Saturday, February 20, 2016

Clash of the Titans: Apple vs. The U.S. Government



February 20, 2016

Clash of the Titans: Apple vs. The U.S. Government

I’ve had many spirited discussions and read many thought-provoking articles since the Federal Magistrate ordered Apple to cooperate (even more than they already have) with the FBI in the investigation of alleged San Bernardino terrorist Sayed Farook and his locked iPhone 5c.  Most of the arguments on both sides of the issue are compelling.  I’m not here to make a case as to whether or not Apple should comply with the order or fight the legal battle, rather to bring out some points I haven’t read to date about the case.

The Legal Precedent

Research of the legality of the Government’s order yields invocation of the All Writs Act for justification of the order.  The All Writs Act was enacted in 1789, long before technology was even a glimmer of what it is today.  In a nutshell, the Act allows the Government to compel a private business to utilize measures already in place for benefit of the Government’s use with a valid court order.  The emphasis on the previous sentence is purposeful because, if we take Apple CEO Tim Cook at his word, they do not already have the means to do what the order dictates they do.  This is no doubt (at least part of) the legal grounds upon which the attorneys at Apple will stand in their challenge of this order.  If they judge Cook and Apple’s current abilities as truthful, the judgement may be clear.

The Value of the Data

Let’s be clear about the circumstances of this case:  The suspects are dead.  There are no civil or criminal charges to be brought upon them in order to bring them to justice.  That fact alone makes the information the FBI is seeking much more in the realm of intelligence vs. evidence.  While it’s true that evidence of other conspirators or plans may exists on the phone, it is likely that the value of the data which the FBI seeks falls much more in the intelligence category than it does evidence.  This is an important distinction.  If the FBI were seeking to gather evidence to prosecute two imprisoned would-be terrorists for their heinous crimes, the value of the data would be unquestionable and Apple would arguably have a moral responsibility to comply.  However, the intelligence on the phone is largely speculative.  In fact, all reports suggest the data would amount to a month and a half worth of intelligence because the FBI has already lawfully obtained the iCloud backup of Farook’s phone.  So to be clear, the FBI is speculating that roughly 45 days worth of additional data may unlock the keys to further plots, actors, etc.  Is that a reasonable investigatory conclusion or a fishing expedition?



The Mobile Forensic Implications

Consider that if Apple does what the order states, they are altering the data on the phone, which is in direct conflict of accepted forensic methods & practices.  Yes, I know that in mobile forensics the data is often altered a very minimal amount to allow us to access it, but let’s say that the order is successful and Apple performs this data-altering procedure and the data leads to a criminal charge or charges.  Now, the agents who performed this extraction to get this evidence need to defend their actions in court.  How do you defend something that’s never been attempted before?  Further, the procedure needs to be replicable by other practitioners in the field and validated.  Is that possible in this case?  At the heart of it, what is the difference between what the Court Order is dictating and a simple jail-break of the iPhone?

These points touch on just a portion of any number of legal scientific arguments that call the procedures dictated within the order at least somewhat into question.  As my article Read This Before You Use the IP Box states, getting the data at all costs isn’t necessarily in the best interest of digital forensic science or practice.

The Responsibility of the Data

At the heart of many arguments I’ve read is Apple’s “moral responsibility to society” to do what some dictate is the “right thing”.  But what is mostly overlooked is the fact that Farook was a government employee and his phone was a government-owned phone.  Perhaps the true responsibility lies upon the government employer to have put measures into place to allow access to the device at an enterprise level so this large legal-tech battle wouldn’t have to be taking place, further costing tax-payers and Apple millions of dollars.  Just some food for thought.

Sadly, whomever was in charge of the issuance of those devices at Farook’s workplace didn’t have the foresight to put those measures in place.  It would be interesting to see if the same organization has since put appropriate measures and policies into place for their issued smart phones or if they have moved on, not learning from their mistakes.  There is no ‘chicken and egg’ argument here.  The ultimate responsibility for access to that device and data lies with Farook’s employer and they failed at that responsibility.

The Perfect Storm

It is fairly likely that the legality of the Court Order will ultimately be argued and decided by the Supreme Court of the U.S. (SCOTUS).  Unfortunately, this case has come about in a period of political and institutional upheaval.  Not only are we in the midst of a very contentious Presidential race, but to add to the fervor, Justice Antonin Scalia has died and the filling of his seat on the SCOTUS is very much in question.  I will not speculate how Scalia would have ruled in this case, but I will put forth that his voice would most certainly have been heard.  Will the next SCOTUS Justice’s voice be heard just as much?  Will they have just as much of an impact?

Interestingly, in my observance of this debate, I’ve seen where people from both sides of the political spectrum have weighed in with unexpected opinions.  It seems that the issue boils down to personal privacy vs. Government overreach.  Who knows, perhaps this is one case where the “D” or “R” next to your representative’s name won’t have as much meaning as their personal philosophy & beliefs about privacy and the role of government.

Clash of the Titans

There’s an old adage when it comes to challenging the Government: “You can’t fight City Hall”.  In case you don’t already know, this is because the Government has unlimited resources to fight any case they choose.  Most people I know, even in popular/celebrity culture, do not have unlimited resources.  But Apple isn’t a person, it’s a company, and one of the largest (if not THE largest) in the world.  They have resources.  Billions and billions of dollars in cash to fight this fight.  I predict this will be the seminal legal-tech case of our time.  There will be others, but no other case presents the challenges of modern technology, the power it harnesses and the privacy concerns it brings about vs. the purported “common good” that the government strives to provide.

Just like many other bloggers and pundits have speculated that Apple can do what the order calls for “in 30 seconds”, I’ve heard from insiders that the FBI already has the ability to bypass the passcodes on i-Devices.  Is it true?  Perhaps not.  But if it is, that means the U.S. Government is using this case to make a statement.  It means this is a calculated strategy on the part of the U.S. Government to challenge and, as I’m sure they hope, make an example of Apple.  It would also mean that they are taking up a large legal battle under false pretenses.

There’s another old adage that may be appropriate:  If you’re going to strike at a King, strike to kill!  Even if Apple loses their fight in the order, they will have made a stand for what they believe in as a business and a service provider.  Even if they lose, they win because they will have conducted a very public, very powerful battle against the biggest titan of them all.  The Government can’t strike to kill Apple because they are kings in their industry.  

Either way, this will be an interesting battle to say the least.  This Digital Forensic practioner will be watching with great interest as the arguments unfold! 


Author:
Patrick J. Siewert, SCERS, BCERT, LCE
Principal Consultant
Professional Digital Forensic Consulting, LLC
Virginia DCJS #11-14869
Based in Richmond, Virginia
Available Globally

We Find the Truth for a Living!

About the Author:
Patrick Siewert is the Principal Consultant of Pro Digital Forensic Consulting, based in Richmond, Virginia.  In 15 years of law enforcement, he investigated hundreds of high-tech crimes, incorporating digital forensics into the investigations, and was responsible for investigating some of the highest jury and plea bargain child exploitation cases in Virginia court history.  A graduate of both SCERS, BCERT, the Reid School of Interview & Interrogation and various online investigation schools (among others), Siewert continues to hone his digital forensic expertise in the private sector while growing his consulting & investigation business marketed toward litigators, professional investigators and corporations.
Twitter: @ProDigital4n6

Tuesday, February 9, 2016

Please nominate Pro Digital Forensic Consulting for DIGITAL FORENSIC BLOG OF THE YEAR

February 9, 2016

Friends,

As many of you (over 20,000) have enjoyed the articles posted on this blog page in 2015, we are humbly asking for your support in nominating the Pro Digital Forensic Consulting blog as DIGITAL FORENSIC BLOG OF THE YEAR for the 2015 Forensic 4:cast awards.

We started off 2015 with a bang by challenging billionaire Mark Cuban and his claims that the data from his "private" mobile app, Cyber Dust "never touches a hard drive.  We followed that up with stories from the field and real-world case studies that were re-posted by the likes of Guidance Software and the Forensic 4:cast site itself.  By the end of 2015, we had over 20,000 hits on the blog in just 12 months! All of the content is original and we work hard to keep it timely and relevant (and not too geeky).

Now, we're asking for you to simply nominate our little blog to be recognized in the field.


Here's the link to nominate. Please make sure to list the blog name as the PRO DIGITAL FORENSIC CONSULTING BLOG:   https://forensic4cast.com/forensic-4cast-awards/


Thank you so much in advance for your nomination.  With your help and a little bit of hard work, we might just make a difference!

Onward!



Author:
Patrick J. Siewert, SCERS, BCERT, LCE
Principal Consultant
Professional Digital Forensic Consulting, LLC
Virginia DCJS #11-14869
Based in Richmond, Virginia
Available Globally

We Find the Truth for a Living!

About the Author:
Patrick Siewert is the Principal Consultant of Pro Digital Forensic Consulting, based in Richmond, Virginia.  In 15 years of law enforcement, he investigated hundreds of high-tech crimes, incorporating digital forensics into the investigations, and was responsible for investigating some of the highest jury and plea bargain child exploitation cases in Virginia court history.  A graduate of both SCERS, BCERT, the Reid School of Interview & Interrogation and various online investigation schools (among others), Siewert continues to hone his digital forensic expertise in the private sector while growing his consulting & investigation business marketed toward litigators, professional investigators and corporations.
Twitter: @ProDigital4n6