Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Rights groups back Apple against court ordered ‘backdoor’

Privacy advocates Wednesday lambasted a court order instructing Apple to essentially provide a backdoor into an iPhone used by one of the alleged San Bernardino shooters and threw their support behind the Cupertino, Calif.-based tech company, which told customers Saturday night that it would oppose the order.

federal judge ordered Apple on Tuesday to provide “reasonable technical assistance” to help law enforcement access encrypted data on an iPhone 5c used by Syed Rizwan Farook, one of the alleged shooters in the December attack at the Inland Regional Center in San Bernardino, Calif.

The phone, prosecutors said, may contain data relevant to the investigation of the shootings – allegedly by Farook and Tashfeen Malik, to whom he was married –  that killed 14 people.

“We are supporting Apple here because the government is doing more than simply asking for Apple's assistance,” the Electronic Frontier Foundation (EFF) said in a blog post penned by Deputy Executive Director and General Counsel Kurt Opsahl, pledging to file an amicus brief on the company's behalf. “For the first time, the government is requesting Apple write brand new code that eliminates key features of iPhone security – security features that protect us all.”

Greg Nojeim, director of the Freedom, Security and Technology Project at the Center for Democracy & Technology (CDT), chided the court for “citing a law adopted in 1789” – the All Writs Act of 1789 – on which it based its order. “If the order stands, the defective operating system (iOS) could be installed over any existing version of iOS, enabling law enforcement officials to guess the password on a cell phone,” Nojeim said in a statement emailed to SCMagazine.com.

A showdown over encryption has been brewing for quite some time with privacy groups and tech vendors advocating for it as a fundamental cornerstone of privacy and security, while law enforcement authorities claim it impedes their efforts to investigate and thwart terrorism and other crimes. In September, amid speculation that the White House was swaying toward supporting encryption and strongly disavowing legislation that would force companies to unlock customer smartphones and apps when presented with a court order, reports said a working group in the Obama administration had mulled ways that encrypted communications could be unlocked.

“Governments have been frothing at the mouth hoping for an opportunity to pressure companies like Apple into building backdoors into their products to enable more sweeping surveillance,” Evan Greer, campaign director for digital rights group Fight for the Future, said in a release. "It's shameful that they're exploiting the tragedy in San Bernardino to push that agenda."

Tuesday's order instructed Apple to use its expertise to bypass the auto-erase function on the phone, as well as let investigators from the Federal Bureau of Investigation (FBI) to input an unlimited number of passcodes as they attempt to unlock the iPhone.

Apple pushed back almost immediately. CEO Tim Cook said in a letter to customers that "the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create." The company, he wrote, wouldn't comply with the order. 

The government's request, EFF's Opsahl noted, is akin to “asking Apple to create a master key so that it can open a single phone” that it would likely demand to use in other cases. “We're certain that our government will ask for it again and again, for other phones, and turn this power against any software or device that has the audacity to offer strong security,” he said. 

Alex Abdo, staff attorney with the ACLU Speech, Privacy and Technology Project, in a statement emailed to SCMagazine.com, called the government's move “unprecedented, unwise and unlawful.” It could set a “dangerous precedent,” he added, that would be difficult to walk back.

“If the FBI can force Apple to hack into its customers' devices, then so too can every repressive regime in the rest of the world,” he explained, praising Apple “for standing up for its right to offer secure devices to all of its customers.”

“That sentiment was echoed by EFF's Opsahl, who wrote that the availability of a “master key” would prompt governments worldwide to “surely demand that Apple undermine the security of their citizens as well.”  What would be new authority could be abused in myriad ways, Opsahl said, expressing skepticism over the government's entreaty “to trust that it won't misuse this power.”  

But Chris Eng, vice president of research at Veracode, took issue with calling the law enforcement's request a backdoor. "They're asking for a software update (which could be designed to work only on that one particular phone) which would then allow the FBI to attempt to crack the passcode and decrypt the data," Eng said. "Such a solution would be useless if applied to any other phone."

Pointing to Apple's past compliance with "requests to, for example, bypass lock screens in aid of criminal investigations," he noted that "it's only in recent years that they've taken an ideological stance on consumer privacy." That lead Eng to "believe Apple is taking this position less as a moral high ground and more as a competitive differentiator, betting that Google won't do the same."

At the end of the day, privacy advocates believe that the order undermines users' rights to safeguard and handle their own data. “ The Constitution does not permit the government to force companies to hack into their customers' devices,” said Abdo at the ACLU. “Apple is free to offer a phone that stores information securely, and it must remain so if consumers are to retain any control over their private data.”

Eng said a “broader discussion around whether generic backdoors should be provided by technology providers to law enforcement is completely different, and the continued backlash against this is fully warranted” because it can't safely be done “without endangering users.”

Fight for the Future, a web rights group that worked to defeat the Stop Online Piracy Act (SOPA), is trying to rally users, calling for protesters to gather outside of Apple stores nationwide, Tuesday, Feb. 23, to demand that the U.S. government drop its dangerous request, which would undermine the safety and security of millions of iPhone users worldwide. They ask that demonstrators bring signs that read “Don't Break Our Phones” and “Secure Phones Save Lives.”


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.