In an unprecedented move, a US federal magistrate has ordered Apple to develop a special version of iOS that will help the FBI decrypt an iPhone 5C that belonged to the married couple responsible for the 2015 San Bernardino terrorist attack.
As CEO Time Cook explains in an open letter to Apple’s customers,
“The U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone. Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation.”
Even more specifically, the FBI wants Apple to create a custom firmware (IWPS) file that would:
- Disable any auto-delete features built into the phone
- Introduce a way for FBI agents to easily input password guesses, and
- Remove a security feature that slows down how quickly such guesses can be entered.
“The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”
The FBI has pushed for this measure because it hopes to discover how much influence radical Islam played in the motivations of Syed Rizwan Farook and Tashfeen Malik, and to trace who they were in contact with the before the attack.
The iPhone in question runs iOS 9, and ever since the release of iOS 8, Apple phones have implemented full end-to-end encryption. This means that all newer iPhones are encrypted, and that the user, not Apple, holds the encryption keys, making it impossible for Apple to simply decrypt their contents (and hence the demand for Apple to make efforts to brute force the keys easier).
This issue has been a major bone of contention between Apple and the FBI ever since. Apple, however, while expressing sympathy for the FBI’s motives, is adamant that building any such back door would be a disastrous move,
“Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.
In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.
The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.
The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.”
An interesting aspect of the court ruling is that relies on the 1789 All Writs Act, a 230-year-old catch-all piece of legislation that simply lets a court order someone to do something. Needless to say, Apple is unimpressed,
“If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”
Apple has vowed “with the deepest respect for American democracy and a love of our country,” to fight the ruling because “ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.”