Why Apple should not unlock a terrorists iPhone
I'd like to start out by saying F*CK terrorists.
UPDATE: Apple has posted a FAQ in regards to their orders good nap letter: Click here to read the Apple FAQ
The FBI is not asking for apple to unlock an iOS device that was in possession of a terrorist. They are asking Apple to circumvent their own security by hacking the operating system, the same operating system that is on hundreds of millions of iPhones and iPads. Apple's security and encryption is top notch for a consumer grade device. The security keys used to encrypt and decrypt your iMessages, and other transmitted data are located on your device and not on Apple's servers. An example of this is the Touch ID chip which is a separate enclave and does not allow back and forth communication except to say yes this is the correct fingerprint or no it is not. Apple lacks the ability to see the contents of your phone. They programmed themselves out because if they had the ability then anyone would.
I will not go over the intricacies of how device security works and how amazing Apple's iOS platform actually is. The information is out there for you to research and learn and it is more in depth than "I know someone who's information was hacked so that means iOS is not secure" or "I know someone in government that can see everything you do". Apple is on our side by providing us some of the best tools to protect our personal information. I've included tips to help make you more secure and less prone to cyber attack at the end of this article. Here is Apple's white paper on iOS security.
This article is about more than Apple and what phone you use, it's about the government forcing an American company to potentially harm your personal privacy.
This is what the FBI is asking:
Apple's reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware. Full article here: arstechnica
"We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. ... We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country ... While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products." -Tim Cook Click here to read the full statement (worth the read)
In the end, I don't want Apple to have the ability to see my personal information, my photos, my text messages, etc. If the ability exists for any one entity other than myself to see my private information then it exists for anyone despite any good intentions.
Closing thoughts: Going after one consumer friendly company after another will simply move the terrorists to smaller niche companies that are beyond the reach of the FBI. Thereby creating an environment that leaves no security or privacy for the average citizen and plenty of encrypted options for terrorists. Creating any vulnerability system, no matter how controlled, will be discovered giving hackers and identity thefts the same access... Eventually.
Some tips on securing yourself after this nerd comic:
Some quick security tips:
- Change your 4-digit pin to 6-digit or alphanumeric
- Set your phone to lock immediately
- Use your fingerprint with your phone (Although a court can order you to provide your fingerprint they cannot for a passcode or password. This can be solved by powering off your iPhone if you are afraid of it being confiscated, the next time it is turned on it will require your passcode and will not accept your fingerprint.)
- Use a passphrase for online passwords. EDIT: LibbyD in comments corrected me here. Read this article to learn more about creating secure passwords.
- Use different passwords for different sites
- Use Apple Pay or Android Pay (This way your credit card never leaves your wallet. I have witnessed people in line taking photos of customers exposed card numbers when paying. That person behind you in line may not be on facebook)
- DO NOT Jailbreak or Root your iPhone or Andriod
- Update your phone software as soon as it's available. The longer an operating system is available on the market the more vulnerabilities will be found. (This is where Apple has a big advantage, every iPhone user gets the latest update as it's released. Android users are subject to waiting for their cell carrier to release it which they tend not to do because they want you to upgrade your physical phone. So if you are on Android sticking with the Google Nexus phones, these do not wait for carriers)
Let me know if you want me to go into more detail on and I'll write another post. Leave your comments below!