Another good post by digital forensics expert Jonathan Zdziarski, explaining what the FBI is actually pressuring Apple to provide:
With most non-technical people struggling to make sense of the battle between FBI and Apple, Bill Gates introduced an excellent analogy to explain cryptography to the average non-geek. Gates used the analogy of encryption as a “ribbon around a hard drive”. Good encryption is more like a chastity belt, but since Farook decided to use a weak passcode, I think it’s fair here to call it a ribbon. In any case, lets go with Gates’ ribbon analogy.
…
Instead of cutting the ribbon, which would be a much simpler task, FBI is ordering Apple to invent a ribbon cutter – a forensic tool capable of cutting the ribbon for FBI, and is promising to use it on just this one phone. In reality, there’s already a line beginning to form behind Comey should he get his way. NY DA Cy Vance has stated that NYC has 175 iPhones waiting to be unlocked (which translates to roughly 1/10th of 1% of all crime in NYC for an entire year). Documents have also shown DOJ has over a dozen more such requests pending. If FBI’s promise of “just this one phone” were authentic, there would be no need to order Apple to make this ribbon cutter; they’d simply tell them to cut the ribbon.
Why has the government waited this long to order such a thing? Because in spite of all of iOS 8’s security, the Chinese invented a ribbon cutter for it called the IP BOX. IP BOX was capable of brute forcing any numeric passcode in iOS 8, and even though it was junky, Chinese-made hardware with zero forensic credibility (and actually called home to servers in China), our government used it widely to break into iOS devices without Apple’s help. The government has really gone dumpster diving for forensic solutions for iOS. This ribbon cutter was used by both law enforcement and anyone with $200 to break into iOS devices, and is a great example of how such a ribbon cutter is often abused for crime.
So here’s the real question: Why is FBI asking for the invention of a ribbon cutter instead of just asking Apple to cut the ribbon? Well the answer to that comes back to precedent. If FBI can order the existence of this ribbon cutter, Cy Vance’s 175 phones will be much easier to push through the courts without the same level of scrutiny as a terrorism case. If FBI were simply asking for Apple to cut the ribbon, all future AWA orders would have to go through the same legal scrutiny in the courts for justification. Getting the ribbon cutter invented for a terrorism case opens the door for such a tool to then be justified by the DA for weaker cases – such as narcotics, computer crimes, or even simply investigations where the government can’t even prove to the courts that a crime was ever committed. Once it’s a tool, just like a Stingray box or a breathalyzer, the court’s leniency in permitting its use increases dramatically.
(click here to continue reading On Ribbons and Ribbon Cutters | Zdziarski’s Blog of Things.)
Now if I could only mandate that all politicians were required to understand the concepts before opening their speaking holes. I know, I know, zero chance…
Additionally, there is this angle:
Also consider that the courts aren’t about to force Apple to hack into their own customer products. In fact, the customer purchased these products trusting that the manufacturer wouldn’t – even couldn’t – intentionally compromise them; ever since iOS 8, Apple has marketed these devices as so secure that Apple themselves cannot hack them. For Apple to be forced to backdoor their own devices would invite countless lawsuits from their own customers, betray consumer trust, and likely cost Apple millions, if not billions, in sales depending on how big of a PR nightmare it created. The courts, however, appear to be OK with forcing Apple to write what is being portrayed by the FBI as an innocent, fluffy tool for just this one device.
(click here to continue reading On Ribbons and Ribbon Cutters | Zdziarski’s Blog of Things.)