RUSH: This situation with the iPhone 5c that was in possession of one of the San Bernardino 2 and the FBI desperately wanting to get into that phone to find out what was on that phone. Apple is saying, “Sorry, we can’t. Our system is so encrypted; we can’t get in there.” So the FBI went to a judge and the judge told Apple, “You gotta do it. You gotta get in there.” And Tim Cook sends a letter out to their customers, “Sorry, we won’t do it. We prize customer privacy and security.” You know, I’ve had more people today tell me…
I find this fascinating. I know a lot of people who don’t trust… They think the NSA is monitoring every conversation that they have. They think the NSA’s following them into the bathroom, following them into the bedroom, following them into their car when the NSA doesn’t even know they exist. And they’re convinced that all these major smartphone companies and high-tech companies are in bed with the NSA and in bed with the government.
And today they’re pleasantly shocked and surprised when they learn the government can’t break the encryption of an iPhone. And that, at the end of the day, is totally true. Those iPhones are so well made and the security systems are so encrypted, the data is so encrypted that not even the government can blast through. Now, there are ways. But I’m gonna explain to you what the FBI is asking Apple to do, and I’m gonna explain to you in detail why it is that the FBI and government officials cannot get past the four-digit security code.
Now, if it’s a four-digit security code — if that’s all it is — then there is a way in.
But Apple would have to make some adjustments on that phone, which they don’t want to do.
They would basically have to rewrite a firmware version and install it on that phone alone which would eliminate all of the security measures involved with logging into the phone. If the San Bernardino 2 used a six-digit instead of a four-digit sign-in code, then it’s gonna be practically impossible to get into it. But, if they only did the standard, default four-digit alphanumeric and it’s just numbers; then that can be broken. It takes… It can’t be broken unless Apple does something, and what I’m gonna try to do is explain what has to happen for the FBI to be able to get into it.
RUSH: Here’s the deal with Apple and this phone. It’s an iPhone 5c, which is important because that means it does not have fingerprint ID. The only way into the phone is through the PIN number that Syed Rizwan Farook set up when the phone was originally set up.
Now, you may not know it, if you have recently purchased an iPhone, you might think you have to have a six-digit pin, but if you’ve always had a four, it changed to six I think in iOS 9, you could have kept it at four if you would have read the small print and kept scrolling. I kept mine at four, but I have other procedures. Anyway, the phone’s locked with that PIN, and nobody knows what the PIN is, the four-digit code that the terrorist used to lock his phone. Every person sets their own PIN.
Apple doesn’t know what it is. There’s no way that PIN is backed up, it’s part of any of the data on the phone, there’s no way anybody can get it other than to run a password program or crash program, it’s called brute force, just attack with every possible combination ’til the right one works and unlocks the phone. So how does Apple beat that? Apple has built in security features to make sure, because customer privacy is one of their primary marketing points, one of their primary sales points. So in the case of either a four-digit PIN or a six, let’s deal with four because that’s what this — well, they don’t know. They don’t know. If it is a six-digit PIN, it’s gonna be a long time getting into this phone for anybody. If it’s four digits, they have a chance.
But here’s the way it works. If you forget your PIN, if you have a brain breeze, the first four attempts, there is no problem, you try to enter PIN, it’s wrong, do it again, wrong, do it again, wrong, do it again, wrong. But the fifth time you try it, if you’re wrong, you have to wait one minute. If the fifth attempt is wrong, you make the sixth attempt and if that’s wrong, you have to wait another five minutes before trying again. If the sixth attempt is wrong, attempts seven and eight you have to wait 15 minutes for each. And if you don’t get it right on either seven or eight, the ninth attempt cannot be attempted unless one hour has passed from the first attempt.
Now, this is done to defeat programs that constantly, with brute force, enter every possible four-digit code. If any four-digit code is entered after the fifth time, any machine program doing this is gonna stop and break down because the phone enforces a delay. That’s the only way in, and the judge has told Apple that they have to go get this phone and they have to themselves write a new piece of firmware eliminating these delays. The only way the FBI can get into this phone is if Apple creates a brand-new operating system for that phone alone, which eliminates all of those delays, which would permit the automated brute force attack to finally hit the correct four-digit PIN and unlock the phone. And Apple is refusing.
Tim Cook sent a big, long letter out to the Apple customer base today, and his point is, if they make us do it once, then it’s over. If they make us do this once, if we write this special one-time-only operating system, it’s there. We don’t want to run the risk. Our customer privacy and satisfaction is paramount to us, and, if we do this one violation, that’s the end of our security program. We cannot be made to violate our own promises.
So I don’t know where this is gonna end up. Cook is digging in his heels for Apple, and, of course, the legal system is the legal system. And the way it could end up is if the legal system attempts to punish Tim Cook personally as well as corporately for this inability, or finds a way to blame the Apple customer base for making it be this way. There’s any number of ways the legal system could exert pressure, financial pressure, on Apple to relent here.
We got a couple of interesting questions in the e-mail. First question: “Rush, why doesn’t the FBI just… They’ve got their IT specialists. Why doesn’t some of the FBI just write their own one-time patch to the Apple system software, eliminating all those delays entering the PIN code?” Good question. The reason they can’t is because in any official, workable software — system software or otherwise — Apple has to sign it. And that just means authorize it. For example, right now the current release version of iOS is 9.2.1.
If you, for some reason, you wanted to go back and put 9.1 on your phone, you couldn’t. Apple no longer signs it. They don’t want people using old software. They want everybody using the latest and greatest for obvious reasons — marketing, but security as well — and so some of the great operating systems of the past are not available. You can’t use ’em. The FBI does not have the authority, the ability to sign as Apple on a patch. The second question is a little bit more provocative.
“Hey, Rush. Do you think Tim Cook would be a little bit more cooperative if the FBI were trying to capture a serial killer of gays rather than terrorists?” You know, the way some people think, I marvel at it. This is a terrorist’s phone, the San Bernardino Two. And Tim Cook has come out — he’s gay — and said, “We’re not violating the security of our products.” You know, I think everybody ought to realize this. Do you realize what you’re learning here? The FBI cannot get into your phone! The FBI cannot crack your iPhone.
They cannot get in there, and, even if they do get in there, the communications in the messaging program, iMessages, are all encrypted front to back. From sender to recipient, those are encrypted. They don’t need a decryption key to understand those, too. I mean, this is not a challenge for the FBI just getting into the phone. Then you’d have to decrypt a whole bunch of the content. They have busted their rear ends on security on these things, and I have people say, “Yeah, Rush, you know the FBI and the NSA?
“They’re following me around! They’re GPS locating me. They know where I am every day. They can probably activate the microphone in my phone and they can listen to what I’m saying to anybody, even when the phone’s off.” You wouldn’t believe the paranoia that’s out there ’cause of Snowden, and now we’re learning the FBI cannot crack a little iPhone 5c unless Apple helps ’em. But this question: “If the FBI were trying to capture a serial killer of gays, could Tim Cook…?” Now, that’s just catty.
Now, Trump on this Apple and iPhone business. He is slamming Apple for refusing to unlock the terrorists’ phone, asking, “Who does Apple think they are? They have to open it up.” He said, “I agree 100% with the courts. In that case, we should open the phone up. I think we have to open it up. We have to use our heads. We have to use common sense. Somebody the other day called me ‘a common-sense conservative.’ Well, we have to use common sense. We gotta find out what this terrorist is doing.
“There’s too much on that phone we can learn, who he was working with, who else may be involved, what future plans there might have been. It’s all on that phone; if it’s there, we gotta go get it.” And I find… You know, most people have always traditionally been sympathetic and supportive of law enforcement. But this with Snowden’s revelations and the NSA, there is outright suspicion and paranoia of the government. I mean, really, some of the most boring people in the world think that there are government employees following every moment of their lives.
They’d be shattered and crushed to learn that it’s not happening. But I don’t know how you come down on this, because Apple says if they make us… By the way, this is not a back door. The back door is something that would be permanently built in to everybody’s phone, everybody’s operating system, that the FBI could use any time they wanted. And, theoretically, only law enforcement would have the keys to get into the back door, and Apple is refusing to even talk about a back door.
And they’re saying that this, if they are forced to allow brute force attacks to attack the four-digit PIN on this phone, that that’s the first step in being forced to create a back door in the operating system, and they don’t want to do it. And here’s the thing: If this is a six-digit PIN, if Syed Farook used a six-digit PIN, then all bets are off in cracking. You know, the two extra digits expand the geometric possibilities, combinations by a factor of from here to the moon. It’s incredible. It could take years, even with a brute force attack to crack a six-digit code.
Four digits you can do… What did I see, three weeks max it would take depending how far you have to go. Now, they would try… You know, most people do it the four corners or 0000, 1111. You know what the most common password is? This has been researched and found out. (interruption) No, not numeric, not digital. The most common password involving letters on a website, not a phone PIN code, but a passport for a credit card or whatever. What do you think the most common password is?
You’re right: “password.” The actual word “password” is the most common. After that it’s somebody’s birthday, and then “admin,” short for administrator. Because people feel inconvenienced by it, so they don’t want to ever run the risk of forgetting it. So they come up with something that’s easy. So those are the first things that the brute force attacks go for, and, then after all the obvious things are utilized, they start just every possible combination that you could… (interruption) Well, yeah, law enforcement could include the IRS.
There are agents called the Federal Reserve. (interruption) Oh, yeah. I mean, the Federal Reserve has agents that got huge badges that weigh a lot. (interruption) Oh, yeah. The US Treasury has agents. Damn right! Revenuers, FBI, they’re all… (interruption) Yes, they do. Well, if they are made to build a back door into the software, into the operating system, then any law enforcement — as they say in New York, law’r enforcement — can get in there. (interruption) Well, Lois Lerner would not have access, unless she knows somebody in law enforcement who would give it to her in violation of privacy laws — which, of course, with this Regime we know don’t count a hill of beans to them anyway.
So, yeah, Lois Lerner, probably true.
The nitpickers out there think they got me. Remember when I just said the current operating system for Apple is 9.2.1 and if you wanted to go back to 9.1 you couldn’t do it. I have some, “Hey, I’m still running system 8.4. And my phone –” If you’re still running an old program, an old operating system, fine, but if you upgrade, let’s say you’re running 8.4 right now from last summer, if you’re running first 8.4 and you upgrade to 9.1 and don’t like it, you’re stuck; you can’t go back to 8.4, because it will not install.
Well, jailbreaking it, that’s a whole different thing. I don’t know anything about jailbreaking. I only know what I read about jailbreaking. So I’d need to get a jailbreaking expert to tell me if you can go back to unsigned, unauthorized operating systems while jail broken. That I don’t know. I hate admitting that, too, but it’s true. When I don’t know something, I will say it. It is historical. (interruption) Well, you don’t need to know, but you still have people that do it just for the heck of it because they want apps and they want to rearrange the operating system that Apple won’t permit.