The Justice Department slammed Apple's public repudiation of a court order to unlock an iPhone used by the San Bernadino shooting suspects, claiming the company's motivation is based on "concern for its business model and public brand marketing strategy,” and petitioned a federal court in California to compel the iPhone-maker to hand over the tools authorities need to crack the phone's encryption.
“Apple has attempted to design and market its products to allow technology, rather than the law, to control access to data which has been found by this Court to be warranted for an important investigation,” the DoJ said in court documents.
The DoJ filing drew immediate fire from security pros. “The DOJ is accusing Apple of exploiting the issue of backdoors as a marketing strategy while they simultaneously promote the idea that every surveil action is necessary to stop the next terrorist attack,” John Gunn, vice president communications at VASCO Data Security, said in comments emailed to SCMagazine.com. “The history of mass surveillance programs doesn't support this and consumers endorse Apple's decision to not build in a known security vulnerability.”
Alex Berger, product manager at STEALTHbits Technologies, in emailed comments to SCMagazine.com said that Justice's “dismissal of Apple's response as a marketing ploy could be interpreted as a shocking dismissal of the conversation that it has inspired, as well as ambivalence toward the fear underlying the conversation.” And, Berger asked, “Will there come a time when our right to privacy is sacrificed completely in the name of keeping us safe?"
How the Apple case plays out could have an impact on the U.S.'s ability to ability to uphold the Data Shield pact reached with the EU two weeks ago. “One of its major points is to create 'clear safeguards and transparency obligations on U.S. government access,'” Csaba Krasznay, product manager at Balabit, said in comments emailed to SCMagazine.com. “Although this demand seems to be an internal issue in the United States at the first sight, this is a bad message for EU and its citizens.”
He contended that “from the technology perspective, there shouldn't be a ‘magic key' to open any encryption on a vendor's device. If there is such a key, the trust level in the vendor will fail dramatically. This is a true Catch-22."
The DoJ filing came two days after the chairman of the Senate Intelligence Committee said he was considering drafting encryption legislation. Sen. Richard Burr (R.- N.C.) has since backed away from earlier claims that he would include criminal penalties in his legislative proposals.
In what some are now seeing as an eventual test case for the Federal Bureau of Investigation (FBI) over whether tech companies should build backdoors into their products to aid the agency in the investigation of terrorists and other criminals, a federal judge ordered Apple on Tuesday to provide “reasonable technical assistance” to help authorities access encrypted data on an iPhone 5c used by Syed Rizwan Farook, one of the alleged shooters in the December attack at the Inland Regional Center in San Bernardino, Calif.
Apple quickly rebuffed the order, with CEO Tim Cook penning a letter to the company's customers posted on Apple's website, saying that Apple opposed the order and contending it "has implications far beyond the legal case at hand."
Digital, civil and privacy rights groups agreed, quickly jumping to the company's defense. The government's request, Electronic Frontier Foundation Deputy Executive Director and General Counsel Kurt Opsahl wrote in a blog, is akin to “asking Apple to create a master key so that it can open a single phone” that it would likely demand to use in other cases. “We're certain that our government will ask for it again and again, for other phones, and turn this power against any software or device that has the audacity to offer strong security,” he said.
And Alex Abdo, staff attorney with the ACLU Speech, Privacy and Technology Project, in a statement emailed to SCMagazine.com, called the government's move “unprecedented, unwise and unlawful.” It could set a “dangerous precedent,” he added, that would be difficult to walk back.
“If the FBI can force Apple to hack into its customers' devices, then so too can every repressive regime in the rest of the world,” he explained, praising Apple “for standing up for its right to offer secure devices to all of its customers.”
But Burr, in a USA Today op-ed, accused the Cupertino, Calif.-based firm of “wrongly” choosing “to prioritize its business model above compliance with a lawfully issued court order.” Burr had said early on that he was mulling legislation to “tighten” encryption rules, the Wall Street Journal reported. But later a spokeswoman for the senator said he “is not considering criminal penalties in his draft encryption proposals.”
In the op-ed piece, Burr said that an iPhone 5c, which was issued to alleged shooter Syed Farook by San Bernardino County, “could be the key to uncovering additional operational planning details and identifying other possible accomplices” and is “subject to a lawful court order.”
Burr claimed that Apple is not being commanded by the court to provide decryption and “is in no way required to provide a so-called backdoor.”
He called the precedent in San Bernadino “important for our courts and our ability to protect innocent Americans and enforce the rule of law” and said its outcome would “also have a drastic effect on criminal cases across the country.”
Justin Harvey, chief security officer (CSO) for Fidelis Cybersecurity, called the Apple dilemma “a landmark case” and noted in comments emailed to SCMagazine.com that he was “aware of people getting compelled to unlock a phone, but I've never heard of a manufacturer being ordered to decrypt something by court order.”
That authorities would push for the tech company to provide backdoor access in not surprising for some who believe Apple's situation could become an FBI test case. “The FBI has already spent the last year arguing for backdoors in front of Congress and at the White House, and now that's it's come up empty it's trying to get a lower court judge to convert a vague, centuries-old catch-all statute into a powerful government hacking statute,” Kevin Bankston, director of the Open Technology Institute, said in comments emailed to SCMagazine.com. “That's not how we make policy in this country, and Apple is right to fight this—a loss would not only undermine its product but its entire industry and the security of every user of digital technology.”
Bankston urged that a line “be drawn here” and pledged that OTI was “eager to continue to fight to ensure that we can continue to trust the security and integrity of the devices we use every day.”
Jeff Hill, channel marketing manager at STEALTHbits, said however, that “it is unlikely Apple can win in a court of law," and it is "virtually certain they'll lose in the court of public opinion.”
While Apple is powerful and armed with a team of lawyers and resources, Hill said in emailed comments to SCMagazine.com, “it's still no match for a motivated Federal Government.”
And the public is unlikely to offer its support. “Irrespective of the legal challenges, however, Apple, the cyber security community, and civil libertarians all need to understand that the average American doesn't know a backdoor from a screen door, and more importantly, doesn't care,” said Hill. “Privacy advocates are unquestionably on the right side of this issue philosophically, but in the real world, the vast majority of Americans are less concerned about their credit card being stolen off a less secure iPhone than they are a terrorist collecting automatic weapons and explosives in the next apartment."
If Apple is made to bend to authorities' will, though, the consequences come at a cost to liberty. “Ben Franklin said something like: 'Those Who Sacrifice Liberty For Security Deserve Neither,'” said Berger. “What would our Founding Fathers say about today's DoJ action?"