A Byte of Apple

backdoor_feat0825By now you should have heard about Apple’s battle with the federal government over the unlocking of Syed Rizwan Farook’s iPhone for use in the investigation of the San Bernardino shootings. If you have not been paying attention and you work in the ICT industry, you should. In short, the Federal Government has secured an order from a Federal judge demanding that they cooperate with their investigation into the San Bernardino shooter’s potential ties to terrorist organizations in the Middle East. The demand for cooperation is such that they want Apple to create a way to unlock Farook’s iPhone so that they may scan it for any information related to terrorist ties. On the surface this looks like a great thing as it could potentially provide information that may lead to others who want to do harm to the US.

If you dig deeper and really understand the consequences of this demand it becomes a real scary place for the rest of society who live and breathe through technology. The Government insists that its intentions are noble and ethical which may (or may not) be true depending on your perspective. However, this would in fact create a gateway into encrypted devices such as the iPhone that could have nefarious outcomes. If this were to move forward, what if any safeguards could, would, and should be put in place to prevent anyone from using this technique to access other cell phones or electronics — including your own. And by anyone I am referring to the government, law enforcement, criminals, other countries, or other bad actors who would seek to cause harm, spy or steal.

Apple, Microsoft, and Google all vehemently are against designing a solution to this as it may not be possible to just “unlock this one cell phone” without making possible to unlock all of those million of iPhones out in the public. The encryption is what provides the assurance to the consumer that their private information is as safe as possible. Often today many of us store passwords, banking and other financial information, health information, and other data that could be used to destroy our lives or the lives of others including companies we work for. There is already a steady rise in network hostage taking by criminal elements who hijack corporate, government, and healthcare networks for ransom. Allowing intrusion into the encrypted play space only adds fuel to the fire.

It is in the not too distant past that many Americans became absolutely outraged by warrantless wiretaps being conducted in the name of national security. Because of the public outcry it is now illegal for law enforcement to do so. This request to unlock the iPhone is far worse in a way that would make the movie Minority Report look like a comedy. In the encrypted world the “key” to a system is one that unlocks access to the data within a system. Once that information is known it becomes like a master key that can be used over and over on any device.

In the Information Communications Technology industry we are providing systems that often use encryption to protect our client’s data and more often than not these days security of these systems is becoming more of a concern. I wrote back in August of 2015 about a major potential back door in technology systems (Who’s Guarding the Back Door of Your Network?) and provided in this article one of many potential solutions that relies heavily on encryption as its main way of blocking access into the network through non-IT but network connected electronics. As the Internet of Things continues its march forward, this will only increase in complexity with a multitude of devices coming online using encryption to securely traverse information around a network. These systems are more and more often tied to building management systems to increase energy efficiency, reduce the carbon footprint of a building, and provide operational efficiency while reducing operating costs. They also need to reside on the network infrastructure to operate.

Currently roughly half of manufacturers of IoT devices are not confident in their ability to provide secure product capable of defeating a cyber attack (MPI Internet of Things Study). This lack of confidence in providing end users protection is critical to the success of the IoT industry and its ties to the ICT world. The companies that are confident are using encryption techniques to process data secure it over the network. So how does this relate to the iPhone? Well the technique used by Apple may be replicated to crack other encryption schemes giving over that master key. We live in a world of big data, cyber crime, and opportunity (in a bad way) to give a few or many unwanted control over personal or corporate information by handing over the keys.