RUNNING HEADER: The Great Encryption Debate

The Great Encryption Debate

Anthony Spina
University of North Carolina at Charlotte

The Great Encryption Debate

Anthony Spina
UWRT 1104-001
14 April, 2016
Ever since the creation of connected devices, i.e. devices that can connect to the internet,
there has been a risk of them being accessed by someone other than their owner, and the
information on them be used maliciously. To counter this, device manufacturers have been
working tirelessly for decades doing security research and finding flaws in their software that
allowed this malicious access, and have been doing their best to patch these flaws so that their
platforms could be stronger and more secure. A negative consequence of this security is, when a
criminal uses one of these devices for a crime, and law enforcement needs to access the contents
of the device for the sake of their investigation, the same security that is made to protect us keeps
law enforcement from doing the same. You see, when a device is very strongly encrypted, it can
be next to impossible to access the devices contents. While this is good for consumers who want
to be protected from those who have malicious intent, this same security can hinder investigators
from gaining access to information that can stop potential future crimes from happening. Now
this topic hasnt been very publicized and critical over the past few decades, but over the last six
months, it has recently come to light in lieu of the Apple vs. the FBI court case.
In November of 2015, there was a shooting at Inland Regional Center in San Bernardino,
California. It was later identified that the two perpetrators, who were both shot and killed shortly
after the incident, were identified as two radicalized individuals who had intentions of carrying
out mass shootings and bombings (Wikipedia, 2015). After the shooting, the FBI began

The Great Encryption Debate

investigating the two perpetrators, and found that one of them had an Apple iPhone 5c that was
recovered as evidence, and could potentially have information on it to aid the FBIs investigation
into finding any allies they could have had in their plot. The problem was, iOS devices like the
iPhone 5c have extremely strong encryption that is designed to protect users data. This
encryption, however, was keeping the FBI from accessing the information on the perpetrators
phone, and was potentially causing the FBI to lose out on some very valuable information that
could help them in their investigation. The iPhone 5c had a passcode lock on it that, if an
incorrect passcode was entered 10 times in a row, all the data on the device would be wiped. The
FBI later reached out to Apple for help in unlocking the device, and Apple first sent all of the
information they had in their possession on the device, and even sent a team of engineers to help
aid the FBI in accessing the device. After exhausting all of the different ways that they could
think of the get into the device, the FBI asked Apple to do something that would begin this huge
encryption debate.
The FBI asked Apple to create a modified version of iOS that would remove the safety
feature that deletes all the data on the device after 10 failed passcode attempts. This would allow
the FBI to do what is known as a brute force attack, which is basically using a super computer
to try thousands of different passcode attempts in an effort to unlock the device (Cook, 2016).
Not only is creating this modified software a difficult task, but its a near impossible feat for
anyone, even Apple, to accomplish. For almost a decade, Apple has been working day in and day
out to improve the security of their operating system by patching different bugs and exploits in
their software that have been discovered by hackers and security analysts, and that has made iOS
one of the most secure platforms ever to be created. Now, initially the FBI hadnt ordered Apple
to unlock the device. It began as a request, but Apple then refused the request, so the FBI decided

The Great Encryption Debate

that they should get a court to order Apple and their engineers to unlock the device. But Apple
refused this order for reasons that Tim Cook, the CEO of Apple, said it the best himself, The
government is asking Apple to hack our own users and undermine decades of security
advancements that protect our customers including tens of millions of American citizens
from sophisticated hackers and cybercriminals. The same engineers who built strong encryption
into the iPhone to protect our users would, ironically, be ordered to weaken those protections and
make our users less safe (Cook, 2016).
The FBI was also claiming that this would be a one-time only thing, which is just untrue.
If Apple complied with this court order, it would set a dangerous precedent that would allow
the FBI or any law enforcement agency to force a company to hack its own device whenever
they wanted (Cook, 2016). These devices are constantly getting more and more secure, and are
putting the information on them out of reach of police who are trying to access them for an
investigation. Detective Brian Collins, a detective for the Los Angeles Police Department who
does forensics analysis, works on about 30 smartphones a month. He claims that he can get into
most of them, but the percentage of devices he can gain access to has been shrinking for some
time now (Timberg and Miller, 2015). Therefore, the only way that law enforcement agencies
can get into these devices is by finding good hackers or by turning to the manufacturers for help.
And if Apple were to help unlock the San Bernardino iPhone for the FBI, then whats to stop
other law enforcement agencies and courts from ordering Apple to unlock devices in their cases?
Suddenly your secure iPhone or iPad doesnt seem so secure anymore.
A good question to be asked in all of this is why hasnt the FBI gone to any outside
parties to get them to help unlock the device? The FBI is offering a reward for unlocking the
device, so why arent people lining up to help? Well, it gets a little tricky. First off, the way that

The Great Encryption Debate

the FBI has handled this entire process has made them out to be the bad guys, so anyone who
would publicly help them would be viewed as helping the bad guys (Dave, 2016). The hackers
that could be capable of helping the FBI are choosing not to help not because they dont want to
or dont think its right, but its because the FBI insists that Apple must compromise their own
security. And now that the FBI is beginning to reach out to outside parties for help, to the
hacking community, this looks like the FBI was interested more in setting a precedent than
actually getting into the device (Dave, 2016). Another reason that nobody has really stepped up
to the plate, is because the iPhone 5c is now a three-year-old device, being released in 2013, and
its hardware is even older. Its also not a very common device anymore compared to Apples
newer devices, so people arent really actively trying to get into them (Dave, 2016). But there
was at least one group, a company called Cellebrite, that was known to be working on a hack for
the iPhone 5c that could gain access to the same information that the FBI is trying to see.
Cellebrite is also rumored to be helping the FBI with the case, which would take a lot of the
pressure off of Apple (Kharpal, 2016).
There would be a few benefits to having Apple help unlock the device, however. For
example, Apple is the company who created the software on the phone, so who would know it
better than Apple themselves? Next, creating something that would allow law enforcement to be
able to access these devices would make getting evidence for many criminal cases a lot easier,
because many criminals store critical information on these devices. An example of this in action
is, there was a case in Chicago where several men forced their way into the home of a retired
officer in March and shot him in the face as his wife lay helplessly nearby. When the victim,
Elmer Brown, 73, died two weeks later, city detectives working the case already were running
low on useful leads (Timberg and Miller, 2015). But a few months later, police confiscated a

The Great Encryption Debate

revolver that had belonged to Brown in a routine traffic stop that led officers to a Facebook post
that was made two days after Browns death, where a man posed for a selfie with the gun. Once
officers found the phone that took the picture, they were able to easily defeat the Android
devices swipe code and collect evidence that led to the arrest of Browns murderers (Timberg
and Miller, 2015). If law enforcement could get access to devices that easily, many more cases
could end up being solved just as easily.
Obviously, a decent case could be made for both sides of this debate. You could say that
the FBI is justified in asking Apple to unlock the device, because theyre the ones who made the
device so hard to unlock in the first place. Plus, there is evidence that information on these
devices can prove to be extremely useful in solving investigations. But one could also say that
Apple is very justified in refusing to help the FBI. If they were to make a modified version of
their software for the FBI, why couldnt they do it for the NYPD? Or the LAPD? Or the Chicago
PD? Realistically, something that needs to happen is that there needs to be a conversation
between law enforcement entities and tech companies to come to a general consensus on how
they should all proceed going forward when it comes to encryption and security of technology.
There is too much of a disconnect between governing bodies and the companies that make the
devices that we all use every day. Hopefully as a result of this conversation, there will be
legislation put into place that allows law enforcement agencies to get the help they need, but also
legislation that protects the companies from being forced to tear down all of the work that they
have done. After all, whats the point of security without laws to protect it?

The Great Encryption Debate

References
Timberg, C., & Miller, G. (2015). FBI blasts Apple, Google for locking police out of phones.
Retrieved from http://www.cpsk12.org/
Cook, T. (2016). A Message to Our Customers. Retrieved from
http://www.apple.com/customer-letter/
Dave, Paresh. (2016). Why few hackers are lining up to help FBI crack iPhone encryption.
Retrieved from http://www.latimes.com/
Kharpal, A. (2016). Apple-FBI fight caused a 20% spike in this firms shares. Retrieved from
http://www.cnbc.com/
Wikipedia. (2016). 2015 San Bernardino Attack. Retrieved from https://en.wikipedia.org/

The Great Encryption Debate

Reflection
The most interesting thing that I learned is this inquiry process would probably be how
strong Apples encryption on their devices is. I have always been a tech geek with a sweet spot
for Apple, so I have always had some idea of how secure their devices were, but when I did my
research for this paper and realized that law enforcement agencies have a lot of trouble getting
into these devices, it was very intriguing to me. The thing I struggled with most during this paper
was when I was doing research for it. This topic is very new so the most I could find were things
like online articles and YouTube videos, which made getting a decent amount of good sources
relatively difficult. I was able to overcome this by using Google Scholar and by using reputable
new sources to get good articles that I could use as sources for this paper. My inquiry question
changed slightly over time, from it being what is the governments role in the security of our
devices to what does the government and tech companies need to do in order to make sure our
devices are protected. I think it changed because before I was looking at this whole situation
from a customers/tech geeks perspective, which made me side with Apple over anything else.
But now, I can see both sides of the coin and can tell that we cant be just asking what the
governments role is, but we also need to ask what the tech companies role is too. It is important
to look at the context of my question because if taken out of context, like I had done with my
original question, then you could potentially miss out on some very important information from
the other side of the story. I think my analytical/evaluation skill have changed somewhat as a
result of this project. I think I have begun to analyze differing viewpoints a little better than I had
before, because I used to just look at the viewpoint that I agreed with without looking at the other
sides view. Im most proud of the fact that I was able to relatively easily write this paper without
having to go back and add filler text because I had enough information on the topic to not have

The Great Encryption Debate

to do so. Something more I would like to know about this subject would be whether or not Apple
and other tech companies are going to sit down and have a conversation with the government on
how they should proceed in this area. I contributed positively to my group by making sure that I
answered all of their questions that they had and by giving them good feedback on their work.
Also by collaborating with them on a good grading scale for this project, as well as
brainstorming with them on good ways of structuring our papers. My peers feedback helped me
a lot because it allowed me get an outside view of my work and see some things that I wasnt
able to see before.