Apple Fights Court Order to Unlock San Bernardino Shooter's iPhone
On the evening of February 16th, US Magistrate Sheri Pym ordered Apple to provide “reasonable technical assistance” to the FBI, namely in the form of software or a tool that can disable the security function that erases data from the iPhone of one of the San Bernardino shooters after too many failed attempts to unlock it. The court order comes after the shooting incident in San Bernardino, California, where two shooters, Tashfeen Malik and Syed Farook, killed 14 people in December 2015.
Apple, in response, is opposing the order. According to Apple CEO Tim Cook, such a solution would compromise the security of all its users around the world. In a signed message to customers published on Apple’s website, Cook says “the implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”
In most cases, law enforcement officials are entitled to access personal records, computers, and other mobile devices by way of search warrants to obtain evidence or information during an investigation. However, the battle for encryption backdoors has been a longstanding debate in Silicon Valley, where a tech company’s success could depend on its ability to protect customer data. The “crypto wars” came into the spotlight once again after former NSA contractor Edward Snowden disclosed the extent to which phone companies and technologies were allowing the US federal government to spy on data transmitted through their networks. Since these revelations, major technology companies such as Facebook, Apple, and Twitter have unilaterally said they will no longer create such backdoors.
On Wednesday, the Justice Department responded to Apple's statement. "It is unfortunate that Apple continues to refuse to assist the department in obtaining access to the phone of one of the terrorists involved in a major terror attack on US soil,” and reiterated that "the judge's order and our request in this case do not require Apple to redesign its products, to disable encryption, or to open content on the phone."
More: How encryption works, and why you need it]
-Tim Cook, Apple CEO
The “backdoor” the FBI wants
iPhone users have the option to set a security feature that only allows a certain number of attempts to enter the correct passcode before all the data on the device is completely deleted. This security feature is put in place to prevent unauthorized users from accessing sensitive data. The FBI wants Apple to disable this security feature in order to be able to guess as many combinations as possible. Essentially, this translates to a “backdoor.” Since that solution doesn't exist on the existing OS, the order would require Apple to write new software that will compromise the phone’s security. The order mandates Apple to respond within five business days.
The Department of Justice is seeking Apple’s immediate assistance on just this one device1 and to build in a unique identifier so it can’t be used on other iPhones—with the White House reassuring the public that this will be a one-time scenario.
Why Apple is fighting the order
Back in December, Tim Cook said that users shouldn’t trade privacy for national security while defending the company’s use of encryption on its mobile devices. Following the San Bernardino incident, Cook is standing by the company’s stance of protecting customer data and says “We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would only hurt the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.”
While the Department of Justice has stated that the “backdoor” will only be applicable to the shooter’s iPhone, Cook compared this action to creating a “master key, capable of opening a million locks—from restaurants and banks to stores and homes. No reasonable person would find that acceptable.”
-Raimund Genes, Trend Micro CTO
According to digital rights experts, there are two things that make the order very dangerous. The first is the question of who has the authority to make this sort of demand. If the US government can coerce Apple to do this, then other governments could most probably do it as well. Secondly, the master key, while dedicated to break into a specific iPhone, could be modified by the government for use on other phones.
This conundrum leads to tech companies giving users access to unbreakable encryption—which has already been happening as some companies have become more responsive to digital consumer rights by providing smart devices that offer strong encryption that even they can’t break.
In late 2015, terrorist attacks in Paris and Beirut stirred up the debate on encryption once again, as governments believed that creating "backdoors" would help improve national security. But it's not that simple, since creating backdoors would break the very concept of encryption. Trend Micro Chief Technology Officer Raimund Genes acknowledges that the job of law enforcement has been made harder by encryption. He added that "we cannot allow this concern to completely break encryption, which is what mandatory backdoors would do. Encryption works, and is a fundamental part of data protection today. Don’t break it.”
[More: Encryption works – don't break it!]
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases