A federal magistrate ordered Apple on Tuesday to assist the FBI in accessing the locked iPhone of the two San Bernardino shooters that was recovered after the couple killed 14 people in December. Tim Cook, Apple’s CEO, wrote a letter to customers in reply denouncing the move as an “unprecedented step which threatens the security of our customers.”
The FBI has long sought a “backdoor” for encrypted technology like the iPhone, but their efforts have recently stalled as Washington has grown weary of further eroding the privacy of American citizens. The latest suit against Apple represents a new tactic for an agency that has found its efforts to increase its reach frustrated, even as attacks in San Bernardino and Paris have resurrected fears of terrorism across the country.
The FBI has been unable to break the couple’s passcode due to Apple security technology that slows down the phone’s operation in response to a user trying to “brute force” entry by guessing a large number of all the possible codes. The phone may also be triggered to wipe the phone of any data if a user attempts too many incorrect passcodes.
Apple installed new security features on its phones in 2014 that prevent the company from accessing information that would allow them to break into an iPhone, so the FBI has asked Apple to take an unprecedented step to get them access: Build a parallel iPhone operating system that would shut off the obstructing features on the phone’s login screen.
The FBI hopes that the phone may shed light on whether the San Bernardino attackers were in communication with foreign terrorist groups and, if so, who they were. Cook’s statement said that Apple has complied with all of the agency’s request so far, but the risks of abiding by the most recent one outweigh the potential benefits.
“In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession,” Cook wrote, adding:
“Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.”
The FBI’s motion has already fed the debate over whether the government should mandate tech firms provide a backdoor for law enforcement into all hardware. Top law enforcement and security agencies have long pined for such access, arguing that “no device, no car, and no apartment should be beyond the reach of a court ordered search warrant,” in the estimation of William Bratton, New York City’s police commissioner.
It’s important to note that the federal magistrate in this case has not ordered Apple to provide a backdoor into all of its encryption technology. Such a move would almost certainly require federal legislation, and so far, enough members of Congress have resisted these calls that no legislation has advanced. Members of Congress are keenly aware of the fierce opposition to encryption backdoors from the major Silicon Valley tech firms, like Apple, Google, and Facebook, which have vowed to oppose any kind of work-arounds that grant law enforcement broad, poorly regulated access to their technology.
“The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”
President Obama also opposes giving law enforcement a “backdoor” through encrypted devices on the grounds that it would go too far in limiting the privacy rights of citizens and provide little added security. Without executive support for an encryption hack, the law enforcement officials arguing for its importance will almost certainly have to wait for a more favorable president to come into office.
The 2016 election has already split on the issue of giving law enforcement a way to access all encrypted technology. Not all the candidates have addressed the issue, but Democrats Hillary Clinton and Bernie Sanders have both expressed reservations about the encryption backdoor, while Republicans Jeb Bush, Marco Rubio, and John Kasich have all come out strongly in favor of it.
If the magistrate’s order stands up on appeal, then law enforcement will have secured a method for breaking into iPhones and a legal tactic for opening most any door they desire. However, with issues of speed and reliability being major issues in discussions about the tools law enforcement agencies need, even winning this case is not likely to quell calls for the encryption backdoor.
But privacy advocates have managed to hold off these calls even through the San Bernardino attacks, as well as the mass shootings in Paris. So if the FBI is looking for an alternative to its backdoor into encryption, it’s because privacy is currently winning the debate.
Here’s Cook’s letter in-full:
February 16, 2016 A Message to Our Customers
The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.
This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.
The Need for Encryption
Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.
All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.
Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.
For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.
The San Bernardino Case
We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists.
When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.
We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
The Threat to Data Security
Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.
In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.
The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.
The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers, including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.
We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.
A Dangerous Precedent
Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.
The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.
The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.
Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.
We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.
While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.