The
FBI’s attempt to get Apple to write software code in order to break into the
iPhone used by one of the San Bernardino killers is attracting a lot of
attention. Here are some observations after reading numerous articles on
the subject:
· The FBI is trying to force Apple to write
code which will do three things. First, it will eliminate those part of the
current operating system which makes the data on the current phone
indecipherable after 10 failed password attempt. Second, it will eliminate the
increasing time intervals between password attempts at accessing the device. Third,
it will allow password attempts be allowed remotely from a computer rather than
being entered in by hand.
· The FBI wants to use “brute force” to
discover the correct password to the phone. In other words, a computer will try
every possible combination of number and letters until it hits the correct one.
If the password is composed only of numbers and has four digits, this can be
done very quickly by computer, since there are only 10,000 possible number
codes. If it is an alphanumeric code, it takes more time since, rather than only
ten possibilities for each position, there are 36. If the password is case
sensitive, then there are 62 possibilities. If the password is an alphanumeric
code which is case sensitive and has six positions, then it will take even more
time. The time to discover the correct password depends on the number of possible
combinations of symbols, how fast the computer using the brute force is, and
how fast the iPhone can respond. Obviously, adding symbols as well as letters
will increase the number of possibilities. How long it would take to break into
the particular iPhone in this case is not clear.
·
The FBI is relying on a short, ambiguous
1987 statute, the All
Writs Act, to try to compel Apple to write the necessary code. The courts
will have to resolve whether the All Writs Act is applicable in this case. If
some sort of resolution is not reached between Apple and the government, then
it seems likely that this will reach the Supreme Court.
·
Bill Gates entered into this discussion by
leaning to the government’s side, but not completely.
·
Gates used an analogy to banks giving up
customer transaction information to law enforcement authorities. Gates, though,
is understating what banks are required to do. Not only must they respond to subpoenas,
they are required to file suspicious activity reports (SARs) to a bureau of the
U.S. Treasury Department, the Financial Crimes Enforcement Network (FinCEN). Often
these are transactions that could involve money laundering or violation of U.S.
international sanctions regulations (which are promulgated by another part of
the Treasury, the Office of Foreign Assets Control.) When a particular bank
gets into trouble for having lax controls, or actively assists, in money
laundering or sanction violations, the volume of SARs increases as other banks
start playing it safe. The banks are prohibited from telling their customers
about any SARs reports.
·
Supporters of Apple’s position argue that,
if Apple is forced to write this computer code, other countries (such as China)
may lean on it to use the same method to force entry into the phone of its
citizens in order to suppress dissent. These countries could do that now, though
Apple’s ability to resist such demands might be weakened if the FBI prevails.
·
It
seems unlikely that there is anything of interest on the particular phone in
question. The government already has the metadata from the phone and what
was backed up to Apple servers. The auto backup function of the phone was
disabled a few weeks before the San Bernardino attacks. This is what the government
wants.
·
It is pretty clear that the
government is using a case involving terrorism to
set a precedent. It seems to be winning in the
court of public opinion.
·
It is not clear how the courts will
resolve this case or whether Congress will be able to pass a law clarifying the
government’s ability to force software companies to write code in order to
assist its investigations.
· The technology industry is probably
correct in saying that there is no foolproof way to leave a backdoor into a
smartphone’s data that can be limited to the government and the manufacturer.
Hackers will probably find a way to break in.
·
If U.S. technology companies are
prohibited from creating encryption for phones that make them secure from
outsiders without some sort of backdoor, others,
perhaps companies located abroad, will do so.
·
The issues are not easy, and it is healthy
to have a debate. The law is having difficulty keeping up with technology.
