US government asks Apple to help it brute-force iOS security

Apple often touts the security and privacy benefits of its iOS platform. The company takes a variety of measures to ensure that users' data is protected, like device encryption that's on by default and a trusted chain of execution to ensure the integrity of Apple software running on a phone or tablet. Problem is, suspected criminals use iOS devices, too, and law enforcement agencies in the United States have long desired an easy way around those privacy protections.

Apple has steadfastly resisted building that sort of skeleton key or backdoor into iOS, because it's generally understood that building backdoors into cryptosystems weakens them. Even so, that hasn't stopped the US government from continuing to demand that kind of access to Apple devices.

That conflict is now boiling over. A court order issued yesterday as part of the investigation into the 2015 San Bernardino terror attack compels Apple to provide the United States Federal Bureau of Investigation with a "signed iPhone Software File, recovery bundle, or other Software Image File" that can be loaded onto an iPhone 5C seized as part of the investigation. The court says that software should perform the following actions:

(1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.

 As the basis for its order, the government cites the All Writs Act, which says in part that "the Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law."

Apple CEO Tim Cook publicly responded to this order in a fiery statement published this morning. He says the company "has no sympathy for terrorists," and that it's cooperated with the FBI's investigation so far. Cook says that the company has turned over relevant data that's in Apple's possession, and that it's made Apple engineers available to the FBI to advise the agency on its options for the investigation.

Now, though, he says "the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone." While the government has requested that any solution that Apple makes run only on the iPhone in question in this case, Cook says that assurance makes no sense. If the company creates a method of back-dooring this particular iPhone, he argues, that same method could be used to unlock any number of iPhones. Worse, he suggests, is the potential that malicious actors would seek to exploit the same vulnerability once it's revealed as a useful attack vector in the first place.

Cook further argues that the FBI is creating a dangerous precedent by doing an end-run around legislative action from the United States Congress and instead seeking what he calls an "unprecedented use" of the All Writs Act. He fears that if this legal justification is considered allowable, it would create "chilling" precedents that would be used to justify surveillance acts like intercepting users' messages, granting government access to users' personal data, or using a phone's microphone or camera, all without the user's knowledge.

Apple says that it plans to oppose the order. According to the court, the company has five business days to respond if it believes that the conditions of the order are "unreasonably burdensome," so we'd expect a detailed response soon.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.