Tweet
This could open up a whole new can of worms. The FBI needs to figure this out on their own.
Last night, a California court ordered Apple to assist the FBI in hacking an iPhone. It’s an unprecedented request, one with potentially huge repercussions for the privacy and security of every Apple customer. This morning, Apple CEO Tim Cook posted an impassioned defense of encryption, and signaled the legal battles to come.
The iPhone at hand belonged to one of the San Bernardino shooters, the couple who took 14 lives in an attack last December. But the open letter to Apple customers posted on Apple’s website early Wednesday morning is significant in that it doesn’t just respond to this court order and incident, specifically, but to the importance of encryption at large.
“For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe,” writes cook in the lengthy response. “We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”
Cook’s referring to Apple’s default encryption, first implemented with iOS 8, which ensures that a third-party has no way to access your files. They’re protected by an encryption key tied to your password. That Apple is just as blind to your photos and texts as the FBI also helps explain the unique nature of the court request. Rather than impel Apple to unlock the phone, the FBI wants Apple to help it develop a way to “bruteforce” the password—guess until it finds a match—without triggering a mechanism that deletes the key that decrypts the data. Currently, 10 wrong password tries will make the iPhone’s data inaccessible forever. The FBI would like to lift that restriction, along with the mandatory delays between password attempts that will slow their progress considerably.
While this isn’t a “backdoor” in the traditional sense, Cook argues that it amounts to one.
“The FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation,” says Cook. “In the wrong hands, this software—which does not exist today—would have the potential to unlock any iPhone in someone’s physical possession. The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. ”
In his missive, Cook vows to fight any attempts to weaken the iPhone’s encryption.
“In today’s digital world, the ‘key’ to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it,” says Cook. “Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.” Anything that helps the FBI compromise the security of an iPhone, in other words, also helps any bad actors.
“The government suggests this tool could only be used once, on one phone,” Cook continues. “But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks—from restaurants and banks to stores and homes. No reasonable person would find that acceptable.” Cook further calls out the government for relying on an 18th century law—the All Writs Act of 1789—to justify an expansion of distinctly modern-day powers.
The company had previously responded to the questionable use of the All Writs Act in a filing in a similar encryption case last October. “The All Writs Act may not apply here because, among other reasons, the bounds of mandatory law enforcement assistance have already been drawn by the Communications Assistance for Law
Enforcement Act (CALEA),” wrote Apple’s lawyers at the time, “and because Apple does not own or control the device in question.”
Apple has yet to take any official next steps, but an appeal seems likely. It already has the support of the Electronic Frontier Foundation, an organization focused on digital rights. “We are supporting Apple here because the government is doing more than simply asking for Apple’s assistance,” says EFF’s Kurt Opsahl in a statement. The group plans to file an amicus brief in support of the Cupertino company.
Given the high profile of both Apple and the case involved, these proceedings seem likely to be many Americans’ first real introduction to the encryption fight that has loomed for some time. Cook has laid out the pro-encryption case in a way that’s accessible, tangible, and immediate. What’s not clear is whether that will be enough for the courts—or its customers—to rally behind.
The iPhone at hand belonged to one of the San Bernardino shooters, the couple who took 14 lives in an attack last December. But the open letter to Apple customers posted on Apple’s website early Wednesday morning is significant in that it doesn’t just respond to this court order and incident, specifically, but to the importance of encryption at large.
“For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe,” writes cook in the lengthy response. “We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”
Cook’s referring to Apple’s default encryption, first implemented with iOS 8, which ensures that a third-party has no way to access your files. They’re protected by an encryption key tied to your password. That Apple is just as blind to your photos and texts as the FBI also helps explain the unique nature of the court request. Rather than impel Apple to unlock the phone, the FBI wants Apple to help it develop a way to “bruteforce” the password—guess until it finds a match—without triggering a mechanism that deletes the key that decrypts the data. Currently, 10 wrong password tries will make the iPhone’s data inaccessible forever. The FBI would like to lift that restriction, along with the mandatory delays between password attempts that will slow their progress considerably.
While this isn’t a “backdoor” in the traditional sense, Cook argues that it amounts to one.
“The FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation,” says Cook. “In the wrong hands, this software—which does not exist today—would have the potential to unlock any iPhone in someone’s physical possession. The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. ”
In his missive, Cook vows to fight any attempts to weaken the iPhone’s encryption.
“In today’s digital world, the ‘key’ to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it,” says Cook. “Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.” Anything that helps the FBI compromise the security of an iPhone, in other words, also helps any bad actors.
“The government suggests this tool could only be used once, on one phone,” Cook continues. “But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks—from restaurants and banks to stores and homes. No reasonable person would find that acceptable.” Cook further calls out the government for relying on an 18th century law—the All Writs Act of 1789—to justify an expansion of distinctly modern-day powers.
The company had previously responded to the questionable use of the All Writs Act in a filing in a similar encryption case last October. “The All Writs Act may not apply here because, among other reasons, the bounds of mandatory law enforcement assistance have already been drawn by the Communications Assistance for Law
Enforcement Act (CALEA),” wrote Apple’s lawyers at the time, “and because Apple does not own or control the device in question.”
Apple has yet to take any official next steps, but an appeal seems likely. It already has the support of the Electronic Frontier Foundation, an organization focused on digital rights. “We are supporting Apple here because the government is doing more than simply asking for Apple’s assistance,” says EFF’s Kurt Opsahl in a statement. The group plans to file an amicus brief in support of the Cupertino company.
Given the high profile of both Apple and the case involved, these proceedings seem likely to be many Americans’ first real introduction to the encryption fight that has loomed for some time. Cook has laid out the pro-encryption case in a way that’s accessible, tangible, and immediate. What’s not clear is whether that will be enough for the courts—or its customers—to rally behind.
Comment