FBI Orders Apple to Unlock Phone Case Study I want someone to do a case study Unit 14 Case Studies Case One : FBI Orders Apple to Unlock iPhone On December

FBI Orders Apple to Unlock Phone Case Study I want someone to do a case study Unit 14 Case Studies
Case One : FBI Orders Apple to Unlock iPhone
On December 2, 2015, Syed Rizwan Farook and Tashfeen Malik burst into a holiday gathering of county employees at the Inland Regional Center in San
Bernardino, California, and began shooting-ultimately killing 14 people and wounding another 21. In the hours after the attack, the couple became involved in
a shootout with police, and both were killed.
With their deaths, the investigation into the deadliest terrorist attack in the United States since September 11, 2001, entered a new phase, as hundreds of FBI
agents in California and around the world began investigating the attackers’ online and offline activities in the hours, weeks, and months leading up to the
shootings. In addition to the stockpile of weapons and homemade pipe bombs found in the home of Farook and Malik, investigators found multiple electronic
devices. While attempts had been made by the couple to delete data and damage some of the devices, FBI Director James Comey reported two weeks after the
attack that investigators had found private message between the two that showed their “joint commitment to jihad and to martyrdom.” In addition, Malik
posted a note on Facebook shortly after the shootings, pledging the couple’s allegiance to the leader of ISIS, a terrorist network also known as the Islamic State.
In order to further investigate possible connections to extremist groups, the FBI attempted to access the data on an iPhone used by Farook. The phone, which
belonged to Farook’s employer, the San Bernardino County Health Department, was locked by a passcode, and neither the county nor the FBI were able to
unlock the phone. The iOS software installed on Apple’s phones allows only 10 unsuccessful passcode attempts before it wipes the phone’s memory clean. This
security feature prevented the FBI from attempting a “brute-force” attack, which is essentially a trialand-error method in which all possible passcodes are tried
systematically until the correct one is uncovered.
In the weeks following the shootings, Apple representatives cooperated with the FBI’s investigation, providing some older data backups from the phone as well
as suggesting possible methods the agency could use to access the data on the phone itself. The company balked, however, when the FBI demanded that the
company develop new software that would disable the functionality that wipes the phone’s memory when too many wrong passcodes are entered in a row. The
FBI also wanted Apple to eliminate the built-in delay between passcode attempts, which, by Apple’sestimates, meant that a brute-force attack on a phone with
a six-digit passcode could take more than five years to complete.
The FBI’s demand that Apple develop new software that would allow it to unlock the phone in this case is an extension of an ongoing debate about whether
tech companies should be compelled to build a “backdoor” into their software that would allow the government to access data even when secure encryption has
been used to protect it. Without it, some law enforcement experts warn, the United States could be faced with the prospect of what has been dubbed the “Going
Dark” problem, which some experts fear would lead to the inability of law enforcement to access electronic data even with a warrant. That concern was
heightened for some when Apple announced in 2014 that it had altered its software so that it was no longer “technically feasible for us to respond to
government warrants for the extraction of data from devices” running iOS 8 or later versions of that software.
On February 16, 2016, a U.S. magistrate in California ordered Apple to assist the government by creating a custom version of iOS that would run only on the
iPhone in question and that would provide the functionality demanded by the FBI. In its motion requesting the order, the Department of Justice cited the All
Writs Act, a law signed by President George Washington, which, among other things, gives federal judges the power to issue court orders compelling people to
do things within the limits of the law and which has frequently been used as the basis for court orders compelling telecommunications companies to install and
operate call-tracking devices. In its filing, the DOJ alleged that Apple “deliberately raised technological barriers that now stand between a lawful warrant and
an iPhone containing evidence related to the terrorist mass murder of 14 Americans.”
Apple challenged the judge’s order, arguing that it would set dangerous legal precedent. The company also issued a statement on its Web site that said, in part,
Unit 14 Case Studies
Dark” problem, which some experts fear would lead to the inability of law enforcement to access electronic data even with a warrant. That concern was
fou come when Apple announced in 2014 that it had altered its software so that it was no longer “technically feasible for us to respond to
Questions Navigation Menu
government warrants for the extraction of data from devices” running iOS 8 or later versions of that software.
On February 16, 2016, a U.S. magistrate in California ordered Apple to assist the government by creating a custom version of iOS that would run only on the
iPhone in question and that would provide the functionality demanded by the FBI. In its motion requesting the order, the Department of Justice cited the All
Writs Act, a law signed by President George Washington, which, among other things, gives federal judges the power to issue court orders compelling people to
do things within the limits of the law and which has frequently been used as the basis for court orders compelling telecommunications companies to install and
operate call-tracking devices. In its filing, the DOJ alleged that Apple “deliberately raised technological barriers that now stand between a lawful warrant and
an iPhone containing evidence related to the terrorist mass murder of 14 Americans.”
Apple challenged the judge’s order, arguing that it would set dangerous legal precedent. The company also issued a statement on its Web site that said, in part,
“The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have
the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance
software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera
without your knowledge.” According to Apple, “Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an
overreach by the U.S. government.”
The case took another turn before the scheduled court hearing on the issue in March 2016, when the Justice Department announced that it had successfully
accessed the contents of the phone using a tool provided the government by an unnamed third party. After its announcement, the Justice Department
withdrew its motion to compel Apple to develop the requested software; however, according to a Justice Department spokeswoman, “It remains a priority for
the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with cooperation
from relevant parties, or through the court system when cooperation fails.”
Critical Thinking Questions
1. Why did Apple object to the court order in this case? What was the government’s rationale for compelling Apply to comply with the order? Explain? Submit
the assignment to Dropbox.
2. Do you think Americans should be willing to surrender some of their privacy for increased security by allowing backdoors that enable law enforcement
access to smartphones and other devices after a search warrant has been issued? Why or why not? Submit the assignment to Dropbox.
3. The FBI and Apple are involved in similar disputes in other cases, including one in New York involving an alleged drug conspiracy. Shortly before the
government dropped its legal action against Apple in the San Bernardino case, the judge in the New York case ruled against the government, rejecting the
argument that the All Writs Act gave prosecutors the authority to compel Apple to bypass the lock on the seized phone. Do your opinions about the issues
involved in the San Bernardino case change when they arise in connection with a case that does not have national security implications? Why or why not?
4. Submit the assignment to Dropbox.
Unit 14 Case Studies
i
Case iwo : protecting Hearl Care Privacy
The U.S. Health Insurance Portability and Accountability Act (HIPAA) addresses (among other things, the privacy of health information. Title 2 of the act
regulates the use and disclosure of protected health information (PHI), such as billing services, by healthcare providers, insurance carriers, employers, and
business associates.
Email is often the best way for a hospital to communicate with off-site specialists and insurance carriers about a patient. Unfortunately, standard email is
insecure. It allows eavesdropping, later retrieval of messages from unprotected backups, message modification before it is received, potential invasion of the
sender’s privacy by providing access to information about the identity and location of the sending computer, and more. Since healthcare provider email often
includes PHI, healthcare facilities must be sure their email systems meet HIPAA privacy and security requirements.
Children’s National Medical Center (CNMC) of Washington, D.C., “The Nation’s Children’s Hospital,” is especially aware of privacy concerns because its
patients are children. CNMC did what many organizations do when faced with a specialized problem: rather than try to become specialists or hire specialists
for whom the hospital has no long-term full-time need, it turned to a specialist firm.
CNMC chose Proof point of Sunnyvale, California, for its security as a service (SaaS) email privacy protection service. Matt Johnston, senior security analyst at
CNMC, says that children are “the highest target for identity theft. A small kid’s record is worth its weight in gold on the black market. It’s not the doctor’s job
to protect that information. It’s my job.”
Johnston explains that he likes several things about the Proof point service:
• I don’t have to worry about backups.” Proof point handles those.
• “I don’t have to worry about if a server goes down. [If it was a CNMC server, I would have to] get my staff ramped up and bring up another server. Proof
point does that for us. It’s one less headache.”
• “We had a product in-house before. It required several servers which took a full FTE [full-time employee) just to manage this product. It took out too much
time.”
• “Spam has been on the rise. Since Proof point came in, we’ve seen a dramatic decrease in spam. It takes care of itself. The end user is given a digest daily.”
• Email can be encrypted or not, according to rules that the end user need not be personally concerned with.
• “Their tech support has been great.”
Proof point is not the only company that provides healthcare providers with email security services. LuxSci of Cambridge, Massachusetts, also offers HIPAA-
compliant email hosting services, as do several other firms. They all provide the same basic features: user authentication, transmission security (encryption),
logging, and audit. Software that runs on the provider’s computers can also deliver media control and backup. Software that runs on a user organization’s
server necessarily relies on that organization to manage storage; for example, deleting messages from the server after four weeks as HIPAA requires.
As people become more aware of the privacy risks associated with standard email, the use of more secure solutions such as these will undoubtedly become
more common in the future.
Critical Thinking Questions:
1. What requirement does HIPAA institute to safeguard patient privacy?
2. Universities use email to communicate private information. For example, an instructor might send you an email explaining what you must do to raise your
grade. The regulations about protecting that information under the Family Educational Rights and Privacy Act (FERPA) are not as strict as those under
HIPAA. Do you think they should be strict as HIPAA’s requirements? Why or why not?
3. How does Proof point safeguard patient privacy? Could Proof point do the same for university and corporate emails? Why or why not?

Purchase answer to see full
attachment

Submit a Comment