Governance & Risk Management , Next-Generation Technologies & Secure Development , Standards, Regulations & Compliance
DoJ: Apple Puts Marketing Before LawJustice Department Refutes Claim It's Asking for a Backdoor for all iPhones
Updated on Feb. 22, 2016.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
The Justice Department, in a motion to compel Apple to immediately unlock the iPhone of one of the San Bernardino shooters, criticized the company for putting business needs before civic responsibility.
"Apple has attempted to design and market its products to allow technology, rather than the law, to control access to data, which has been found by this court to be warranted for an investigation," according to the motion filed Feb. 19 in a federal court in Riverside, Calif.
Authorities recovered an iPhone 5c used by Syed Rizwan Farook, one of the attackers in the San Bernardino, Calif., rampage that left 14 dead at the Inland Regional Center, where Farook worked. Farook and his wife and accomplice, Tafsheen Malik, died in a shootout with police.
The iPhone in question - owned by Farook's employer - is passcode-protected, and the FBI says it doesn't know if the auto-erase feature has been enabled, which would wipe the device's memory after 10 failed passcode login attempts. Even if the feature isn't enabled, iOS introduces passcode entry delays after six or more failed attempts. Because of these roadblocks, the FBI asked for Apple's help to bypass the security features.
But two senior Apple executives say the company had worked to help investigators and attempted multiple avenues, including sending engineers with FBI agents to a WiFi network that would recognize the phone and begin an automatic backup if that had been enabled, according to Reuters. The executives, who were not identified in the news service report, criticized government officials who reset the Apple identification associated with the phone, which eliminated the possibility of recovering information from it through an automatic cloud backup.
Indeed, San Bernardino County officials have said they were already assisting the FBI, which requested that they reset the password for Farook's iCloud account - to which the iPhone synchronized - at which point the bureau was no longer able to access the account. The operational security expert known as the Grugq said via Twitter that the move - perhaps the result of "panic and incompetence" - closed the "front door" that the FBI had to the shooter's account.
FBI deliberately locked themselves out of the iCloud account, shutting the "front door" they already had https://t.co/4gRunkfOZs” the grugq (@thegrugq) February 20, 2016
Order Based on 1789 Law
U.S. Magistrate Judge Sheri Pym in Riverside, Calif., on Feb. 16 ordered Apple to assist the FBI by updating the iPhone to disable security features. Pym issued her order using a 1789 law that gives a judge the ability to issue court orders for matters not covered under current law (see Apple-FBI Draw Lines in Crypto Battle).
Justice Department lawyers on Feb. 19 filed the motion to compel Apple to comply because Apple CEO Tim Cook issued a letter to customers saying the company would not follow the court order. Apple reportedly has until Feb. 26 to respond to the motion; a hearing is scheduled for March 22. Through appeals, the case could ultimately wind up before the Supreme Court.
In his letter to customers, Cook characterized as "dangerous" the order to help the FBI access the iPhone. "The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor," Cook wrote. "And while the government may argue that its use would be limited to this case, there is no way to guarantee such control." (See The Crypto Debate: Apple vs. the FBI.)
Justice: No Universal Backdoor Sought
But in its motion, the Justice Department contends it would not require Apple to create a "backdoor" to every iPhone. To the contrary, the order states Apple would retain custody of its software used to open the iPhone and would have flexibility concerning the manner in which it provides the FBI assistance in opening the phone. "In fact, the software never has to come into the government's custody," the motion states.
The motion says Apple can take the iPhone, and do its work without the government being present. "No one outside Apple would have access to the software required by the order unless Apple itself chose to share it," the motion says. "This eliminates any danger that the software required by the order would go into the 'wrong hands' and lead to criminals' and bad actors' potential to unlock any iPhone in someone's physical possession."
Assessing the Risks
Still, cryptographer and author Bruce Schneier says there's no guarantee that even if Apple retains the technology to access the iPhone it would remain safe. "How are the dangers different if the equipment is in an Apple desk drawer than a government desk drawer?" Schneier asks.
Schneier worries that if Apple complied with the government's request, that would set a precedent for other cases when law enforcement authorities contend they need help to decrypt some other type of technology. "Especially, if Apple is doing the government's engineering for free; let's say it cost them $5 million," Schneier says. "Apple is going to say, 'I'm not going to destroy it so I don't have to spend the $5 million the next time.' Of course, they're not going to do that. The government knows that. Once the cat is out of the bag, they're going to be asked again and again."
Apple and other technology companies have helped U.S. law enforcement and intelligence agencies gain access to locked devices, but Apple's decision not to comply with the FBI's request could signal a change of heart.
"At some level, they want to try to set a different type of precedent here," says David Navetta, a data protection, privacy and cybersecurity lawyer with the law firm Norton Rose Fulbright. "With the NSA (National Security Agency) and all the activity that went on there, with the private companies cooperating, I think they look back at that and aren't as happy with the decisions they made back then. Perhaps, they want to re-evaluate how they go about these types of legal request."
Apple did not immediately respond to Information Security Media Group's request for comment.
Executive Editor Mathew J. Schwartz also contributed to this story.