Apple Backdoor iOS Case Develops
On Tuesday, the FBI launched a suit against Apple compelling them to help break into an iPhone 5c, as reported by InfoQ last week, leading to Tim Cook's publicly visible message to customers complaining about the principles of the case.
It has since transpired that the iPhone 5c was backing its data up into Apple's iCloud backup service, and would have continued to do so, providing the information the FBI were looking for, had the iCloud password not been reset. The password was reset at the request of the FBI according to David Wert, county spokesman for San Bernardino County, as reported by Reuters:
The two senior Apple executives said the company had worked hard to help investigators and tried multiple avenues including sending engineers with FBI agents to a WiFi network that would recognize the phone and begin an automatic backup if that had been enabled.
They criticized government officials who reset the Apple identification associated with the phone, which closed off the possibility of recovering information from it through that automatic cloud backup.
San Bernardino County reset the password on the iCloud account at the request of the FBI, said county spokesman David Wert.
The government first disclosed the identification change in a footnote to its filing Friday. The Apple executives said that the reset occurred before Apple was consulted. The Justice Department declined to comment on that contention.
Technology Companies Come Out in Support
Over the last few days the debate has continued to grow, with technology companies such as Google (as reported by InfoQ on Thursday) voicing support. Others have since chimed in, such as Twitter's chief executive Jack Dorsey:
We stand with @tim_cook and Apple (and thank him for his leadership)! http://www.apple.com/customer-letter/
Facebook's Jan Koum, founder of WhatsApp added his thoughts:
I have always admired Tim Cook for his stance on privacy and Apple's efforts to protect user data and couldn't agree more with everything said in their Customer Letter today. We must not allow this dangerous precedent to be set. Today our freedom and our liberty is at stake.
Meanwhile, the Information Technology Industry Council, a voice of the technology industry whose members include Microsoft, Google, Oracle, LinkedIn and many others, published a statement in support of the case:
Our shared fight against terrorism must be grounded in principle. We worry about the broader implications both here and abroad of requiring technology companies to cooperate with governments to disable security features, or introduce security vulnerabilities into technologies. Our fight against terrorism is actually strengthened by the security tools and technologies created by the technology sector, so we must tread carefully given our shared goals of improving security, instead of creating insecurity.
Encryption isn’t a luxury — it’s a necessity. This is why Mozilla has always taken encryption seriously: it’s part of our commitment to protecting the Internet as a public resource that is open and accessible to all.
Government agencies and law enforcement officials across the globe are proposing policies that will harm user security through weakening encryption. The justification for these policies is often that strong encryption helps bad actors. In truth, strong encryption is essential for everyone who uses the Internet. We respect the concerns of law enforcement officials, but we believe that proposals to weaken encryption — especially requirements for backdoors — would seriously harm the security of all users of the Internet.
The American Civil Liberties Union has commented on the FBI piece, saying that it is unprecedented:
This is an unprecedented, unwise, and unlawful move by the government. The Constitution does not permit the government to force companies to hack into their customers' devices. Apple is free to offer a phone that stores information securely, and it must remain so if consumers are to retain any control over their private data.
The government's request also risks setting a dangerous precedent. If the FBI can force Apple to hack into its customers' devices, then so too can every repressive regime in the rest of the world. Apple deserves praise for standing up for its right to offer secure devices to all of its customers.
The Electronic Frontier Foundation, which has been critical of Apple in the past, offered its support and plans to file an amicus brief:
We are supporting Apple here because the government is doing more than simply asking for Apple’s assistance. For the first time, the government is requesting Apple write brand new code that eliminates key features of iPhone security—security features that protect us all. Essentially, the government is asking Apple to create a master key so that it can open a single phone. And once that master key is created, we're certain that our government will ask for it again and again, for other phones, and turn this power against any software or device that has the audacity to offer strong security.
The U.S. government wants us to trust that it won't misuse this power. But we can all imagine the myriad ways this new authority could be abused. Even if you trust the U.S. government, once this master key is created, governments around the world will surely demand that Apple undermine the security of their citizens as well.
EFF applauds Apple for standing up for real security and the rights of its customers. We have been fighting to protect encryption, and stop backdoors, for over 20 years. That's why EFF plans to file an amicus brief in support of Apple's position.
The case has been politicised, with Donald Trump calling for a boycott on Apple products. Senator Richard Burr threatened to introduce a law to criminalize those who wouldn't comply with government co-ercion, although he later backed off from that position. Meanwhile the White House added its voice, saying the case was just about this one iPhone, not a generic backdoor for all iOS products.
A bi-partisan committee of the house energy and commerce committee has asked for representation from both FBI and Apple to congress about the importance of security in products:
We invite you to testify before the Committee on Energy and Commerce, Subcommittee on Oversight and Investigations, about the issues presented by the ongoing debate related to encryption technologies.
Over the last year, with the growing availability and adoption of strong encryption measures by commercial technology providers, there has been an increasingly public and heated debate about the costs and benefits of encryption technologies, in particular, the impact these technologies have on law enforcement’s capabilities to investigate criminal conduct. …
This debate has now come to a critical juncture with the recent order by a federal magistrate to your company to assist the FBI in “unlocking” a security feature of a phone allegedly used by one of the perpetrators of terrorist acts in San Bernardino, California in December 2015. According to news reports, there are a number of other law enforcement officials around the country considering use of authorities to compel similar assistance by technology manufacturers. …
We anticipate this hearing will occur at the Committee’s earliest opportunity and we are grateful for your cooperation
There are concerns, originally voiced by the New York Times (later removed from the piece) that pointed out that other governments may feel they can use the same arguments in future. The text was captured by Daniel Roberts on Twitter, reproduced here for clarity:
Congress has been debating whether to amend that act to include technology companies like Apple, Facebook and Google, and Judge Orenstein said he would consider ordering Apple to unlock the phone when and if Congress makes the change. The case is still pending.
Although Apple is portraying its opposition to Judge Pym's order as a principled defense of privacy, one of its motivations is the preservation of its reputation for robust encryption, at a time of rising concerns about identity theft, cybercrime and electronic surveilance by intelligence agencies and overzealous law enforcement agencies.
Apple also says that a master key would amount to a vulnerability that hackers could exploit.
China is watching the dispute closely. Analysts say that the Chinese government does take cues from the United States when it comes to encryption regulations, and that it would most likely demand that multinational companies provide accommodations similar to those in the United States.
Last year, Beijing backed of several proposals that would have mandated that foreign firms provide encryption keys for devices sold in China after heavy pressure from foreign trade groups. Nonetheless, a Chinese antiterrorism law passed in December required foreign firms to hand over technical information and to aid with decryption when the police demand it in terrorism-related cases.
While it is still not clear how the law might be carried out, it is possible a push from American law enforcement agencies to unlock iPhones would embolden Beijing to demand the same. China would also most likely push to acquire any technology that would allow it unlock iPhones. Just after Apple introduced tougher encryption standards in 2014, Apple users in China were targeted by an attack that sought to obtain login information from iCloud users.
On a lighter note, John McAffee, creator of the eponymous anti-virus software, said to Business Insider, that if he couldn't break into the iPhone, he would eat his shoe live on TV:
With all due respect to Tim Cook and Apple, I work with a team of the best hackers on the planet. These hackers attend Defcon in Las Vegas, and they are legends in their local hacking groups, such as HackMiami. They are all prodigies, with talents that defy normal human comprehension. About 75% are social engineers. The remainder are hardcore coders. I would eat my shoe on the Neil Cavuto show if we could not break the encryption on the San Bernardino phone. This is a pure and simple fact.
FBI screws up and blames Apple