I agree with Adi Shamir, an outlier in the Apple v. FBI case. Apple should not have made the work phone used by the San Bernadino shooter its test case for defining the line between security and privacy.
The government is holding better cards. The phone in question was owned by the employer, the branch of the local government for whom the shooter worked, and the employer gave permission to access the phone’s data. Apple will have a weak case saying it is protecting the privacy of data for a user who is dead on a phone he did not own.
Shamir, a renowned cryptographer, says Apple goofed in the way it implemented security in the latest iPhones. Its feature of erasing the phone after ten tries is something specific it could be expected to undo, given earlier iPhones did not implement it. The iPhone needs a more automated crypto lock, a mouse trap that springs on hinges Apple did not build, so it could tell law enforcement with a straight face it cannot unlock the handsets.
Apple could have quietly opened the phone for the FBI. No one outside a couple security experts at Apple would have known about it, ironically, because we all know how good Apple is at keeping secrets.
Apple could have implemented a more cryptographically automated security feature. It could have waited for a test case where it was protecting a phone owned by a legitimate living user.
Alas, the river has been crossed. A big spotlight will fall on U.S. District Court judge Sheri Pym as early as March 22. It would be easy for the judge to rule on some detail such as who owned the phone or the security feature rather than articulate a clear line in the digital sand between security and privacy.
Ultimately, whatever the court decides will be appealed and appealed. It could take years of legal wrangling and analysis to infer whatever ragged line it is the courts will draw.
To read the rest of this article, visit EBN sister site EE Times.