User Account

All Pages

The san bernardino massacre

Assignment Help Business Management
Reference no: EM132860658

The San Bernardino Massacre

On December 2, 2015, a married couple used automatic weapons to attack and kill 14 people during an employee training event and holiday party at the Inland Regional Center in San Bernardino, California. One of the shooters was an employee of San Bernardino County, the sponsor of the event. Nine of the 14 victims died in an 85 × 50 foot conference room during an ambush. Three victims died just outside the building, and the remaining 2 victims died in a triage station that emergency responders had set up nearby. Twenty-two additional people were injured. Survivors identified the two shooters, who were killed by local police in a shootout later that day in the nearby town of Redlands. The male shooter had briefly attended the event, left, and returned with his wife to commit the attack. During a televised address from the Oval Office of the White House on December 6, President Barack Obama declared the attack was a terrorist act. The next day, the Federal Bureau of Investigation (FBI) began a counter-terrorism investigation.

On February 9, 2016, the FBI announced that they could not unlock the Apple iPhone 5c that belonged to the male suspect. The specific iPhone ran the iOS 9 operating system. The county of San Bernardino had previously purchased the phone for the suspect's use in his role as a county employee. The suspect also owned and used an Android phone that government investigators were able to access. The FBI was concerned that the male suspect's iPhone 5c might have additional data that would be useful in identifying any links the couple had to terrorist groups. The FBI asked Apple to create new version of iOS that could unlock the phone and allow the FBI access to the phone's content. Apple was given until February 26 to comply. On February 16, 2016, Apple CEO Tim Cook released a public letter explaining why the company was not cooperating with Federal requests to access the male San Bernardino suspect's iPhone 5c. Cook stated:

We are challenging the FBI's demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

While we believe the FBI's intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

Apple Iphone Encryption Policies

Apple Inc. designs and manufactures the iPhone, one of the most popular lines of smartphones in the United States. Consumers use their iPhones to send and read messages, post to social media, and access apps. Apple's iPhones, as well as the iPad tablet computer, run an operating system called iOS. Competing models from Samsung, Motorola, and dozens of other manufacturers use Google's Android operating system. By 2015, smartphones had become the dominant product category in the U.S. wireless phone industry, surpassing a more limited category called feature phones that could run only a few specialized apps.

Because smartphones also contained GPS technology, law enforcement officials can use the smartphone as a convenient means of determining where a suspect has been, with whom the suspect communicated, and more. However, mobile devices such as smartphones and tablets are also tempting targets for hackers and criminals because users often store valuable data such as passwords, financial data, and other records. Encryption is used to protect data within these devices through a mathematical process that scrambles or encrypts the data. Encryption is also used to protect data in transit; one example is HTTPS, a secure mode used in Web browsers. The data can be decrypted by providing appropriate credentials, such as passwords or cryptographic keys. The encrypted data is only as secure as the credentials themselves.

Securing and Encrypting Data

The iPhone 5c was a low-end model that Apple introduced in September 2013 for value-conscious customers and emerging markets. This model was also a popular choice for companies and organizations that provided iPhones to their employees for business use. The iPhone 5c was easily identified by its colorful polycarbonate case, which was visually different from the aluminum case used in the iPhone 5 and 5s. In this phone, and earlier models, lockcodes and data encryption were handled exclusively by iOS, which created security issues. Third parties such as investigators, hackers, and criminals could exploit vulnerabilities in iOS to intercept, record, and access devices. The iPhone 5c did not include the Touch ID sensor, which, in later models, allowed users to unlock a specific iPhone with a fingerprint. The iPhone 5c was the last iPhone that carried the "squircle" symbol on the home button. The iPhone 5c faced steep competition from low-priced Android smartphones, as well as less powerful feature phones, and became a disappointment for Apple. The 5c model was discontinued in September 2015, when Apple introduced the iPhone 6 and iPhone 6 Plus.

The Touch ID sensor is installed in the home button, and is electronically linked to the specific iPhone, making it impossible to unlock an iPhone by replacing the home button. Touch ID sensors allow the individual user to enroll several fingerprints to unlock their iPhone or iPad. The device does not save a picture of the fingerprints. In the iPhone 5s and later models, Apple saved the fingerprint data as encrypted maps in the Secure Enclave, a separate CPU embedded within the device's CPU. Apple designed and manufactured its own CPUs for iPhones and iPads. The Secure Enclave was specifically designed to handle data encryption and Touch ID processes for the device, using a small and efficient operating system that was much more secure than iOS. By removing encryption and lock features from the CPU and putting them into the Secure Enclave, Apple made it far more difficult for unauthorized third parties to unlock and decrypt its newer devices. This change also prevented Apple from creating customized versions of iOS to unlock the iPhone 5s and later devices, because Apple had no access to the Secure Enclave and UID inside of these devices.

Apple Resists Decryption Requests

Prior to this incident, Apple had resisted government requests to provide access to iPhone and iPad data in criminal proceedings. In October 2015, U.S. Magistrate Judge James Ornstein of the U.S. District Court for the Eastern District of New York asked federal prosecutors why they needed access to an iPhone 5c that belonged to a male suspect, Jun Feng, who had already pled guilty to methamphetamine distribution in New York City. Feng had previously configured his iPhone 5c to erase its data after 10 consecutive unsuccessful attempts to unlock the phone. The Erase Data feature was available in iOS 7, the operating system version that originally shipped with the iPhone 5c in 2013, as well as iOS 8 and iOS 9. The 10-attempt policy could completely erase data from the affected phone, in a manner that made data recovery from the device virtually impossible. When Apple was asked to help retrieve the data, Apple lawyer Marc Zwillinger responded, "Right now Apple is aware that customer data is under siege from a variety of different directions. Never has the privacy and security of customer data been as important as it is now." He continued, "A hypothetical consumer could think if Apple is not in the business of accessing my data and if Apple has built a system to prevent itself from accessing my data, why is it continuing to comply with orders that don't have a clear lawful basis in doing so?" The Judge appeared to agree, strongly resisting the prosecutors' requests to unlock Feng's phone:

In light of the fact that the defendant against whom evidence from the subject telephone was to be used has pleaded guilty, I respectfully direct the government to explain why the application is not moot. To the extent the response requires the disclosure of information occurring before a grand jury, the government may file its response under seal, along with a redacted version suitable for public access.

Law enforcement officials in New York City had been vocal advocates for government regulation of encryption. In May 2016, Cyrus R. Vance Jr., the district attorney of Manhattan, stated that his office had over 230 iPhones that could not be used in criminal proceedings because they were locked. Apple had refused to assist his offices with these devices, including Feng's iPhone 5c. Apple had built several features into iOS to prevent unauthorized users from gaining access to a device. Four-digit passwords are one example; iOS 7 and iOS 8 users had the option of enabling six digit or alphanumeric passwords. iOS also restricted access to a device after consecutive unsuccessful login attempts, by using a one-minute timer to force the user to wait, or requiring the user to connect the iPhone to a computer that is running iTunes. For these iPhones, even Apple could not bypass the user's lockcode as all data saved in the device's SSC was encrypted with a 256-bit key. iPhone and iPad users were forced to set up a lockcode when they started using iOS 8, and that lockcode was "entangled" with the unique identifier (UID) of the specific device in such a way that the device's data could not be accessed directly, even if the SSD chips are removed from the iPhone or iPad. The UID itself is a 256-bit number, stored in a permanent form in the CPU and available nowhere else on the device.

The Government Hacks Its Way In

On February 22, 2016, the Department of Justice indicated that it wanted access to locked iPhones involved in 12 separate criminal cases. These phones were in government custody as evidence, but could not be unlocked because the owners were unable or unwilling to provide their lockcodes. While there was no indication that any of these dozen cases were linked to the San Bernardino crimes or other terrorist acts, it seemed clear that the Department wanted to use the San Bernardino situation as advantage for additional powers over encryption.

On March 28, 2016, the Department of Justice announced that it had found a way to unlock the San Bernardino male suspect's iPhone 5c without assistance from Apple. After weeks of speculation, FBI Director Covey announced that the U.S. Government had paid an undisclosed third party at least $1.3 million to defeat the 10 login limit on the male suspect's iPhone. This allowed investigators to repeatedly try different passwords until the iPhone was finally unlocked. At that point, investigators could access the specific phone's encrypted contents.

It is possible that the Federal government could not tell Apple how it gained access to iPhone, if the exploit was done as part of a Vulnerabilities Equities Process (VEP) performed by the Federal government against the specific iPhone. The VEP framework was established by the White House in 2010 to allow various Federal government agencies to discuss how they each deal with information security flaws. The National Security Agency (NSA) tends to keep flaws and vulnerabilities secret so that they may be reused as needed; it also allows them to resist efforts by other Federal agencies to release or disclose this information.

The FBI has a history of overcoming and sidestepping encryption. Details about specific operations are difficult to find, as the Bureau tends to classify many of its tools and techniques. In 2003, FBI investigators requested and received permission to install eavesdropping software in personal computers used by an animal rights group that was under secret investigation for industrial sabotage. Codenamed Operation Trail Mix, the investigation resulted in the convictions of six activists under the Animal Enterprise Protection Act. The activists used encryption software called PGP (Pretty Good Privacy) that encrypted their messages. Decrypting the messages required a password or digital encryption keys. It is possible that the FBI's software captured every keystroke on one or more specific computers, eventually yielding the password or keys. The New York Times sued for and received access to Operation Trail Mix records under the Freedom of Information Act; however, details regarding the eavesdropping software had already been classified secret by the FBI.

Governmental agencies have used encryption since the 19th century. In 1994, the U.S. National Security Agency (NSA) and the White House asked AT&T to add an encryption mechanism called a Clipper chip into a new model of secure telephone. The Clipper chip included backdoors or secret points of access that government investigators could use to access and intercept telephone calls. Public outcry stopped this effort, and the U.S. Government finally allowed strong cryptography to be implemented in consumer devices. In 2016, the U.S. Government's request that Apple provide access to unlock iPhones was regarded as a heavyhanded attempt to add backdoors to hundreds of millions of mobile devices.

While the FBI and NSA fought vigorously for backdoors, other federal agencies helped fund the creation of encryption software, such as to aid activists in other countries. Technology companies acted on their own to add encryption to their services. In March 2016, Whatsapp, a messaging service operated by Facebook, turned on end-to-end encryption. Viber, a competing messaging service, added a similar feature the following month.

Apple Vows to Increase Security

For its part, following the San Bernandino incident and federal intervention, Apple executives vowed to improve iPhone and iPad security and privacy. While Apple had refused government requests to unlock iPhones and iPads, Apple had generally cooperated with government requests to extract and transfer user data stored in the iCloud service. Companies such as Apple, Google, Microsoft, Twitter, and Facebook regularly publish transparency reports that list instances when user data have been turned over to governmental authorities in many countries. In Apple's report for the first half of 2015, the company revealed it had received almost 11,000 requests for iCloud user data tied to approximately 60,000 Apple iPhones and iPads. Apple provided some iCloud data for about 7,100 of the estimated 11,000 requests. A form of end-to-end encryption that allowed only the sender and receiver to encrypt and decrypt messages already protected one popular Apple service, iMessage. iMessages are used as a substitute for text messaging on Apple devices, and can transmit text, emojis, photos, and videos.

Apple executives decided to add automatic encryption to the iCloud service, which meant that Apple itself would be unable to decrypt any user data stored in iCloud, including iPhone and iPad backups. The service is also used to store encrypted copies of user passwords entered into Safari and other iOS apps through a system called iCloud Keychain. The Keychain helps users who have more than one iOS device access stored passwords across the devices. However, the service already had a destruct switch that would purge the Keychain from the iCloud servers after ten incorrect login attempts. By encrypting the entire iCloud service, Apple could provide better security and privacy for its customers, while reducing the company's exposure to law enforcement investigations. iCloud backups of iMessage data were already encrypted.

Because of the difficulties involved in adding encryption to existing online services, Apple was also developing more secure chips and hardware for future iPhones and iPads. It is far easier to encrypt data on a device than on a separate storage device or service. It was also generally expected that Apple would enhance the Secure Enclave. As older iPhones fell out of use, the opportunities to use third-party attacks and customized operating systems to open these devices would dwindle.

Questions for Discussion

  1. What was Apple's motive in not giving the FBI access to the San Bernadino suspect's iPhone? Is Apple genuinely interested in protecting consumers' privacy or in protecting its brand and products?
  2. What responsibilities should device manufacturers like Apple have to assist in government investigations, especially when serious crimes such as terrorism are involved?
  3. Should the use of encryption be more tightly regulated?
  4. Should device manufacturers be compelled to unlock or decrypt devices under extraordinary circumstances such as the San Bernardino case?
  5. Apple tried to balance user experience, user convenience, and security in its devices. Should Apple continue to do , or attempt to emphasize one specific area?
  6. One potential solution is to minimize the amount of data stored within a device by relying on the cloud as the main storage medium. How might this approach affect consumers? Apple? Law enforcement?
  7. Overall, how do you evaluate Apple's handling of this case? Was the company being socially responsible or self- interested?

Reference no: EM132860658

Questions Cloud

Provision of the AICPA Code of Conduct : Choose one provision of the AICPA Code of Conduct and explain it using your own words. Why is it important that accountants follow this provision?
Prepare the journal entries for both firms : Interest was payable annually on December 31. Prepare the journal entries for both firms to record interest at December 31, 2021
Explain the role cybersecurity policy plays in securing : Explain the role cybersecurity policy plays in securing private organizations, public organizations, government organizations, and the nation's infrastructure.
How would a well-designed cybersecurity policy program help : How would a well-designed cybersecurity policy program help secure a government agency, such as the Department of Homeland Security (DHS)?
The san bernardino massacre : On December 2, 2015, a married couple used automatic weapons to attack and kill 14 people during an employee training event
Analyze the space race : Analyze the space race. What did it mean for the U.S. and USSR during the Cold War? Is it worth the cost, considering the growing debt?
Evaluate the different types of access controls : Why does an organization's management present special challenges when it comes to policy compliance? Evaluate the different types of access controls.
Ten important factors that comprise an awb : What are the ten important factors that comprise an AWB?
Big data analytics and blockchain : Once global data started to grow exponentially a decade ago, it has shown no signs of slowing down. Review Blockchain and Bitcoin concepts.

Reviews

Write a Review

Business Management Questions & Answers

  What form of decision-making are you using

You just feel that more research on this drug has merit. What form of decision-making are you using if you decide to continue researching this drug because you feel that doing so has merit?

  Why are actions in walmart violations of ethical behaviors

1). What are two known unethical business actions that occurred in Walmart from 2015 to present?

  Models of exemplary supply chains

Both Walmart and Apple are held out as models of exemplary supply chains by our case writers.

  Board of directors at fannie mae and freddie mac

In what way did the Board of Directors at Fannie Mae and Freddie Mac contribute to the financial failure faced by both organizations?

  Input sequence that traverses all transitions in r

Let R(n) be an n-bit register with n-inputs and n-outputs. 1. Determine the shortest input sequence that traverses all transitions in R(n).

  Legal factors impact international trade

How do political and legal factors impact international trade?

  Discussing the six key functions of a business operations

Create a 6 - 8 slide Microsoft PowerPoint presentation identifying and discussing the six key functions of a business's operations.

  Examples current events in the world

What are examples current events in the world that revolve around the category of Planning, Controlling and Organizing?

  Budgeting and financial management

All county health departments should use identical marketing strategies to market public health services.

  Relationship between inefficiency and ethical behavior

-Based on the response to Hurricane Katrina, what is the relationship between inefficiency and ethical behavior for leaders?

  Risk and rewards of entrepreneurship

To what extent do risk, rewards and motives contribute towards an entrepreneurs goals and analyse how effective a change of ownership has been for your chosen businesses performance.

  Describe the five steps of an infection

Describe the five steps of an infection. Does attachment always lead to colonization? Does colonization always lead to disease?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd