Posted by: David Harley | February 17, 2016

iOS backdoor – Apple says no

[Added later: Chris Williams for the Register offers a ‘clear, technical Q&A‘. I’m not sure there are so many people ‘losing their minds’ over this, but it’s an interesting take, and links to Dan Guido’s piece on the technical aspects. The American Civil Liberties Union states that it will support Apple’s legal fight and quotes Alex Abdo, staff attorney with the ACLU Speech, Privacy, and Technology Project:

“This is an unprecedented, unwise, and unlawful move by the government. The Constitution does not permit the government to force companies to hack into their customers’ devices. Apple is free to offer a phone that stores information securely, and it must remain so if consumers are to retain any control over their private data.

For Macworld, Rich Mogull explains ‘Why the FBI’s request to Apple will affect civil rights for a generation – No legal case applies in a vacuum, and in this case the FBI needs the precedent more than the evidence.’]

Here’s Tim Cook’s letter to Apple users explaining why the use of the All Writs Act of 1789 to enable the FBI to compel Apple to provide software to gather evidence in the San Bernardino case is the start of a slippery slope (a position with which the Electronic Frontier Foundation agrees). Cook states:

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The EFF states:

For the first time, the government is requesting Apple write brand new code that eliminates key features of iPhone security—security features that protect us all. Essentially, the government is asking Apple to create a master key so that it can open a single phone. And once that master key is created, we’re certain that our government will ask for it again and again, for other phones, and turn this power against any software or device that has the audacity to offer strong security.

A judicial order by Judge Sheri Pym requires Apple to assist the FBI by bypassing security functionality on the iPhone used by one of the San Bernardino shooters. Techdirt points out that this isn’t exactly breaking the device’s encryption: it involves modifying the operating system to override the auto-erase feature which, if enabled, would allow law enforcement only ten attempts to attempt a password. If the 10-strikes-and-out feature can be disabled, the agency would be able to defeat the password using a brute-force attack.

The New York Times notes:

Marc J. Zwillinger, a lawyer for Apple, wrote in a letter for a related case in October that the All Writs Act could not be interpreted to “force a company to take possession of a device outside of its possession or control and perform services on that device, particularly where the company does not perform such services as part of its business and there may be alternative means of obtaining the requested information available to the government.”

The government says it does not have those alternative means.

Presumably Apple will take advantage of its five-day grace period to apply to the court for ‘relief’ from the judgement, but whatever happens in this particular case, we can probably assume that this isn’t the last time a government agency will take this approach.

David Harley

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: