US fight over gunman's locked iPhone could have big impact

February 17, 2016 by Eric Tucker And Tami Abdollah
US fight over gunman's locked iPhone could have big impact
In this photo taken Nov. 15, 2015, Apple CEO Tim Cook speaks in Milan, Italy. A U.S. magistrate judge has ordered Apple to help the FBI break into a work-issued iPhone used by one of the two gunmen in the mass shooting in San Bernardino, California, a significant legal victory for the Justice Department in an ongoing policy battle between digital privacy and national security. Apple CEO Tim Cook immediately objected, setting the stage for a high-stakes legal fight between Silicon Valley and the federal government. (AP Photo/Luca Bruno)

A U.S. magistrate's order for Apple Inc. to help the FBI hack into an iPhone used by the gunman in the mass shooting in San Bernardino, California, sets up an extraordinary legal fight with implications for ordinary consumers and digital privacy.

The clash brings to a head a long-simmering debate between technology companies insistent on protecting digital privacy and concerned about becoming unable to recover evidence or eavesdrop on the communications of terrorists or criminals.

On Wednesday, the White House began disputing the contention by Apple's chief executive officer, Tim Cook, that the Obama administration is seeking to force the software company to build a "backdoor" to bypass digital locks protecting consumer information on Apple's popular iPhones. The early arguments set the stage for what will likely be a protracted policy and public relations fight in the courts, on Capitol Hill, on the Internet and elsewhere.

"They are not asking Apple to redesign its product or to create a new backdoor to one of their products," White House spokesman Josh Earnest said. "They're simply asking for something that would have an impact on this one device."

Within hours of the judge's order on Tuesday telling Apple to aid the FBI with special software in the case, Cook promised a court challenge. He said the software the FBI would need to unlock the gunman's work-issued iPhone 5C would be "too dangerous to create" and called it "undeniably" a backdoor.

US fight over gunman's locked iPhone could have big impact
This July 27, 2014, photo provided by U.S. Customs and Border Protection shows Tashfeen Malik, left, and Syed Farook, as they passed through O'Hare International Airport in Chicago. A U.S. magistrate has ordered Apple to help the Obama administration hack into an iPhone belonging to one of the shooters in San Bernardino, Calif. The ruling by Sheri Pym on Feb. 16, 2016, requires Apple to supply highly specialized software the FBI can load onto the phone to cripple a security encryption feature that erases data after too many unsuccessful unlocking attempts. Federal prosecutors told the judge they can't access a county-owned work phone used by Farook because they don't know his passcode. (U.S. Customs and Border Protection via AP)

Cook compared it to a master key, capable of opening hundreds of millions of locks, and said there was no way to keep the technique secret once it's developed.

"Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge," Cook said.

At the center of the debate are the private data carried on nearly 900 million iPhones sold worldwide: Photographs, videos, chat messages, health records and more.

There was swift reaction on the presidential campaign trail, where Donald Trump told Fox News that he agreed "100 percent with the courts," and on Capitol Hill, where the chairman of the Senate Intelligence Committee, Richard Burr, R-N.C., said, "Court orders are not optional and Apple should comply." Democratic Sen. Dianne Feinstein of California, who fought encryption in the 1990s, said she thought the government should be able to access the phone. On Twitter, Edward Snowden called it "the most important tech case in a decade."

But Rep. Justin Amash, R-Mich., called the Justice Department's request "unconscionable and unconstitutional."

The ruling by U.S. Magistrate Judge Sheri Pym represents a significant victory for the Justice Department, which last year decided not to pursue a legislative fix to address encryption but has now scored a win instead in the courts.

US fight over gunman's locked iPhone could have big impact
An iPhone is seen in Washington, Wednesday, Feb. 17, 2016. A U.S. magistrate judge has ordered Apple to help the FBI break into a work-issued iPhone used by one of the two gunmen in the mass shooting in San Bernardino, California, a significant legal victory for the Justice Department in an ongoing policy battle between digital privacy and national security. Apple CEO Tim Cook immediately objected, setting the stage for a high-stakes legal fight between Silicon Valley and the federal government. (AP Photo/Carolyn Kaster)

Federal officials until now have struggled to identify a high-profile case to make its concerns resonate. But in siding with the government, Pym, a former federal prosecutor, was persuaded that agents investigating the worst terror attack on U.S. soil since Sept. 11 had been hobbled by their inability to unlock the county-owned phone used by Syed Farook, who along with his wife, Tashfeen Malik, killed 14 people in December before dying in a police shootout.

The dispute places Apple, one of the world's most respected companies, on the side of protecting the of an accused Islamic terrorist.

"We have no sympathy for terrorists," Cook said.

Apple has provided default encryption on its iPhones since 2014, allowing any device's contents to be accessed only by the user who knows the phone's passcode. The phone Farook was using, running the newest version of Apple's iPhone operating system, was configured to erase data after 10 consecutive, unsuccessful unlocking attempts.

The magistrate ordered Apple to create special software the FBI could load onto the phone to bypass the self-destruct feature. The FBI wants to be able to try different combinations in rapid sequence until it finds the right one.

The Justice Department said it was asking Apple to help unlock only the iPhone used by Farook and owned by the county government where Farook worked as an environmental inspector. The judge said the software should include a "unique identifier" so that it can't be used to unlock other iPhones. But it was unclear how readily the software could be modified to work against other iPhones, or how quickly Apple might update its own software to render the new bypass ineffective.

"If a court can legally compel Apple to do that, then it likely could legally compel any other software provider to do the same thing," including helping the government install tracking or eavesdropping software on a phone or laptop, said Kevin Bankston, director of the Open Technology Institute at New America.

The next step wasn't immediately clear. The judge gave Apple five days to contest the order as unreasonably burdensome. A magistrate judge on the lowest rung of the federal judiciary almost certainly could not establish meaningful precedent without affirmation from a higher-court judge, which means the fight is likely to proceed up the chain.

The former head of the FBI division responsible for producing some of the FBI's most cunning surveillance tools, Marcus Thomas, said Apple faces a challenge in showing that the government's request is overly burdensome. Thomas, the chief technology officer at Subsentio LLC, said companies that build ultra-secure products that might be used by criminals or terrorists can expect government requests for help.

"If you're going to build these devices and they're going to be air-tight and you can't get data out of them, then expect to get burdensome requests to help or maybe build solutions," Thomas said. "Society wants to know that companies aren't producing these complicated services and devices that can be used as weapons against them."

Explore further: Q&A: A look at the Apple vs US Justice Dept. court fight

Related Stories

Q&A: A look at the Apple vs US Justice Dept. court fight

February 17, 2016

A U.S. magistrate judge has ordered Apple to help the FBI break into a work-issued iPhone used by a gunman in the mass shooting in San Bernardino, California. Apple chief executive Tim Cook immediately objected, setting the ...

Apple to fight order to help FBI unlock shooter's iPhone

February 17, 2016

Apple Inc. CEO Tim Cook says his company will fight a federal magistrate's order to help the FBI hack into an encrypted iPhone belonging to one of the San Bernardino, California shooters. The company said that could potentially ...

US unable to crack San Bernardino attacker's phone

February 10, 2016

US agents cannot access a telephone used by the Islamist attackers in the San Bernardino shooting, the head of the FBI said Tuesday, complaining that encryption is hampering investigations.

Recommended for you

Dutch open 'world's first 3D-printed bridge'

October 17, 2017

Dutch officials toasted on Tuesday the opening of what is being called the world's first 3D-printed concrete bridge, which is primarily meant to be used by cyclists.

9 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

Eikka
not rated yet Feb 18, 2016
Of course Apple has the sort of software. They developed the OS, they know how to get into it. It's like a locksmith claiming they don't know how to break their own locks - even by brute force. That's either an incompetent locksmith, or someone with something to hide.

The reason why they resist the court is because they already have the means to break into the phone, and they don't want the public to know just how unsecure it is.

The FBI wants to be able to try different combinations in rapid sequence until it finds the right one.


Then they need to dump the contents of the phone's memory onto a different system and break the copy, not the original. Apple should be able to help them with that.
Eikka
not rated yet Feb 18, 2016
The rule is that if you have access to the physical hardware, no software security can keep you out. The software is like the perfect safe lock - no matter how fine the lock is, if you have free access to the safe, eventually you can just put a diamond tip drill through the door.

Apple is just playing dumb here, pretending that they have to create a "master key", in order to make it seem like their hardware is more secure than it really is.

The minimum that Apple needs to do in this case is to give the FBI assistance in isolating and reading out the phone's memory chips so the FBI can obtain a copy of the encrypted data and start to brute-force it. The FBI could do that on their own by simply breaking a bunch of iPhones until they figure out how to dump the chips, but everyone involved would be better off if Apple did it for them, so they wouldn't risk destroying evidence.

bluehigh
not rated yet Feb 18, 2016
Eikka, that's absurd. A locksmith may be able to 'pick' a lock but that does not mean the locksmith has a key. The locksmith must carry out a procedure to 'pick' the lock.

Apple are objecting because they are being compelled to provide a service or product that is detrimental to their business.

It's paranoia that insists Apple have ways to circumvent encrypted data with serious password access security. Why would Apple be prepared to spend big bucks fighting this if they already have a 'backdoor'? Simpler for Apple to shut up and quietly comply.

All the data is encrypted, so dumping it by hardware access is pointless.

The Feds need the password.

Eikka
not rated yet Feb 18, 2016
A locksmith may be able to 'pick' a lock but that does not mean the locksmith has a key.


A locksmith knows where to drill to open a lock without a key or a pick.

All the data is encrypted, so dumping it by hardware access is pointless.


Yet that's what the FBI wants to do. In actuality, encryption is only as strong as the password and people are predictable, so they choose passwords that are easily broken by dictionary attacks and clever guesses. Hence why the 10 attempts self-destruct mechanism.

The FBI might also know a thing or two about the particular encryption used, or have inside knowledge about the implementation a'la the Debian RNG bug that was injected to break SSH on Linux. If such "bugs" exist on the software side, Apple would be twice as reluctant to let the public know.
Eikka
not rated yet Feb 18, 2016
Simpler for Apple to shut up and quietly comply.


The case is public, so Apple complying would let the public know of the backdoor.

The FBI wants a copy of the data, so they can bypass the 10 attempts mechansm on the original hardware. They don't want a "master key", they simply need to crack this one phone like a locksmith would drill an individual door open, and Apple can help with that. What Apple wants to do is pretend they can't, because it would harm their self-advertised reputation and image as a secure company one way or the other.

bluehigh
not rated yet Feb 18, 2016
I understand that it may be within Apples capability to load software onto the device and allows the Feds multiple endless password attempts. Hopefully, that's not practical.

This leads to multiple non-technical questions concerning ethics, law and codes of conduct.

It's being simplistic but if I am sold a device that ensures my privacy by encryption and I find that it's can be circumvented then .. Hmmm .. A billion dollar class action?

Just to be clear, the evil people associated with the crimes that precipitated the need by the Feds to get access to this phone should be hunted down. I'm just not sure that violating rights and creating further fear and uncertainty helps.

In any case ... your locksmith example remains absurd.

Cheers. Catch ya later.

Eikka
not rated yet Feb 19, 2016
In any case ... your locksmith example remains absurd.


No. It's a perfectly valid analogue.

Here we have a phone manufacturer, who in the same capacity as a locksmith, creates a "perfect lock" for a safe, which now contains vital evidence to a crime of national importance, and the locksmith is requested to drill the door open for the police.

The locksmith refuses on the basis that if he does drill the lock open then it would become an "established procedure" or "master key" that lets anyone into the safes he made. The claim is untrue, because they don't need to reveal the technique to anyone, not even the FBI.

They can simply open the door, and that's nothing short of what is expected of a locksmith or a creator of locks, or in this case a creator of impenetrable phone encryption. They're just shirking their responsibility because they've lied to the public that the lock is unbreakable to sell more of them.
Eikka
not rated yet Feb 19, 2016
It's being simplistic but if I am sold a device that ensures my privacy by encryption and I find that it's can be circumvented then .. Hmmm .. A billion dollar class action?


Exactly. And exactly what should happen.

It's within Apple's responsibility to help law-enforcement to investigate a crime, in exactly the same way as a lockmaker is responsible for opening a safe for the police - they're not requested to create a tool for the police to open any safe - just to open that one safe.

What they've done is, they've pretended to the public that they have no such responsibility and no such ability, so that the public would buy their phones in the belief that it would secure their data even against and from the law-enforcement. This is not the case, and Apple has earned the lawsuit.
Blakut
not rated yet Feb 22, 2016
Eikka, why talk about things you don't know? Do you know if the data can be copied? Don't you think if it was that simple, the FBI would have done it by now?

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.