A federal judge ordered Apple on Tuesday to provide “reasonable technical assistance” to help law enforcement access encrypted data on an iPhone 5c used by Syed Rizwan Farook, one of the alleged shooters in the December attack at the Inland Regional Center in San Bernardino, Calif.
The phone, prosecutors said, may contain data relevant to the investigation of the shootings – allegedly by Farook and Tashfeen Malik, to whom he was married – that killed 14 people.
“We are supporting Apple here because the government is doing more than simply asking for Apple's assistance,” the Electronic Frontier Foundation (EFF) said in a blog post penned by Deputy Executive Director and General Counsel Kurt Opsahl, pledging to file an amicus brief on the company's behalf. “For the first time, the government is requesting Apple write brand new code that eliminates key features of iPhone security – security features that protect us all.”
Greg Nojeim, director of the Freedom, Security and Technology Project at the Center for Democracy & Technology (CDT), chided the court for “citing a law adopted in 1789” – the All Writs Act of 1789 – on which it based its order. “If the order stands, the defective operating system (iOS) could be installed over any existing version of iOS, enabling law enforcement officials to guess the password on a cell phone,” Nojeim said in a statement emailed to SCMagazine.com.
Tuesday's order instructed Apple to use its expertise to bypass the auto-erase function on the phone, as well as let investigators from the Federal Bureau of Investigation (FBI) to input an unlimited number of passcodes as they attempt to unlock the iPhone.
The government's request, EFF's Opsahl noted, is akin to “asking Apple to create a master key so that it can open a single phone” that it would likely demand to use in other cases. “We're certain that our government will ask for it again and again, for other phones, and turn this power against any software or device that has the audacity to offer strong security,” he said.
Alex Abdo, staff attorney with the ACLU Speech, Privacy and Technology Project, in a statement emailed to SCMagazine.com, called the government's move “unprecedented, unwise and unlawful.” It could set a “dangerous precedent,” he added, that would be difficult to walk back.
“If the FBI can force Apple to hack into its customers' devices, then so too can every repressive regime in the rest of the world,” he explained, praising Apple “for standing up for its right to offer secure devices to all of its customers.”
“That sentiment was echoed by EFF's Opsahl, who wrote that the availability of a “master key” would prompt governments worldwide to “surely demand that Apple undermine the security of their citizens as well.” What would be new authority could be abused in myriad ways, Opsahl said, expressing skepticism over the government's entreaty “to trust that it won't misuse this power.”
But Chris Eng, vice president of research at Veracode, took issue with calling the law enforcement's request a backdoor. "They're asking for a software update (which could be designed to work only on that one particular phone) which would then allow the FBI to attempt to crack the passcode and decrypt the data," Eng said. "Such a solution would be useless if applied to any other phone."
Pointing to Apple's past compliance with "requests to, for example, bypass lock screens in aid of criminal investigations," he noted that "it's only in recent years that they've taken an ideological stance on consumer privacy." That lead Eng to "believe Apple is taking this position less as a moral high ground and more as a competitive differentiator, betting that Google won't do the same."
At the end of the day, privacy advocates believe that the order undermines users' rights to safeguard and handle their own data. “ The Constitution does not permit the government to force companies to hack into their customers' devices,” said Abdo at the ACLU. “Apple is free to offer a phone that stores information securely, and it must remain so if consumers are to retain any control over their private data.”
Eng said a “broader discussion around whether generic backdoors should be provided by technology providers to law enforcement is completely different, and the continued backlash against this is fully warranted” because it can't safely be done “without endangering users.”
Fight for the Future, a web rights group that worked to defeat the Stop Online Piracy Act (SOPA), is trying to rally users, calling for protesters to gather outside of Apple stores nationwide, Tuesday, Feb. 23, to demand that the U.S. government drop its dangerous request, which would undermine the safety and security of millions of iPhone users worldwide. They ask that demonstrators bring signs that read “Don't Break Our Phones” and “Secure Phones Save Lives.”