The FBI’s much-discussed request to Apple can seem innocuous: Help us extract six weeks of encrypted data from the locked iPhone of Syed Farook, an employee of San Bernardino’s health department who spearheaded an attack that killed 14 people. believe Apple should comply.
But the FBI is demanding a lot more than the data on a single phone. It has obtained a court order requiring Apple to build custom surveillance software for the FBI – which computer security expert Dan Guido cleverly .
Once that software exists, it is inevitable that will approach Apple seeking to get it to use the FBiOS to unlock iPhones in other investigations. Already, Apple says it has received U.S. court orders, under the same legal authority, seeking to get it to .
In effect, the FBI is asking for Apple to write software that will provide something the government has sought without success for more than a decade: A “backdoor” that cracks the increasingly sophisticated encryption on consumers’ phones.
The government has previously attempted to create its own “” that could unlock every device. That effort collapsed in the face of across the political spectrum. Now, the government is pushing a private company – Apple – to create a key.
What’s at stake in this clash of titans, therefore, is a much larger issue: How far should tech companies go to help the government conduct surveillance of their users.
to build special software that would disable the security on the device, and to install that software to the target iPhone as an update. Once the phone is updated with the new software, the FBI will be able to break into it.
Last year, a White House working group examined just this approach to creating a backdoor into encrypted devices – which it described in typically dense bureaucratic language as “.”
Translated into English, they were considering using the routine updates that every phone receives as a means for law enforcement to plant spyware that could track everything on the device, from whereabouts to text messages to all emails.
The panel saw a potentially fatal flaw in this approach, noting it “could call into question the trustworthiness of established software update channels.”
This is no small thing: software updates are key to cybersecurity. Updates are issued regularly to patch the inevitable flaws that are discovered in today’s complex software. Failing to install software updates leaves users’ vulnerable to hackers. The lack of timely software updates, in fact, has certain features of its non-battlefield smartphones.
If Apple gives its stamp of approval to the FBiOS and the technique becomes common, phone users may start to wonder whether the updates they receive contain spyware.
In addition, Apple says the FBiOS would “” hoping to obtain a copy of the golden key. The government counters that Apple can install the software on the device at Apple’s physical premises. Apple will “,” and is free to destroy it afterwards, the government states.
It’s also not at all clear that the government will prevail in its court fight with Apple.
Albert Gidari, a leading surveillance lawyer who has represented Google and other companies and is now director of privacy at Stanford University’s Center for Internet and Society, argues that . He points to that says the government does not have the power to require companies to implement “any specific design of equipment, facilities, services, features, or system configurations” for surveillance purposes.
The government argues that the 1994 law is irrelevant to its case, and instead is relying on a 1789 law, , that gives courts “all writs necessary and appropriate” to conduct their business.
However, Orin Kerr, a former federal prosecutor and professor at George Washington University Law School, argues that the 1789 law . In 1977, the Supreme Court ruled that the law did require a telephone company to help law enforcement set up surveillance equipment on certain lines, but that “the power of federal courts to impose duties upon third parties is not without limits;.”
In a court filing, Apple argues that the government’s request is
It is not a coincidence that the FBI has taken its battle to the courts. For the past two years, the FBI has been campaigning to win a so-called “backdoor” into encrypted devices. In 2014, FBI director James Comey called for a “” that would allow the agency to access devices with a court order.
With Congress out of the picture, the debate between tech and law enforcement will play out in the U.S. District Court in the Central District of California.
The FBI says that the debate is narrower than it has been portrayed. “ and its value increasingly obsolete because the technology continues to evolve,” FBI director Comey wrote in a blog post.
Microsoft founder Bill Gates told the Financial Times that he : “.”
But, several companies such as and – which all could face similar surveillance requests – have weighed in to support Apple.
“We build secure products to keep your information safe and we give law enforcement access to data based on valid legal orders,” tweeted Google CEO Sundar Pichai, “But that’s wholly different than requiring companies to enable hacking of customer devices & data.”