If you’re worried about your iPhone’s security after the Justice Department announced it had broken into yet another terrorist’s cell phone, don’t panic. The FBI and its hacking prowess probably aren’t any concern of yours, as long as you’re not a terrorist.
The Justice Department announced on Monday that it had found a link between the terrorist group Al Qaeda and the man who killed three U.S. sailors in a terrorist attack at a military base in Pensacola, Florida, in December, CNN reported. The bigger deal was that the department was able to make this connection because it broke through the encryption on the shooter’s iPhone after a very public back-and-forth with Apple, wherein the company refused to decrypt the phone.
“To some degree, this is a ‘good’ outcome, with good in quotations marks,” said Hannah Quay-de la Vallee, Senior Technologist at the Center for Democracy and Technology, who told Digital Trends that it was definitely a success story for Apple. “It’s indicative of the fact that the FBI has to put a significant amount of resources into getting into these things. They had access to the phone physically and they had it for a while [before breaking in], so this is not something that will happen to Joe Blow who sent a concerning text message.”
This is the latest high-profile terrorism case wherein the FBI and Apple have been at odds; among the first was over the San Bernardino shooter’s iPhone, which the government cracked in 2016.
The move once again brings to the forefront the ongoing tug-of-war between the government — which has argued for that tech companies need to leave a so-called “encryption backdoor” or “golden key” for law enforcement to have access to people’s phones in criminal cases — and tech companies and privacy advocates, who insist such a loophole would make everyone’s phone less secure.
Hacking an iPhone isn’t easy, luckily
Cellebrite, the Israeli firm that is reportedly the favorite of the FBI when it comes to breaking into terrorists’ phones, declined a request for comment on whether it had been involved in this hack.
Ron Gula, a former National Security Agency white-hat hacker, pointed out to Digital Trends that it’s unclear how the FBI’s hack was performed; it may have been Cellebrite, but maybe it was a subpoena or some hack that works on older iPhone models. Either way, the average person “should be comfortable” with the level of protection that their phone comes with, he said.
Tom Chivers, Digital Privacy Advocate at the U.K.-based ProPrivacy, agreed. “The average person can rest easy about the thought of the FBI hacking into their phones to see what they’re up to,” wrote Chivers. “It has been a long and arduous process for the FBI and not one they’re likely to repeat in a hurry.”
Indeed, in December when testifying before a Senate committee on the question of phone encryption and public safety, New York County District Attorney Cyrus Vance bemoaned the monetary high cost that third-party workarounds like Cellebrite charge, meaning that, as Vance put it, “all but a handful of law enforcement agencies” can afford it.
But, Chivers continued, Apple will probably take a look at its security. “After all, as they said themselves in January any backdoor for the good guys can also be exploited by the bad guys, and now the FBI have found a way in, who else might try and follow in their footsteps?” Chivers wrote, referring to a statement that Apple made in response to a request from U.S. Attorney General William Barr for help decrypting the phone. Apple at the time said, “There is no such thing as a backdoor just for the good guys.”
Apple reiterated that sentiment in a statement to Bloomberg on Monday, saying that it had “responded to the FBI’s first requests for information just hours after the attack,” and that the creation of a backdoor “will make every device vulnerable to bad actors.”
https://twitter.com/markgurman/status/1262464587397337088
Apple also did not respond to Digital Trends’ request for comment as to whether this would force the company to rethink its encryption, or whether the average iPhone user should be concerned.
For some experts, this was more evidence that the government should not be handed any keys to anyone’s phone. “The government continues to ignore the consensus that mandated government access to encrypted devices and communications would compromise everyone’s security,” wrote the Electronic Frontier Foundation’s Senior Staff Attorney Andrew Crocker in an email to Digital Trends. “If these reports are accurate, it is further evidence that the FBI and DOJ demands for encryption backdoors are overblown.”