The Encryption Debate

Note: For those out of the loop, I'd recommend you read this, this and this, before continuing with the article.

What is Apple being asked to do?

Syed Farook's phone is a iPhone 5c, a model sold in the late 2013. This model supports full-disk encryption, which means you cannot read the memory of the iPhone (for example, by desoldering it and reading it on a computer) without having a decryption key. The decryption key consists of a hardware ID entangled with the user's password.

The FBI is requesting of Apple to create a modified phone OS that will contain the following modifications:

  • Allowing the FBI to enter an unlimited number of passcodes without damaging the phone or the data (iOS can be set to delete the decryption keys if the passcode is incorrectly entered 10 times)
  • Allowing the FBI to enter the passcodes without any delays. iOS increases the delay after every incorrect passcode entry.
  • Allowing the FBI to enter the passcodes electronically, not by typing it manually into the phone, increasing the speed of entry.

The FBI is citing the 18th century law called the "All Writs Act" (more info), a general-purpose law that allows the authorities to require the aid of a third party to execute a previous court order, "when deemed necessary or appropriate".

Syed's phone lacks a Secure Enclave, the separate crypto coprocessor that newer models include. The Secure Enclave is a "black box" that accepts an input of encrypted data and a passcode and outputs either an error or the decrypted data. It is designed as to not be controlled by the main processor, therefore being inaccessible to the phone's OS.

Without the Secure Enclave, Apple can write an OS that will allow the passcode to be entered without any damage to the phone, and without delays (since the delays are not enforced by hardware, but instead by the OS).

Why can't the FBI create the OS manually

The FBI could create it's own software update for iOS that would remove the restrictions outlined above, however, iPhones are designed to only install an update signed by Apple's private encryption key. Since the FBI doesn't have such a key, installing the update to the iPhone is impossible.

Didn't Apple already unlock 70 other iPhones?

Some state that Apple has already unlocked 70 iPhones, so they should unlock this one, too. However, the truth is not that simple.

The iPhones Apple has unlocked were older models that didn't support full-disk encryption. Apple already has the software that allows them to bypass the passcode screen, and use such software in the Apple Stores to unlock the phones for customers who have forgotten their passcode.

However, that is not possible with encrypted iPhones, like Farook's iPhone 5c.

Why is this important?

The FBI isn't requesting Apple backdoor Farook's phone, and only that particular iPhone. FBI is looking to create a legal precedent that will allow them to request the installation of a backdoor to any iPhone that comes under their possession.

They're playing the terrorist card, and looking to make it easy for them to request unlocks of other phones in the future, for much lighter crimes.

Additionally, if the code was leaked, which we know it will get leaked (if it gets created), all iPhones would be vulnerable. Anybody could download a torrent, plug in your iPhone while you're away, and install the backdoor.

The backdoor is a very dangerous "master key" (as Tim Cook put it), and it must not be created. It can be created, because Apple has the ability to install anything onto a phone they made. But it shouldn't exist.

Because, our privacy and our security are at stake.