As part of Apple’s continuing quest to raise support for its side of the Apple/FBI iPhone encryption backdoor debate, Craig Federighi has written an opinion piece in The Washington Post. Unsurprisingly, the Apple executive repeats much of the arguments Apple has already made, indicating that hampering security efforts in technology is counterproductive:
To get around Apple’s safeguards, the FBI wants us to create a backdoor in the form of special software that bypasses passcode protections, intentionally creating a vulnerability that would let the government force its way into an iPhone. Once created, this software — which law enforcement has conceded it wants to apply to many iPhones — would become a weakness that hackers and criminals could use to wreak havoc on the privacy and personal safety of us all.
Federighi admits that security is an ongoing battle, where you can step ahead of the bad guys but also fall behind. He suggests that the future software depends on strong encryption and ‘we cannot afford to fall behind those who would exploit technology in order to cause chaos’.
Federighi says that the government’s suggestion that security systems present in iOS 7 was good enough is illogical. This has since been cracked and is now available commercially to empower ‘attackers who are less skilled but often more malicious’. Apple changed its encryption strategy with iOS 8 on onwards to entangle the data with the device passcode, making decryption only possible with the user password. Federighi says software created for the wrong reason has the capacity to ‘harm millions of people’.
I became an engineer because I believe in the power of technology to enrich our lives. Great software has seemingly limitless potential to solve human problems — and it can spread around the world in the blink of an eye. Malicious code moves just as quickly, and when software is created for the wrong reason, it has a huge and growing capacity to harm millions of people.
If you haven’t been following the Apple/FBI case, the government wants Apple to create a special version of iPhone firmware that will circumvent certain security provisions to enable the government to brute-force passwords (trying every single 4-digit combination) in order to gain access to the San Bernardino shooter’s iPhone data.
The government wants Apple to create code that will disable the delay between successive PIN attempts and disable the erase function after 10 attempts. If Apple is forced to make this tool, the government will be able to gain access within 30 minutes. Apple says that making this tool weakens the security of iOS devices for everyone, not just the bad guys. Apple has received formal support from over 40 companies, defending the need for strong encryption. Apple is arguing that the government’s motion to compel is unconstitutional. Listen to Apple’s head lawyer discuss their legal position in a fifteen-minute interview with Bloomberg.
Apple and FBI begin their court battle on March 22nd, a day after Apple is expected to unveil the new 4-inch iPhone SE, a 9.7 inch iPad Pro and more at a special media event in Cupertino.
Read Craig Federighi’s full op-ed on The Washington Post website.
FTC: We use income earning auto affiliate links. More.
I think it will be so funny if the FBI eventually say with a smile “do you know what, you are right”… then you know theyve cracked it… just because it’s encrypted, doesnt mean it’s impossible to hack… it just means the current one is very very very difficult —
Maybe it wont be hacked soon… but possibly by the end of the year.
Well, I mean, it’s not really about “hacking” so much as it is guessing the encryption key. Problem for the FBI is, there’s almost no interface into the iPhone’s filesystem without the passcode.
technically they just need a fingerprint — it is possible to make a silicone mold … it’s been done on youtube…
pdixon1986: Well, the phone in question is 5C, no Touch ID on that one. But going forward yeah.
TouchID becomes deactivated after two days of not using it. Sometimes mine gets deactivated over night and I have to enter my 20-character password again. Very annoying bug!
@pdixon1986: “technically they just need a fingerprint”
Which finger and which part of the print? You only get a couple of tries before TouchID is disabled and a passcode is required. So unless you know exactly how TouchID was set up by the original user, chances of getting in that way are extremely slim.
They had the disable after 10 unsuccessful tries. Also, isn’t there a feature where there is waiting period after 3 unsuccessful attempts? If they didn’t have those two features turned on, they claim they can get into a phone within 26 minutes because I guess they have some sort of device that speeds through the different password combinations quickly.
Well that is as easy as using the Lightning-USB to connect a low power keypad, but the 3-attempt timer and 10-attempt wipe functions make that brute-force method useless.
I absolutely love when people who have no idea what they’re talking about speak as though they are experts. Well done, pdixson1986.
Well no-one are going to be cracking AES256 encrypted data anytime soon…
I thought there is a way to get access to the data as long as they have an actual backup (on a computer or through the cloud). I mean if we forget our password, don’t we just reset the unit from scratch and restore from our backup? The phone by itself maybe difficult or impossible, but not if you have it backed up. Isn’t that why the FBI couldn’t do it is because they didn’t have a back up on the cloud or with a computer and they changed the iCloud iD password before getting the device backed up??
Here’s a YouTube video of some guy getting into an iPhone with iOS 9 without a password. I don’t know how legit it is, but he seemed to figure out a way to do it.
https://www.youtube.com/watch?v=lQUIdnkmurI
That video is not legit. It has been debunked. The FBI has the backup, but it is old. I think like 60 days old. They are looking for stuff that might be on the phone but after the last backup. They got the backup from iCloud which is not encrypted or at least encrypted by Apple so Apple can break the encryption.
But also this is really not about this phone. There really is little evidence that these folks were involved in or connected to anything really large. Maybe there are encouraging emails from some folks associated with ISIS, but probably not much more than that.
Basically breaking encryption will be used to prosecute drug cases and not terrorist situations. That is kind of the main thing the government focuses on.
Great opinion piece Craig! Keep fighting for our privacy.
If you think a multi billion dollar company cares about your privacy I got a bridge to sell you. They don’t need a backdoor.
Well, they are publicly going on record that they don’t want to create a backdoor, and they are also going public saying they can’t hack into that phone’s password. Those were testimonies in a court hearing. So i don’t know where you get your nonsense from. How can Apple just look at your phone contents without having your passcode or a backdoor? Do you have proof that they do? Getting a call log of to and from is from the cell carrier.
You can keep a back up on your own computer which they don’t have physical access to.
What makes me laugh is statements like yours without any valid data or proof to back up your statement. Just because Google scans people’s emails doesn’t mean Apple does it.
Ya gotta have some proof, do you have any? Just checking.
“Just because Google scans people’s emails doesn’t mean Apple does it” LOL !! Burned !
Maybe Apple is a multi billion company today, because it does care about their customers, and their privacy.
Rich,
The flipside of your argument is, without a shred of proof, you believe they can’t get into this phone. Because they say so. Because they say so IN COURT (oooh, scary). I’m not agreeing with Bob Dylan, I’m saying shame on you for being so naive and trustworthy.
Its a boring issue of semantics anyway. When they say “we don’t want to build a way to do this” it actually means “we absolutely have a way of doing this right now we just have no interest of making that public.”
Tim Cook’s personal life was illegal not very long ago in this country. I suspect he takes privacy very seriously because of that.
boycot apple
hahaha .. Trump
Boycott Trolls – like Bob Dylan (why couldn’t you pick a better name to hide behind, something Fitting like . . . Putin or Bush or Trump? Or are you John Smith with another disguise?)
Trolls – not an original one in the basket
they don’t need a back door i can break into a phone without this. you do know what jailbreaking is getting root access.
Its not the same thing.
You need your passcode disabled if you want to jailbreak.
How can you put jailbreaking on someone else’s phone without their passcode? If it’s your own phone, you can install Jailbreaking software, but not everyone has or wants jailbraking software on their device. It’s certainly not supported by Apple.
I see your user name is the same as a 1960’s Folk Singer. Perhaps you might like to remember the words to ‘The Times they are a changing’. You wrote them right? (sic)
I absolutely love when people who have no idea what they’re talking about speak as though they are experts. Well done, Bob Dylan.
Good opinion Craig, I thunk Apple is right and that they need to win tge case for us, the customers that want our privacy.
By the way hashtag WWDC 2014
Encourage all companies to improve the security on all our devices. Protect us from hackers and governments. Join me in signing the petition >>> http://1.usa.gov/1R9A4cM
Away from the main topic here “or kind of” .. I admire this guy “Craig” .. Genius
From my seat at the table, forcing companies to circumvent security in their products will render them pointless. Those products will still provide a useful purpose but in a compromised manner. The world is full of individuals, companies, governments that will exploit any weakness in tech products if there is sensitive data to be had and exploited. Consider this, if smart phones (for instance) can be completely hacked, how secure will you be with the info stored there — credit cards, health, financial, private communications? Will you still be willing to trust the safety of the information critical to your financial and personal life? Increasingly, so much of our personal, financial and medical information is being stored in this one place. For me personally, if the government prevails and forces companies to compromise the security of their products then I would revert back to the 1980’s — a dumb mobile phone–no “smart” devices, paper bills–no online payments, etc. In other words, I would lose trust in the systems that protects vital information important to me and my well being. If others think along these same lines, then think what this will do to our current economic structure. How many years/decades would this take off of our economic progress? What will this cost us in the long run — in dollars and civil liberties. These are just some of my early thoughts on the issue at hand. Hopefully smarter minds will discuss all the merits involved and come up with a reasoned solution, a solution not based my media hype or Monday morning quarterbacking.
That letter from Craig is a really good letter.
We need to cut through the BS.
Apple thinks this will sell more phones.
If they thought no security at all would sell phones then they would do that.
Don’t be taken in by multi-billion dollar corporations pretending to be helping you.
They do whatever makes them money.
While what you say is probably true I don’t care what reason they have if what they do to keep their brand value is protecting my privacy. Also I do believe there are passionate people that have a say in what this company does.
Hi Victor –
Apple aren’t protecting your privacy.
The FBI isn’t interested in your phone – even if you leave it with no PIN set, they still aren’t interested, they have better things to do.
You and I need protection against phone thieves and hackers, the FBI is irrelevant.
Apple protecting the privacy of (dead) murderers is not about protecting yours or my privacy, it’s about marketing.
It is not really the US that Apple is worried about. If the US courts issue an order saying Apple needs to break the security of the phones, then next month a court in China and Russia will issue a similar order. Apple’s phones are all made in China and that is their second biggest market. The order from the Chinese court will be legal in China and consistent with their laws. What is Apple going to do then? And when our executives travel to China and get asked to hand over their phones at the border . . . Just for a little while. Well there you go.