As U.S. law enforcement escalates its battle to keep criminals from concealing their communication on digital devices or “going dark,” Apple CEO Tim Cook is digging in his heels in resisting government directives to support their investigations. A federal judge in California on Tuesday ordered Apple to step up efforts to help the FBI search the locked iPhone 5c used by Syed Rizwan Farook, who, along with wife Tashfeen Malik, is suspected of a mass shooting at a December 2 holiday party last year in San Bernardino, Calif., that killed 14 people and injured 22. Cook quickly countered the court action with an open letter posted to his company’s site suggesting that the FBI’s request could open a Pandora’s box that undermines security on all iPhones.
The issue at hand is not whether Apple can break into Farook’s iPhone 5c but rather whether the company should, as the FBI has requested, disable protections designed to keep people from guessing a device’s security passcode. This includes a delay feature that prevents someone from rapidly and repeatedly trying to guess a passcode as well as features that permanently encrypt or erase data after a number of unsuccessful passcode attempts. Police killed Farook and Malik in a shoot-out, leaving law enforcement without any means of obtaining the iPhone’s passcode unless it was written down somewhere.
Cook’s greater concern is that the government has asked the company to build a backdoor to all its iPhones. “The U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create,” according to Cook. “The FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software—which does not exist today—would have the potential to unlock any iPhone in someone’s physical possession.”
The U.S. District Court for the Central District of California ordered Apple to provide “reasonable technical assistance to assist law enforcement agents in obtaining access to the data” on the iPhone in question. Apple must provide the FBI with software that can bypass or disable the autoerase function that would eliminate data on the iPhone after several unsuccessful attempts to guess the passcode. The court also insists that the software rig the iPhone so that law enforcement can enter passcode guesses electronically using either the physical device port, Bluetooth or wi-fi, as opposed to just the touch screen. Another stipulation is that Apple must disable the built-in delay that makes users wait a certain amount of time between passcode guesses. According to a court filing, Apple “has declined to provide that assistance voluntarily.”
Cook, however, countered that Apple has attempted to support the FBI’s investigation. This includes turning over data in the company’s possession, making Apple engineers available to advise the FBI and offering ideas on “a number of investigative options at their disposal.”
Apple is not denying that it could comply with the court order but rather stating that the government is overreaching its authority. The company could remove barriers to rapid-fire passcode guessing by installing a software update, greatly cutting down the time it would take to access the phone, according to a blog post by Dan Guido, an adjunct professor at Polytechnic Institute of New York University and co-founder and CEO of Trail of Bits, a cybersecurity firm.
Despite Cook’s concern that such assistance could create a backdoor to all iPhones, it is not clear whether the approach Apple takes to disable 5c encryption could likewise be applied to newer iPhones with better security. Apple introduced the 5c in September 2013 as a lower-cost alternative to its other models. The A7 processor introduced at the same time with the iPhone 5S included a “Secure Enclave” (pdf) coprocessor that provides security functions separate from the device’s main application processor. Secure Enclave introduced a two-key system to the iPhone that requires both that coprocessor and the main processor to approve a passcode before the device is unlocked and its data is decrypted. As Guido points out: “If the San Bernardino gunmen had used an iPhone with the Secure Enclave, then there is little to nothing that Apple or the FBI could have done to guess the passcode.” Apple bolstered security even further last year with iOS 9, which runs on iPhone models as old as the 4S and can erase iPhone data after 10 consecutive incorrect attempts to enter the passcode.
Ultimately, Apple is most concerned about setting a precedent by fully cooperating in the San Bernardino case. If the company bypasses security in an older model iPhone, a judge who might not know the difference between security features of different models could compel Apple to do this again in the future, even if it may not be possible to break newer iPhone security, says Morgan Marquis-Boire, a senior researcher at the University of Toronto’s Citizen Lab and former member of Google’s security team. “There’s the worry of the slippery slope” that might extend out to other devices as well as crimes in addition to terrorism, he adds.
This last point is being tested in New York City, where U.S. law enforcement wants Apple to unlock an iPhone 5s belonging to an alleged methamphetamine dealer.