US Attorney General Loretta Lynch talks iPhone encryption case with Stephen Colbert

U.S. Attorney General Loretta Lynch toed the line in an appearance on The Late Show with Stephen Colbert on Thursday, and reiterated that the government is merely requesting Apple for help in unlocking a single iPhone linked to last year's San Bernardino terror attack, not a backdoor into iOS.

While not the main topic of discussion, Colbert touched upon the contentious encryption debate sparked by Apple's resistance of a court order compelling its assistance in the ongoing FBI investigation.

"Well, you know we've disagreed publicly in court, and I've had a number of great discussions with [Apple CEO] Tim Cook on issues of privacy," Lynch said. "What I'll say about this, though, is I understand why this is important to everybody, because privacy is an important issue for everyone. It's important to me as the attorney general, it's important to me as a citizen."

Attempting to provide context, Colbert incorrectly claimed the Department of Justice wants Apple to create a backdoor into iPhone, specifically a device issued to terror suspect Syed Rizwan Farook by his former employer the San Bernardino County Health Department. As stated in legal briefs and a very public campaign for public sentiment, the DOJ is asking Apple to create and sign an intentionally flawed version of iOS to suppress the passcode attempt counter on Farook's phone. FBI agents will brute-force the device to extract actionable data pertaining to the case, if any is present.

Colbert brought up one of Apple's main contentions in its case to resist government pressure, noting that the creation of a new operating system puts undue burden on the company's resources. He also made note of the slippery slope argument presented by Cook and other Apple executives in recent interviews.

Apple has argued that a government win in the San Bernardino court case sets dangerous precedent for future law enforcement requests. The FBI and fellow agencies would be granted a powerful tool that could one day be used to compel technical assistance far beyond software construction. For example, Cook and SVP Eddy Cue said in separate interviews that government agents might leverage precedent to force Apple to remotely turn an iPhone camera or microphone.

"First of all, we're not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone," Lynch said. "We're asking them to do is do what their customer wants. The real owner of the phone is the county, the employer of one of the terrorists who's now dead."

Lynch said much the same in an interview earlier this month when she suggested Apple treat the case like a normal customer service call.

Last night's segment comes on the heels of a court filing from federal prosecutors in support of the government's request of Apple, a letter that both addressed and attempted to dismantle each of Apple's assertions.

Apple and the DOJ are set to discuss the issue in court on March 22.

Follow AppleInsider on Google News

67 Comments

jwbl33

said about 8 years ago

"she suggested Apple treat the case like a normal customer service call."
I thought I read that apple did treat it like a customer service call and gave the fbi steps to take to update the iCloud backup... Until someone reset the iCloud password.

radarthekat

said about 8 years ago

For those new to the FBI versus Apple battle...

Here is what's going on.

The iPhone is locked by a passcode that is combined with a hardware key built into each iPhone at manufacture. This hardware key is randomly generated and encoded into the silicon inside each iPhone AND IS NOT KNOWN EVEN TO APPLE. So to unencrypt data on an iPhone, you need the user passcode and the hardware key, which exists only in the phone's hardware.

To decrypt the data on an iPhone you need to enter the password ON THAT IPHONE so that the password gets combined with that iPhone's hardware encryption key. Taking the data off the phone and trying to decrypt it elsewhere won't work because you won't have the hardware key portion of the combined encryption key.

So you need to enter each password guess into the iPhone you are trying to unlock. And the iPhone has a security feature that wipes all the data in the phone after ten consecutive incorrect password attempts. This feature is what makes a simple four digit passcode such a strong security measure. Without that feature, it would be a simple process to manually sit there and try one password after another until you went through all 10,000 combinations. The FBI, or a school kid with a couple extra days on his hands, could break into any iPhone. But if the phone erases itself after ten unsuccessful password tries, then you won't dare even try to unlock it, as you'll have only a 10 in 10,000 chance of guessing the correct password and the consequences of that tenth incorrect guess is that you'll lose the data you're after.

The FBI is demanding that Apple remove this security feature so that they can simply brute-force the password. 10,000 tries, even if done manually, wouldn't take very long. Of course, they are also asking for two additional weaknesses. One is to allow passwords to be sent to the phone electronically (wirelessly). That would save time over manually sitting there trying one after another passcode. And the other is to remove a delay the software inserts between passcode attempts, so that it could blast passcodes at the phone at a very fast clip. You'd ask for these two additional weaknesses only if you are planning on turning this into a tool for law enforcement to use over and over. So that puts the lie to the FBI's stance that they want this only for this one time.

Apple is not being asked to use any method they want to just get the data. Apple is being demanded to build a forensic tool for law enforcement's repeated use. Apple, and those of us knowledgable about this sort of thing, knows that this tool will need to be maintained and documented, and submitted into evidence to be inspected by defense attorney experts, because defense attorneys will want to be certain that the tool does not modify the evidence it makes available. This is how the tool will get out into the wild, and when it does then none of us will have any security unless we install additional encryption software on top of the operating system. Which criminals and terrorists will immediately do, leaving them safe from law enforcement search while leaving the vast majority of casual users open to those same terrorists infiltrating their phones and grabbing their bank account passwords, etc.

Law enforcement will solve a few more crimes, committed by unwitting criminals who didn't think to add additional encryption on top of the weakened encryption in the operating system.

Casual users like you and me and your kids and wife will be more subject to snooping by hackers, some of which will be working for the fund-raising departments of terror organizations.

Terrorists will hold up this incident and the fallout from it as a major victory in their attempts to weaken and manipulate free society.

ireland

said about 8 years ago

Another propaganda piece by the government. Also, I wish to punch that audience.

stevedownunder

said about 8 years ago

Normal customer service call : Normal Customer : "Apple can you help ?" Apple : "We've had a look, the answer is No we can't help." Normal Customer : "Ok, thanks for trying." This 'normal service call' US Government : "Apple can you help ?" Apple : "We've sent people down, we've given you advice and you ignored it. That's all we can do." US Government : "Tough, we want in & we're gonna lie to the Media and Public, until you relent and sue you because we want to spy on the world." US Government to everyone : "Our quadruple billions of NSA money used to spy on everyone in world can't get into the iPhone and we really need to look 'just this once'. Trust us we won't ever need it again (other than all the other cases we're pursuing quietly), we're the guardians of liberty and privacy." Everyone : "I think Not, we've heard this before and heard testimony to congress that you promised you weren't spying on us, then we found out you were. Once bitten..."

tenly

said about 8 years ago

[quote]First of all, we're not asking for a backdoor, nor are we asking anyone to turn anything on to spy on anyone," Lynch said. "We're asking them to do is do what their customer wants. The real owner of the phone is the county, the employer of one of the terrorists who's now dead.[/quote]

The owner of the iPhone itself may be the county - but the owner of the data on it belongs to the person who protected it with a passcode - not the county. Just because you buy or otherwise obtain a used iPhone, you do not become the owner of any data that was left on it.

Hey - here's an unrelated question. I have an iPhone protected by the Activation Lock feature. Nobody has my Apple ID password. What happens if I die unexpectedly? If I bequeath the phone to my son - how will he be able to get past the Activation Lock in order to set it up with his Apple ID? Will Apple disable the Activation Lock upon presentation of a death certificate?