PaRaBaL's Blog
FBI Versus Apple

“Keys to the Kingdom – Who says you can’t lock it up and throw away the Key?”



A war for public opinion: Apple has used privacy as a battle cry for sales – “don’t let big government get your data”. The Government has used a horrific terrorist attack to get access to what they don’t have access too – “A method to get data when needed for the public good” – is there not a middle ground?Can’t our data be secure without government intrusion – a government less and less trusted in recent times. Can’t Apple help our government when needed in cases to defend our nation against attack?The answer should be yes and yes – but how?

To debrief, in this current scenario, the request for information that the FBI is requesting would, according to Apple, create a backdoor that would weaken the iOS security posture. Apple is absolutely correct – creating a backdoor would in essence completely remove the benefit of adding encryption, as its design is to prevent access to the system.

Let’s imagine you live in house and you carry the key to access it and then you pass away. If a friend or close relative would want to have access to that house, they would need to find or make a spare key and then they would be able to access it, right? This would be the case, except that there is no spare key and there’s no way to replicate the key. That’s what Apple and the U.S Government are dealing with right now. Even if they want to help, they just have no way of doing it.

Here is what has not been discussed so far on this topic:

1.Apple could break the phone in their HQ and never release the software that does it.While Technically possible, here are the reasons this solution will not happen:

a.Feds want this software –not have to give the seized phones to Apple

b.While Apple could do it – it would be very expensive for Apple to do the work and it would run counter to what they offer their customers – security – why would the manufacturer design a way into their customers’ phone – not a good marketing message.

c.Creating this software at all makes it possible for someone to steal it from Apple either by an insider or a Hacker that got into the Apple network.

2.The County of San Bernardino is in possession of the 5C phone.San Bernardino bought MobileIron, an MDM software package to put on employees phones.If MobileIron had been installed, this 5C phone would be accessible now – end of story.

(San Bernardino should call PaRaBaL to help install MobileIron :) )

3.This 5C phone had iCloud backup capabilities – but through mismanagement by someone, the iCloud password was changed and auto backup was not done – again – San Bernardino needs some Enterprise Mobility Management assistance – call PaRaBaL.

Now, ever since the Edward Snowden Breach, this continuing battle over privacy and control has been escalating between Washington DC and Silicon Valley. Ironically, if DC could figure out a way to make their IT procurements more efficient, DC would already have a better relationship – not to mention avoid the Healthcare Exchange Portal Flap we had about a year ago by procuring the right products.We need the Silicon Valley for their products – and Apple knows privacy is an important marketing element for their phone customers. It’s DC that needs to rethink their approach, instead of going to war over this poignant attack on our nation.

References:

Apple letter to customers: http://www.apple.com/customer-letter/

New York Times: http://www.nytimes.com/2016/02/24/technology/justice-department-wants-apple-to-unlock-nine-more-iphones.html

New York Times: http://www.nytimes.com/2016/02/25/technology/personaltech/the-apple-case-will-grope-its-way-into-your-future.html?_r=0

CNET: http://www.cnet.com/news/apple-vs-fbi-mobile-world-congress-mwc-no-comment-iphone-san-bernardino/?ftag=CAD4dc88c8&bhid=23798579383999306222336612256648