Apple CEO Tim Cook has issued a bold refusal to comply with a judge’s order requiring the company to unlock an encrypted iPhone used by one of the terrorists responsible for the attack in San Bernardino, California.
The Justice Department had sought a court order to compel Apple to unlock the iPhone 5c belonging to Syed Rizwan Farook, accused of killing 14 people at a holiday party at the Inland Regional Center in San Bernardino on 2 December 2015.
Both Farook and his wife, Tashfeen Malik, were killed in a gun fight with police, but the FBI says it needs access to Farook’s iPhone to determine who he was communicating with prior to the attack.
On Tuesday (16 February), Judge Sheri Pym, of the Federal District Court for the District of Central California, granted the US Attorney’s request for Apple to unlock the iPhone, saying Apple should provide “reasonable technical assistance” to the FBI.
However, Cook contends in an open letter to customers, published yesterday on Apple’s website, that such an order would require Apple to create a new version of the iOS operating system – one with a backdoor.
The type of device Farook was using – an iPhone 5c – and other Apple devices running iOS 8 (or higher), are encrypted by default and cannot be decrypted without the user’s passcode.
Making things even more difficult for investigators, or anyone else attempting to access a locked iPhone without the passcode: entering 10 incorrect passcodes will automatically wipe the device if the “Erase Data” setting has been turned on.
Creating a backdoor to bypass Apple’s encryption would “[threaten] the security of our customers,” Cook says, and a backdoored version of iOS – which “does not exist today” – would be “too dangerous to create”:
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software – which does not exist today – would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
Cook’s position is wholly consistent with his past statements on backdoors, and Apple has refused to obey a court order in at least two other cases where it said it could not comply because it could not break its own encryption.
However, Apple has been willing to cooperate with law enforcement in general and in the San Bernardino case specifically.
According to Cook’s letter, Apple complies with “valid subpoenas and search warrants,” and has provided data “in our possession” to the FBI when asked.
Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.
Apple may be able to turn over data stored unencrypted in iCloud, for example, as it reportedly did in a criminal case last year when the FBI requested access to encrypted communications between suspects in a drug case.
However, accessing data stored on an encrypted iPhone would require Apple’s engineers to build the equivalent of a “master key,” according to Cook.
And once a master key that can unlock any iPhone is created, there’s no way to guarantee that knowledge of how to exploit such a backdoor would not get out and threaten the security of every Apple user.
Ultimately, that’s too great a risk, Cook says:
While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.
This latest court battle represents another major setback for law enforcement in the ongoing “crypto wars.”
FBI Director James Comey has repeatedly said that law enforcement investigations are thwarted by criminals and terrorists “going dark” through the use of encrypted devices and apps.
Lawmakers from the US Congress, on down to state legislators in California and New York, have proposed laws compelling technology companies to create backdoors for law enforcement access.
But, so far, the tech companies and privacy advocates are winning the fight against backdoors that would weaken encryption.
The fate of unbreakable encryption, and our collective security, may depend on how Apple’s legal fight plays out.
SOPHOS STATEMENT ON ENCRYPTION
Our ethos and development practices prohibit “backdoors” or any other means of compromising the strength of our products for any purpose, and we vigorously oppose any law that would compel Sophos (or any other technology supplier) to weaken the security of our products.
Image of Tim Cook courtesy of JStone / Shutterstock.com.