WHATS THE FBI iPhone APPLE STORY ABOUT?
You have all been reading about the iPhone that the San Bernardino terrorist left behind and the FBI lawsuit trying to force Apple to ‘unlock’ the phone.
So – lets talk about it. Whats involved? and what does it mean? and what are the implications?
The Story of Encryption.
Encryption is any method of concealing information by changing the text into something (hopefully) indecipherable.
Its been used since the time of the Romans (at least).
Substitution ciphers replace one letter by another. That film about the Enigma machine (German encryption device during WWII) is a great example.
You type in a message and out pop a different encrypted message. One letter at a time. And the German’s considered it unbreakable.
Well – it wasnt. Due to a German error in their methodology
More recently (first discussed in a Scientific American article in the 1960’s) – Public Key Encryption was invented.
This was a method where you took two VERY large numbers, one called your Private Key, and the other your Public Key.
You Advertise your Public key to the world. with your Private key you encode a message of whatever length. And you use the Public Key of the person you are sending it to. The result is what seems to be gibberish.
But the person you send it to (and you can print it in the New York Times – there needs be no worry about the message getting intercepted!) used YOUR public Key and THEIR private key to decode the message. Out pops the original text.
Of further importance is the fact that this message cannot be ‘forged’ because only YOU have your private key that was used to create it!
The recipient has decoded the method and also has great assurance that the message in fact came from YOU.
Pretty Nitfy!
In essence, this is how bank to bank money transfers happen. A message appears at your local bank saying put $100000 into – say the Account of The Eldest Geek. The local bank knows from the message that it comes from Chase Manhattan in New York (say). it cant come from anyone else. Since they trust Chase Manhattan in fact has the money and they are transferring it – they go ahead and make the deposit. My bank account is now happy. Some day or days later the Federal Reserve Bank clears the transfer and everyone is happy.
Now you see the importance of the encryption. If it were possible to break it – then the banking system falls down. My Bank gets a bogus message (generated by myself maybe?) and puts money into my account. But they never get the money from the Federal Reserve. and Chase says ‘we didnt order any money to be transferred’.
Meanwhile the money has been put to good use!
This encryption system is CONSIDERED unbreakable. And were any genius programmer out there to discover a means to break it – it would be Instant PhD time at any computer department anywhere in the country! And no bank on the planet would be safe from his reach!
iPhone Encryption.
Here the contents of the phone are encrypted by such a system. And we dont have the terrorists ‘private’ key that he used to encrypt it.
We cant ask him as he is no longer with us.
Main point is APPLE CANNOT BREAK THE MESSAGES. If a general Public Key encryption breaking program were available – well the banking system falls down remember?
So – it does not matter at all what a judge tells Apple to do. They have implemented encryption basically equivalent to the Banking System. They did it knowingly to give their customers the utmost in privacy.
Apple COULD have implemented a ‘back door’ – and it would be easy. Say when you hit ‘encrypt’ the iphone contacts Apple Central and ways ‘I just did an encryption and here was the private key that was used’. Apple could now decrypt ANY iPhone messages – and the whole encryption would be – utterly – worthless. Apple would take a huge black eye because the privacy and security they were boasting of was simply hogwash. There is a great difference between ‘We have implemented world class encryption to protect messages’ and ‘We have implemented encryption to protect your messages but we can read them anytime we want and have a nice day’
It would be a horrendous problem for Apple. Unless they do what I outline above – sharing all private keys – the system is unbreakable. And I just dont think Apple implemented an encryption that was completely transparent to Apple!
So – once again – the Judge cant ‘order’ Apple to break the encryption – anymore than he could order $20 dollar bills to be worth $10 from now on. Its just not within his scope and not within Apple’s competence.
So what can Apple if fact do? Well – there is another wrinkle in the story. You have only 10 attempts to enter your encryption key – before the phone deletes all the information.
Apple COULD reflash the bios (the computer chip that contains the operating system) on this phone to change the fundamental function of the phone – just forgetting about the 10 attempts.
If they could do that – then the FBI could infact break the encryption by simply trying all possible encryption keys. It would take days, weeks, months, maybe years to do it as they would simply keep typing in keys one at a time (another computer would simulate a human at the keyboard so some poor soul is not there actually typing in keywords off a big list) until finally they hit the right key. But they would get it eventually.
THAT is within Apple’s power. And – honestly – doing that would not affect anyone ELSE’s security as only this phone would permit more than 10 attempts. And you would need huge resources to set up the brute force attack (going from 000000000 to zzzzzzzzzz trying keys one by one)
The judge might order this done – and I think its feasible.
But unlock the phone if its truly encrypted? No not a chance!
Now look at the legal aspect. The government is NOT requiring Apple to turn over something Apple has already done. They are requiring Apple to create a modification to the current iOS – with the specific aspect that it disables Apple’s security feature on this phone. I’m not a lawyer, but I am not sure the government can order this. If you enter into a contract a judge can order ‘specific performance’ as a way to FORCE you to carry out what the contract requires. But Apple is under no contract with the Federal Government. So how would a judge make it happen? The government could SEIZE iOS using eminent domain for national security reasons. But the government hardly has the programmers able to make the change on their own (I’m sure its well buried in the source code). Remember the Obamacare website?
Anyway what do YOU think? I’m interested in your opinions!
ADOPTION CORNER
We have Mac Mini’s (I5) ready for homes!
And a 13 and 15in Retina (small things need to be done on both).
SIX MONTH WARRANTIES WITH ALL OUR COMPUTERS!
Take Care!