In-brief: In a letter to customers, Apple CEO Tim Cook said the company is resisting a court order for it to help the FBI break data security protections on its iPhone, citing a threat to civil liberties.
Apple Computer is resisting an order by a U.S. court that it provide software to help the FBI cripple a security and encryption feature on an iPhone used by Syed Farook, one of the two ISIS-inspired shooters responsible for the recent San Bernadino, California attack.
In a letter to customers released on Tuesday, Apple CEO Tim Cook said the company opposes the order, which has “implications far beyond the legal case at hand.” Cook called the court’s request a threat to privacy and civil liberties.
“The FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession,” Cook wrote.
The request by a U.S. magistrate Sheri Pym on Tuesday demands that Apple supply a version of its iOS software that the FBI can use to disable a security feature that will erase an encryption key used to scramble the stored data on the phone after a certain number of unsuccessful login attempts have been attempted, AP reported.
“The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control,” Cook wrote in the letter, which was posted on the Apple website.
Security experts say that the government’s request is technically feasible, especially since Farook carried the iPhone 5C, a lower cost model that lacked Apple’s hardware based Secure Enclave feature. That means that the security protections befuddling the FBI are software- not hardware based, wrote Dan Guido of the firm Trail of Bits in a blog post on Wednesday.
“If the San Bernardino gunmen had used an iPhone with the Secure Enclave, then there is little to nothing that Apple or the FBI could have done to guess the passcode,” Guido wrote. “However, since the iPhone 5C lacks a Secure Enclave, nearly all of the passcode protections are implemented in software by the iOS operating system and, therefore, replaceable by a firmware update.”
But Cook argues that the technical feasibility of the request is besides the point. By demanding that Apple create an iOS hacking tool that would defeat its security protections, the government is threatening the security and privacy of every iPhone user, raising the possibility for subsequent civil liberties violations.
“The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices,” Cook wrote. “The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals.”