Wednesday, February 24, 2016

FBI vs. Apple, Some Observations


·      The FBI is trying to force Apple to write code which will do three things. First, it will eliminate those part of the current operating system which makes the data on the current phone indecipherable after 10 failed password attempt. Second, it will eliminate the increasing time intervals between password attempts at accessing the device. Third, it will allow password attempts be allowed remotely from a computer rather than being entered in by hand.

·      The FBI wants to use “brute force” to discover the correct password to the phone. In other words, a computer will try every possible combination of number and letters until it hits the correct one. If the password is composed only of numbers and has four digits, this can be done very quickly by computer, since there are only 10,000 possible number codes. If it is an alphanumeric code, it takes more time since, rather than only ten possibilities for each position, there are 36. If the password is case sensitive, then there are 62 possibilities. If the password is an alphanumeric code which is case sensitive and has six positions, then it will take even more time. The time to discover the correct password depends on the number of possible combinations of symbols, how fast the computer using the brute force is, and how fast the iPhone can respond. Obviously, adding symbols as well as letters will increase the number of possibilities. How long it would take to break into the particular iPhone in this case is not clear.

·       The FBI is relying on a short, ambiguous 1987 statute, the All Writs Act, to try to compel Apple to write the necessary code. The courts will have to resolve whether the All Writs Act is applicable in this case. If some sort of resolution is not reached between Apple and the government, then it seems likely that this will reach the Supreme Court.

·       Bill Gates entered into this discussion by leaning to the government’s side, but not completely.

·       Gates used an analogy to banks giving up customer transaction information to law enforcement authorities. Gates, though, is understating what banks are required to do. Not only must they respond to subpoenas, they are required to file suspicious activity reports (SARs) to a bureau of the U.S. Treasury Department, the Financial Crimes Enforcement Network (FinCEN). Often these are transactions that could involve money laundering or violation of U.S. international sanctions regulations (which are promulgated by another part of the Treasury, the Office of Foreign Assets Control.) When a particular bank gets into trouble for having lax controls, or actively assists, in money laundering or sanction violations, the volume of SARs increases as other banks start playing it safe. The banks are prohibited from telling their customers about any SARs reports.

·       Supporters of Apple’s position argue that, if Apple is forced to write this computer code, other countries (such as China) may lean on it to use the same method to force entry into the phone of its citizens in order to suppress dissent. These countries could do that now, though Apple’s ability to resist such demands might be weakened if the FBI prevails.

·        It seems unlikely that there is anything of interest on the particular phone in question. The government already has the metadata from the phone and what was backed up to Apple servers. The auto backup function of the phone was disabled a few weeks before the San Bernardino attacks. This is what the government wants.

·       It is pretty clear that the government is using a case involving terrorism to set a precedent. It seems to be winning in the court of public opinion.

·       It is not clear how the courts will resolve this case or whether Congress will be able to pass a law clarifying the government’s ability to force software companies to write code in order to assist its investigations.

·      The technology industry is probably correct in saying that there is no foolproof way to leave a backdoor into a smartphone’s data that can be limited to the government and the manufacturer. Hackers will probably find a way to break in.

·       If U.S. technology companies are prohibited from creating encryption for phones that make them secure from outsiders without some sort of backdoor, others, perhaps companies located abroad, will do so.

·       The issues are not easy, and it is healthy to have a debate. The law is having difficulty keeping up with technology.