The privacy fight between Apple and the FBI has been raging for weeks now, with the iPhone-maker showing no sign of backing down over the FBIs demands to give them access to an iPhone as part of an investigation. The pair are set to face each other once more on March 22 when they go head-to-head at a hearing in California’s federal court. Interestingly, Apple is also holding one of its regular product launch events the night before where it’s expected to announce a new iPhone.
It’s unlikely the dates are a complete coincidence. Apple will almost certainly take the opportunity to speak publicly about its resistance on the eve of the hearing.
Tim Cook described the implications of being forced to comply with the FBI request as ‘chilling’
While that will give more ammunition to those who claim Apple’s position has more to do with PR than genuine concerns over its users’ privacy, there’s no escaping the fact that publicity and public opinion matter.
If you’ve been following the story you might recall that the FBI wants Apple to break the encryption on an iPhone used by San Bernardino shooter Syed Rizwan Farook in order that it can access data which may or may not be of use to it in its investigation into the atrocity.
Apple responded by saying that thanks to beefed up security introduced in iOS 8, it can’t simply bypass the passcode on that or any other iPhone running iOS 8 or iOS 9.
The FBI’s quest was complicated by the fact that the San Bernardino Health Department, which owns the phone and for whom Farook worked, had changed the Apple ID password, while working with the FBI, days after it was seized. That made it impossible for Apple or anyone else to access an iCloud backup of the data on the phone.
Thus, we arrived at a situation where the FBI requested Apple write a new version of iOS which is modified to: disable the feature which causes iOS to erase data after ten incorrect passcode guesses; eliminate the delays between incorrect passcode guesses; and allow guesses to be made electronically rather than by hand.
In other words, it wants a new version of iOS to make it easier for it to ‘brute force’ hack the San Bernardino iPhone.
The FBI wants a new version of iOS to make it easier to hack the passcode on the iPhone 5c it seized
The FBI is using the ancient and obscure All Writs Act to try and win the legal argument. Crucially, All Writs only applies where the cost of complying isn’t ‘unduly burdensome’. Apple is defending on the basis that the burden would be huge.
It boils down to this: the FBI could probably have hacked its way into the iPhone without Apple, but it’s keen to set a precedent and force Apple and other companies to comply with its requests in the future. Apple could comply, but it doesn’t want to set that precedent because it believes it would make iOS less secure, not to mention that it would require huge effort and resources to comply and it would be damaging from a PR perspective.
It’s a battle Apple must win. Leaving aside the fact that a more easily crackable version of iOS, once it’s been created, could escape Apple’s control and be used by others, there are several other good reasons why Cook and his directors should resist.
Apple would, if it was forced to comply, limit the new version of iOS so it only ran on the hardware ID of this iPhone. It would protect that limitation by signing the code, as it does with every other piece of iOS software. Developing the code and then signing it isn’t straightforward. The Electronic Frontier Foundation explains just how complex it would be here. Furthermore, once done it would be easy for the FBI or other law enforcement agencies to point to this case and say that as Apple had done it once, it could do it again. There are District Attorneys across the US waiting to make precisely that argument – the Manhattan DA alone has 175 of iPhones he wants to access. The burden on Apple would increase hugely and, as the EFF said ‘could overwhelm the security of this process by requiring many more signatures.’
The iPhone Farook used was a 5c model –
Another undesired result could be that law enforcement agencies in other countries, perhaps China or Russia, would look at the US and argue that they two should be allowed to access seized iPhones. Lives of dissidents and whistle blowers would literally be at risk.
Apple’s assertion that if it loses it will lead to a ‘police state’ may be hyperbole, but it’s right to say: “You can imagine every different law enforcement official telling Apple we want a new product to get into something. Even a state judge could order Apple to build something.”
That wouldn’t just apply to Apple, of course, which is why other tech companies have been so supportive of it.
This case is about much more than one iPhone, the very future of encryption itself is at stake. Apple must win.
iPhone 5c and passcode images by Kārlis Dambrāns