The Federal Bureau of Investigation has asked the engineers at Apple that developed the iPhone's password encryption to code a decryption key to allow the bureau to access the phone of the San Bernardino shooter. However, this proposal has not generated a positive response from those engineers due to their beliefs regarding the encryption they have made.
1a. Integrity; though the FBI demands the
code solely to gain access to one iPhone and stipulates it will only want this
code for that phone, it may use it subsequently to gain access to other
iPhones, hence going back on their promises.
1b. Law enforcement usually seizes
smartphones such as these in order to use data stored on them as evidence,
which causes their need for decyrption.
2a. The user turns on their phone; well, it
would either be off completely or in standby mode. If turned off, the phone
will boot the operating system from its storage media, loading relevant files,
applications and drivers into memory. If in standby mode, the phone will
display the login screen. After either process is done, you swipe your finger
along the screen in order to summon the password entry screen. On this screen,
a keyboard appears with which you can type your password. When you are done,
the password is checked against the hash stored on the phone; should the hash
decode to the typed password, then access to the phone shall be granted.
2b. The FBI using this master key on other
iPhones would allow them a backdoor into anyone’s phone and additionally to
track data and communications sent and received; many would be devastated to
hear this and may possibly result in protest.
3. Engineers feel emotional turmoil
creating an antithesis to their own encryption; they had coded it passionately
to secure data and documents effectively, but now they would be undoing this
security and all the work they had done would be for nothing. In addition, many
of the engineers in relevant departments are friends with one another, sharing
common values of perhaps arguing until they win and a constant, religious
devotion to their handiwork. The violation of these principles would not sit
well socially with the engineers.
The reliability of the decryption could
possibly be impacted by this emotional turmoil. As such, the decryption either
may not work and cause errors when the FBI attempts to decrypt the phone or
even corrupt data and the phone should the Apple engineers have programmed
routines for that to happen when the phone detected attempts to break the
encryption. Perhaps the system may do nothing at all, but display dialog boxes
and other such things that make the system appear to be decrypting itself. A
side effect of this would be the relief of most end-users since their phones
would not be effected should the decryption pretend to operate as per the
bureau’s criteria and the relevant privacy and security issues would not apply.
In addition the integrity problem
surrounding the FBI should it use the decryption on any other iPhone, privacy
issues would also arise due to the effectively unlimited access the bureau
would have to citizens’ iPhones and possibly those outside their jurisdiction.
Hence, any communications made and received could be intercepted and possibly
used without consent of those people.
This privacy problem could also become much
more pervasive should hackers outside of the FBI get a hold of the decryption
code. They would then be able to access the communications of others at their
own disposal and use them against those people for frivolous purposes such as
blackmail or fraud. They could also plant viruses or malware on the iPhones in
order to continue such activity or to corrupt the system, posing a security
risk to users.
4. A possible solution to this problem
would to perhaps create the decryption, but first produce an update that users
can download that renders them invulnerable to the decryption so that the FBI
can only ever crack one phone while the rest are un-tampered and are not
tracked further by the bureau. As with the decryption, this update may not be
reliable either; for it may not operate at all and still allow the decryption
to work, or it may corrupt data on the storage media or whatnot. Though, the
update would also display a dialog box or other sort of message as follows: “We
have been asked by the Federal Bureau of Investigation to write code that would
allow it access to the iPhone of the suspect of the recent San Bernardino
shooting (i.e. decrypting it). This level of access would create
vulnerabilities for many iPhone users, so we have created this update to
prevent that code from running on any other devices.” This way, Apple can
maintain good standing among its consumers due to its integrity and the update
and not lose sales to competitors such as Microsoft or the numerous
manufacturers of Android-based phones. Also, the engineers would be able to
rectify some of the social and emotional turmoil created for them since their
encryption, in the end, would still stand victorious as would their values and
devotion. Given all these factors and that the FBI would be able to still
obtain the necessary evidence; this may be the best possible solution.
The article can be found here: http://www.theguardian.com/technology/2016/feb/22/apple-vs-fbi-engineers-breaking-encryption-unholy
1, 17, 39, 86, 125, 167
No comments:
Post a Comment
Note: only a member of this blog may post a comment.