It's Not Just About Apple. It's About All of Us.
In most issues of EFFector, we give an overview of all the work we’re doing at EFF right now. This week, we present a deep dive on the FBI’s fight with Apple over its customers’ privacy.A U.S. federal magistrate judge has ordered Apple to undermine the security of an iPhone that was used by one of the perpetrators of December’s San Bernardino shootings. If carried out, the order would compromise the security of every Apple customer in the world. Fortunately, Apple is fighting back and standing up for its users, and EFF is filing an amicus brief in support of Apple’s position.
The government is doing more than simply ask for Apple’s assistance. For the first time ever, the government is telling Apple to write brand new code that eliminates the security features of its own products—features that benefit everyone who uses Apple products or even communicates with iOS users. Essentially, the government is asking Apple to create a master key so that it can open a single phone. And once that master key is created, we’re certain that both our government and others will ask for it again and again.
There’s been a lot of confusion about what exactly the FBI is asking Apple for. In short, the FBI wants Apple to do three things:
- iOS can be set to erase its keys after 10 incorrect passcode guesses. The FBI wants software with this feature disabled.
- iOS imposes increasingly long delays after consecutive incorrect passcode guesses to slow down guessing. The FBI wants software that accepts unlimited guesses with no delays.
- iOS requires individual passcodes to be typed in by hand. The FBI wants a means to electronically enter passcodes, allowing it to automatically try every possible code quickly.
The problem with the FBI’s request is twofold. First, the risk of this piece of software getting into unauthorized hands is very high, and the damage that it could do is obvious.
Second, writing this code would probably encourage more government requests—potentially from other governments around the world. Even if you trust the U.S. government, once this master key is created, governments you don’t trust will surely demand that Apple undermine the security of their citizens as well.
No hay comentarios:
Publicar un comentario