Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:38 AM
Connect Directly

FAQ: Here’s What You Need To Know About The Apple, FBI Dispute

The case marks a watershed moment in the debate over national security interests and privacy rights.

The dispute over Apple’s refusal to help the FBI unlock an iPhone recovered from San Bernardino terror suspect Syed Farook marks a watershed moment in the heated debate over national security interests and data privacy rights.

Regardless of whether it is Apple that prevails in the matter or the US government, the one thing that has already become clear is the case will be precedent-setting.

Those who side with Apple in the dispute see it as a test of the industry’s ability to resist persistent government efforts to weaken security and enable backdoors in technology products under the aegis of national security. Those sympathetic to the government’s view see Apple’s arguments as grandstanding by the world’s most valuable company over an issue with legitimate national security implications.

Here is a quick primer on what the issue is all about:

What does the FBI want?

The FBI wants Apple to help it unlock an iPhone 5C recovered from Farook, who was killed in a shootout with police shortly after he and his wife Tashfeen Malik allegedly shot dead 14 people in a terror attack last Dec 2 in San Bernardino. The FBI wants to know if the phone holds information pertinent to the terror attack, particularly about potential co-conspirators.

Following Apple’s refusal to help, the Department of Justice filed a motion with the US District Court for the Central District of California asking for its intervention in forcing Apple’s compliance. On Feb 16, the court issued a motion ordering Apple to accede to the FBI’s request for help.

Why can’t the FBI unlock the phone?

The phone is encrypted and protected with a passcode. It has a feature that automatically deletes all data on the device after 10 failed login attempts, and a feature that forces a lengthening delay between login attempts with each failed login attempt. What that means is if the FBI fails to crack the passcode in 10 attempts, it runs the risk of irretrievably losing the data on the device.

What does the Court want Apple to do?

Magistrate Judge Sheri Pym wants Apple to write a recovery bundle or software image file (SIF) that will essentially override the auto-erase feature and the enforced delay between passcode retry attempts. The goal is to give the government a way to try and brute force its way into the device through automated password guessing without fear of losing the data, or having to contend with lengthy delays between each try.

So why isn’t Apple helping them?

Apple CEO Tim Cook has argued that providing the FBI with the help it wants is akin to giving the government a master key for unlocking encryption protection on all iPhones. He, like many other technology leaders, contends that strong encryption is critical to protecting sensitive data against cyber criminals and nation-state actors.

Cook has argued that complying with the court’s request would essentially mean having to write a new version of the iOS that circumvents many of the security features that Apple has built into the technology over the years. Such software would allow anyone with access to it the ability to unlock any iPhone, he has noted.

Apple is right correct?

Not entirely. Despite Cook’s claims about the government wanting a master key, the specific software the court wants Apple to write would work only on the iPhone 5C, and that, too, with some effort. That’s bad, certainly. But not quite as bad as giving the government a way key to unlock all iPhones, which is what Cook has said the government wants. The FBI insists that what it wants is very narrow: to recover data from just the recovered phone.

Why is it not a master key?

Though the iPhone 5C offers robust encryption, it has one major weakness: the encryption and the password delay can be disabled via a firmware upgrade of the sort the court wants. Anyone with the right resources, including the FBI, can probably build such firmware, but they would need for it to be digitally signed by Apple in order to install and run it on an iPhone.

Alone, the SIF the Court wants Apple to develop would not be enough on newer iPhones featuring Touch ID technology and the A7 processor or later, according to security experts. These models feature a technology called Secure Enclave (SE), which basically is a co-processor that is not controlled by the iOS.

The user-generated passcode in such devices is inextricably tied to a unique key that is stored in the SE. In order to unlock a newer iPhone, the FBI would require a firmware update for iOS and a separate firmware update to recover the key stored in the SE, which is not something that the Court has asked for. A firmware update of the sort the Court is asking Apple to deliver would be of little use by itself on a newer iPhone without some way to recover the key stored in the SE.

So Apple technically has a way to comply with the FBI’s request without jeopardizing encryption on all iPhones?

Technically speaking, yes, as Dan Guido co-founder of Trail of Bits explains in wonderful detail in this blog.

Is FBI director James Comey right when he says the SIF would work only on the specific iPhone recovered from Farook?

Not quite. Comey has insisted that the FBI only wants something that will override the protections on Farook’s phone. But Cook and numerous security researchers have noted that there is no such thing as developing software for unlocking just one iPhone. A firmware update developed for Farook’s phone could most likely be used to unlock any other iPhone 5C in the government’s possession as well.

Even if Apple could somehow lock it so it works only on one phone, the Court wants the company to install the SIF at a government facility or give the government remote access to the phone after the software is installed.

Either way, the government would have access to firmware that it could use to try and crack the encryption protections on other similar iPhones. Cook has warned that once the information on how to bypass the passcode protection is known, the encryption can be defeated. “The government suggests this tool could only be used once, on one phone. But that’s simply not true,” Cook has said.

What is this I keep hearing about the FBI blowing its chance to recover data from Farook’s phone?

In the days following Farook’s death, the FBI with the help of San Bernardino county officials reset the password to his iCloud account to recover data backed up from the phone. (Farook worked for the county government, and the phone that was recovered from him was county-issued). The FBI has said the last data backup of Farook’s iPhone 5C happened on October 19, or well more than a month before the shooting.

Apple contends that the government might have gotten a more recent backup if they had simply connected the phone to a known Wi-Fi network such as the one in Farook’s house. That’s because the phone most likely would have automatically backed up data when it was connected to a power source and a known wireless network.

The FBI's response is that even if that were indeed the case, there still could be a lot of data on the device that is not backed up and which could prove vital to their investigation. According to the FBI, its previous experience has shown that direct data extraction from the device provides a lot more data than can be gathered from an automatic backup.

What support does Apple have for its position?

A lot. Several technology leaders, cryptographers, and technology vendors like Google and Facebook have expressed support for Apple’s position. They agree that complying with the government’s demand would seriously weaken encryption protections, result in more such demands from government, and set a bad precedent for other governments around the world.

But many are sympathetic to the government’s position as well. In fact, 51% of those polled in a national survey of 1,002 US adults by the Pew Research Center, support the FBI and want Apple to unlock the phone. A smaller proportion (38%) said the company should not do so, while 11% are undecided. Relatives of some of the victims of the terror attack have said they will file a motion supporting the government’s request to get Apple to unlock the device.

What happens now?

Apple has until Feb 26 to file a motion appealing the court’s order. It’s unclear what legal basis the company will use to justify its decision not to comply. The court could throw out Apple’s objections and order it to unlock the device. If Apple still refuses, it could be held in contempt of court and ordered to pay fines -- and theoretically at least, send an Apple executive to jail.

Related content: 


Interop 2016 Las VegasFind out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Register today and receive an early bird discount of $200.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
2/24/2016 | 11:38:56 AM
It is not about Apple or FBI's position. It is about voting
This is a mind trick. It is not about Apple not wanting to unlock the device. It is about involving the general public and having the public vote with their opinions. Once that is done, there is no way you can oppose it because that is how democracy works in the USA. 51% vote pro and the rest does not matter because 51% said yes. 

So what I make of the whole sh%# show they are putting up, is that from now on, anyone's device will be accessible regardless of security measures you put in place. 
User Rank: Ninja
2/23/2016 | 2:18:31 PM
10 Login Attempts?
Is that true? 10 failed login attempts will delete data sounds ridiculous. If this is true what data in particular is deleted? Is it some of it, or all of it?
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-14
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.
PUBLISHED: 2021-05-14
Hexagon G!nius Auskunftsportal before allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter.
PUBLISHED: 2021-05-13
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
PUBLISHED: 2021-05-13
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the ca...
PUBLISHED: 2021-05-13
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with ...