Monday, February 22, 2016

APPLE V FBI

OK, folks, this will be short and sweet. I’m probably totally uninformed about the technology involved, but I haven’t heard anyone explain it to me.

The FBI wants to get into the iPhone of one of the perpetrators of the San Bernardino massacre. Well, it wasn’t exactly HIS iPhone. The thing belonged to his employer, which was apparently San Bernardino County.

Anyway, it was HIS in the sense that he had it and used it, had access to its secrets, etc.

Apple says, No, you can’t have it, indeed WE can’t have it. Our customer’s information is tucked away in a secret place that only the owner (or user) of the phone can get at. The confidential information is buried behind a password. We, (Apple) don’t know the password. Only our customer knows the password.

And, says Apple, we protect out customers by providing that if someone tries ten wrong passwords, the whole device clams up, the hidden information is permanently deleted and lost forever. To everybody. Including Apple.

I have to ask myself why the FBI doesn’t just ask for a new password? They know the guy’s date of birth. They know his social security number. Why don’t they just click the button that says “FORGOT YOUR PASSWORD?”

I’m sure here is some logical explanation, known only to geeks. I can’t be the only person in America who has thought of this.

Having gotten this far into the electronic maze, I decided to bone up on the technology. So I went to a web site called http://arstechnica.com/     There, I found an article by one Peter Bright, who is obviously very bright. He’s the Technology Editor at Ars. He writes about Microsoft, programming and software development, Web technology, browsers and security.

I read his whole article, and danged if I can get anything out of it that disabuses me of the idea that all the FBI needs is a new password.

As someone who solicits new passwords every other day, I have to believe it is not rocket science. Oh, I suppose Apple will want to email the deceased a temporary code, but I should think the FBI has control of the man’s email, too.

Anyway, I am not ready to approve of Donald Trump’s off-the-cuff plea to the American people to boycott Apple until they come around. I should think the more responsible approach would be to let the courts do their work and come to a rational conclusion that protects national security without depriving the citizens of their constitutional protection from unreasonable searches and seizures. 

Funny how the Donald makes everything about him.

6 comments:

  1. Tom,

    It's not the password they are looking for, its the 4 digit passcode. If your phone is stolen, and someone tries to access your information, after a few unsucessful attempts, the phone will lock itself. This is the current state of the phone in question.

    For obvious reasons, Apple does not store your personal passcode on their servers. The only way to reset the passcode, is to log into the phone and change it within the settings.

    Can Apple make some sort of software that can bypass a locked phone? The short answer is yes. Their argument is that if they created such software, and it got in the wrong hands, no phone would ever be secure. As you can see, its a very tricky situation. Hopefully, this makes a little more sense now.

    I tried leaving this comment on your blog page, but it wouldn’t let me.

    Hope this helps,
    Chuck Donnelly

    ReplyDelete
  2. Judge, when I want to encode something I have to use some type of software/hardware to do that encoding. I must have that same software/hardware when decoding the message. Suppose I want to "encode" my front door. I put a lock on the door and make a mechanical key to gain entry. I can also do that with approaches such as scanning your iris (eyeball), generating a digital image of your iris, and then require that the same iris be presented/scanned to match the stored original digital image. In both cases, someone must have the door key, or the eyeball, to open the door. The "forgot my password" thing would be a way to get through the first level of protection such as a locked screen door. I could just have that locked with a simple push button key (push 1,2,3 to enter). Suppose you forgot that number. You would contact me, give me your password, answer a security question, and I would send you a new key and send the new correct response (say 4,5,6) electronically to the screen door push button mechanism. Getting into the screen door does not get you into the house.
    Now here's the kicker. You can make an encoding algorithm as complex as you want and it can be broken through brute force. Say a bank of Cray computers running every possible option until they hit the right combination. There has never been an unbreakable code. Some are just much harder to break than others. I would be very willing to bet that the CIA has gotten into, or can get into, the data on that phone. The brute force approach is why people like the CIA are working on truly unbreakable codes that use quantum (physics) codes that are based on truly random events. I could write more, but I suspect you lost interest after the first sentence.

    ReplyDelete
  3. Judge, I want to provide you with additional info regarding the ability to keep the contents of a cell phone from being recovered. Here is a NSA document telling you how to ensure that classified information cannot be recovered from a digital device like a cell phone. NSA uses these methods because they know that short of complete physical destruction of the device the data can be recovered. Note that there is no asterisk saying that if you have an iPhone you can just throw it in the trash because it's impossible to retrieve the data in it's memory :-)

    SOLID STATE STORAGE DEVICES
    5. Solid state storage devices include random access memory (RAM), read only memory (ROM), Field Programmable Gate Array (FPGA), Smart Cards, and flash memory.
    a. Sanitization: Sanitize solid state devices using one of the following procedures. Remove all labels or markings that indicate previous use or classification.
    1) Disintegration: Disintegrate into particles that are nominally 2 millimeter edge length in size using an NSA/CSS evaluated solid state disintegrator; see Reference g. It is highly recommended to disintegrate solid state storage devices in bulk lots with other storage devices.
    2) Incineration: Material must be reduced to ash.

    ReplyDelete
  4. This article answers your question: https://recode.net/2016/02/19/san-bernardino-suspects-apple-id-password-was-changed-after-shooting/

    ReplyDelete
  5. Judge, this article explains how the password was in fact reset after the shooting, but also how this only allowed access to information already uploaded to the Cloud: https://recode.net/2016/02/19/san-bernardino-suspects-apple-id-password-was-changed-after-shooting/

    ReplyDelete
  6. This issue here is not whether or not the data can be retrieved. The issue is how it can be done easily in a timely manner. The Government wants manufacturers to put in a software "back door" so that if you have the back door key you can easily and timely retrieve the information so you can investigate criminal activity conducted via a cell phone.

    Here is an excerpt from an abstract on reading memory by directly examining the amount of electrical charge contained in a memory cell.

    During a failure analysis of integrated circuits, containing non-volatile memory (NVM), it is often necessary to determine its contents while Standard memory reading procedures are not applicable. This article considers how the state of NVM cells with floating gate can be determined using scanning probe microscopy.

    ReplyDelete