Thursday 18 February 2016

Tim Cook says Apple will fight US gov’t over court-ordered iPhone backdoor

Apple chief Tim Cook has attacked the recent court order that compels Apple to unlock and decrypt the San Bernardino gunman's iPhone. "Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the US government," says an open letter published by Cook early this morning.
Late yesterday, a federal judge in California ordered Apple to help the US government (the FBI) unlock and decrypt the iPhone 5C belonging to Syed Rizwan Farook, who shot up an office party in San Bernardino in December 2015.
In the past, Apple has helped extract data from iPhones when issued with an appropriate warrant. Since iOS 8, however, full encryption has been enabled by default—a move that was seemingly introduced specifically to prevent such data-grabs by governments. "Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data," the company wrote on its website at the time. "So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."
Now, however, Judge Sheri Pym has ordered Apple to introduce a backdoor to help the FBI unlock the iPhone—and, unsurprisingly, Tim Cook is not best pleased.
Cook's "message to our customers" is quite impressively aggressive. It begins by explaining why we need encryption, moves onto a brief history of the San Bernardino case, and then explains exactly what the FBI actually wants from Apple. Here's the core of the letter:
We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
From the court order, we even know what kind of backdoor the US government wants:
Apple's reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.
Basically, right now there are measures in place to stop someone from picking up your iPhone and brute-forcing the code to unlock your phone. The FBI wants a backdoor that allows such a brute-force attack to take place. With direct passcode input through the iPhone's Lightning port, and no additional delay between passcode attempts, cracking the code would be very easy.
Apple, for its part, opposes the court order. "We can find no precedent for an American company being forced to expose its customers to a greater risk of attack," Cook writes. "We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country ... While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products."
Finally, one last thought: Tim Cook published the open letter at midnight Pacific time, when most Americans were already asleep. Europe, however, was just waking up—and Europeans tend to get quite upset by egregious breaches of privacy. If Apple was compelled to introduce such a backdoor for the FBI, European governments would have access to it as well.

1 comment: