The FBI responded to Apple's open letter (opens in new tab), which warned the FBI is trying to set a dangerous precedent, by saying the San Bernardino iPhone unlocking case isn't about setting a precedent at all. However, a new report says that the Justice Department is trying to unlock at least 12 other iPhones, none of which are related to cases of terrorism.
The FBI tried to make it very clear in its letter that it wants Apple to only help it unlock the phone in this specific case, and nothing more.
"The San Bernardino litigation isn't about trying to set a precedent or send any kind of message," said James Comey, the FBI Director. "The particular legal issue is actually quite narrow. The relief we seek is limited and its value increasingly obsolete because the technology continues to evolve. We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land."
Yet, the new report from the WSJ says exactly the opposite; there are at least 12 other cases where the Justice Department might want to unlock iPhones. Some local law enforcement officials have also made comments about it, saying how FBI's case against Apple could be helpful for their own cases.
"It may be a question of finding the right case," said Jake Wark, the spokesperson for the DA's office from the Suffolk County, Massachusetts.
"It's going to have significant ramifications on us locally," said Matt Rokus, deputy chief of Wisconsin's Eau Claire Police Department.
"The court's ruling could have a significant impact on conducting sensitive criminal investigations," said South Dakota, Minnehaha County State's Attorney, Aaron McGowan.
These comments seem to directly contradict the FBI Director. Plus, if the FBI does win this case, it can't prevent it being used a precedent for other cases. It seems rather obvious that even if the FBI never tries to use it in the future as a precedent, which seems unlikely and hard to believe, others will.
Playing Word Games
FBI's Director, James Comey, is also being quite misleading when he said that they "don't want to break anyone's encryption," while arguing that they want to "try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly."
The very purpose of encryption is to protect a message from being deciphered—not for only a month, or a year, but forever. Saying they don't want to directly decrypt the message with a master key, but only want the ability to easily crack that encryption is ultimately a distinction without a difference, and the FBI is merely playing word games.
It's actually no different than when the U.S. government forced all commercial companies to use 40-bit encryption two decades ago, with the argument that it doesn't want companies to stop using encryption, but it still wants to be able to break that encryption. When encryption can be easily broken or bypassed like that, then it's pointless.
Weak Protection Is No Protection
The FBI wants devices to be protected by only four or six digit PINs with no additional protection, because it knows four or six digit PINs can be easily cracked, which means they aren't very good at protecting information. That's why Apple, and recently Google as well, have added the rate limiter to PIN authentication. When too many ties (more than 10) are attempted, the device wipes itself to protect the data against forced unlocking.
Ultimately, it boils down to one idea: if a security feature can be broken within minutes or hours, then it's not a very good one, and at best it serves as security theater. The better the security, the safer our devices are, and the FBI is arguing the opposite; that our devices shouldn't be very secure so they, and anyone else who might steal the devices, can hack into them and obtain the data.
Despite its pleas for better cybersecurity and warnings that enemies of the U.S. could take down critical infrastructure or steal vital government information in the past, the U.S. government has quite a hostile attitude towards actual cybersecurity. It seems to believe that any security that can't be bypassed or broken within hours is a bad thing, and we should not accept it in our devices. This type of anti-cybersecurity policy could have quite terrible consequences in the long term, both from an economic and a general security point of view.
Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu.