Bayard & Holmes

~ Piper Bayard & Jay Holmes

and

Guest Author & Information Security professional Chris Magill

The FBI wants Apple to rewrite code for iPhones in order to break into a phone used by one of the San Bernardino terrorists. Apple said no. They are now embroiled in a lawsuit.

On March 1, the FBI admitted exactly WHY it needs Apple’s help. The FBI was in the phone, with access to everything it needed. Then someone at the FBI changed the phone’s password. They forgot the password. Now, the FBI can’t get back in the phone.

In other words, the FBI is asking that it be allowed to gut the constitutional rights of every American in perpetuity because it made a sophomoric boo-boo.

This begs some questions . . .

1)  Why doesn’t the FBI just ask the NSA for the information?

The cat got out of the Snowden bag a few years ago that the NSA collects and stores every electronic communication that takes place in America, including and especially phone communications. Investigating the San Bernardino jihadis and their play pals is EXACTLY why the NSA collects and stores these communications. If the NSA can’t give the information to the FBI, they need to give US citizens a refund of the untold fortunes they have wasted on this data collection. (See Spooks Without Boundaries by Piper Bayard.)

2)  If the NSA for any reason can’t give the FBI the information it needs, why doesn’t the FBI ask Israel or one of the Five Eyes nations?

Again, thanks to the Snowden cat, it is public knowledge that the White House allows Israel and the Five Eyes nations (Canada, UK, NZ, Australia) access to the raw data that the NSA collects on Americans. If the NSA can’t give the FBI the info, we’re sure that for a few shekels, Israel would be happy to find it for them.

3)  What does this lawsuit mean for the American citizen?

To give you the best information possible, we have invited Information Security professional and privacy advocate Chris Magill to answer that question for us . . .

Internet bugs Canstock

Apple vs. the FBI: What This Case Means for YOU

By Chris Magill

Apple and the FBI are currently locked in a struggle over your right to privacy. The Federal government has asked the courts to require Apple to change its code to allow FBI agents to read protected data on an iPhone believed to belong to one of the San Bernardino attackers. It also wants this capability to be applied to all iPhones, even yours.

So, the question becomes should private citizens be allowed communications capabilities which cannot be read by the government?

By law, there already are communications which are protected from government eyes. For example, attorney-client privilege prevents the government from listening in on private conversations when discussing legal strategies. As Americans, we also have the protections of the right to Freedom of Speech and the right to Freedom of Assembly. Allowing government access to our phones without a warrant destroys these rights.

What is cryptography?

Cryptography is a mathematical operation that replaces plain text with scrambled characters that can only be correctly interpreted by someone who holds the secret “key.”

Cryptography has existed for thousands of years. It was a vital means of protecting communications during the Revolutionary War. Thomas Jefferson greatly improved cryptography after the founding of our country when he developed the Wheel Cipher while serving as George Washington’s Secretary of State. Yes, the United States once had a Secretary of State who understood the importance of cryptography. In the iPhone, the iMessage feature encrypts instant messages between recent iPhone versions, making it very difficult to be read by anyone other than the intended recipient, even with access to the device.

What is a backdoor?

A backdoor is an easy-to-decrypt method for governments to read content on devices that would otherwise be very difficult to access.

Think of it as though the Federal Government sought to require you to leave your patio door unlocked in case a police officer needs to access your living room during an investigation. Obviously this would be ridiculous. Only a tiny fraction of homes would ever need to be entered by police, yet everyone would be at risk from criminals entering the unsecured door. Backdoors are a dangerous idea for two reasons. First, they require a known weakness, which can then be exploited by hackers or online thieves. And second, backdoors enable government to bypass the judicial branch to spy on citizens in violation of our rights.

Aren’t bad guys protected by cryptography?

Yes, in the same way that bad guys are protected by the Constitution.

We have constitutional protections against unlawful search and seizure. These protections should also apply to the communications we share and the contents of our devices we rely on in our daily lives. The iPhone isn’t the strongest available way to pass secret messages. A determined adversary will find communications methods that can only be countered by diligent, labor-intensive traditional law enforcement and counterintelligence methods.

I haven’t broken the law, so I have nothing to hide. How does this affect me?

By the 1980s, the Justice Department estimated there were approximately 3,000 criminal offenses spanning more than 23,000 pages of Federal law. Even if you are the best attorney in the world, it’s unlikely you could even know for sure whether you’ve never violated any of them.

If the government decides to prosecute you, they have a huge arsenal of regulations to select from which you will have to defend against. Skilled cyber criminals, spies, and terrorist organizations already have access to encryption that is theoretically unbreakable. The bad guys don’t rely on commercial encryption products in consumer devices.

A government backdoor does not make you any safer from terrorism.

It does make it easier for governments to find and target those who disagree with them. This is a concern in modern day America. Ask any conservative group targeted by Lois Lerner’s IRS. With government access to a backdoor to your phone, finding people who have a differing political view becomes as simple as a Google search.

What else can happen if cryptography is compromised?

This has happened in the recent past. In 2011, Comodo was compromised by a nation state-affiliated hacker group.

Comodo is a registration authority that creates cryptographic certificates which tell your web browser the web sites you visit are who they claim to be. Fake certificates were created that enabled the government of Iran to intercept and read the personal emails of citizens using Gmail and Hotmail. We will likely never know how many Iranian dissidents were rounded up and imprisoned (or worse) as a result of this compromise. Weak encryption makes it easier for oppressive governments to spy on their own citizens and crush dissent. Weak cryptography is also a factor in most, if not all, data breaches. If your identity was stolen in any of the countless data breaches, such as Target, Home Depot, Experian, or OPM, you probably have weak or compromised cryptography to thank.

What next?

Governments have an insatiable appetite to know everything about their citizen’s activities, acquaintances, political views, and beliefs. They also have a desire to prevent citizens from having capabilities that are difficult for them to counter.

The Apple vs FBI case is not about terrorism or crime. This case is about control of the transfer of ideas.

You are the government. You select your representatives. They work for you. They derive their authority from you. You have the power to demand that they stop. Tell your representatives to block efforts to weaken freedom of speech by banning civilian access to strong encryption. Tell them to prevent the government from requiring tech companies to enable spying through commercial products.

Allowing the government to secretly spy on all Americans is the digital equivalent of book burning. Ideas that are found distasteful to whichever administration holds power can be sought out and banned, and those citizens with undesirable views targeted for retaliation or punishment. Far from protecting us from terrorists, such actions only serve to weaken our democracy.

Sources:

TechTarget: “A breach at a registration authority caused Comodo to issue nine fraudulent certificates, enabling an attacker to impersonate some major websites and servers.”

http://searchsecurity.techtarget.com/news/1529110/Comodo-warns-of-serious-SSL-certificate-breach

CNet: “Apple’s iMessage encryption trips up feds’ surveillancehttp://www.cnet.com/news/apples-imessage-encryption-trips-up-feds-surveillance/

Chris Magill is an Information Security professional and privacy advocate. When he isn’t helping companies manage their cryptographic systems and hunting down hackers, Chris enjoys spending time on his small ranch with his family in the Pacific Northwest chasing horses around. His LinkedIn profile is https://www.linkedin.com/in/cmagill