Apple CEO Tim Cook said his company will fight a court order, granted to the FBI on Tuesday, that would compel the manufacturer to build what it calls a “master key” for the data held on iPhones.
The case couldn’t be more emotive: It involves the iPhone 5C that belonged to San Bernardino shooter Syed Rizwaan Farook. The FBI can’t guess Farook’s PIN code, and if they try too many incorrect codes, the phone may wipe itself. Each time they make a guess, the iOS operating system also adds a delay before they can try another one. Hence, they can’t comb it for evidence.
On Tuesday, a federal judge in Riverside, California ordered Apple to help the FBI by creating a special version of the iPhone firmware that investigators could load onto the handset, allowing them to bypass the phone’s security mechanisms.
This special firmware would bypass or disable the auto-erase function, remove the artificial delays between guess attempts, and make it possible to automatically make those guesses via Wi-Fi or some other means that avoids someone having to physically type each one. (Ars Technica has posted a copy of the order.)
As it happens, if the iPhone 5C sported the TouchID feature, then it would also include a special piece of hardware called the Secure Enclave. This feature is meant to make sure only the fingerprint-reading home button gets access to the owner’s fingerprint data, and it also handles other encryption keys on the iPhone. This would probably stop Apple from being able to help the FBI at all — but the iPhone 5C doesn’t have this feature.
In a letter to Apple’s customers, Cook all but admitted that it was technically possible for the firm to cooperate with investigators. However, he said, the special version of the iPhone firmware was “something we consider too dangerous to create.”
Here’s how he described the risk:
In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession. The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control…
We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.
The application for the court order invoked a 1789 piece of legislation called the All Writs Act, which essentially lets courts order people or companies to do something. Cook described the proposed use of the All Writs Act in this case as “unprecedented,” though that’s debatable — it was already used a couple years back to help investigators force an unnamed phone manufacturer to bypass a phone’s lock screen.
The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.
The Apple chief said the firm didn’t take the decision to oppose the order lightly, but “we must speak up in the face of what we see as an overreach by the U.S. government.”
Cook and Apple have been very vocal in the past about the importance of encryption and their opposition to government-mandated backdoors. However, the debate has now moved past arguments over proposed legislation — it just became a very real legal battle.