Contributor Vanessa Braeley
One of this year’s biggest headlines has been the FBI v. Apple encryption debacle. If you’re like most people, you understand the basics, but the technicalities leave you with a glazed over look. Don’t be discouraged; in the ever-evolving digital age, the debate between privacy versus national security affects us all, so it’s important to understand the key points and their potential impact. Here are the Cliff’s Notes:
One of the shooters of the 2015 San Bernardino attack, Syed Rizwan Farook, possessed an iPhone 5C, which he used for work as an employee of San Bernardino County. The phone was owned by San Bernardino County. The iPhone was locked with the four-digit password protection feature of the iPhone. After the shooting, the FBI obtained the iPhone and began attempting to unlock the iPhone in order to obtain information it considered vital to the criminal investigation.
Specifically, the FBI was attempting to utilize a “password-guessing technique” whereby different four-digit passcodes are entered repeatedly until the right one is guessed. This is known as “brute forcing the password.” Basic statistics tells us that at some point the FBI would be able to identify the correct password fairly quickly using this method. There are only so many four-digit combinations that exist, right? (10,000 to be exact). Not exactly. Even the most basic of software programs provide protection from access to data using this method, and Apple is no exception.
The user data on one’s iPhone is protected from brute-forcing the password by using “two factors to secure and decrypt data on the phone – the password the user chooses and a unique 256-bit AES secret key that’s embedded in the phone when it’s manufactured,” as described by Wired.com. These two factors work in tandem to access (or “decrypt”) the user data: the four-digit passcode is entered, which then triggers the device to perform a calculation which combines the four-digit passcode and the AES “secret key.” And voila! The data is decrypted and accessible.
The problem encountered by the FBI was this: after a certain number of attempts at the four-digit passcode, the iPhone automatically erases the four-digit passcode, thereby permanently locking all users out, as it eliminates one of the two factors required to unlock and decrypt the data. The underlying user data remains on the device, but is unable to be decrypted and is therefore inaccessible. The FBI used up their “guesses” within ten attempts, at which point it was locked out; the user data on Syed’s iPhone was declared inaccessible as a result of Apple’s security protections.
What’s concerning is the antiquated law that the court used when issuing its initial order requiring Apple to develop software which would undermine its own security features. The All Writs Act of 1789 is a federal statute which authorizes the courts to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.” Pretty broad, right? Pretty old, right? The statute was originally a part of the Judiciary Act of 1789, which was enacted during the first session of Congress, was signed by George Washington, and was intended to (and did) establish the judiciary and its powers. The irony! One of this country’s oldest pieces of legislation relied upon as justification to compel (arguably) the world’s most progressive technology giant to develop specific software against its will.
For you libertarians, chin up. The battle that waged on between Apple and the government has sent Silicon Valley into a privacy and security frenzy. Coders and cryptographers are slated for celebrity status, as they build secure products, encrypting data from end-to-end. Companies such as WhatsApp, which is now owned by Facebook, have already built-in protections which would completely stonewall the federal government from obtaining any data. Wired.com reports that WhatsApp has encrypted data to such a level that it would be impossible to comply with a court order demanding access to user content.
And for you dear Federalists, collecting private data in the interest of national security should be A-OK so long as we have the ol’ All Writs Act of 1789 to rely on. “The law actually seems to be keeping up with technology by being so broad that we’re just reinterpreting it all the time,” Irina Raicu, director of the Internet Ethics Program at Santa Clara University’s Markkula Center for Applied Ethics had commented to NPR.
Good point, Irina. Or we could just rely on the sophisticated international criminal hackers who are working just as hard to develop programs that will undermine the security and privacy features currently being developed in Silicon Valley by companies such as WhatsApp.
And let the Crypto Wars begin.