- FBI wants to know what is on San Bernardino shooter's iPhone
- CEO Cook says court order is attack on civil liberties
It’s not that Apple Inc. can’t help investigators search an iPhone. The real issue is it doesn’t want to.
A federal judge on Tuesday ordered the company to help the Federal Bureau of Investigation gain entry into the iPhone used by one of the people who shot and killed 14 in San Bernardino in December. The FBI wants to know where he had been and who helped him.
Technologically speaking, Apple has the capability it needs to comply with the government’s request. Yet Chief Executive Officer Tim Cook vowed to fight the decision, saying it would give the government a backdoor to its customers’ private communication and be a "dangerous precedent."
The case illustrates a seldom-discussed aspect of the debate over encrypted communications. Namely, that Apple could, if forced, write software that would give authorities the ability to unlock an iPhone. Investigators could then use relatively simple technical workarounds to obtain call records, text messages and other data.
“I believe it is technically feasible for Apple to comply with all of the FBI’s
requests in this case,” Dan Guido, founder and chief executive officer of cybersecurity company Trail of Bits Inc., said in a blog post. "Based on my initial reading of the request and my knowledge of the iOS platform, I believe all of the FBI’s requests are technically feasible."
The FBI said the unique software it is asking for could only be used on the shooter’s phone to bypass security features.
Once Apple has engineered the solution to enable authorities to crack one phone, it doesn’t require much adaptation for the manufacturer to apply the hack to different models, said Sean Sullivan, security adviser at F-Secure Oyj in Helsinki.
“Once demonstrated, it’s not a big ask to get Apple to do it again,” he said. “The difficult part is the bureaucracy and the legal aspect.”
In this case, the government is asking Apple for technical help to figure out Syed Rizwan Farook’s passcode. Farook and his wife, Tashfeen Malik, died in a shootout with police after the attack. Farook’s employer owned the phone and has given permission for it to be searched, according to court documents.
Investigators aren’t pursuing the case to seek a precedent that grants permanent access to encrypted smartphone information, according to an Obama administration official who requested anonymity to discuss the matter. Rather, investigators have a strong interest in finding out who Farook had contacted prior to the attack, the official said.
Even so, if the government prevails, the official said that would create a path for law enforcement to acquire encrypted data that the company has previously said is out of authorities’ reach.
The Justice Department wants Apple to disable a feature that deletes data on a phone after 10 unsuccessful attempts to enter the passcode. Agents also want to be able to send electronic passcodes to the phone, rather than manually typing them in. These changes, added to the phone as an update to the operating system, would allow agents to use a computer to figure out the passcode by trying millions of combinations.
"It’s something that absolutely should be possible," said Sullivan, of F-Secure Labs. "In theory, this is a very good way of going about it in a warranted process. This is not facilitating any sort of bulk surveillance."
Cook, Apple’s chief executive officer, said the software doesn’t exist and if it was created would have the potential to unlock any iPhone -- essentially creating a backdoor that could be exploited by governments, criminals and hackers.
"Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation," Cook wrote in a letter to customers on Tuesday. "In the wrong hands, this software -- which does not exist today -- would have the potential to unlock any iPhone in someone’s physical possession."
And the implications of providing the assistance could be broad.
"If Tim Cook acknowledges that this proof of concept is something that could actually be implemented, then they go about doing it and demonstrating the proof of concept actually works, then Russia, China, Pakistan, all these other kind of countries come knocking on the door," Sullivan said. "They say ‘Look you did it for the feds, do it for us.’"
To be sure, software that the FBI is seeking to use on Farook’s phone wouldn’t work on Apple’s newer devices, said Chris Soghoian, principal technologist and a senior policy analyst with the ACLU’s speech, privacy and technology project.
But if the FBI prevails in this case, it could open the door to the government compelling Apple and other technology companies to modify software through automatic updates that could permit access to devices, Soghoian said.
"This isn’t just about one iPhone, it’s about all of our software and all of our digital devices," said Kevin Bankston, director of the New America Foundation’s Open Technology Institute. "If this precedent gets set, it will spell digital disaster for the trustworthiness of everyone’s computers and mobile phones."