The ongoing 'Apple v FBI' debate has peaked a lot of public interest recently. Everyone from late night comedians, security professionals, presidential candidates and even the US President himself has weighed in on the topic. There have been opinions on everything related to this – the privacy concerns, the precedents that could be set, the methods that were employed to ‘crack’ the iPhone itself and ways to find supporting evidence from other sources. Software companies and digital forensic service providers have been asked to provide ‘expert’ opinion on a daily basis, us included: Ibtimes.com, and D4Discovery.com. If you’ve been living in isolation for the last month, lets get you up to speed on the situation.
The FBI are investigating the tragedy that occurred in San Bernardino in December 2015. One of the perpetrators of the crime, who died at the scene, possessed an Apple iPhone. The phone is encrypted; not in any special way, rather just using the standard encryption tools that are on all modern iPhones, and until recently, this encryption prevented the FBI from seeing the contents of the device. The FBI went to the courts and got an order which states that Apple should help them get to the data on the phone. The way in which they wanted to achieve this was to have Apple create a custom version of it’s operating system, commonly called 'iOS', and have it pushed to the phone. The customization they asked Apple to make was to adapt, disable or remove one of the phones security features, specifically the one which wipes the phone after a preset amount of attempts have been made at entering the passcode; typically 10. This would allow the FBI to attempt to try and enter the passcode as many times as they like without fear of losing the data. Also, they asked Apple if they could help them set up an automated way of testing the 10,000+ possible pass codes. Basically, the FBI want a backdoor created. They don’t want the key to the door (they’re being good and saying they’ll try and pick the lock), but still…. they want a backdoor. Apple, unsurprisingly, pushed back.
Within the last few days, the FBI have announced that with the help of a third-party company, they have been able to get around the the problem, and have withdrawn their requests for Apple's help (and therefore the pending court case). While this is good news for this one case, it will most likely result in Apple quickly coming out with a new iOS with any security holes patched. As many have mentioned, it is a classic game of "cat and mouse", with one party always being a step ahead of the other. Hexigent's Ryan Duquette was recently interviewed on a Canadian national television show about this issue.
As many have pointed out, this debate goes far beyond this one iPhone and this one case. It's been suggested that allowing the FBI this one “backdoor", may have opened up the possibility of similar bypass techniques being placed into every iPhone, or any mobile device, or maybe operating systems in general. In the first instance, this obviously is not only an issue for Apple, but will most likely be an issue for any mobile device hardware and software manufacturer. As it has been pointed out, this one case may result in the opening of Pandora’s Box, as many law enforcement agencies would have, and still may well, inundate Apple and others with legal requests to be able to have this type of “backdoor” placed into the many devices involved in criminal cases they have not been able to get into. This does not include the many "others" who would also be interested in a backdoor into these devices.
While many aspects of this case were focussed upon, there was one element that was noticeably absent from broad discussions; that being the incredible amount of resources that the FBI put into the “cracking” of this one phone. Yes, the information contained on this one phone is potentially extremely important, however, what other important cases have been put “on-hold” while those resources have been busy? This is also the case for many other law enforcement agencies, who already have a significantly large backlog of cases involving digital evidence (some up to 2 years), and all it takes is one case of significance to break an already fragile judicial system. For example, in 2015, Canadian Police uncovered a child pornography sharing database. It was approximately 1.2 petabytes in size which, to give you some context, is the equivalent of over 20 million four drawer filing cabinets filled with text documents, or around 13 years’ worth of HD TV. The amount of resources needed to investigate that one case is staggering.
While this Canadian case and the San Bernardino case involving the iPhone are not typical, they do represent a growing concern for the law enforcement community; that of increasing case backlogs and lack of suitably skilled police resources needed to combat cybercrime, and investigate matters involving digital evidence. There are many reasons for this increasing backlog, but there are options available to law enforcement to address the situation. If you’d to get a better view of what the contributing factors and some of those options are, please see our other post titled "5 reasons why Law Enforcement Agencies should consider public/private partnerships for digital forensic cases", where we dive a little into the broader backlog problem.