Apple has recently courted controversy over its
resistance to a demand by the U.S. Federal Bureau of Investigation (FBI).
Namely, the FBI wants Apple to help its investigators hack into the iPhone of
San Bernardino shooter Syed Rizwan Farook, and a federal magistrate has ordered the tech giant
to comply. Apple CEO Tim Cook has said the company plans to fight the ruling.
The bureau, with the support of the Department
of Justice (DoJ) and the White House, argues that its proposal is analogous to
a warrant-authorized search. FBI officials speculate that information stored on
Farook’s device may help them ascertain the circumstances that led to the San
Bernardino tragedy, identify any accomplices the perpetrators may have had, and
possibly prevent future attacks by violent extremists. The bureau’s director
James Comey has suggested that he is not trying to set a legal
precedent by pursuing the Farook case.
On the other hand, Cook contends
that a version of the iOS operating system designed to override security
features would constitute a “backdoor to the iPhone” and would indeed set a
dangerous precedent for digital privacy around the world.
Technically, a backdoor to the iPhone already
exists, in the sense that Apple has the ability to create and upload to its
devices software that would override security features. The determining factor
is whether the author possesses Apple’s secret digital signing key, since Apple devices won’t
run software that doesn’t bear this signature.
The FBI’s
proposal, and why Apple is resistant
Farook’s phone and the data stored on it are
protected by a pin number that only the shooter knew. The FBI plans to conduct
a “brute-force attack”—in other words, connect a device to the phone that can
attempt many numerical passcode guesses in quick succession. But Farook has
enabled a security feature that causes his iPhone to temporarily lock after 10
incorrect guesses. Depending on the settings, there is a possibility that data
stored on the phone could be automatically erased after the tenth attempt.
The government wants Apple to design and upload
onto the iPhone a version of iOS that would allow investigators to attempt an
infinite number of passcode guesses without getting locked out, and without
incurring the risk of data erasure.
But the company has raised several objections.
•
Cook fears Apple’s creation of “backdoor” software could have
far-reaching implications. And his concern isn’t
isolated to the future actions of American individuals and agencies. Apple is a
transnational corporation that does business in dozens of countries around the
world, including authoritarian regimes. If the U.S. government can demand that
Apple help law enforcement hack an iPhone, what is to prevent a dictatorship
from enlisting Apple technicians to break into the electronic devices of
suspected dissidents?
•
The Farook case is not, in fact, unique. Rather, the U.S. Justice Department has requested Apple’s help to
extract data from at least 12 other iPhones. Apple
brass have expressed concerns that by writing security-override software on
behalf of law enforcement, their company could come to be perceived as an
appendage of the national security state—and thereby lose customers’ trust.
•
Security-overriding software for the iPhone could empower
cyber-criminals. Cook has suggested that by
creating a new version of iOS for the purpose of overriding security
protections, Apple would run the risk that this software might fall into the wrong
hands. However, the existence of Apple’s private signing key already poses a
similar threat; armed with that signature, a skilled programmer with expertise
in iOS could theoretically hack into any iPhone.
Does the
government have ulterior motives?
Last fall, the Obama administration’s National Security Council formalized a
“decision memo” which tasks state agencies with finding ways to circumvent
digital encryption and security protections. Apple’s authorship of “backdoor”
software would be a big step in that direction.
Given the significance and implications of the
Farook case, don’t be surprised if an appellate court eventually rules in the
tech giant’s favour. But U.S. government agencies’ efforts to gain access to
digital devices will surely continue. In fact, through a tool called DROPOUTJEEP, the U.S.
National Security Agency probably has backdoor access to at least some iPhones
already.
