Tales from Ap­ple en­cryp­tion

Tech gi­ant, gov­ern­ment fac­ing an­other bat­tle over open­ing iPhones

Orlando Sentinel - - BUSINESS - By Jack Ni­cas and Katie Ben­ner

SAN FRAN­CISCO — Ap­ple is pri­vately pre­par­ing for a le­gal fight with the Jus­tice Depart­ment to de­fend en­cryp­tion on its iPhones while pub­licly try­ing to defuse the dis­pute, as the tech­nol­ogy gi­ant nav­i­gates an in­creas­ingly tricky line be­tween its cus­tomers and the Trump ad­min­is­tra­tion.

Ti­mothy Cook, Ap­ple’s chief ex­ec­u­tive, has mar­shaled a hand­ful of top ad­vis­ers, while At­tor­ney Gen­eral Wil­liam Barr has taken aim at the com­pany and asked it to help pen­e­trate two phones used by a gun­man in a deadly shoot­ing last month at a naval air sta­tion in Pen­sacola, Florida.

Ex­ec­u­tives at Ap­ple have been sur­prised by the case’s quick es­ca­la­tion, said peo­ple fa­mil­iar with the com­pany who were not au­tho­rized to speak pub­licly. And there is frus­tra­tion and skep­ti­cism among some on the Ap­ple team work­ing on the is­sue that the Jus­tice Depart­ment hasn’t spent enough time try­ing to get into the iPhones with third-party tools, said one per­son with knowl­edge of the mat­ter.

Ap­ple de­clined to com­ment on the is­sue Tues­day. Late Mon­day, af­ter Barr had com­plained that the com­pany had pro­vided no “sub­stan­tive as­sis­tance” in gain­ing ac­cess to the phones used in the Pen­sacola shoot­ing, Ap­ple said it re­jected that char­ac­ter­i­za­tion. It added that “en­cryp­tion is vi­tal to pro­tect­ing our coun­try and our users’ data.”

At the heart of the tus­sle is a de­bate be­tween Ap­ple and the gov­ern­ment over whether se­cu­rity or pri­vacy trumps the other. Ap­ple has said it chooses not to build a “back­door” way for gov­ern­ments to get into iPhones and to by­pass en­cryp­tion be­cause that would cre­ate a slip­pery slope that could dam­age peo­ple’s pri­vacy.

Cook pub­licly took a stand on pri­vacy in 2016 when Ap­ple fought a court or­der from the FBI to open the iPhone of a gun­man in­volved in a San Bernardino, Cal­i­for­nia, mass shoot­ing. The com­pany said it could open the phone in a month, us­ing a team of six to 10 en­gi­neers. But in a blis­ter­ing, 1,100-word let­ter to Ap­ple cus­tomers at the time, Cook warned that cre­at­ing a way for the author­i­ties to gain ac­cess to some­one’s iPhone “would un­der­mine the very free­doms and lib­erty our gov­ern­ment is meant to pro­tect.”

The San Bernardino case was bit­terly con­tested by the gov­ern­ment and Ap­ple un­til a pri­vate com­pany came for­ward with a way to break into the phone. Since then, Cook has made pri­vacy one of Ap­ple’s core val­ues. That has set Ap­ple apart from tech giants like Face­book and Google, which have faced scru­tiny for vac­u­um­ing up peo­ple’s data to sell ads.

The Pen­sacola gun­man’s phones were an iPhone 5 and an iPhone 7 Plus, ac­cord­ing to a per­son fa­mil­iar with the in­ves­ti­ga­tion. Those phones lack Ap­ple’s most so­phis­ti­cated en­cryp­tion.

Se­cu­rity re­searchers said tools from at least two com­pa­nies, Cellebrite and Grayshift, have long been able to by­pass the en­cryp­tion on those iPhone mod­els.

Cellebrite’s and Grayshift’s tools ex­ploit flaws in iPhone soft­ware that let them re­move lim­its on how many pass­words can be tried be­fore the de­vice erases its data, the re­searchers said. Typ­i­cally, iPhones al­low 10 pass­word at­tempts. The tools then use a so-called brute-force at­tack, or re­peated au­to­mated at­tempts of thou­sands of pass codes, un­til one works.

Se­cu­rity re­searchers spec­u­lated that in the Pen­sacola case, the FBI might still be try­ing a brute-force at­tack to get into the phones. They said ma­jor phys­i­cal dam­age may have im­peded any third-party tools from open­ing the de­vices. The Pen­sacola gun­man had shot the iPhone 7 Plus once and tried de­stroy­ing the iPhone 5, ac­cord­ing to FBI pho­tos.


Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.