NPR logo
What It Means For Apple To Get Around iPhone's Encryption
  • Download
  • <iframe src="https://www.npr.org/player/embed/468216122/468216126" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
What It Means For Apple To Get Around iPhone's Encryption

Technology

What It Means For Apple To Get Around iPhone's Encryption

What It Means For Apple To Get Around iPhone's Encryption
  • Download
  • <iframe src="https://www.npr.org/player/embed/468216122/468216126" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

Steve Inskeep talks to Matthew Green, a computer science professor at Johns Hopkins University, to find out what breaking into an iphone's encryption really means.

DAVID GREENE, HOST:

Days of news about an Apple iPhone have left us with this consistent feeling. It's that we've all been having highly sophisticated arguments about the Internet and encryption without entirely grasping what we're saying.

STEVE INSKEEP, HOST:

Both Apple and the FBI see vast implications in the court battle over a single phone. It is possible to lose sight of what exactly is at issue in the case itself.

GREENE: So let's go back to basics. At issue is an iPhone. It was used by one of the attackers in the San Bernardino mass shooting.

INSKEEP: We talked through what is known of that phone with Matthew Green of Johns Hopkins University. He favors Apple's side in this case, by the way, although what's pertinent here is that he is an expert in cryptography.

MATTHEW D. GREEN: The FBI has an iPhone 5C, which is a slightly older model iPhone. The phone is locked, which is something that happens now as a result of the fact that most people set a pass code on their phone. And that's all it is. The minute you set a pass code on a recent iPhone, it becomes encrypted, whether you knew it or not, and you can't get access to that data unless you know that pass code.

INSKEEP: And what it does is it scrambles any data that's in there. No matter how I might break into that phone, that data's going to make no sense to me or make no sense to any other computer unless the pass code is typed in correctly.

GREEN: That's right. You could take the phone apart piece by piece and pull the chips out, and you still wouldn't be able to make sense of that data.

INSKEEP: Now why can't the FBI just guess at what the pass code is?

GREEN: That's the problem. So Apple knew that there are only about 10,000 pass codes, and even though that seems a little slow, you could type them all into a phone if you had enough time. The problem is that Apple in this case has built a system that defeats that. If you type the pass code in too many times incorrectly, it will actually erase the phone.

INSKEEP: So you can't just connect this to a computer that would start guessing numbers until you get the right one.

GREEN: Not unless you can guess right in the first 10 tries.

INSKEEP: OK, so they have gone to Apple and said, unlock this phone. What, in a literal sense, are they asking Apple to do then?

GREEN: So what they're basically asking Apple to do is to make a new version of Apple's operating system software and install it on the phone. And what that new software is going to do is it's going to disable the feature that would automatically erase the phone after 10 tries. This would still mean that the FBI has to try every single combination, but they would also have a computer program inside of that software that would make that guessing pretty fast.

INSKEEP: When I first heard about this case, about Apple being asked to provide some way to get around encryption, I had this vision of hackers getting a hold of that same program that Apple was being asked to write and using it to go online and go into my phone or somebody else's phone. Is that really possible?

GREEN: So right now we're talking about a particular case that involves physical possession, so that does make things a little bit less dramatic. The problem is there are many other technologies that the FBI has been asking for access to. So really, we're heading in a direction that begins with physical access to phones, and we don't know where it ends.

INSKEEP: Apple's warning and other people's warnings that if the United States gets access to an Apple phone, any other government can demand the same thing. The federal government has said, well, come on, I mean, you don't have to say yes to those demands. You can refuse to do business there. Who's right there?

GREEN: I think everybody knows that China, for example, is looking at this case with intense interest. They have clearly a, you know, a billion people. Many of them are starting to use Apple smartphones, and they right now don't have access to the information on these phones. That's probably concerning to them. They have notably not been asking for that access yet because they haven't had to. They've been watching the U.S. government essentially do it for them. I think that once the U.S. government creates that access, we're likely to see the same capabilities requested by other governments like China and Russia.

INSKEEP: Let me just ask one of these bottom-line questions. The FBI federal prosecutors would like to suggest that denying them information could allow another attack. There might be something on a locked phone that could prevent an attack, and it's going to be denied to them. If someone dies, if someone is killed, would you say that was worth it?

GREEN: It's a very hard question to answer. I think at the end of the day, you have to tally up the number of people who might be harmed by having information systems that aren't secure and what the long-term consequences of these laws would be versus, you know, the lives that might be lost. I think it's also very possible that even with all of the information on every iPhone in the country, there's a very good chance that we would not be able to stop an attack. These attacks are essentially random. So it concerns me that we're having these kind of absolutist discussions where we're tallying up lives that are definitely going to be lost versus the potential harm that we don't understand yet.

INSKEEP: Matthew Green, thanks very much.

GREEN: Thank you.

Copyright © 2016 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.