We've all heard the story in the news about the San Bernardino iPhone. CNN: The San Bernardino, California, mass shooting is now being investigated as “an act of terrorism,”, and New York Times: F.B.I. Treating San Bernardino Attack as Terrorism Case . Many of our clients have asked me to voice my opinion, I felt the need to start this Blog on our business webpage. This reason I am covering this topic is not because of its ties to terrorism but rather the legitimate vulnerability that would exist to end users if Apple were to program a method for government agencies to backdoor into our devices.
Let me first say that I understand both sides of the street here. If unlocking the iPhone sheds light into discovering motives or other potential terrorists it could save lives. The problem is the US Government, or any governing body for that matter should not be given access to "backdoors" for spying. It takes one wrong move of an employee who has access to this information for it to be leaked to the Interwebs. But you might ask, "Aren't government networks some of the most protected computer systems in the world? Certainly more secure than the private sector... There hasn't been any data breech in the US Government... right?"
Well here are some examples of this very thing happening in the past:
February 2016 Hackers Get Employee Records at Justice and Homeland Security Depts. In the latest cyberattack targeting the federal government, an intruder gained access to information for thousands of employees at the Justice Department and the Department of Homeland Security, but officials said Monday that there was no indication that sensitive information had been stolen. Most of the information appeared to have been culled from internal government directories, including employees’ email addresses, phone numbers and job titles.
July 2015 OPM government data breach impacted 21.5 million Social Security Numbers and other personal details: Government investigators now believe that the data theft from the Office of Personnel Management computer systems compromised sensitive personal information, including Social Security numbers, of roughly 21.5 million people from both inside and outside the government, the government announced Thursday.
August 2014 Breach of Homeland Security Background Checks Raises Red Flags: Background check records of 25,000 undercover investigators and other homeland security staff were exposed in the breach at US Investigations Services (USIS) this month, unnamed officials told Reuters Friday. USIS has said the incident had "all the markings of a state-sponsored attack." What agency officials have said about the incident--and what they haven't said about it--are raising questions about the breach's ultimate impact and about inadequate measures for ensuring that third-party government contractors properly secure classified data.
I could go on and reference others, but I won't fill this blog with the over 30 instances within 20 years that I could find by doing a simple Google search. What I am getting at is it's happened before and it can happen again. No system is completely secure from hacking, simply put. But when backdoors are purposely put into a system it makes it easier for hackers to find other vulnerabilities by studying the existing backdoor programming code.
”He who sacrifices freedom for security deserves neither.” ~ Benjamin Franklin
When a company provides its end users with encryption it is to protect them! It is up to the end user to decide what's worth encrypting. Maybe its stored User Names and Passwords to commonly used websites like FaceBook or Netflix. Maybe a company wants to protect sensitive e-mails that contain developing products or potential patents. It doesn’t really matter.
I for one stand with Apple and hope they stick to their guns. What the public is not being made aware of is Apple is happy to provide to the government any content of iCloud backups if the proper legal paper is attached. So privacy aside all the government has to do is provide a warrant for the information and Apple would comply. What the government wants is the ability to break into any iPhone with a backdoor made special for their use. With the right tools government agencies could retrieve data from your phone as long as they can place their hands on it for a few minutes. If this backdoor was provided to local law enforcement your phone could be unlocked and data copied while you’re being placed in a local jail before you’re even taken to court. This is simply a violation of privacy. If you want to protect your data you should have that right without it being infringed. If you want to make you data public post it on Social Media for the world to see.
If you're interested in reading Apple's response to the Federal Government suing them and their stance on user privacy you may read their public notice here
EDIT April 2016
The Justice Department is abandoning its bid to force Apple to help it unlock the iPhone used by one of the shooters in the San Bernardino terrorist attack because investigators have found a way in without the tech giant’s assistance.
"Our decision to conclude the litigation was based solely on the fact that, with the recent assistance of a third party, we are now able to unlock that iPhone without compromising any information on the phone," U.S. Attorney Eileen M. Decker said in a statement, adding that the investigation will continue to ensure that all of the evidence related to this terrorist attack is collected.
The government is not saying exactly what data were found on the phone. DOJ spokeswoman Melanie Newman says the FBI is currently reviewing the information on the phone, consistent with standard investigatory procedures.
This means it took FBI experts about a week to test the third-party tool that allowed them to crack the iPhone pass code. For weeks, the FBI had said only Apple could help investigators lift the iPhone security features that stood in the way of its guessing the pass code. But last week, the government said a third party showed the FBI a new method that didn't require Apple's help.