Apple Fights FBI Over Disabling Security In San Bernadino Case - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Devices
News
2/18/2016
06:06 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple Fights FBI Over Disabling Security In San Bernadino Case

The FBI wants Apple to help it crack the passcode of an iPhone owned by one of the shooters in the December San Bernardino attack that killed 14 people. But CEO Tim Cook says this demand would "undermine the very freedoms and liberty our government is meant to protect."

8 Ways To Secure Data During US-EU Privacy Fight
8 Ways To Secure Data During US-EU Privacy Fight
(Click image for larger view and slideshow.)

In an open letter to Apple customers published Tuesday evening, CEO Tim Cook said the company is challenging a court order directing it to assist the Federal Bureau of Investigation. The company was reportedly asked to help the FBI bypass security measures that protect data stored on a locked iPhone.

The FBI is trying to access the data on the iPhone of Syed Farook who, with wife Tashfeen Malik, killed 14 people in San Bernardino, Calif., in December 2015. The agency believes that data on the phone may provide useful information about other potential threats or co-conspirators. But investigators have been unable to examine the phone's data because the device is protected by a numeric passcode, according to a Department of Justice legal filing. And the FBI has not tried to guess the passcode because Apple's iPhone software includes a security feature that deletes data after 10 incorrect passcode entries.

The device, an iPhone 5c, belongs to the San Bernardino County Department of Public Health, which provided it to Farook as an employee and has consented to the government's search. The FBI has already obtained some data from Apple's iCloud service, with Apple's cooperation. But the government contends that Farook disabled the automatic iCloud backup of his iPhone data at some point, thereby preventing more recent data from being stored on Apple's servers.

[ What will the next US President do with tech? Read Where 2016 US Presidential Contenders Stand On Tech Issues. ]

"We have great respect for the professionals at the FBI, and we believe their intentions are good," Cook said in his letter. "Up to this point, we have done everything that is both within our power and within the law to help them. But now the US government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone."

For years, law enforcement officials have sought government-mandated backdoors to bypass encryption. FBI Director James Comey last year testified before the Senate Judiciary Committee about the way that encryption can hinder investigations. Security experts and academic researchers have countered that backdoors cannot be controlled and will inevitably be misused. Comey has warned that encryption allows criminals to "go dark." At the same time, Peter Swire, professor of law and ethics at Georgia Institute of Technology, has argued that surveillance and data gathering have never been easier. The debate remains ongoing.

However, the Obama administration has opted not to mandate backdoors to bypass digital security measures. And Sen. Ron Wyden (D-OR) has introduced a bill that seeks to prohibit the government from requiring weak security.

Apple, in its privacy statement about government information requests, acknowledges that it complies with lawful legal demands for information that it possesses. But the company maintains it "has never worked with any government agency from any country to create a 'backdoor' in any of our products or services."

(Image: Apple)

(Image: Apple)

This case has the potential to determine whether Apple can continue to make that claim. Citing precedent in a legal filing, the Department of Justice asserts that the All Writs Act of 1789 authorizes the court "to order a third party to provide nonburdensome technical assistance to law enforcement officers."

The Department of Justice also notes that there are multiple pending unpublished orders to compel Apple's technical assistance in similar cases. However, DoJ acknowledges that a magistrate judge in the Eastern District of New York, handling one such case, has questioned the court's authority to issue a compliance order under the All Writs Act.

On Tuesday, a magistrate judge in Riverside, Calif., ordered Apple to help the FBI. The order directs Apple to provide technical assistance:

  • to bypass or disable the auto-erase function that deletes data after 10 successive attempts to enter an incorrect passcode;
  • to provide a way to automate passcode entry (thereby enabling the possibility of brute force passcode attacks); and
  • to remove any software-based mechanism that delays password entry as a method of limiting brute force attacks.

The government is asking Apple to create a custom firmware for the iPhone in question that disables security measures. Security experts Jonathan Zdziarski and Dan Guido claim that Apple has the ability to comply with this order.

(Image: AleksandarNakic/iStockphoto)

(Image: AleksandarNakic/iStockphoto)

But as Cook's letter indicates, Apple opposes being required to do so. "[W]e fear that this demand would undermine the very freedoms and liberty our government is meant to protect," Cook says.

If the iPhone were a newer model, an iPhone 6 or later, Apple might not be able to comply fully with the order. According to Zdziarski, Apple moved the passcode entry delay code from software into a hardware element called the Secure Enclave in recent model iPhones. The feature that deletes data after 10 incorrect passcode guesses, however, can still be disabled in newer iPhones, Zdziarski maintains.

Newer iPhones with TouchID are arguably less secure than older models, however. US courts allow authorities to compel a person to use his or her fingerprint to unlock a biometrically protected phone. Passwords, because they're considered to be testimonial, cannot be compelled.

Chris Eng, VP of research at security firm Veracode, said in an emailed statement that the FBI isn't asking for a generic backdoor or decryption, but a software update that applies to one specific phone. He argues that Apple has bypassed lock screens for investigators in the past and is making a stand primarily as a matter of competitive differentiation.

Yet Eng's assertion implies there's a difference between a backdoor and a software update. A backdoor is simply an abstract term for something that bypasses a security measure. And a backdoor becomes generic if it can be applied repeatedly via legal process.

The Department of Justice contends that what Apple has been directed to do is not overly burdensome. But Apple may not consider its assigned task a trivial use of engineering resources. And there's also the burden of brand damage: Any company promising data security will no longer be able to do so if authorities can require businesses to create skeleton keys on demand.

Does your company offer the most rewarding place to work in IT? Do you know of an organization that stands out from the pack when it comes to how IT workers are treated? Make your voice heard. Submit your entry now for InformationWeek's People's Choice Award. Full details and a submission form can be found here.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 3   >   >>
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
2/18/2016 | 5:14:13 PM
Re: Apple takes a page out of Ayn Rand's books
@jastroff - Insert "Laughing so hard I'm crying emoticon" - or shall I say "Crying with tears of joy" emoticon? :)
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
2/18/2016 | 4:59:41 PM
Re: Apple takes a page out of Ayn Rand's books
@Ariella - I totally understand that.  But then why have they complied in the past to similar requests that end up resulting in basically the same end (in one case it was a meth dealer's phone).  Isn't that still invading privacy?  Does it matter where the information comes from?  If they hand it over from the cloud how is that really different from the phone itself?  The end result I mean...
jastroff
50%
50%
jastroff,
User Rank: Ninja
2/18/2016 | 4:31:48 PM
Re: Apple takes a page out of Ayn Rand's books
I'm going to take the high road on this and comment as the Madison Avenue - The Onion - Mad Magazine would:

 

New Sales Pitch:

The iPhone

Favored by Terrorists Around the World!

 
Ariella
0%
100%
Ariella,
User Rank: Author
2/18/2016 | 4:11:24 PM
Re: Apple takes a page out of Ayn Rand's books
@vnewman He means the principle of protecting the integrity of the privacy set up for the iPhone user. He fears that setting up this opening for this phone can lead to any phone being cracked. He certainly does not mean to say that he doesn't believe in helping the government out but that he draws the line at this.
vnewman2
100%
0%
vnewman2,
User Rank: Ninja
2/18/2016 | 4:08:05 PM
Re: Apple takes a page out of Ayn Rand's books
Right, but Tim Cook is arguing the action based on principle, "And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect."  I mean, is this really the case you want to take THAT kind of position on?
Ariella
0%
100%
Ariella,
User Rank: Author
2/18/2016 | 4:00:28 PM
Re: Apple takes a page out of Ayn Rand's books
@vnewman2 Apple says it has cooperated in terms of providing  any data they have. But what the FBI wants in this case is a way to get at what's on the phone via new Apple software that would prevent the data wipe from happening when oo many wrong passwords are entered. 
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
2/18/2016 | 3:47:08 PM
Re: Apple takes a page out of Ayn Rand's books
Correct me if I'm wrong though, and I haven't been able to adequately research, but didn't Apple willingly comply with these types of orders several times in the past for much lesser offenses? 
Ariella
50%
50%
Ariella,
User Rank: Author
2/18/2016 | 2:54:36 PM
Re: Apple takes a page out of Ayn Rand's books
@mejac tht could be quite something as far as precedent goes.
mejiac
50%
50%
mejiac,
User Rank: Ninja
2/18/2016 | 2:42:27 PM
Re: Apple takes a page out of Ayn Rand's books
@Ariella,

I was discussing this with a former police officer, and he thinks there's a 51% change this will go all the way to the supreme court.

I think the government will try to pressure apple, and Apple's lawyers will stand there ground.... I don't think this will settle anytime soon either, since he explained that these types of disputes are extensive, since it's a matter of both interpretation and protecting customers privacy (which in itself its'a delicate matter)
Ariella
50%
50%
Ariella,
User Rank: Author
2/18/2016 | 12:35:33 PM
Re: Apple takes a page out of Ayn Rand's books
@mejac Yes, Apple is arguing from the point of view of precedent. The question is: what move will the FBI make now? Will it  be content to let it go,  or will it bring a lot more pressure on the company? 
<<   <   Page 2 / 3   >   >>
News
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Commentary
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Slideshows
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Slideshows
Flash Poll