Apple filed a motion in a California court yesterday, asking the judge to throw out the order compelling Apple to assist the FBI in unlocking an encrypted iPhone, and calling the US government’s demands a “dangerous” overreach of its constitutional powers.
Apple’s motion comes after a district court judge ordered Apple last week to create special software that would allow the FBI to pull data from an iPhone belonging to Syed Rizwan Farook – one of the shooters in the December terrorist attack in San Bernardino, California.
The company had until today (26 February) to respond to the court order.
Apple has been using the court of public opinion to argue its case for more than a week – saying that unlocking the iPhone would require Apple to create a backdoor to defeat its own security.
Tim Cook, Apple’s CEO, said in a note published on the company’s website that Apple would not comply with the court’s order.
To do so would put millions of Apple customers at risk, and undermine security features designed to protect iPhone users from hackers and government surveillance, Cook said in his letter and in media interviews.
In its legal motion to vacate the judge’s order, Apple contends that the case is not merely about a single iPhone, but rather the government’s grab for power that would violate the constitution, set a dangerous precedent, and go against the will of Congress.
Apple’s motion to vacate is a 36-page document that lays out a multi-faceted argument, including an explanation of the technical issues involved, the legal precedents, and a detailed unraveling of what Apple calls the government’s flawed understanding of the law.
Ultimately, this case hinges on the court’s interpretation of a 1789 law called the All Writs Act, which gives courts the authority to issue writs (orders) “necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”
The All Writs Act does not give the government the authority to force Apple into creating code that does not exist in order to do the government’s bidding, the company says.
The iPhone in question in this case, an iPhone 5c running a recent version of the Apple iOS operating system, is locked with a passcode and the only person who knows the passcode – Farook – is dead.
The FBI wants Apple to create a new version of iOS that would allow it to “brute force” the passcode, using software to make millions of guesses at possible passcode combinations in a matter of seconds until finding the right combination to unlock the device.
From a technical perspective, Apple argued in another court case that unlocking an iPhone running recent versions of iOS (iOS 8 or higher) is “impossible,” because Apple does not store the passcode or the unique ID used to create a key to encrypt the device.
Now Apple concedes that unlocking the iPhone is possible, but to do so would require Apple to create special software to bypass the iPhone’s security, taking engineers and other Apple staff weeks to accomplish.
Creating the software would open a Pandora’s box, Apple says.
Apple would need to take exceptional measures to protect all knowledge of the backdoor from getting out and being exploited by criminals and foreign governments.
This backdoor is “too dangerous to build,” Apple says.
Creating a backdoor to the terrorist’s iPhone should not even have been necessary, Apple says.
If the FBI had consulted Apple it could have provided technical assistance to get a backup of all data on Farook’s device from his iCloud account.
Instead, by resetting Farook’s iCloud password, the FBI lost the opportunity to get a backup of the data by connecting to a known Wi-Fi network.
From a legal perspective, Apple argues that Congress has passed a law – the Communications Assistance for Law Enforcement Act (CALEA) – that excuses companies like Apple from aiding the government in cases where it does not have a copy of the encryption key.
If the court follows the government’s interpretation of the All Writs Act to compel Apple to create a backdoor in this case, it would set a dangerous precedent.
Apple said that not only would that mean the government could demand assistance in thousands of cases, most not involving terrorism, it could also demand that Apple develop other kinds of software to track suspects, such as creating code to remotely turn on a device’s microphone or camera.
In the end, Apple says these issues should not be decided by a judge behind closed doors, but with a robust, public debate.
You can read Apple’s motion in full here.
Image of Apple logo courtesy of Anton Watman / Shutterstock.com.
Anonymous
No do not write the bypass. It will be abused by law enforcement. They will not be happy until they have infested every aspect of our lives. There is no more freedom or privacy.
Anonymous
The problem is that there are more “sheeple” than there are “sheeple dogs” and when the government wolves in their “sheeple dog” costumes bust out with their media megaphones it drowns out the warnings of the “sheeple dogs” actually trying to protect the sheeple. All too often I hear “sheeple” willing to give up their constitutional rights in return for government “protection” when in actuality all they are doing is giving up their rights for propaganda and lies generated as lame excuses to justify government actions that amount to nothing more than being a peeping tom.
Peter
Forget about the government getting access, if a back door is created an army of white and black hats will not stop until they find it. When they do then your data is as secure as the password: Kittens
incandescent
At the risk of a self fulfilling prophecy…
We know that bad people buy devices to plan and co-ordinate doing bad things. People get killed and quite a few more get life changing injuries. May be even a 9/11 type event or two occur.
This is not about constitutional rights, privacy, whatever. Its about protecting your populace. I’d rather be alive in a state where the balance is a tilted against freedom and privacy than dead in one where freedom and privacy reign supreme. How many people died or were injured in Paris in November last year… How many more need to die or get injured before people wise-up. Whose phone was this? Oh yeah a guy who killed, was it, 14, and injured another 20 or so. Or maybe this was all a government conspiracy and a cover up… Outstanding!
Will
I suppose that’s a personal choice. I just hope there are more of us who oppose this and hold privacy a little more important than you do.
As the article notes, the FBI had the opportunity to get at his iCloud data if they asked prior to resetting his password (I’m not even wild that this is possible), so in the future perhaps that’s an avenue they can pursue rather than forcing Apple to introduce a backdoor.
An aside, and appeal to NS, part of the reason these acts are committed is for notoriety/infamy. Let’s all do our part and not let them have the dignity of mentioning their name in the media!
Paul Ducklin
The guys’s name is a simple fact, and it clarifies which person and what case we’re talking about. I don’t think mentioning it provides any notoriety.
Will
You don’t see how mentioning his name in an article provides him notoriety? Perhaps you should revisit the definition of notoriety…
Paul Ducklin
So when we write anything that deals with the history of Europe in the 1930s and 1940s, we should obfuscate our text (and cause our readers to go hunting for what we are are really trying to say) by never writing the word H*tl*r, but instead writing “the leader of Germany for most of the Second World War, the one who shot himself dead just near the end”?
Will
First off, I’m not sure you’d need to go beyond “the leader of Germany for most of the SWW” for people to know exactly who you were talking about, but no, I’m not suggesting that you bleep Hitler’s name. He was in a class of vile all to his own.
What I am suggesting is that the rise in mass killings/shootings has a clear tie to media coverage as we see a dramatic increase (at least here in the U.S.) over the last several years. I’d bundle it all under the broad definition of the word terrorism despite individual motivations.
I understand that you are a journalist and you believe that you have a duty to report any and all facts about a certain situation. I’m betting you do draw a line somewhere though…do you publish bloody pictures of those killed? I’d hope not. I’m not going to win the argument with you, because you feel too strongly that you’re doing a service, saving the readers time to figure out who you’re talking about (although you’re assuming that we have that desire, or that that fact has some bearing to the article, which in many cases it does not).
My counter argument is that “San Bernardino Shooter” is probably sufficient identification. Were there multiple recent mass murders in San Bernardino that there would be confusion? His name is rather meaningless to us, but the infamy is what these criminals are after by committing these heinous acts. I’m just voicing my support for the #nonotoriety movement.
Paul Ducklin
Just for the record, I am not a journalist. I am a security writer employed by a security company.
Mike Blanchard
maybe YOU want to give up all your rights and privacy, but *I* certainly do not…. Why don’t you start by gathering a list of all your passwords, and encryption keys, and sending them to the FBI for safe keeping…. they’ll happily store them for you, nice and safe… why dont’ you go ahead and do that????
Brian T. Nakamoto
For perspective:
“From 2004 to 2014, 303 Americans were killed in terrorist attacks worldwide, according to State Department reports. During that same time frame, 320,523 Americans were killed because of gun violence.” – http://www.politifact.com/truth-o-meter/statements/2015/oct/05/viral-image/fact-checking-comparison-gun-deaths-and-terrorism-/
I’d rather live in an America with all of our hard fought freedoms intact rather than let terrorists win by scaring us into eroding the very liberties (includes privacy) that make America great.
Wilderness
Nobody is asking Apple to make a ‘backdoor’ that would give the authorities access to all phones. They’re asking that a custom firmware be loaded onto one specific phone to disable anti-pin guessing. That requires a court order. Apple can and should make sure that the firmware is only cryptographically usable on that one phone.
Paul Ducklin
Yes. And no. I’d describe an IT backdoor as “a deliberately-programmed weakness that gives you a way to sidestep computer security when it suits you.” By that definition, this is a backdoor.
And you can think of this case as a bit of a Pandora’s Phone. If Apple is forced to proceed and succeeds in sidestepping the protection well enough to crack the key (which is, after all, what “recovering the password by brute force” means), then you could argue that it’s the legalistic process here that will become the backdoor, and therefore it will as good as give the authorities access to all phones, albeit rather slowly.
Adam
To shorten Paul’s detailed argument (if I may):
If Apple does it this time, then the next time a government needs (or wants) this done, they will point to this case and essentially say “Well, Apple, you did it in that case. Do it for this case.”
Eventually, it will become the norm for Apple to create backdoors for every iOS version they release.
Paul Ducklin
Indeed, though I think you can generalise and say, “Well, X, Apple did it last time. Now it’s your turn.”
For X, you might want to imagine substituting one or more of: {Microsoft, Linux kernel devs, Sophos, National Census, Telephone Company, Tax Office, Your Employer, You}.
Nigel Geffen
If Apple “…could have provided technical assistance to get a backup of all data on Farook’s device from his iCloud account…” (but for the FBI’s bungling), surely that’s a back-door that’s already there, and which Apple are in control of…
Paul Ducklin
I think it’s fair to argue that the iCloud synchronisation is a feature that is publicly known, and that the user (presumably) opted into to agree to the data upload. (I assume that the FBI already has a way in to the iTunes account.)
4caster
It appears that the FBI destroyed their only means of accessing the data on the late Syed Rizwan Farook’s iPhone. What are they? Keystone Cops?
John Nelson
“When good cryptology is outlawed, only outlaws will have good cryptology.”
clifford cuellar
Trust Big Brother! If the government knows it, it will be stored or written down somewhere and can get out. Government security is NOT. They can be so proud to show off their technology they provide enough info to breach them (Witness TSA keys.) Plus there is no guarantee that someone who is privy to the secrets will not reveal them. Snowden affair or actual spies