Apple must provide “reasonable technical assistance” to help law enforcement access encrypted data on an iPhone 5c used by Syed Rizwan Farook, one of the shooters in an attack at the Inland Regional Center in San Bernadino, Calif., in December, a federal judge ordered Tuesday.
The phone may contain data relevant to the investigation of the shootings by Farook and his wife Tashfeen Malik that killed 14 people.
The U.S. district court judge ordered Apple to use its expertise to bypass the auto-erase function on the phone as well as let investigators from the Federal Bureau of Investigation (FBI) to input an unlimited number of passcodes as they attempt to unlock the iPhone.
The U.S. Attorney's Office, in a Tuesday filing, told the court that investigators needed Apple's help if they were to “gain crucial evidence” about the San Bernadino shootings from the “lawfully seized” iPhone.
Although investigators had gotten a warrant to search the phone, they have not been able “to complete the search” because they have been thwarted by encrypted content on the phone, prosecutors said.
Just last week FBI Director James Comey told the Senate Intelligence Committee that an encrypted smartphone was hampering the Bureau's investigation of the shootings. Encryption has become a topic of debate among law enforcement and privacy advocates, even taking the stage at the Republican presidential debates.
“It's a really sensitive topic, although most of the sensationalism around it comes from the attempts to institute a generic approach to a very diverse set of circumstances," Igor Baikalov, chief scientist, Securonix, said in comments emailed to SCMagazine.com.
Prosecutors told the court that the Cupertino, Calif., technology company is in a unique position to aid investigators. “Apple has the exclusive technical means which would assist the government in completing its search, but has declined to provide that assistance voluntarily,” according to the filing, which U.S. Attorney Eileen M. Decker referred to as “a potentially important step – in the process of learning everything we possibly can about the attack in San Bernardino.”
Apple has five days to tell the court if it finds the order “overly burdensome.”
“It is well known that both the phone carriers and manufacturers of locked cell phones maintain their own set of keys within their publicly declared ‘walled gardens' to the devices they sell," Philip Lieberman, president, Lieberman Software, said in emailed comments to SCMagazine.com. "This barrier to competition and their ability to select winners and losers in their app store, as well as patch and improve their operating system at any time, is also the back door they have to get into any phone their wish, and do as they wish at any time, irrespective of a customer's wish to maintain privacy or security."
Lieberman added that "it will be interesting to see how all parties respond to a Federal order to comply with a lawful order designed to counter terrorism.”
While Baikalov said that "the San Bernadino case is a no-brainer," but noted that others may not be so clear cut and it could set a dangerous precedent for cases going forward. "When one considers a long line of inquiries lined up after that one, claiming similar urgency plus preventive potential, but not having a benefit of hindsight, the question becomes where to draw the line and who is the to draw it," Baikalov said. "Since the technology vendors seem to be the ones in the cross-hairs of both customers and law enforcement, it's only fair to leave the determination to them. Give them the ability to balance their privacy policies with legal pressure, because the success and often the survival of their business is at stake here, whether they want it or not.”
In a letter to its customers posted on Apple's website, company CEO Tim Cook said Apple opposed the order, contending it "has implications far beyond the legal case at hand."
Noting that smart phones had become "an essential part of our lives," and that compromising personal information security could "ultimately put personal safety at risk," the letter explained that encryption is necessary to protect that information "from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission."
Apple expressed shock and outrage at the San Bernadino terrorist act and noted that it has "worked hard" to help authorities solve the case. "When the FBI has requested data that's in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case," Cook wrote. "We have also made Apple engineers available to advise the FBI, and we've offered our best ideas on a number of investigative options at their disposal."
But the company feels the government requests have gone beyond Apple's reach. "The U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create," Cook said, noting that government essentially is requesting a backdoor into the iPhone.
"Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation," the letter said, warning that "in the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone's physical possession."
That tool could be used later to undermine the security of information housed in iPhones.
"The government suggests this tool could only be used once, on one phone. But that's simply not true. Once created, the technique could be used over and over again, on any number of devices," Cook wrote in the letter. "In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable."
UPDATE: This story has been updated to include Apple's response to the court's order.