerabilities of any kind,” Nate Cardozo, staff attorney at the Electronic Frontier Foundation, told Bloomberg. In other words, if the process works as it should, Justice will have a limited amount of time to convince other branches of the administration that the need to safeguard national security outweighs the risks to millions of iPhone users’ private data.
That is, or at least should be, a tall order. If someone came forward to show the FBI how to get into Apple’s product, then that same vulnerability could be exploited somewhere in China, or Russia, or Iran, risking the lives of democracy activists, or even Western intelligence sources.
So the contents of this iPhone may become a matter of life and death after all – just not in the way the FBI originally claimed. That may be a fight worth having.
Posted by Larry M. Elkin, CPA, CFP®
Bullies famously run away from fair fights.
Thus it should be no surprise that the FBI backed down after it became obvious that it picked the wrong target to push around in Apple and its CEO, Tim Cook. Cook is a passionate defender of customer privacy, and his company has the resources to fight back effectively against FBI and Justice Department pressure.
So less than 24 hours before last week's scheduled court hearing to determine whether Apple would be forced to help the government break the encryption on the San Bernardino terrorist’s iPhone, the FBI requested that the judge cancel the hearing altogether. The bureau said it might no longer need Apple’s help after all, since a third party had come forward with a possible way around the phone’s security. Then the government announced yesterday that it had, in fact, broken into the Apple device, making its earlier demand for the company’s help moot.
The identity of the third party and the method in question remain secret, though security experts have speculated on possibilities for the latter ranging from exploiting a software bug to physically de-soldering the phone’s memory chip in order to give the FBI an unlimited number of chances to guess the passcode without the risk of erasing the phone’s contents.
Regardless of the proposed method, as well as the veracity of the investigators’ claimed success – which need not necessarily be taken at face value – the result is essentially the same. It is reasonably clear the government realized it picked a fight it could not win and took the opportunity to back off.
Had the FBI pursued the matter in court, there were two possible results. First, Apple could have convinced judges not to force it to unlock the iPhone in question, in which case the Justice Department would have set a terrible precedent for its own purposes. Alternately, the fight could have taken so long, going through so many levels of the court system, that the FBI’s key argument – that the phone might contain information needed to prevent an imminent attack –would have been rendered self-evidently ludicrous. The bureau has already held the phone for over three months, and its own initial blunder of asking a technician to reset the password for the phone’s iCloud backup account may well have kept the FBI from getting the information it wanted, without controversy, under a subpoena.
Therefore it is unlikely the FBI will return to court to resume this particular fight, regardless of whether it actually succeeded at unlocking this particular iPhone. Instead, the next time agency looks for someone to push around over encryption, it will probably seek out a significantly weaker counterparty.
Yet the story of the FBI’s ill-conceived fight with Apple is not over. Federal policy allows Apple to call on the FBI to share the weakness it exploited with the company. A relatively new rule requires the government to disclose this sort of security flaw unless it can demonstrate to a group of administration officials that there is a substantial national security reason for keeping the company in the dark.
This process, called an equities review, imposes a specific time frame within which government officials must alert companies of exploitable flaws. “The equities process is supposed to apply to anytime the government discovers, learns of, buys or uses vulnerabilities of any kind,” Nate Cardozo, staff attorney at the Electronic Frontier Foundation, told Bloomberg. In other words, if the process works as it should, Justice will have a limited amount of time to convince other branches of the administration that the need to safeguard national security outweighs the risks to millions of iPhone users’ private data.
That is, or at least should be, a tall order. If someone came forward to show the FBI how to get into Apple’s product, then that same vulnerability could be exploited somewhere in China, or Russia, or Iran, risking the lives of democracy activists, or even Western intelligence sources.
So the contents of this iPhone may become a matter of life and death after all – just not in the way the FBI originally claimed. That may be a fight worth having.
Related posts: