Sources close to the company and security experts are saying Apple is currently working on upgrading its iPhone security measures, which would shield them from potential win by the government in the ongoing encryption war. It's said they've been working on it since before the San Bernardino attack.
The new security would be configured in such a way that a backdoor couldn't be created for it at the government's request (as is currently the case). Specifically, it addresses the vulnerability introduced by the troubleshooting system that allows Apple to update system software without a password. Once the new security in place, the government could request all it likes: Apple wouldn't be able to oblige even if it wanted to.
Experts believe Apple will be able to go through with it. Should the government win the fight, it's expected a new round of court battles would begin, at which point Apple may introduce yet more security measures, and round and round we go. In other words, Apple currently has the upper hand and will for the foreseeable future, barring Congress involvement.
Last week, Facebook joined the ranks of Google, Twitter, and Apple in publicly supporting one's right to smartphone encryption amidst the San Bernardino terrorist case. This left some to wonder where Microsoft was in all of this, so we inquired with the tech giant, who pointed us to a tweet by Microsoft President and CLO Brad Smith (retweeted by CEO Satya Nadella), indicating it does indeed support encryption (via the Reform Government Surveillance coalition).
The plot has thickened in the San Bernardino terrorist case, as it's been revealed the FBI ordered the Apple ID password on the attacker's phone be reset. The order has given rise to questions about the FBI's competence.
It started when Apple urged authorities to plug the phone of the attacker (Syed Farook) into an outlet in his office, thus triggering an iCloud backup and providing access to the desired data. However, prior to this, the FBI ordered the Apple ID password be reset.
Apple confirmed this in a new FAQ on its website, which addressed the incident as well as other questions that have arisen about the case and the company's stance on encryption.
Tech giants Google, Twitter, and Apple have publicly denounced the FBI's fight to get around phone encryption, favoring the privacy rights of their users instead. Now Facebook is hopping on board, too.
"We will continue to fight aggressively against requirements for companies to weaken the security of their systems," a Facebook spokesperson told Reuters yesterday. "These demands would create a chilly precedent and obstruct companies' efforts to secure their products."
That makes four for four. Microsoft is the biggest tech company to not yet comment on the issue; to that end, we've put in in an inquiry, and will report if we hear back.
Yesterday, Apple CEO Tim Cook published an open letter to the company's customers, explaining why Apple feels so strongly about supporting one's right to data encryption and privacy. Shortly afterward, Google CEO Sundar Pichai chimed in on Twitter, describing the letter as "important" before siding with Cook.
"Forcing companies to enable hacking could compromise users' privacy," he writes. "We know that law enforcement and intelligence agencies face significant challenges in protecting the public against crime and terrorism. We build secure products to keep your information safe and we give law enforcement access to data based on valid legal orders, but that's wholly different than requiring companies to enable hacking of customer devices & data. Could be a troubling precedent. [I'm] looking forward to a thoughtful and open discussion on this important issue."
Pichai's public support of Cook's letter could be described as admirable, given it is in direct competition with Apple in the browser and mobile spaces, among others.
As the phone encryption debate rages on, Apple CEO Tim Cook has published an open letter to the company's customers, detailing in full its stance on the personal right to privacy. The letter comes shortly after the US government has ordered Apple unlock phones at its discretion for criminal and intelligence purposes, which Apple has opposed.
Disconcertingly, the feds are employing the use of the 227 year-old All Writs Act -- which says courts can "issue all [written orders] necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law" -- in a bid to win its case.
It looks like the NSA wants to do some spring cleaning, where it wants to combine its intelligence gathering and cyberdefense groups. But, this creates its own issues, as the intelligence group might be using security flaws to spy on people, and governments, that its cyberdefense team don't even know about - leaving critical systems open to various attacks.
The US spy agency is now reportedly preparing a reorganization that would combine its offensive and defensive capabilities, a move that would help them better coordinate its fight online. The NSA isn't talking specifics just yet, but we should hear more about it this week. The Washington Post reports that it could be more of a cultural shift, versus a technical one. The two divisions already share similar processes, but this move would create a better line of communication between the divisions.
In a freshly unsealed court case from October 2015, a judge asked Apple why it ignored requests to unlock the iPhone of a methamphetamine dealer. Turns out it didn't, the device (an iPhone 5s with iOS 7), was simply set to erase all data if someone attempted to unlock it 10 times in a row unsuccessfully (an unlocking device will try every possible code in quick succession). Presumably, this was by Apple design.
"In most cases now and in the future, the government's requested order would be substantially burdensome, as it would be impossible to perform," Apple stated, going on to say iOS 8 and above are designed to be unhackable by even Apple itself.
One week after the news about New York's encryption bill comes the same word from California: The Golden State has proposed a bill that would ban the sale of encrypted smartphones manufactured on or after January 1, 2016. Likewise, the fine for violating this new law -- should the bill come to pass -- is $2,500.
The motivation for bills like AB 1681 is access to information by authorities in matters of crime, terrorism, and so on. As it often goes, much of the public is concerned it requires the surrender of privacy rights.
Unlike with the New York bill, citizens can't vote for or against it online.
Following Apple's beseeching of the Obama administration to support the public's right to smartphone encryption this week, the New York Senate is now allowing citizens to vote on the matter on its new website.
Assembly Bill A8093, as it's known, requires all phones manufactured January 1, 2016 or later are capable of being unlocked and decrypted. The bill says should a smartphone owner be caught with a new phone that doesn't meet this requirement, they'll be fined $2,500.
The bill is currently in the committee stage; it must pass the New York state senate and assembly before it becomes law. In the meantime, citizens can weigh in here.