Passwords, privacy and protection: can Apple meet FBI’s demand without creating a ‘backdoor’?

Apple’s security will erase a phone’s contents after a certain number of failed attempts – something the FBI wants to avoid.
janitors/flickr, CC BY

A second approach is to force a delay after each failed attempt. If the real authorized user accidentally types in the wrong code, she won’t mind waiting 60 seconds before the phone will let her try again. But for a computer that wants to try a million possibilities, the time required to try all possibilities has gone up by a factor of a million or more.

The FBI, of course, should have no difficulty programming a computer to try all possible passwords. It simply wants Apple to turn off the defenses.

What the FBI is and isn’t asking for

The feds aren’t demanding Apple create a “backdoor.” In encryption, a backdoor is when someone has a means to access protected content outside of the normal (frontdoor) process. For example, there could be a skeleton key built into the encryption mechanism. The National Institute for Standards and Technology is reputed to have built such a facility into a random number generator, a function used in the heart of most encryption techniques.

Encryption with a backdoor is technology explicitly designed so that a third party – in most cases, law enforcement – can gain access to the protected data when the need arises. But it’s very hard to build a backdoor into encryption, while still making it hard for an attacker to defeat. I don’t believe anyone is calling for such encryption anymore.

In a letter to customers, Apple CEO Tim Cook said that it will fight the FBI’s request because it would make all users’ data less secure.
Carlo Allegri/Reuters

Rather than tinker with its encryption, the FBI says it has asked Apple only to modify the defense mechanism —> Read More