Game of Phones: Will Apple sue the FBI?

Does the FBI have to tell Apple how it cracked the iPhone? The answer is not straightforward, and is illustrative of the many problems surrounding encryption.

 

The many discontents of encryption

Encryption is a very important security measure and it is also a real pain. For one thing, once encrypted, devices have a shorter battery life, and transmit data at a slower speed. In order to encrypt a device, valuable real estate can be taken up by the security hardware. At AMREL, we are familiar with this challenge, because our customization services are often asked to add Trusted Platform Modules (TPM) to our computer platforms.

In addition, high-security encrypted devices create bizarre unforeseen consequences. Soldiers are sometimes ordered to use systems for which that they are not cleared. Repairmen often lack clearance, so a broken encrypted device must be disposed rather than fixed.

 

Apple vs. FBI

In the latest round of “Game of Phones,” another unforeseen consequence appears possible. After months of applying legal pressure to Apple, is it the FBI who will ironically be forced to yield up their secrets? Will they be forced to tell Apple how they did their hack?

How did the FBI crack the iPhone in the first place?  Rumors have been circulating that the Israeli company Cellebrite Mobile Synchronization cracked the iPhone used in the San Bernardino terrorist shootings. That the FBI had to use an outside contractor to crack the iPhone is plausible. For one thing, there is a reason that the phrases “FBI” and “leading-edge technological capabilities” rarely appear together.

That an Israeli company did the hack is also believable, for that country has earned a reputation for expertise in encryption. Israel has developed these skills because its computer networks are under constant attacks. In addition, it has the highest number of programmers per capita of any country in the world. There is even a highly developed ancient tradition of cryptology and secret codes within Jewish mysticism.

Still any rumor in the Middle East has to be greeted with skepticism. I have met hackers who have valued reputation over the risk of legal retribution by falsely claiming exploits. The Cellebrite rumor appears to have some credibility. Around the time of the hack, it is a matter of official record that the FBI paid over $200,000 to this company.  A lot of people seem to believe this rumor, because the shares of its parent company, Japan’s Sun Corporation, have risen 40% since March 2.

 

Our lips are sealed

The fact that it is likely that a private corporation was the one to hack the iPhone is significant in the issue of who tells what to whom. Supposedly, the government is bound to inform companies of vulnerabilities in their encrypted systems, as determined by something called the “Vulnerabilities Equities Process” (VEP).

The VEP was developed in a thoroughly transparent process and actively shared with the public by the administration. Just kidding. Everything about the VEP is opaque. The Electronic Freedom Foundation (EFF) had to sue under the Freedom Information Act to get a highly redacted version of the VEP, which can be viewed here.  The EFF is not impressed with this document. Judging by information about government actions as revealed by the Snowden leaks, the EFF has dubbed the VEP as “…so much vaporware.”

 

The weird world of administrative law

Or is it? Just how meaningful is the VEP?  IF Apple could persuade a court that according to VEP, the government has to reveal the vulnerabilities of their encryption, would the administration have to follow their own rules? The VEP belongs to that surreal realm of “administrative law.”  Congress didn’t pass it. By and large, it’s not determined by court rulings or precedent. It’s just something that a bunch of administrative agencies made up.

I called a lawyer who has more than fifty years of experience of using the law to annoy the government. I asked, “Do government agencies have to follow their own made-up rules?” Her answer was a definitive, absolute, unqualified “Maybe.” In addition, she said that whatever decision is made by the courts, it will be “political.”

 

“It is a tale told by an idiot, full of sound and fury signifying nothing”

It is extremely unlikely a court will determine if the VEP applies or not. The fact that a private party (Cellebrite) probably hacked the iPhone is significant, because the VEP does not apply to private parties. The VEP only applies to vulnerabilities discovered directly by government agencies themselves.

Furthermore, according to the Washington Post, “FBI Director James B. Comey has said that the solution works only on iPhone 5Cs running the iOS 9 operating system — what he calls a ‘narrow slice’ of phones. Apple said last week that it would not sue the government to gain access to the solution.”

So after months of the FBI pressuring Apple to hack its own iPhone, it withdraws from the case, and says never mind. After months of declaring that the iPhone hack will endanger all iPhones, Apple has similarly dismissed its efforts to force the FBI to reveal its secrets. Some have suggested that the “narrow slice” description is accurate and Apple is not truly worried about the security of its future platforms.

The one thing that is clear from all this brouhaha is that our legal structure is completely inadequate for dealing with issues raised by new technologies. In the original court case, the FBI sued Apple on the basis of a law written in 1789.

In the meantime, I have a sinking feeling that the privacy of the average user was not a great concern in this latest round of legal wrangling. As Elliot Hannon wrote in Slate, “We’re all digital piñatas really.”

 

New Ultra Bright, Ultra Thin, Ultra Rugged Tablet

AMREL has announced the launch of APEX PX5, a 10.1” fully rugged, sunlight readable tablet with one of the brightest and sharpest displays on the market.

“What sets the APEX PX5 apart is the crisp image quality,” explained Kalvin Chen, AMREL’s Vice President of Operations. “Its visual excellence is a result of more than the 1000 nits rating. It also has a bright backlight, anti-reflective coatings, WUXGA 1920 x 1200 resolution, and directly bonded LCD layers. Very simply, the APEX PX5 has one of the best displays on any rugged tablet in the world.”

Built into the APEX PX5 is AMREL’s 30 years of expertise of supplying fully rugged computers to the frontline warfighters as well as Public Safety officers. In addition to its enviable IP65 rating, it complies with MIL-STD 810G, the military’s premier ruggedness standard.

“With scratch-resistant Corning Gorilla Glass 3, tough magnesium chassis, and a durable ABS plastic cover, you can have complete confidence in the APEX PX5 Tablet no matter where you take it,” declares Mr. Chen.  “In spite of all this ruggedness, the lightweight APEX PX5 is less than an inch thick.”

The APEX PX5 is built to meet modern demands. Boasting a speedy 4th generation Intel® Haswell Core ™ i5 processor, the APEX PX5 Tablet is ideal for graphic and other data-intensive applications. Its capacitive multi-touch supports glove touch, and a digitizer option. Other options include snap-on modules for magnetic stripe reader, smart card (CAC), NFC, as well as 2D barcode. To complete the tablet’s offering, it has a vehicle dock, desktop dock, VESA mount bracket, 2-bay battery charger, and dual capacity battery pack for extended use. The APEX PX5 supports Public Safety, industrial, field service, and commercial applications.

“We’re proud of the flexibility of the operating systems,” states Mr. Chen. “You can choose to use either full Windows 7, or Windows Professional or Embedded 8.1. You even have an option to install Windows 10 Internet of Things Enterprise.”

Learn more at computers.amrel.com/apex-px5

“Bow Wave” is Critical to Defense Budgets

At AMREL we play close attention to pressures placed on the Department of Defense (DoD) budgets. We strive to respond to ever changing needs of our clients and market forces.

How are things going for the DoD? If you listen to the leadership, not so good.

“Every single time I stand on stage, I tell people the budget is getting worse and worse, and I’ve always proven to be correct,” said Tony Montemarano, executive deputy director (Defnse Information Systems Agency) … “there are a lot of legacy programs … that now will lose funding.” Signal

“Adm. Mulloy cited an old saying about Navy chiefs squeezing nickels ‘until the buffalo squeaks,’ advising chiefs today to watch their spares closely…” Signal

“The Navy continues to postpone much needed repairs and upgrades for the majority of our infrastructure,” said Admiral Michelle Howard, vice chief of naval operations. “We are still paying down the readiness debt we accrued over the last decade, but more slowly than we would prefer and at continued risk to our shore infrastructure.” VOA

The above represents just a small sample of the grumblings emanating from our military leadership. Complaints about budgetary limitations are ringing across the land. A half-trillion dollar Defense budget is just not enough.

 

Defense budget

What’s going on here? Is this just business as usual? After all, no officer ever advanced his career by loudly proclaiming his command had too much money. Let’s look at the Defense budget:

Defense 1

DoD Budget Request 2017

The budget for 2017 is $521.7 billion, which is down from previous requests (2013 was $525. 4 billion). As can be seen from the above chart, procurement funding has decreased, while funding for research has increased. Of course, this doesn’t include the Overseas Contingency Operations (OCO) budget, which has been slashed. Supposedly OCO doesn’t affect base expenses and is used only for actual war operations.

Could these relatively modest decreases be responsible for the economic squeeze that Defense is so vigilantly complaining about?

 

War is bad for living things and new acquisitions

During the Iraqi and Afghanistan campaigns, the DoD had to divert funding from upgrades, maintenance, readiness, and acquisitions to pay for the land wars. Furthermore, the money spent the land wars did not contribute to DoD’s assets or goals. Equipment was scraped, abandoned, or given away.

“For the most part, war-related acquisition funding was not used to modernize and recapitalize the inventory of equipment.”

Defense Modernization Plans through 2020

Bow Wave

As a result of this diversion, the programs for new acquisitions were stalled and goals became delayed to an unknown time. This created the phenomenon known as “Bow Wave.”  Think of the bow of a ship pushing into the ocean. The wave it creates is constantly moving forward. The defense community uses this as a metaphor for the current state of funding. A “Bow Wave” in defense parlance, is the delay into the indefinite future of major expenses. It’s sort of like a balloon payment at the end of a mortgage.

The “Bow Wave” is expected to suck all available funding, causing non-prioritized projects to suffer. As a result, the brass is scrambling to declare that their individual programs are overwhelmingly important, while the other guys’ pet projects are just waste.

In the big fight about defining what is and what is not waste, we could simply build the kind of military we need and get rid of everything else. One small problem with that way of thinking; take a look at DoD’s goals as outlined in the DoD Budget Request 2017.

“Funds a joint force with the capacity and capability to:

– Defend the homeland

– Respond to five challenges

o Russia

o China

o North Korea

o Iran

o Global counter-terrorism”

As you might expect, the forces required to deter Russia are quite a bit different from those that would engage China and so on. No one really knows what war we are going to fight next.

How is the “Bow Wave” going to affect defense-spending priorities?  A future blog post will discuss winners and losers in upcoming Defense budgets.