Data Encryption, who should have access?

Written By: Ontrack

Date Published: 1 September 2022 10:15:02 AM

Data Encryption, who should have access?

Apple, the FBI and the San Bernardino shooters: why the FBI needs Apple's help

Every technology manufacturer approaches encryption in a different way. They all have their own methods and algorithms for encrypting data on their devices. One of the most reputable companies for encrypted data is Apple. In recent news, Apple has been ordered by the FBI to develop new tools to disable security features to allow the agency to have access to the iPhone from one of the San Bernardino shooters. We are here not to weigh-in on the legal or ethical implications of the request or Apple’s refusal to do, but instead to explore the technical aspects which are under debate.

Auto-erase function

Starting with the iPhone 4S, Apple beefed up their encryption method making it highly secure. With this new method of encryption, you only have 10 attempts at entering your password before the phone permanently erases your data if the auto-erase feature is enabled.

When using an iOS 9 (current operating system of the iPhone 6) device, the specific process if you forget your password is slightly more forgiving, but equally as effective. First, you have six attempts to enter the password. After your sixth attempt, you will receive a prompt stating that your phone is disabled for one minute and you cannot attempt another password until that minute is up. After seven attempts, it is a five minute period, eight attempts is a 15 minute waiting period and nine is one hour.

You might ask: “Why the waiting periods?” Well, anyone with a small child has probably had the experience of them picking up a cell phone while mum or dad wasn’t looking and trying to unlock it. Those waiting periods are, hopefully, enough time for the child to realise the phone isn’t working for them anymore. Also, I know if I forget my password, I sometimes lose count of how many different ones I have entered, so it is a nice warning feature for anyone struggling to get into their own phone.

If you fail to enter your correct password after 10 attempts, iOS 9 permanently wipes your data and not even Apple can retrieve it.

Why the FBI need help from Apple

Reports have suggested that the FBI wish to use a brute force attack to gain access to one of the San Bernardino shooter’s iPhone. However, the auto-erase functionality would result in the phone’s data being permanently deleted after only 10 attempts. It is this security feature that the FBI wants Apple to attempt to bypass by creating a new version of iOS via a court order.

Today’s mobile security

In today’s world, all manufacturers of mobile devices have security measures in place to assist in protecting their customer’s data.  Whether it is the ability to lock the device with a password or a password-protected encryption, all mobile devices have their own variation of security. Corporations and individuals often take those security features into account when purchasing these types of devices.

Questions to ponder

Given the news and the technical information above, it leaves me to ponder a few things?

  1. Who should have access to your data?
  2. If the device is owned by a company, who owns the data on it?
  3. How far should a manufacturer of a mobile device go to protect your data?

Tell us what you think in the comment section below.


KLDiscovery Ontrack Pty Ltd, Suite 9, 28 Donkin Street, West End, Brisbane, QLD 4101, Australia (see all locations)