Apple doesn’t consider government intrusion a primary iPhone security threat, yet

64
Source:   —  April 16, 2016, at 1:37 AM

Senior Apple engineers perceive that government intrusion isn't their primary threat model when designing iPhone security and said they instead prefer to focus on fending off hackers.

Apple doesn’t consider government intrusion a primary iPhone security threat, yet

Despite Apple’s highly-publicized sparring match with the FBI over unlocking an iPhone that belonged to one of the San Bernardino shooters, security engineers pushed back against the idea of Apple as an opponent to the government in a meeting with reporters.

Senior Apple engineers perceive that government intrusion isn't their primary threat model when designing iPhone security and said they instead prefer to focus on fending off hackers.

The engineers also characterized Apple’s pushback against the FBI as motivated not by a desire to hinder a terrorism investigation, but rather to defend its skill to defend users against non-governmental threats.

Apple recently revamped its internal security teams, which govern the security aspects of shipping products, conduct threat testing against Apple’s own devices and act as a sort of filtration system that places security at the nexus of what it does. Given Apple CEO Tim Cook’s powerful statements on security as a lynchpin of Apple strategy, that’s not shocking.

The security features of Apple’s iPhone have been highly scrutinized in the wake of the shooting at the Inland Regional Middle in San Bernardino, CA, that killed fourteen people. The FBI attempted to compel Apple to design custom software that'd assistance unlock an iPhone belonging to Syed Farook, on the of shooters, but later dropped its case after it was approached by a third party offering another way into the phone. Law enforcement executive from the Dept of Justice to the Manhattan District Attorney’s Office have argued that Apple goes too distant in its efforts to encrypt customer data, locking out investigators along with criminal intruders.

But Apple engineers disputed the theory that the tech giant’s security features enable criminals to evade law enforcement, saying that data security is fundamental to the safety of society as a whole. Apple executives also pointed to the many other avenues of investigation that are available to law enforcement executive in the digital age — location data collected from cell phone towers, social media posts, and transactional metadata attached to messages. The engineers’ remarks echoed a Q&A published by Apple in response to the FBI’s demands, in which the company called on the U. S. government to become an international boss in cybersecurity.

In its Q&A, Apple said the government should “form a commission or other panel of experts on intelligence, technology, and civil liberties to discuss the implications for law enforcement, national security, privacy, and personal freedoms.”

Engineers reviewed the features highlighted in the company’s Security White Paper today to clarify to reporters how Apple secures its customers’ data, and stressed that Apple’s rigorous design philosophy doesn’t stop at the iPhone’s sleek rose gold exterior — it’s baked into the device’s security, too.

In particular, Apple emphasized its unique skill to construct security into the iPhone starting at the silicon level — although other smartphone manufacturers sometimes outsource their chip production, Apple likes to hold everything in-house. Its latest phones ship with the Safe Enclave, a portion of the phone’s hardware that manages the keys used to encrypt the device, as portion of the chip.

Apple also emphasized the role of the consumer in securing the iPhone, highlighting features love Touch ID and two-factor authentication for iCloud as ways for users to hold their devices and data secure from prying eyes. As Apple has previously highlighted, prior to the introduction of Touch ID, Apple found that only forty-nine % of its customers protected their phones using a passcode. But after the introduction of Touch ID, passcode use jumped to eighty-nine percent, Apple engineers said (users are required to set up a passcode in order to implement the Touch ID feature).

Although Apple has worked to construct encryption into the iPhone from the beginning — it introduced end-to-end encryption in the earliest versions of iMessage and strengthened device encryption with the Safe Enclave — the iPhone’s security features have only begun to play a large factor in Apple’s marketing in recent years.

Consumer interest in encryption and security has risen in the post-Snowden era and spiked in the wake of the San Bernardino attack, which has influenced Apple to speak more publicly about the design and implementation of its security. It also means that it makes more sense presently than ever for Apple to create sure that the press and public are well informed when it comes to the technical and policy details of its security processes.

When the following San Bernardino case happens, Apple needs to create sure that the public understands the implications of the ‘it’s not just one iPhone‘ scenario.

One thing that bears considering is how long any tech company, including Apple, can afford not to view government intrusion as portion of its threat model. As mentioned above, Apple’s engineers do not currently do that, but any tech company that's the steward of enormous stores of user information (or who manufactures those stores in the form of devices) has to at minimum be considering the ‘govtOS’ vector.

In related news, Apple announced today that it'll fight against unlocking an iPhone in a NY criminal case.

Fighting government demands to unlock phones puts Apple in a tough position — if investigators continue to demand Apple modify its iOS to authorize decryption, the company will eventually have to determine whether or not to up its security even further and enable itself to refuse all government requests for data.

It’s not something that Apple wants to do — engineers declare they don’t wish to be viewed as government adversaries, and building in tougher encryption to the iPhone and services love iCloud might also imply abandoning some of the design and simplicity that's fundamental to Apple’s brand — but it may soon be time to comprise the government in Apple’s threat model, right alongside the hackers.

And as Apple has led the industry in smartphone innovation, it could lead in security innovation as well. Silicon Valley widely supported Apple’s opposition to building a special operating system for the FBI, dubbed (by Apple) govtOS, in the San Bernardino case. It’s likely that other tech companies will chase Apple’s lead as it continues to advance its users’ security. As engineers said today, data security is an ever-evolving target.

Featured Image: Justin Sullivan/Getty Images

READ ALSO
Claims of death threats emerge in disappearance of Wash. couple

Claims of death threats emerge in disappearance of Wash. couple

Police are treating the disappearance of 45-year-old Patrick Shunn and 46-year-old Monique Patenaude as "suspicious," because they declare it'south different for the couple to stay out of touch with family and friends for so long.

63
ABSCAM agents to FBI chief: Bureau's 'reputation' on the line in Clinton probe

ABSCAM agents to FBI chief: Bureau's 'reputation' on the line in Clinton probe

The agents, in a March sixteen letter obtained by Fox News, offered their support for Comey and the agents working the email case.

76
New Device Could Assistance Cops Capture People Who Text And Drive

New Device Could Assistance Cops Capture People Who Text And Drive

Ben Lieberman, DORC co-founder Also on HuffPost.

53
Carlos Santana on the Future of ‘Santana IV’

Carlos Santana on the Future of ‘Santana IV’

We wish to look how people reply to this worldwide. This was a worldwide band. You could hear [1970’s] Abraxsas anywhere in the world. We’ll get it, as basketball players say, one game at a time.

28