The ongoing battle between the FBI and Apple over the government’s demand that the Cupertino, Calif. company subvert the encryption on an iPhone associated with one of the San Bernardino, Calif., attackers has brought a sometimes obscure security feature into the limelight.
Here are answers to some questions about encryption.
Q: What is encryption?
A: Encryption is way of encoding information so that only people who have the necessary key to un-encode it can read it. Think of the simple codes used by kids, where each letter of the alphabet is shifted forward by two, so A is C and B is D. “This is a cat” come out as “Vjku ku a evc.”
The encryption used in computers today is based on very complex mathematics and is difficult, if not impossible given current computing power, to break.
Q: What does it mean to say a phone is encrypted?
A: A smart phone is encrypted when the data stored on it is encoded. The most common encryption standard for phones is AES, or Advanced Encryption Standard. The key to lock and unlock encrypted phones is typically the passcode necessary to unlock the phone on its home-screen. Some phones, including newer iPhones, also include a secure computer chip that carries a key in hardware.
Q: What does the FBI want Apple to do with the Syed Rizwan Farook’s phone?
A: The agency wants Apple to help it overcome programming on the iPhone 5C that deletes the cryptographic key needed to decode the phone when ten unsuccessful tries are made to unlock the phone’s passcode. Once that cryptographic key is erased, it becomes impossible to decode the information on the phone.
Q: How do I know if my phone’s encrypted?
A: Apple was the first major smart phone producer to make encryption an option, beginning with the iPhone 3. Beginning with the iPhone 5, encryption became the default. If you have the newest Android phone, it, too, is encrypted by default. Earlier versions of both phones made encryption an option but the user had to actively choose for it to be turned on.
Q: Are any phones not encrypted?
A: The inexpensive pay-as-you-go phones you find at drug stores are generally not encrypted.
Q: Why would I want my phone encrypted?
A: To protect the information on it. “If you encrypt your phone, it means that if the phone is stolen or you leave it in a cab, the information on the phone is safe because no one but you (or someone who has your passcode) can get to it,” said John Kindervag, a security and risk analyst with Forrester Research.
Q: Is that all it does?
A: No. It also means you can be certain no one has tampered with the data on the phone. “Encryption also protects the integrity of the data, so no one can modify it,” said Tadayoshi Kohno, an encryption expert and professor of computer science at the University of Washington in Seattle.