o
Cellebrite,
an Israeli technical company, is reportedly the third party that cracked the
Apple phone. Cellebrite reportedly does a lot of contract work for the
Israeli Defense Forces as well as foreign government agencies like the FBI.
From
what I heard the government wanted Apple to do, I think the exploit is in two
parts. First, Apple software updates do not require the screen lock code.
They only require that the user ID and password for the Apple account be
stored in the phone and that the settings allow automatic updates.
Second, ten wrong guesses on the screen lock code wipes the phone.
But if you stop the counter from counting, you can exhaust the
possibilities in less than 24 hours if you have physical access to the phone.
So, you send the phone a software update with the counter disabled, so it
doesn't count. Then you try every possible lock code. QED,
"quite easily done," as my Mathematical Economics professor used to
say.
There
are some skeptics who say that Apple doesn’t allow updates without the screen
lock code. I believe this is
incorrect. The FBI has the physical
phone. According to the Internet documentation, you can update the Apple
5c by connecting it to an Apple computer and using Itunes. The screen
lock code is not required.
Others
objected that the lock codes would have to be entered through the touch screen
of the phone manually. I don’t think
that’s true either. Apple uses
subcontractors to manufacture the screen hardware. The specifications are
circulated to competing subcontractors. It would be relatively easy to
simulate screen input on a phone you can physically take apart and rewire to an
alternate input source.
Now
Apple is suing the FBI to force the disclosure of how the Feds unlocked the
Apple 5C phone. We do not need a lawsuit
or a law. Apple did not give the FBI a way to open the phone. The
FBI got Cellebrite, an Israeli technical company, to do it for them.
Now Apple wants the secret. There is no reason Cellebrite should be
forced to give Apple the results of Cellebrite's research. The FBI
probably signed a nondisclosure agreement with Cellebrite as part of the deal
to get the phone unlocked. The method is not the FBI's to give.
Initially, I thought Apple should cooperate, but I've thought
about it and changed my mind. The pace of technology is going to make
this a constant race between the cryptographers and the decoders. I don't think
either side should have to reveal its methods to the other. In America we
litigate entirely too much. We don’t
need a court decision or a law on which side should have to give up their secrets
to the other. The law moves at a glacial
pace, taking decades or even hundreds of years to change. In one current example, the FCC is trying to
regulate the internet using a rule framework designed for regulating railroads
in 1887. We can avoid the paralysis of
the law for these cases. We can just let
the technical balance of power see saw back and forth on its own.