NSA whistleblower Edward Snowden is the man who started the Crypto Wars now reaching a peak in the ongoing standoff between the FBI and Apple with his revelations that for years all the top US tech companies cooperated with the NSA to betray their customers.
Keen to regain the trust of their users, tech companies (and Apple in particular) have started to push back against government overreach. A court now has ordered Apple to assist the FBI by sabotaging its own anti-hacking security measures in order to let the FBI brute-force the encryption used on an iPhone that belonged to one of the San Bernardino shooters. Apple has refused to comply.
A claims central to the case is the FBI’s assertion that only Apple can disable the phone’s “auto-erase” feature, which is designed to thwart hackers who try to brute-force a device by wiping the phone after 10 failed attempts to guess the password.
Participating in a video link debate for the Common Cause Blueprint for a Great Democracy conference, Snowden entered the fray, stating that the FBI’s claims are “bullshit”,
“The FBI says Apple has the ‘exclusive technical means’ to unlock the phone. Respectfully, that’s bullshit.”
In a tweet made shortly afterwards, Snowden hinted at the source of this claim by endorsing an ACLU report titled One of the FBI’s Major Claims in the iPhone Case is Fraudulent.
The report goes into some quite technical detail, but the gist of it is that the encryption keys the FBI claims to fear might be destroyed if it attempts to brute force the phone are stored to a NAND flash memory area of the phone called “Effaceable Storage,”
“All the FBI needs to do to avoid any irreversible auto erase is simple to copy that flash memory (which includes the Effaceable Storage) before it tries 10 passcode attempts. It can then re-try indefinitely, because it can restore the NAND flash memory from its backup copy.”
So if the FBI can, in fact, easily work around the problem, then why in the hell is it insisting that Apple hack its own security systems instead, and making such a fuss about it?
According to the ACLU report, “it’s a power grab”. The FBI and other law enforcement agencies are keen to get their hands on the contents of other encrypted phones, and are using this case to create disturbing precedent,
“Law enforcement has dozens of other cases where they would love to be able to compel software and hardware providers to build, provide, and vouch for deliberately weakened code. The FBI wants to weaken the ecosystem we all depend on for maintenance of our all-too-vulnerable devices.”
This is a claim backed up by FBI director James Comey’s own words,
“But when he was asked whether the F.B.I. would seek to unlock other encrypted phones if it prevailed in the San Bernardino case, he responded, ‘Of course.’”
The report concludes with this troubling statement,
“In short, they’re asking the public to grant them significant new powers that could put all of our communications infrastructure at risk, and to trust them to not misuse these powers. But they’re deliberately misleading the public (and the judiciary) to try to gain these powers. This is not how a trustworthy agency operates. We should not be fooled.”