RSS

Category Archives: Encryption

The War Over Encryption and Privacy

Apple is standing up against the FBI and the US Department of Justice over unlocking of an iPhone used by a terrorist involved in the December 2015 deadly massacre at San Bernardino. Google, Microsoft, Facebook, Twitter and other major IT giants are supporting Apple in what is touted to be a highly complex national-security issue that could have a major impact on encryption and preservation of privacy.

On 29th Feb, a NewYork judge ruled in favor of Apple in a typically similar case where the US government wanted Apple to unlock another iPhone – model 5S running iOS 7. This phone was owned by a drug dealer who had agreed to his offence. The US government was attempting to use the All Writs Act (AWA), a 1789 law, – with a boundless interpretation that would allow it to obtain all information that it desired. The judge found that the 1994 Communications Assistance for Law Enforcement Act exempted Apple from abiding with this government request. The FBI would probably appeal this ruling.

Early surveys revealed that the American public were divided in their support for Apple over accessing the terrorist’s phone. Later polls seem to add support to Apple’s stand against privacy intrusion, which could possibly allow the government to spy on phones.

It is not that Apple has not supported the government earlier in unlocking iPhones. In those models, there were backdoors to get into the phone. Apple has in recent models enhanced security, encrypted all data on the phones and without any backdoors. If it has to comply with the government’s request , then it has to develop new iOS firmware for specifically removing the passcode lockout feature on iPhones. In the iOS, more than 10 incorrect passcode attempts could erase the contents on the device. The new firmware – nicknamed “Govt OS” would be able to disable this feature, and additionally allow rapid entry of passcodes, and also remove the time delays that the iOS triggers when incorrect attempts are made. A brute-force tool would then be able to open access into the device.

Apple states that the software for the Govt OS requirements is non-existent as of now. In the eventuality that it does have to create the software, then it would have to allocate considerable amount of technical resources and time. The resulting Govt OS, which is a backdoor, could be a drastic weapon if it falls into the wrong hands. If the ruling had favored the FBI, then it would basically gain statutory approval to demand technological companies such as Apple to actively cooperate in criminal investigations. When Apple obliges the US government, then other countries would also demand access to bypass the passcode lockout feature. The result could be all-round spying on devices.
In this war, the US Congress has still not stepped in. It is waiting for event to play out in the courts. Legislators do not want to be linked to a ruling that would be unpopular with the public. The New York Judge had passed the ruling based on the fact that the Congress had forbidden acquiring what the government needed.
Opening a facility for a backdoor would affect the protective mechanisms of the iOS, which Apple customers have relied and are relying on. Not only would Apple incur significant cost to devalue its own product, but it would also lose massive business. This could set precedence for governments to demand IT companies to create known backdoors for their devices. In the era where systems without backdoors are being hacked, wantonly creating backdooors, however confidential they may be, would lead to massive theft and breach of data.

If such back-doors are created, then an effective antivirus and firewall (or) internet security suite could somewhat help prevent unauthorized access to devices and systems.

 
Leave a comment

Posted by on April 15, 2016 in Encryption, Internet Security

 

Tags: , , ,