As Apple and the FBI clash over access to a locked iPhone from one of the shooters in the San Bernardino terrorist attack last December, local digital forensics and security experts are weighing in on what has become a national and congressional debate.
“The FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation,” Apple said in a public letter on its website on Feb. 16. “In the wrong hands, this software ”” which does not exist today ”” would have the potential to unlock any iPhone in someone”™s physical possession.”
“Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create.”
Bill Teel”™s company, Teel Technologies in Norwalk, works closely with regional and national law enforcement and government agencies to retrieve data from smartphones as part of an industry known as mobile device forensics.
Teel said he doesn”™t buy Apple”™s argument that it has created such an ironclad security system that not even they are able to access the phone”™s data.
“I certainly think they have the ability to do it today,” he said.
He said he believes there must be a compromise between the parties and said that his line of work has given him a bias toward law enforcement agencies.
“We hear almost on a daily basis the tragedies that are the result of the inability of law enforcement to pursue crimes and criminals of all sorts because the device is locked,” he said. “Cases hit a roadblock in a big way because of a locked device.”
And it”™s not just terrorism, he said.
His company has worked on data forensics cases ranging from parents who have lost their children to cases involving abduction, drug cartels and worse.
“You have guys that are peddling child porn and they are using their iPhone for a container for that and there is no way to unlock it and take a look and find out if there is something on there,” he said.
As the argument has grown from an internal dispute between Apple and the FBI to a legal and congressional battle with court orders demanding Apple unlock the San Bernardino shooter”™s iPhone and ongoing judicial proceedings, the impact of unlocking the single phone has spread to encompass hundreds of phones and potentially impact millions of iPhone users.
During the March 1 hearing before the U.S. House of Representatives Judiciary Committee, FBI Director James Comey said that should Apple be legally forced to provide access to the San Bernardino iPhone it is possible the case could set a precedent for similar requests by the FBI in the future.
At the same hearing, New York County District Attorney Cyrus Vance said his office was unable to gain access to 175 iPhones in their possession with hundreds of other locked phones being held by law enforcement agencies in Connecticut, Illinois and Texas.
“Everyone has a room full of iPhones they need unlocked,” Teel said. “Nationwide there is certainly a backlog.”
Teel could not speak directly to the needs of Fairfield County police departments to access locked iPhones involved in investigations and a request for comment was not returned by the Westchester County Police Department.
Apple has said from the start that by creating software to circumvent its latest security protocols it could potentially compromise the entire system of iPhones.
“While the government may argue that its use would be limited to this case, there is no way to guarantee such control,” according to Apple”™s statement.
The fear that government would abuse its power is one shared locally as well.
Paul Nugent, an associate professor of management information systems at Western Connecticut State University, said the government doesn”™t have the best track record when it comes to privacy and data security.
“Personally from what I”™ve seen with the government overstepping their bounds with powers like the NSA, I respect Apple for holding their ground and not giving in to this request for this particular situation,” he said. “It is easy to come up with individual instances like this where people would side with the FBI and say it is reasonable for the FBI to want that backdoor into the system, but there is also the story that in the past when the government has been given power to do something like this they abuse that power and take it further than they had originally intended to.”
In the classroom and among colleagues in the high-end digital security industry, Nugent said there is ample support for Apple”™s position.
Recently, dozens of tech companies including Google, Facebook and Microsoft have filed legal briefs in support of Apple. But not all within the tech industry are backing the company or hopeful it will prevail.
Joe Caruso, chief technology officer for New York Computer Forensics, a division of Global Digital Forensics that has an office in White Plains, believes Apple will eventually have to bend-the-knee and provide tools for law enforcement to access its iPhone security system, but that it will not end the debate.
“It will not end with a judge saying you need to open the phones,” he said. “There will be another edition of IOS (the iPhone”™s operating system) to take away whatever door they open.”
While he shares Nugent”™s concerns over abuse of power by government agencies, a compromise will still have to be reached to balance the needs of security in an increasingly terrorized world and the right to privacy in an increasingly public world digital domain, he said.
“I don”™t think Apple should effectively hand over a key,” he said. “I think we need to have some controls in place, just like anything else. We are going to have to figure a way to allow the FBI to get access to this information in a way that preserves our privacy.”
“Nothing is unbreakable,” he said. “At some point somebody will figure out how to get around the Apple security anyway. Time and time again we see companies say they are developing a way that no one can access this data and it”™s totally secure, but I hate to say it, a 17-year-old kid winds up hacking in. At some point the country as a whole needs to make a decision whether or not we are going to keep our privacy or we want the sense of security.”
