The Justice Department's request for Apple's help in unlocking its smart phone technology goes far beyond the device used by the alleged San Bernardino shooters, with federal prosecutors currently pressing the company to unlock at least nine additional phones across the country, Apple's attorney Marc J. Zwillinger said in a letter unsealed in federal court Tuesday.
Zwillinger noted that in all cases Apple has pushed against the government requests. “Apple has not agreed to perform any services on the devices to which those requests are directed,” he wrote after detailing the government entreaties made between October 2015 and Feb. 9.
After a federal judge ordered Apple on February 16 to provide “reasonable technical assistance” to help authorities access encrypted data on an iPhone 5c used by Syed Rizwan Farook, one of the alleged shooters in the December attack at the Inland Regional Center in San Bernardino, Calif., the company quickly rebuffed the order. In a letter to the company's customers, company CEO Tim Cook wrote that Apple opposed the order contending it "has implications far beyond the legal case at hand."
The Justice Department dismissed Apple's resistance as nothing more than a marketing ploy, pointing out the company has in the past worked with investigators. “Apple has attempted to design and market its products to allow technology, rather than the law, to control access to data which has been found by this Court to be warranted for an important investigation,” the DoJ said in a petition to the court.
But privacy advocates and other tech companies—notably Facebook, Google and Twitter—have rallied to the Cupertino, Calif.-based firm's defense, noting the government's long insistence that tech companies comply with its wishes. “If the FBI can force Apple to hack into its customers' devices, then so too can every repressive regime in the rest of the world,” said Alex Abdo, staff attorney at the American Civil Liberties Union, praising Apple “for standing up for its right to offer secure devices to all of its customers.”
In a new Council on Foreign Relations Cyber Brief, “Protecting Data Privacy With User-Friendly Software,” Sara Sinclair Brody specifically addressed the Apple case. “Developers cannot build software that allows law enforcement to access encrypted communications but prevents malicious actors from exploiting that access,” she said, adding “cryptography cannot distinguish good people from bad, so a backdoor for one is a backdoor for all.”
The case highlights the complexities posed by tech advances and the proliferation of smart devices as well as the struggle tech companies face in striking a balance between security—be it national or personal—and privacy.
While tech execs have by and large thrown their support behind Apple, a few have said the company could comply with the court order without opening a backdoor into its products.
“This is a specific case where the government is asking for access to information. They are not asking for some general thing, they are asking for a particular case,” Gates was quoted as saying by the Financial Times.
“It is no different than [the question of] should anybody ever have been able to tell the phone company to get information, should anybody be able to get at bank records,” he's quoted as saying. “Let's say the bank had tied a ribbon round the disk drive and said, ‘Don't make me cut this ribbon because you'll make me cut it many times'.”
But Zillwinger's letter, unsealed Tuesday, was widely viewed as adding credence to Apple's concerns.
As did comments from law enforcement and prosecutors like New York District Attorney Cyrus Vance who has said he'd tap Apple to crack nearly 200 phones related to crimes and currently in his possession. Vance noted that the request for information would likely not stop with the San Bernardino phone. “What we discover is that investigation into one crime often leads into criminal activity in another, sometimes much more serious than what we were originally looking at,” he said.
If Apple doesn't prevail in this case, Abdo warned that the burden would be great on tech companies to create compliance divisions to handle the swell of requests that they would receive. And those divisions would become prime targets for hackers, Abdo told reporters on a conference call Wednesday.
Others have proposed ways around the court order that would satisfy both government's demands and what Apple sees as its responsibility to safeguard its customers' privacy.
Rep. Michael McCaul (R-Texas), chairman of the House Homeland Security Committee, and Sen. Mark Warner (D-Texas), who sits on the Senate Intelligence Committee, plan to introduce a bill to create a McCaul-Warner Digital Security Commission, aimed at easing that conflict and laying a path for government and industry to work together. McCaul discussed the proposal at a meeting at the Bipartisan Policy Center.
But ACLU's Abdo doesn't believe another commission is needed and questioned what such a committee would look like. “What is the makeup of the commission?” he asked. And it raises questions as to what roles different stakeholders like industry and society would play.
And McAfee founder and presidential hopeful John McAfee offered to put his own crackerjack team of hackers on the case, promising they could unlock the shooters' phone within three weeks.
IOActive Senior Security Consultant Andrew Zonenberg explained recently it is possible to hack an iPhone without having the password through a process called de-capping. An ensuing attack on the phone's microchip “would likely require several months and a few hundred thousand dollars of research to find the portion of the chip to target, followed by maybe a week and a few tens of thousands of dollars to extract data from a specific physical phone,” Zonenberg told SCMagazine.com in emailed comments.
But he cautioned that “there is a nontrivial risk of destroying the device permanently in the process; the magnitude of the risk depends on specifics of the iPhone's hardware design that we are not familiar with at this time.”
Whether or not that would take the heat off of Apple, "an 'isolated invasive attack' would involve doing most of the expensive research and development to find the location of the fuses,” he explained. “This would significantly reduce the cost of a future invasive attack against the same model of phone, not a backdoor per se, but the setup cost (per device) is still high."