[Op-Ed] If the FBI Wins, it Won’t Be the End of iPhone Security
(Editor’s note: This is not my favorite take on the Apple-FBI case. There are still several reasons why the existence of an iPhone backdoor, no matter how complex, would be a threat to the security of all iPhone users. This article was meant to emphasize the fact that the FBI’s desired solution in the 2016 case was not a remote backdoor but instead a tool that could unlock iPhones only if they were possessed in person. However, this article glosses over several facts, like the potential for phones to be stolen or removed during customs checks or the potential for abuse by less scrupulous foreign governments if the proposed tool was ever leaked. There are certainly situations in which the possibility of a government seizing a cell phone without proper legal precedent is a reality.)
If you’ve been on the Internet in the past couple months, you’ve most likely read about the Apple-FBI debate surrounding the San Bernadino iPhone. This post isn’t intended to be a full breakdown of the case, so if you’d like to catch up on what’s happened so far, I would recommend reading articles from Wired, The Verge, Macworld, and any other sites, including Apple’s Customer Letter. Sometime in the future, I hope to write a more in-depth breakdown covering what’s going on, so keep an eye out for future posts. With that aside, I wanted to bring up something that might make the case seem a little less dramatic for all of us security-conscious iPhone users out there, and will make sense to anyone who’s read up on the FBI’s request of Apple.
There are two important notes about the FBI’s request that make the idea of a custom built iPhone passcode-breaker seem a little less scary. One, to actually use the passcode-guessing software that the FBI wants Apple to build, the FBI (or any law enforcement agency, for that matter) would need full, unfettered, and long-term physical access to the phone. This is not a software backdoor that would allow remote access to the iPhone; rather, it’s a tool that would require extensive time and physical access to use. To use the tool, law enforcement would have to physically confiscate your phone, and at that point we can assume that you’ve done something to generate probable cause.
The second point to consider is that the FBI is banking on the possibility that the passcode on the San Bernadino iPhone is short enough that it can be brute-forced. Logistically, the passcode needs to be four digits to be easily cracked. If you use an iPhone with a six-digit passcode – or better yet, a custom alphanumeric code – the passcode-breaking software will still work, but the time required to successfully brute-force the passcode would generally make the attack unfeasible.
Bottom line: if you have a four-digit passcode, and you feel that you’re in imminent danger of having your iPhone confiscated by the police, you might need to worry about your security. Or, you could stop doing whatever it is that would make you a police suspect in the first place. Ed: this is an over-generalization regarding the circumstances in which a cell phone could be confiscated by a government. The rest of us can just set up six-digit passcodes and continue on with our lives.