I was going to write an overview of the technical issues involved in the FBI’s demand that Apple help them break into the iPhone 5C that was being used by San Bernardino shooter Syed Farook, but it soon became apparent that the issues were too complex for easy summary, and the story keeps changing as more details leak out.
On the other hand, I would like to respond to a recent op-ed by Manhattan district attorney Cyrus Vance (brought to our attention by Scott Greenfield) arguing for a government exception to securely encrypted phones:
iPhones are the first warrant-proof consumer products in American history. They compel law enforcement to deploy extraordinarily creative prosecutorial strategies – and obtain state-of-the-art tools – to carry out even the most basic steps of a criminal investigation. I applaud our federal colleagues for their commitment to justice for the 14 killed in San Bernardino and their families.
The magistrate judge’s order rests firmly on centuries of jurisprudence holding that no item – not a home, not a file cabinet and not a smartphone – lies beyond the reach of a judicial search warrant. It affirms the principle that decisions about who can access key evidence in criminal investigations should be made by courts and legislatures, not by Apple and Google. And it provides the highest-profile example to date of how Silicon Valley’s decisions inhibit real investigations of real crimes, with real victims and real consequences for public safety.
I can certainly see what he’s getting at. Up until now, when a court ordered some evidence seized, the government’s ability to carry out that seizure was never in question. The agents of law enforcement have been able to kick open every door, tear down every wall, and break every box. But strong encryption now challenges that idea, and people like Cy Vance don’t like it.
I have a few responses to Vance, starting with “So what?”
Law enforcement agents used to be able to get any evidence they wanted, but now some new technology means they can’t. So what? Things change, the world moves on, the organizing principles of society evolve. Slavery, the divine right of kings, Papal inquisitions — all have fallen. Now maybe it’s the end for the principle that courts have “a right to every man’s evidence.” That’s kind of an open-ended argument, but then Vance’s argument is basically little more than “It’s always been that way.” I think it’s quite reasonable to respond that just because it’s always been that way doesn’t mean that it always should be.
On the other hand, I could also argue that the rule doesn’t really go where Vance wants it to because (1) the current situation is already in complete compliance with the rule, and (2) there is nothing to which the rule could apply.
I need to go into a bit of technical detail. The FBI’s problem is that sensitive data files on an iPhone are strongly encrypted in such a way that reading the unencrypted contents requires one of a handful of “class keys,” which are in turn encrypted using the user’s passcode. So to get an iPhone to read its data, you have to provide the passcode to decrypt the class key it needs to decrypt the file containing the data.
(I’ve simplified this description of iPhone security quite a bit. If you want more details, Dan Guido has a mildly technical overview and you can get more background technical information from the Apple iOS security whitepaper, especially the “System Security” and “Encryption and Data Protection” sections. It’s absolutely fascinating, if you’re into that kind of thing.)
If you have a modern iPhone with a passcode set, you can see all this for yourself. Call your iPhone from another phone that is in your contacts list. When your phone rings, it should display the name of the other phone’s owner, which it got by searching your contacts list for someone with a number matching the calling phone. Now turn your iPhone all the way off by holding down the power button for a few seconds to display the slider you can use to power it off. Then turn your phone back on by pressing the power button for a few seconds, but don’t enter the passcode. Now try calling your phone again from the other phone. This time the phone should only display the calling number, but not the name from the contacts list. Your phone won’t be able to display contact names until you enter the passcode again.
This shows that your passcode is more than just a locking mechanism, it’s a decryption key: Without it, your phone literally cannot even read its own contacts list. It also can’t read any of the other sensitive files that are also encrypted to require the passcode. An iPhone for which the passcode has not been entered doesn’t just refuse to give you access to its data. In a fundamental way, it can’t even read the data.
That’s the FBI’s problem. The passcode is not stored on the device, and the copy of the passcode in Farook’s brain is no longer accessible because he’s dead, so the FBI has no way to get his iPhone to decrypt any of his files without a code-breaking effort.
That brings me to the first part of my answer to Vance: The FBI already has all the evidence on Syed Farook’s iPhone. They have physical possession of the phone itself, including the internal flash drive that contains all the data. It’s a relatively minor technical task to remove the drive from the iPhone and attach it to another computer so they can read every bit of it. Of course, the files they read will still be encrypted, so they won’t be able to make sense of the data, but they do have all the data on the phone. No one, including Apple, is keeping it from them.
This may sound like some kind of philosophical hair splitting, but it’s the ground truth of the situation at the technical level. It’s confusing because we often speak of encryption using the metaphor of a container. We describe encrypted messages as being like envelopes with plaintext messages inside, and we talk of using keys to unlock stored data. In reality — the reality of the hardware and software — the relationship between encrypted and unencrypted data is not one of containment but of transformation: Plaintext data is transformed into encrypted data using an encryption algorithm and a key, and encrypted data can only be transformed into plaintext data using a related algorithm and the right key. If the key is lost, transformation of encrypted data into plaintext may not be possible.
When Vance asserts that “no item – not a home, not a file cabinet […] – lies beyond the reach of a judicial search warrant” he’s not speaking about merely metaphorical containment. If the court orders a home searched for drugs, that search will be successful if there are actually drugs in the home. If the court issues a warrant that includes searching a file cabinet for financial records, it’s because there’s reason to believe the file cabinet contains the records. More fundamentally, it makes sense to require the production of evidence because the evidence might exist.
That’s my second point of argument: No matter how much the FBI or the judge may want to seize this data, there’s simply nothing to seize. The data existed at one point, but now it’s all been transformed into unreadable gibberish, and the original data is gone. What the government wants — an unencrypted copy of the data on Syed Farook’s iPhone — doesn’t actually exist anywhere in the world.
As a practical matter, this isn’t a get-out-of-jail card. Don’t go trying to convince a judge that you don’t have to turn over financial records on your computer because your hard drive is encrypted and you haven’t entered the key to unlock it. That’s probably not going to work when you routinely decrypt files every day. (But I’m not a lawyer and this isn’t legal advice, so if you actually find yourself in that situation, talk to your lawyer.)
On the other hand, if you truly don’t have the decryption key, then the unencrypted files on your computer actually are beyond the reach of the court. Of course, you might be in for a really bad time if the judge doesn’t believe you, or simply doesn’t care about what you think is possible.