Regarding the San Bernardino iPhone 5C, Daniel Kahn Gillmor over at the ACLU blog writes about something I’ve pondered myself: why doesn’t the FBI simply attack the hardware itself? Specifically, why not back up the phone’s NAND memory, which contains the encryption key, so that they can simply restore the key even if it gets erased by making 10 incorrect guesses.
As Gillmor says, desoldering the NAND chip and making a copy of its contents is a routine operation requiring very a modest set of equipment. There are, in fact, commercial enterprises that provide this service. There is, then, no real reason to force Apple to unlock the phone. No reason, that is, to accomplish what the FBI is claiming they want. But the FBI is being less than honest. What’s really at stake here is setting a precedent that the government can force Apple and other tech companies to sign arbitrary updates. This would have disastrous results in our already fragile security ecosystem because people would become suspicious of updates and refuse to install them. That, in turn, means that devices would continue running software with known vulnerabilities.
When Judge Orenstein asked the FBI—in the New York case—whether there was any way they could get the data themselves the FBI equivocated and basically refused to answer the question. Judge Orenstein called them out for that in his opinion but given that applications for a warrant are made under oath, why isn’t someone facing perjury charges?
A related question is why should we believe anything the FBI says on this or any other matter. By pushing so hard on this and lying at every stage of the proceedings—we’re only interested in this one phone; we have no other way of getting the data; and so on—the FBI, and by extension the DOJ and even the government itself, is squandering what little trust the public has left in them.
UPDATE: know → known