Who Do They Think They Are?: The Apple Customer Letter

05:35

On February 16, 2016, Apple drew a line in the sand. As these things do often do, this line came in the form of an open letter.

The Apple Customer Letter was published on Apple's website and is signed by Apple CEO, Tim Cook. It's a response to a judicial ruling requiring Apple to assist the FBI in unlocking (decrypting) the iPhone 5c belonging to Syed Farook, a suspect in the San Bernardino shooting.

The internet is freaking out. For better or worse, the internet is the most interesting when it freaks out.

But when the internet freaks out... it's not exactly... logical. To ensure my comment is fair, reasonable, and as informed as possible .... and also because my history teacher always made me go to primary sources, whenever possible ... I read the Order.



(Obviously, this is only part of it. The whole this is here)

Apple is ordered to:

(1) Assist the FBI in enabling the search of Syed Farook's phone (including providing reasonable technical assistance).

Assist the FBI do what?

  1. By-pass or disable the auto-erase function that kicks in when you've entered the incorrect passkey too many times.
  2. Submit passcodes to the phone  to break the passkey; and
  3. Ensure that any other software on the phone doesn't prevent the FBI from accessing the phone.

I'm going to call these the "Search Objectives".

Basically, they want to look at Syed Farook's stuff and the stuff on his iPhone is hard to get at. Apple is being ordered to help get at the stuff on the phone.

(2) In order to achieve the Search Objectives, Apple must provide "reasonable technical assistance". 

What is that?

"Reasonable technical assistance" may include:

  1. Providing the FBI with signed iPhone Software file, recovery bundle, or other SIF (Software Image File) and
  2. Coding the SIF
It's important to note that the "reasonable technical assistance" is not limited to (1) or (2) and could potentially include ANYTHING that helps the FBI achieve their objective of getting into the phone.

(3) The Order also outlines some requirements and limitations:

"The SIF will load and run from Random Access Memory ("RAM") and will not modify the iOS on the actual phone, the user data partition or system partition on the devise's flash memory. The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE. The SIF will be loaded via Device Firmware Upgrade ("DFU") mode, recovery mode, or other applicable mode available to the FBI. Once active on the SUBJECT DEVICE, the SIF will accomplish the three functions specified in paragraph 2 [Search Objectives]. The SIF will be loaded on the SUBJECT DEVICE at either a government facility, or alternatively, at an Apple facility; if the latter, Apple shall provide the government with remote access to the SUBJECT DEVICE through a computer allowing the government to conduct passcode recovery analysis."

Translation:
  • Apple is being compelled to write software that will be loaded on to Farook's iPhone
  • This software will boot up, but won't make any changes to the data stored on the device
  • The software will disable the security feature of the iPhone that kicks in after 10 failed passcode attempts - allowing the FBI to make the billions* of attempts required to determine the right passcode. The FBI will be testing every possible pin. This process will likely take a few days. (*exaggeration for rhetorical effect - calm down people! Professional know-it-alls tell me there are approximately 10k possibilities for a four digit pin and that, worst case, it would take 13 minutes to crack. A six digit pin brings with it 1 million possible combinations and would take 22-23 hours to crack)
  • The software can only work on Farook's iPhone and won't work on any other device
  • The software can only assist the FBI meet the Search Objectives - nothing else
  • The software can be loaded onto the device at Apple's place or the FBI's place (but the Order is silent on who determines which place is better - odd given Apple's obvious preference will be there place. Home field advantage would give the more control over how the software is used.)
If Apple thinks they can achieve the Search Objectives by another means and the FBI is OK with that - that's OK too.

Apple gets to charge a reasonable cost for providing this service.

Apple doesn't have to keep a copy of user data. The FBI is responsible for the data.

Apple had 5 days to apply to the court if it thinks anything in the Order is too burdensome.

...

and that's that.


Things you need to know:

(1) The method being proposed (creating a disk image of the content of the phone without altering any of the data) is a common forensic investigative tool. Law enforcement often investigates devices using this method. It allows them to say, "look what we found" and "we haven't tampered with any of it".

(2) The FBI is not asking for a copy of the software Apple will write - in fact it's possible the FBI will never even have access to the software (if this is all done at Apple's facility).

(3) Non-descructive collection of evidence is always preferable to destructive (or potentially destructive) methods. The FBI could access the iPhone using a risky maneuver where they drill the phone and view microchip under a microscope - BUT they would only have one chance to get it right. From the FBI's perspective, the stakes are simply too high to get the information this way.

Is this idea of someone (or some company) being ordered to help law enforcement execute a search a crrrazzaaay new thing? No. We have assistance orders in Canada (Criminal Code s.487.02). If a judge issues a warrant for the search for stuff on my phone, and I have passcode on my phone, as long as a person's (or company's) assistance is reasonably required to access the stuff they're looking for, then theoretically the judge can order the person or company to assist in busting into my phone.

I say theoretically because this issue has not yet been dealt with in Canada (obviously... otherwise you would have heard about it). BUT assistance orders have very recently been used to require telecommunications companies (like Telus) to provide subscriber information to police (H.M.Q. v TELUS). Soooo.... something like what's going on now in the US between the FBI and Apple could happen in Canada - and likely will.

The Order seems to contemplate Apple retaining the backdoor firmware (ie Apple gets to keep the key the Order is forcing them to create) while only allowing the FBI to access the data. This makes sense. Like forcing a landlord to use her master key to open the door to the apartment of an accused drug dealer, Apt. 221B, without making the landlord hand over the master key and her last three year's of income tax returns.



What if the FBI suspects apartment 221C houses the operator of a child pornography ring?

All of a sudden, the FBI is going to be really tempted to make a copy of that master key without the landlord's knowledge.

This is why the Apple Customer Letter matters.

Full disclosure: I am writing this on a mac, with my apple wireless keyboard, using apple wireless mouse, and wearing my apple watch; I'm ignoring a FaceTime call that's coming in on my iPhone and my iPad mini (at the same time - how have they not solved this yet? #firstworldproblems). The call I'm ignoring is from my husband who is calling to brag about how great his new iPad Pro is and that I should get one sooner, rather than later.

I'm a bit biased.

.... I am also broke ....

Everytime a new apple product comes out, I do this:


I am completely vested in this "whole technology thing." My practice is largely paperless. There's no turning back now. I've crossed the rubicon.

Other brands have enthusiastic followings...


But none of them have achieved the status of having a zombie horde of people with disposable income (or student loan money, as the case may be) scratching at their doors, just waiting to buy the  next Apple product. My point is, Apple isn't like other companies. They're ubiquitous. They've created the single most personal THING... ever. Our relationship with technology has changed. In essence, Apple has had a very large hand in created the very problem we're facing here - but I digress.

Together, my Apple products know EVERYTHING about me. EVERYTHING. All the information about some lawyer in Sydney, Nova Scotia may not be that powerful. BUT all the information about everyone is.

The most apt political cartoon on this was drawn by Dave Simonds and published in the Economist.


Look at this. The little guy. The big scary government people. The not so subtle reference to a brute-force attack. Absolute gold. But it's not accurate - for three reasons:

  1. The FBI likely won't be wearing combat boots when they attempt to do this - think mid-priced suits and uncomfortable ties;
  2. "Password Required" doesn't show up on a locked iPhone (it actually says "Touch ID or Enter Passcode" - which is an important distinction); and
  3. Most importantly, there's only one phone. (I will forgive the talented Mr. Simonds for his artistic licence)

Yes, the Order is only for the one phone.

Yes, Apple will retain the software the order is forcing them to create.

Yes, .... terrorists.

BUT the law, my friends, is based on precedent and precedents are set one at a time. It's called stare decisis: the legal principle requiring judges to make decisions based on previous decisions. It ensures the law is fair, even handed... and takes hundreds of years to decide women are people.

Basically, stare decisis is how a ruling about sheep breaking on the the land of a bishop in 1803 has any bearing me suing my neighbour for snow-blowing all his snow on my lawn.

In law school we're told something frightening about precedent: hard cases make bad law.


Oliver Wendell Holmes, Jr., US Supreme Court Justice, said this (how he found time to be so brilliant, between brushing that fabulous moustache and advocating for freedom of expression, I'll never know).

The expression "hard cases make bad law" follows me around these days. Terrorists, while not personally scaring the crap out of me, are scaring the crap out of our society. Jurists aren't supposed to be affected by this fear, and let's say for the sake of argument that they're not, BUT the FBI aren't jurists - they're the government. Who is the government?

It's us.

I'm a Canadian, I don't get to vote in US elections, but I am a consumer of products from the US, which some would argue is a more poignant distinction in this age of globalization. So when I say "us", I mean... ya know... people who are not "them". What a rabbit hole.

Government is "us" in the sense that we vote, yes... and "us" in the sense that the people in power, for better or worse, have their fingers on our wrists, checking our collective pulse... and, man, our hearts are pounding. We are scared.

BOO! Terrorism.

It's ok. That was just a drill.

Whether the fear is grounded, manufactured, or Trump-ed up, is not relevant. The fact remains. We're scared. The FBI knows this. They want more tools to make us not scared, or to protect us, or whatever...  for the purpose of this post it doesn't matter why.

The point is, the FBI made the decision to request the Order. What's interesting and what is being largely ignored is the FBI made the decision at a very good, strategic time. They made it at the height of our fear. The San Bernardino shooting set up a hard case. What followed, as predictably as it always has, is bad law.

It's not "bad law" in the sense that it's over-broad or allows for the invasion of privacy beyond what the law previously allowed - not so. The Order itself is actually a reasonable application of the US's version of what is basically an assistance order. It's "bad law" in the sense that a precedent has been set to force a private company to create something in order to permit the government to break encryption.

Only on one phone? Only because... terrorism?

Don't be naive.

The Apple customer letter matters...


Because this guy is talking about "closing up" parts of the internet... whatever that means. (Note: I refuse to post ugly pictures of Donald Trump, I think his words/actions are sufficiently ugly... thank you very much).

... and whatever "closing up" the internet means is a topic for another time.

Trump also responded to the Apple Customer Letter with this:

I agree 100% with the courts. In that case, we should open it up. I think security overall — we have to open it up. And we have to use our heads. We have to use common sense. Somebody the other day called me a common-sense conservative. We have to use common sense. Our country has so many problems.

Mr. Trump ... Donald. Honestly.

Clearly, this discussion of limiting what some people can use the internet for is part of a wider debate regarding net neutrality, privacy, and freedom.

As a Canadian with an interest in American culture, I've had the opportunity to view Republicans in the wild. They appear to value freedom above all else... they also have an odd fondness for mashed potatoes that come in boxes. You'd think Mr. Trump's comments regarding privacy wouldn't resonate with voters; however, his status as a clear front-runner for the republican nomination would suggest the opposite.

Interesting times.

I, for one, would like to educate Republican voters on the connection between their right to carry a gun and their right to privacy - but that's for another time. (Spoiler: I'm going to release a series of children's books).

Someone seems to understand the importance of privacy.

Enter John McAfee. Anti-virus anti-hero, part-time YouTube sensation, and all-round interesting character.


If you think he looks more metal than nerd.... you don't know anything about computer programmers.

John McAfee isn't exactly a wilting violet. He's currently in the running to be the 2016 Libertarian Party presidential candidate (#McAfee2016). It's not exactly surprising when a Libertarian scolds the government, Mr. McAfee's response to the Order is... just ... too excellent:

And why do the best hackers on the planet not work for the FBI? Because the FBI will not hire anyone with a 24-inch purple mohawk, 10-gauge ear piercings, and a tattooed face who demands to smoke weed while working and won't work for less than a half-million dollars a year.

Aside from the half-million dollar a year part, I have one of these people living in my house (#husband). I can say from experience, if you have no idea what you're talking about and you think computers are made of blinky lights, you ignore them at your peril.

McAfee continues:

So here is my offer to the FBI. I will, free of charge, decrypt the information on the San Bernardino phone, with my team. We will primarily use social engineering, and it will take us three weeks. If you accept my offer, then you will not need to ask Apple to place a back door in its product, which will be the beginning of the end of America.

I love this guy. What a trouble maker.

Seriously though, the FBI won't take this offer. Mainly because John McAfee just insulted them, BUT also because the FBI is using Farook's phone to set a precedent. Why set the precedent?

**The following is not a conspiracy theory**

The government wants to know what's on your phone. Why? Because knowledge is power and power is awesome.

It's as simple as that. Even if the government doesn't have a specific use for the information right now, they want as much of it as they can get. They'll just, ya know, store it away for later. That's not what they're trying to do in this particular case, but the closer the government can get to knowing EVERYTHING the better (from the government's perspective).

How will this affect Canadians? Well, we all have iPhones. If you don't have an iPhone, you have a laptop. If you don't have a laptop, you have a desktop. If you don't have a desktop... then you've somehow managed to upload your consciousness to the internet and have decided to read this post (I'm flattered, thank you).

Apple has the capability to break into our phones. It's not the individual software Apple is being required to write that's the problem - Apple can likely patch/fix any specific vulnerabilities they'll exploit to break into backdoors on subsequent software updates. The real problem is the law. We've made bad law and that law can influence Canadian law. If nothing has been said on a new/novel legal question in Canada - we look to other countries for the answer - usually the US and the UK... and what poor examples they are when it comes to protecting the privacy of their citizens.

This is why the Apple Customer Letter matters to Canadians. BUT it also matters to Canadians because we, like our odd-ball cousins to the South, are a democratic country. Democracy is great, until some yahoo gets elected on platforms of closing up the internet and "opening up" our privacy. Then where are we?

As he is by many things (including cantaloupe slices), Mr. Trump was incensed by the Apple Customer Letter. He said, "Who do they think they are?"

To answer Mr. Trump's question (I never thought I'd ever type that): Who does Apple think they are?

They are our representative. We've elected them. Apple has come to power not by having their names marked on the most ballets or through some weird voodoo ritual (which is how I imagine senators are appointed), but by convincing us we want what they produce. Customers vote with their feet, and a lot of us vote Apple, and we've all voted to depend on our digital devices. They're part of our lives, there's no going back now.

Apple would have been remiss had they simply helped the FBI to break into the phone without a court Order. Resisting the FBI is basic corporate responsibility.

What about resisting the Order?

They simply must.



Apple represents a population who thinks computers are made of blinky lights. We've been rendered stupid when it comes to computers because Apple has made them work so very well (psst. knowing how to put your phone on airplane mode does not make you a computer programmer). This means Apple has taken on a significant and weighty responsibility of knowing when a change in the law could adversely affect our rights.

When I say Apple. I say the people who know what the blinky lights mean. They're in the best position now to understand what this Order means and how it will affect us.

(Oh my god I get to say it again) - "With great power comes great responsibility." - Uncle Ben 

Apple knows this.




I'd like to thank professional know-it-alls @angryMCU and @jzsavoie for their help in translating the Order and for their general know-it-all-ness (which includes sarcastic proofreading).

You Might Also Like

0 comments

Popular Posts