From Godzilla to Richard III
In last week's post we exposed the theory of dataism, which is the form of organization of power on which, for better or for worse, our post-industrial societies are reorganizing themselves. As proof of this, this week we want to return to a much-discussed story that shows dataism already in action. It is the story of the unlocking of the iPhone of the San Bernardino terrorist. A story that, among other things, shows the ineptitude of those state surveillance and intelligence agencies that played an important and disturbing role throughout the Cold War period.
Once upon a time, these agencies, like frightening Godzillas, disturbed hallucinatory minds like that of William Burroughs or visionary and hypersensitive like that of George Orwell. Even ordinary people, however, lived them as a nightmare. These agencies could overthrow governments, assassinate hostile heads of state and finally control people's lives and subject them to certain rules if they deviated from them. The threat was perhaps more perceived than real, but in any case it affected behavior. Of course, the incredible outstretched intervention of the FBI on Hillary Clinton's emails a few days before the elections seems to bring back the protagonism of surveillance and intelligence agencies but, beyond the case itself, the reality is now very different how it looks. Today those same agencies are a kind of Richard III in the epilogue of Shakespeare's tragedy. Their immense and opaque power is shifted towards those companies that with software control big data and connected devices that we use for many hours a day.
Who do we want to give big data to?
People's dossiers are now encapsulated in our iPhones or, more subtly, on Google's or Facebook's servers. It looks worse than before, on the surface, because these companies are removed from any possible democratic or institutional control, control that could somehow be exercised on intelligence agencies. But is not so. Ultimately, Google & co. they make “innocent” use of the data compared to the potential use these agencies could make of it, if misdirected. Commerce and advertising are much less dangerous than wars, politics or an ill-defined public safety, in the name of which everything is permitted.
With big data and social media we have entered the era of widespread and shared dataism, an era in which intelligence and investigative agencies must reinvent themselves, resize themselves and dedicate themselves to their lost original mission which is to be at the service of the community in the as a whole.
It's not that Dataism is Eldorado. Far from it, as an inspired narrator like Dave Eggers shows us in his The Circle (The circle, Mondadori), but it's better than the old agency regime. Many people feel safer with Tim Cook's Apple, with Montessori Larry Page and Sergey Brin's Google, with supergeek Mark Zuckerberg's Facebook, with Satya Nadella's hieratic Microsoft or with libertarian Jeff Bezos' Amazon. If you really have to choose, as in the referendum, it's better to choose the lesser evil; them rather than the NSA, the Mossad, the KGB or the SISMI (or as they are called today).
That agencies like the CIA were rather rusty and looked at the world in the rearview mirror can be understood simply by reading the substantial report of the congressional committee on the attacks of 11/XNUMX or, more recently, by listening on television to the story of the FBI investigation into the San Bernardino Bombing. The Economist focused on a detail of this survey that shows to what extent US citizens need to worry about the state of their federal investigative agency. For Italian readers we have translated this article entitled Data Security: That's the way to do it. In Cambridge don shows the FBI how to save money on phone hacking. Enjoy the reading.
The FBI chasing butterflies
In February, the federal investigative agency (FBI) and the police force took Apple, the tech giant, to court. The dispute concerned an iPhone that belonged to Syed Farook, a terrorist who, with his wife, had shot and killed 14 people in San Bernardino, California in December 2015. Farook was subsequently killed in a firefight with the police.
The FBI had asked Apple to set up an operating system to unlock Farook's iPhone and access the data stored on the phone. Apple had replied that this was not practicable because it would jeopardize the security of every iPhone in circulation. The FBI, on the other hand, insisted that there was no other way to access sensitive data on the terrorist's phone, potentially strategic data in identifying possible accomplices.
Security experts had already cast some doubts on the agency's reasoning. A study published by Sergei Skorobogatov, a computer scientist at the University of Cambridge, confirmed that the skepticism of these experts was well founded. Farook's iPhone could have been unlocked in a couple of days using commercially available electronics for less than $100.
The iPhone data security system
The problem facing the FBI was accessing an encrypted iPhone like any other iPhone on the planet. Also the phone was locked with a PIN. Data encryption means that a user's personal information is stored together with a mass of gibberish that makes it unintelligible. In order to read the information, the iPhone must be unlocked by entering the correct PIN. This is not a big obstacle. By default, the PIN consists of four digits which can only give rise to 10 possible combinations. In principle, it's easy to try every possible combination until you stumble upon the right one by chance.
But the iPhone contains a feature designed by Apple to make this brutal forcing difficult. After entering six incorrect PINs, the user must wait one minute to enter a new one. This wait increases progressively as new incorrect PINs are entered. After ten unsuccessful unlock attempts, the iPhone is instructed by the operating system to destroy all data on it.
At the time of the FBI lawsuit, several independent experts had suggested that the FBI attempt data recovery with something called "NAND mirroring" (NAND refers to the type of memory used in smartphones). But James Comey, the head of the FBI, had been adamant that this system would not work. And he was wrong
If $100 is enough instead of $1,3 million, what does that mean?
That's exactly what Skorobogatov proved to him by showing and filming an operation performed on an iPhone with NAND mirroring. NAND mirroring makes an unprotected copy of iPhone memory onto another memory. With this reply devoid of any encryption, Skorobogatov began attempts to guess the PIN with possible combinations. At this point the iPhone operating system has accepted all attempts, avoiding temporary blocks and data destruction. This allowed him to brute-force PIN for six consecutive attempts at a time. Each PIN must be entered manually, which makes the operation quite laborious. Furthermore, it is necessary to restart the iPhone with each series of attempts: the restart takes a few seconds. An exhaustive check of the 10 variants of the four-digit PIN takes about 40 hours of work, although the average time to get the correct combination is about half that.
So one wonders why the FBI thought going to court was the only way to recover Farook's phone data? The suspicion is that he has chosen this path to establish a solid legal precedent so as to force the technology companies to give him the required in such situations. With this in mind, this case was chosen which was deeply felt by public opinion to put Apple in a bad light, in case of refusal.
Whatever the reasoning, the agency withdrew from the lawsuit just before the trial began. Eventually the FBI found a way to get what they were looking for, which is access to the data on the terrorist's iPhone. But he didn't do it as Skorobogatov showed. But in a way that really leaves you stunned. In fact, some sources suggest that the agency paid a little-known Israeli cybersecurity company a sum of 1,3 million dollars to unlock the iPhone. Based on Dr Skorobogatov's evidence he paid a premium of $1.299.900.
It's hard to agree with anything that comes out of Donald Trump's mouth, but it's hard to disagree with him when he says we're in the hands of "idiots". Among these we should include himself who supported the FBI in this dispute with threatening tones towards Apple and other technology companies.
