Edward Snowden is one of many who believe that, if Apple is indeed forced to comply with Tuesday’s court order and assist the FBI in hacking into the San Bernardino shooters’ iPhone, then the government will be able to hack into almost any iPhone. The court-ordered cooperation, some think, will set a dangerous precedent: here’s how the government can hack into iPhones.
The government, however, maintains that this hack will be a one-time thing.
Snowden, the NSA whistleblower who was granted asylum in Russia, today on Twitter called the legal battle “the most important tech case in a decade,” and he’s right: it’s a high-profile clash of Americans’ strongly-held anti-terrorism and privacy values.
In case you need to be caught up to speed: A federal judge in a district court in California, Sheri Pym, ordered yesterday that Apple must obey the FBI and decrypt the San Bernardino shooters’ iPhone.
The order calls this coercion “reasonable technical assistance,” and gives Apple three compliance requirements: one, disable the auto-erase function that ten failed login attempts trigger; two, provide firmware that would allow the government to repeatedly guess at the iPhone’s PIN electronically, rather than by hand (in other words, run a million permutations through the device, hoping that one is the correct passcode); and three, allow the government to complete step two in a timely fashion, with no lag in between subsequent login attempts.
The order seems to imply that Apple would thereby not be held publicly culpable for hacking into a customer’s device, and therefore that its business’s reputation would not suffer.
The next stipulation is best experienced in full:
Apple’s reasonable technical assistance may include, but is not limited to: providing the FBI with a signed iPhone Software file, recovery bundle, or other Software Image File (“SIF”) that can be loaded onto the SUBJECT DEVICE. The SIF will load and run from Random Access Memory (“RAM”) and will not modify the iOS on the actual phone, the user data partition or system partition on the device’s flash memory. The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE. Once active on the SUBJECT DEVICE, the SIF will accomplish the three functions specified in paragraph 2. The SIF will be loaded on the SUBJECT DEVICE at either a government facility, or alternatively, at an Apple facility; if the latter, Apple shall provide the government with remote access to the SUBJECT DEVICE through a computer allowing the government to conduct passcode recovery analysis.
The most important claim within this requirement is that this particular infiltration of a customer’s device will be a one-time event, and will not allow the FBI to use this method to gain entry to iPhones at will.
Snowden, however, suggests that — instead — the order entails a permanent back door. And it does seem that way: If the FBI learns, due to Apple’s forced cooperation, how to repeatedly and immediately test PINs on iPhones, then the FBI will probably be able to do so at will. While iPhones that are newer than the 5c will be more difficult to hack into, the possibility will remain.
And while lower in the order, there’s this important line in the ruling: “Apple shall advise the government of the reasonable cost of providing this service” — which might sounds a lot like we’ll freaking pay you whatever you want; just do it.
Here on your iPhone is where you can set up this security setting:
At the conclusion of the order, the judge grants Apple the right to “make an application to this Court” within five business days to deny such involvement, so long as “Apple believes that compliance with this Order would be unreasonably burdensome.”
And you can bet that Apple will be doing just that.