Posts made in February, 2016

A Take on Apple Vs FBI by EfficiencyNext’s President

Posted by on Feb 25, 2016 in From the Cloud, From the Mind, Uncategorized | Comments Off on A Take on Apple Vs FBI by EfficiencyNext’s President

Note: The opinion in this blog post is that of Paul Katz, President of EfficiencyNext LLC. There has and continues to be a vigorous debate among EfficiencyNext staff, with many going #teamfbi and others #teamapple. The current Apple Vs FBI issue with regard to accessing a terrorist’s iPhone 5c has been a subject of active debate within technology and non-technology circles. The position held by many in technology is that Apple is correct in this specific matter. I, however, feel the FBI should prevail in this one specific case. Detangling Things There has been much talk about back doors and weakening encryption with regard to the court order for Apple to unlock the iPhone 5c used by Syed Farook, one of two the shooters in San Bernardino terror attack . The iPhone in question is owned by the San Bernardino County Department of Public Health, which has given complete consent for the FBI to access the phone. The court order is not aimed at weakening the iPhone’s encryption. Instead, the court order requires Apple to build a custom operating system that can be installed on the specific iPhone involved, which will: Nullify the auto-wipe feature Remove delays between PIN code attempts Allow for PIN attempts to be conducted at a rate of 80 milliseconds per attempt Apple, through signed encryption security, is the only party that can load a custom operating system on an iPhone, by their own design. This is why the FBI, through the court system, has compelled Apple to build the custom OS, and brute force determine the PIN to unlock the phone. The request is made under the authority of the All Writs Act to help service a valid search warrant. Hence, this particular case is not about encryption, but rather having Apple create a technique they can run themselves (and only them) which bypasses login security mechanisms. Why I Believe the FBI is Right Apple’s Government Information Requests policy currently states “For all devices running iOS 8 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess.”. Apple failed to consider the possibility that the All Writs Act might be employed to compel them to unlock phones via their authentication mechanisms. In my opinion, (I’m not a lawyer BTW), the All Writs Act applies. Apple seems sufficiently related to to this matter, and building a custom modified OS for a company of their size and financial ability doesn’t seem an undue burden. Under the current Law, I don’t see Apple having much of a case. And concern for precedents must cut both ways. If Apple, one of America’s most powerful corporations, is able to refuse to help service a court approved warrant, how many other companies can follow suit?   The Advice Apple Should And Can Give Each iPhone has the ability to accept passwords and phrases far more complex than a four or six character numeric code; the option is there, just buried a little. A six digit numeric pin has one million possible combinations (000,000 through 999,999). Brute force at about 12 attempts a second would take just under 24 hours. This is what the FBI is banking on. That said, A six character password (alphanumeric + special characters) has over 281 trillion possible combinations (281,474,976,710,656) by my count. Presuming the password isn’t readily guessable, we are looking at 6,515,624,460 hours of bulk attempts to brute force the password. Even sticking with numbers, a user can have a nine character numeric password with a possible one billion...

Read More