Saturday, February 27, 2016

2016-02-24 EFF: What you're not hearing about Apple and the FBI

2016-02-24 EFF: What you're not hearing about Apple and the FBI
A U.S. federal magistrate judge has ordered Apple to undermine the security of an iPhone that was used by one of the perpetrators of December’s San Bernardino shootings. If carried out, the order would compromise the security of every Apple customer in the world. Fortunately, Apple is fighting back and standing up for its users, and EFF is filing an amicus brief in support of Apple’s position.
The government is doing more than simply ask for Apple’s assistance. For the first time ever, the government is telling Apple to write brand new code that eliminates the security features of its own products—features that benefit everyone who uses Apple products or even communicates with iOS users. Essentially, the government is asking Apple to create a master key so that it can open a single phone. And once that master key is created, we’re certain that both our government and others will ask for it again and again.
There’s been a lot of confusion about what exactly the FBI is asking Apple for. In short, the FBI wants Apple to do three things:
iOS can be set to erase its keys after 10 incorrect passcode guesses. The FBI wants software with this feature disabled.
iOS imposes increasingly long delays after consecutive incorrect passcode guesses to slow down guessing. The FBI wants software that accepts unlimited guesses with no delays.
iOS requires individual passcodes to be typed in by hand. The FBI wants a means to electronically enter passcodes, allowing it to automatically try every possible code quickly.
The FBI’s goal is to guess Syed Rizwan Farook’s passcode to unlock his phone. If it just tries entering passcodes, though, it might erase the device’s keys, at which point the data may never be recoverable. Hence, it’s telling Apple to write special software to allow unlimited guesses. The FBI claims that it has the right to make this request under the 1789 All Writs Act, a claim that many legal experts have questioned.
The problem with the FBI’s request is twofold. First, the risk of this piece of software getting into unauthorized hands is very high, and the damage that it could do is obvious.
Second, writing this code would probably encourage more government requests—potentially from other governments around the world. Even if you trust the U.S. government, once this master key is created, governments you don’t trust will surely demand that Apple undermine the security of their citizens as well.
This week's order by a federal magistrate judge requiring Apple to engineer new security flaws in its iPhone software operating system has prompted widespread and

No comments: