On December 2, 2015, 14 people were
killed and 22 others seriously injured in what, President of the
United States, Barack Obama, has deemed a terrorist attack in
California. The attack comprised of a mass shooting and an
attempted bombing. The perpetrators, Syed Rizwan Farook and
Tashfeen Malik attempted to flee the scene, but were killed by
police in a shootout.
On January 5, 2016, the FBI began
investigating the perpetrators. On February 9, 2016, the FBI
announced that it was unable to unlock one of the mobile phones
they recovered from the perpetrators; a county-owned iPhone 5 C
which was found on Farook, due to its advanced security features.
As a result, the FBI approached Apple Incorporated to create a new
version of the phone's operating system (iOS) that could be
installed and run in the phone's random access memory to
disable certain security features. Apple declined citing its policy
to never undermine the security features of its products. In 2014
Apple made the decision to remove itself from being allowed to
access encrypted devices, thus increasing the security provided by
these devices. The FBI responded by successfully applying to a
federal judge to issue a Court Order, mandating Apple to create and
provide the requested software. Apple announced their intention to
oppose the Order based on the innumerable security risks that the
creation of a backdoor would pose to their customers.
What does the FBI want?
In response to the opposition, on
February 19, 2016, the United States Department of Justice filed a
new application urging a federal judge to compel Apple to comply
with the Order.
The FBI requests that Apple alter
the System Information File (SIF) in a way which would allow
1) Apple to bypass or disable the
auto-erase functions of the device. This is due to the fact that if
certain security features are enabled the device can erase all
personal data stored on it after 10 failed attempts at entering the
2) Apple to enable the FBI to
submit passcodes to the device for testing electronically. Farook
used a 4 digit passcode to secure the device, there are therefore
mathematically speaking, 10 000 numerical combinations, which could
possibly be the code utilised by Farook. If the FBI is permitted to
electronically attempt every possible combination, unlocking the
device would prove to be a task capable of completion in mere
minutes, as opposed to the numerous hours it would take to enter
the various possibilities manually;
3) Apple to remove any additional
delay between failed passcode attempts. This is because the device
restricts you from entering a passcode for increasingly lengthy
periods of time in each instance an incorrect passcode is entered.
The FBI essentially wants this barrier removed.
The FBI suggests that, in order to
minimise the risk of the backdoor being accessed by hackers, the
SIF be installed at a government facility or an Apple facility, and
after the FBI have hacked the phone via remote connection, Apple be
permitted to remove and destroy the malware.
Why is Apple refusing to comply?
Encryption encodes and decodes
information permitting only authorised persons to access it. A
backdoor is a method of bypassing the normal method of
authentication. Essentially, a backdoor would allow an intruder to
access the encrypted information without having the correct
credentials, in this case, a passcode. In order to grant the
FBI's requests, Apple would need to create a backdoor to the
encryption to allow the FBI to access the device. Creation of such
backdoor would have severe security implications should it be
accessed by the wrong hands. Incidentally, hackers have found
lucrative business in locating these backdoors. This would make
every iPhone inherently weaker. Apple would in essence be enabling
hacking, and in doing so, US courts may set a precedent other
manufacturers may be obliged to adhere to.
What happens now?
It is evident that competing
interests are at war in these circumstances. Individuals, more
especially Apple users expect that their private communications be
protected, whilst law enforcement strives to ensure that public
safety and national security are not jeopardised. It is clear that
encryption is essential, however the question currently being
debated is whether or not law enforcement should be granted access
to encrypted communications and in essence invasion of an
individual's privacy, when enforcing the law and pursuing the
objective to keep citizens safe. Should Apple continue to refuse to
allow the FBI access, this matter may eventually find itself before
the US Supreme Court, whose ruling will be final and binding.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The Nigerian Communications Commission (NCC) has concluded plans to introduce Lawful Interception (LI); a legally sanctioned official access to private communications, such as telephone calls or email messages
After 10 years of debate, South Africa’s President Jacob Zuma has finally signed South Africa’s first framework privacy bill into law, the Protection of Personal Information Bill.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).