The Making of a Master Key: An alternative take on the ongoing Apple vs. FBI battle over iPhone security bypass request

Being the netizens that our generation is mostly comprised of, it may perhaps be safely assumed that you might have come across some news article or tweet or a Facebook trending notification about tech-giant Apple and the FBI fighting over a certain request by the authorities to bypass the security methods of a specific iPhone. Last December in San Bernardino, a couple went on a shooting spree which took the life of 14 people and died in a shootout with police after a car chase. The authorities seized their electronics in order to learn more about them. While most of their hard drives and phones were smashed, an iPhone 5C belonging to the male attacker was discovered. This is the central device to the Apple vs. FBI fight.

The FBI has been collaborating with Apple to gain access to information stored on the phone and related accounts. However, they have apparently reached a dead end due to an accidental password reset of the connected iCloud account. So, they are now asking Apple “to make a new version of the iPhone operating system, circumventing several important security features”, which would enable a brute-force attack on the password mechanism without triggering a security data wipe. Apple CEO Tim Cook has called this to be equivalent to creating a backdoor in the iOS operating system in a customer letter released on Apple website. According to him, this would create a master key, that in the wrong hands could break into any iPhone as long as it is in the exploiter’s physical possession.

The concept of a master key is not new. While we might not require a master key for our conventional lock-based home security systems, establishments like hotels often retain duplicate keys or a master key for gaining access to the rooms for housekeeping purposes. While there is certainly a degree of trust required for the hotel employees to ethically unlock a rented room, they are often a wise precaution in case a customer loses his/her room keys in the late hours. From a security perspective, it is also important for the hotel authorities and its customers.

Master keys make the job of the employees in charge of keys a lot easier. The secret to one key being able to open up multiple locks is interestingly not in the key itself, but the locks which are designed to be opened by it. Each of these locks is configured to operate with two different keys — a change key which would operate on only one lock (a one-to-one relationship) and a master key (which would be able to open all locks of this set).

If we are to go with Cook’s words, then a single mole in the authorities or in fact, Apple itself, could be enough to lead to the leakage of such a master key to criminal elements. Once that happens, all of the iPhones in anyone’s possession would be prone to the risk, and anyone with the technical know-how would be able to use it to gain access to protected data. Naturally, such a thing would be a privacy issue and would also be a setback for Apple, which had been trying hard not to leave nay stone unturned to secure its devices. If iPhones are deemed to be less secure, that would have quite an impact on sales and market share.

While the FBI maintains that the government would use such a software only once in this particular case, there are many who predict that such a control could not be guaranteed. Unsurprisingly, Edward Snowden, the ex-NSA contractor, who came into the limelight for blowing the whistle on government surveillance, was one of the first to lend his support for Apple and urging others to do so.

People representing various technological companies have come forward to express their views on the matter. Google CEO Sundar Pichai took to twitter in a five-tweet comment to express his agreement with the Apple CEO.

Facebook CEO Mark Zuckerburg voiced their support for Apple calling that such a precedent would be troubling for the tech industry. Jack Dorsey, the CEO of Twitter, has used the micro-blogging site to enlist his support for Tim Cook and Apple in this matter.

However, Bill Gates, co-founder of Microsoft, has sided with FBI saying the government agency’s demands are just and Apple should comply.

We are yet to know how the case unfolds, or whether the FBI and Apple would reach a middle-ground. But many would agree that this is indeed one of the important cases regarding how much jurisdiction can the government have over private data for national security purposes.

These are the facts of the matter. Now, let us take a step back and speculate a situation where things might not be as they seem to be.

The government agencies are without doubt under pressure for exposure of secret surveillance of private data and the ongoing privacy debate. Let us suppose that they decide to work with a widely-known tech giant in this matter. While the investigation of such a case as the unfortunate shootout is going on, this debate might be raised where the agencies ask a private company to take bypass certain security mechanisms, and the company refuses.

In this scenario if the final verdict favours the company, then the company would be hailed as a privacy hero, and while the agencies would apparently face a defeat, behind the scenes, the actual case might be bit different. The agencies might have been able to break the mechanism by itself all the while! The widespread media attention to this case would establish the fact among others that the agencies are not capable of decrypting certain communications, while in reality, they are. So, it becomes a win-win scenario for both the agencies and the tech company.

While this is a mere speculation, I do not believe that this is true, considering that the related shootout is a terrible incident in itself and I doubt that anyone with a sane mind would exploit such an event to achieve their gains. Our deepest sympathies and condolences cannot bring back the lives of the victims or lessen the loss of their loved ones.

I hope that justice is delivered and the authorities are able to take steps to prevent such incidents. But at the same time, this should not translate into the lessening of security in all products used by everyone on a daily basis. Once a weak link in introduced in the system, it is only a matter of time that it would be inevitably exploited.

Comment using Facebook

comments

Leave a Reply

Your email address will not be published. Required fields are marked *