On Tuesday, a federal judge ordered Apple to assist the FBI in brute-forcing the passcode to an encrypted iPhone of one of the San Bernardino shooters.
Tim Cook, Apple's CEO, vehemently responded to the order late on Tuesday, saying that the demand “would undermine the very freedoms and liberty our government is meant to protect.” He wrote his company would be fighting the order, and that the order itself sets the stage for much wider use of back-doors.
“The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand,” the statement starts.
The phone in question is one connected to the San Bernardino terrorist attack. In December 2015, 14 people were killed when married couple Syed Rizwan Farook and Tashfeen Malik opened fire on a San Bernardino County Department of Public Health training event. Both of the attackers were killed.
“They have asked us to build a backdoor to the iPhone.”
Since then, Apple has provided the FBI with iCloud backups of data from Farook's iPhone, according to prosecutors. But the FBI want to access data stored on the device itself, which is protected by hard-drive encryption and a passcode. Prosecutors have argued that the latest iCloud backup dates a month and a half before the attacks were carried out, meaning that Farook “may have disabled the feature to hide evidence.”
In a rather novel workaround, Tuesday's court order demands that Apple devise a method for the FBI to brute-force the iPhone's passcode, meaning the agency can try as many passcode combinations as necessary until it hits the right one and unlocks the device. iPhone passcodes typically have to be entered in by hand and incorrect guesses temporarily lock the device from further attempts. In some settings, if a user types in the wrong passcode 10 times in a row, the phone will delete all data it contains.
“Now the US government has asked us for something we simply do not have, and something we consider too dangerous to create,” Cook continues. “They have asked us to build a backdoor to the iPhone.” From here, Cook argues that if such software was created, cybercriminals could use it for their own purposes, and the US authorities could use the technology over and over again in other cases.
Cook says this order is not about one phone, or even just iPhones. Instead, it sets a legal precedent for back-dooring all sorts of other devices and services.
“The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge,” he wrote.
Civil liberties experts and technologists on Twitter seem to agree.
This isn’t about one iPhone. If this precedent gets set it will spell digital disaster for the trustworthiness of any and every device.
— Kevin Bankston (@KevinBankston) February 17, 2016
“If this precedent gets set it will spell digital disaster for the trustworthiness of any and every device,” tweeted Kevin Bankston from the Center for Democracy and Technology.
“FBI isn't looking for access to this phone,” tweeted Jonathan Ździarski, a computer forensics expert. “They want Apple to develop a forensics back door for them.”
The 5C model iPhone in question does not have a high-security feature present in other devices (such as those with TouchID or with an A7 or later processor, like the iPhone 5S) called the Secure Enclave, writes Dan Guido, CEO of cybersecurity company Trail of Bits. The Secure Enclave is a separate computer within the iPhone which handles access to the device's encryption keys.
“However, since the iPhone 5C lacks a Secure Enclave, nearly all of the passcode protections are implemented in software by the iOS operating system and, therefore, replaceable by a firmware update,” Guido writes, meaning that Apple may be able to make software that would allow the FBI to more efficiently brute-force the passcode without deleting the device’s data.
Regardless, Cook says that Apple will not be going along with the plan, at least without a fight.
“We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country,” he wrote. “We believe it would be in the best interest of everyone to step back and consider the implications.”