Ricochet is the best place on the internet to discuss the issues of the day, either through commenting on posts or writing your own for our active and dynamic community in a fully moderated environment. In addition, the Ricochet Audio Network offers over 50 original podcasts with new episodes released every day.
Apple’s Reply to the FBI
Apple’s CEO Tim Cook has just released a message to Apple’s customers:
The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.
This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.
The Need for Encryption
Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.
All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.
Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.
For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.
The San Bernardino Case
We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists.
When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.
We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
The Threat to Data Security
Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.
In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.
The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.
The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.
We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.
A Dangerous Precedent
Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.
The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.
The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.
Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.
We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.
While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.
Tim Cook
Your thoughts?
Published in Islamist Terrorism, Science & Technology
I must be misunderstanding what you are saying, but if I am not, did Mr. Cook not just say that they can and have complied with warrants?
Went up to the Supreme Court in US v. New York Telephone Co.
If these aren’t rational ends of law, kind of hard to imagine what would be, no?
Good analogy. I’ll have to chew on that one since government can order citizens to kill on behalf of the nation and for its defense. However, is criminal investigation within the same realm of government power as conducting war?
Just to make another faulty analogy: if there were a door government could not breach, could it then compel a citizen or business to develop a battering ram capable of breaching it?
Bravo Mr. Cook!! The government needs to understand that the existence of terrorists does not give them cart blanch authority to just collect on every single person who happens to have a mobile device. The government needs to stop being lazy or stop being constrained by political correctness if they wish to effectively search out and stop future terrorist activity. Demands that private companies make it easy for the government to monitor every American is lazy. Collection of metadata of American citizens for the purposes of building a national network for use in the aftermath of attacks is lazy. This type of activity did nothing to stop Abumatallab, Time Square Bomber, Nidal Hasan, or the Tsarnaev Brothers. The government was too damned paralyzed to simply look at the facebook page of one of the San Bernardino killers. So no. Stop wrapping your laziness in the flag and leave the American People alone.
Well, the thing is, this isn’t hypothetical, it’s not as if no case to date has ever established a precedent. Precedent suggests this should be settled on the basis of whether it’s pretty easy to do, technically. And I suspect it’s not that hard. This doesn’t seem to be so much a matter of encryption as it is a matter of the phones having, basically, a self-destruct mechanism should they detect an attempt to brute-force the password. Seems the Feds don’t believe it would be that hard to disable it, for this phone. They’re not asking how to disable it, they’re asking Apple to do it, for this phone.
Yeah, right. I have a nice Golden bridge that I’d like to sell.
No, not really. There has to be a limiting principle other than government wants it. If the capability already existed then it would be reasonable to demand Apple provide it to the government. As what they are asking for does not exist, it is unreasonable to demand Apple create it. Commandeer my car, sure; demand I build a car for government to commandeer, not so much.
Yes Claire, but if I am not mistaken this is regard to a warrant on a specific target. What the FBI wants is the ability to have access to every single American’s information cutting out the requirement that this be a specified, targeted approach to crime fighting. NY Telephone Company does not authorize this.
Well obviously it’s hard enough to be outside the capabilities of the feds.
Wasn’t the draft couched on the premise that one’s duty to country was to be prepared to fight for it? Is there some sort of premise that our duty to country now includes that we allow the government open access to our personal information?
9TO5Mac: “But, argues Trail of Bits [security firm], it would be possible to put the iPhone into DFU mode and then overwrite the firmware with a version that has neither the auto-erase mode nor delays between passcode attempts. The FBI could then trivially brute-force its way into the phone”
“The FBI can’t overwrite the firmware because the device checks for a valid Apple signature. The FBI doesn’t have this. But Apple does. Apple could thus create signed firmware without the protections designed to defeat brute-force attacks, and hand the phone back to the FBI.”
In US v. New York Telephone Company, 434 U.S. 159 (1977), the court ordered the telephone company to cooperate and provide technical assistance to install pen register telephone surveillance, which was known technology. Here the government is ordering Apple to invent new technology. That seems to go overboard to me.
An even better analogy would be to always leave your car unlocked so that the government may commandeer your car at any time they wish, also leaving open the possibility that your car be stolen by common criminals.
But that’s not what they’re asking.
I see no reason to think that only political correctness would make them suspect there might be urgently important clues about future terrorist activity on the phone of a terrorist.
They’ve made no such demand.
This has nothing to do with metadata.
This isn’t for that purpose. It’s for the purpose of searching that phone. A phone that any reasonable person would suspect to be associated with a dangerous terrorist network.
It’s possible — likely, in fact — that this type of activity has stopped many terrorist attacks before they happened.
That wasn’t reported accurately. The government doesn’t have routine access to private messages on Facebook.
I’m all for leaving Americans alone, but I don’t think ISIS shares this view.
Not an Alex Jones fan here either but I may be about to sound like one. Does anyone care to speculate on the possibility of this very public showing of the impregnable security of a phone being disinformation? Does the FBI not have the tools available to the NSA? Don’t a lot of us assume that anything done on these devices is accessible to authorities at some level?
I’m not sure the technology they’re asking for is really new. The government wants to break the password by brute force. Apple’s most recent software has a safeguard against hackers who try to do that. They’ve asked Apple to disable it for that phone, which they then plan to attack by brute force. Not as complicated as asking Apple to build them a spaceship.
Sorry, 100% wrong. They do NOT have a warrant for searches involving 100’s of millions of Apple users. It was made perfectly clear that a method of access would not be unique to that perps phone, but would affect all users. Once invented, such a digital tool would propagate. If nuclear weapons can, then a modified iOs can. I heartily applaud Apple in their stance against the federal behemoth, which is untrustworthy.
Even if Apple did the work themselves on one phone, a complex task involving many people, the tool would then exist and security is never 100%, so it would be much sought after and eventually stolen.
No, these lawyers are too overworked — in the Feds’ case — and charge too much by the hour — in Apple’s case — for that to be remotely plausible. There just aren’t enough highly trained lawyers who can write these briefs to make this a viable PR stunt. And it would require a really elaborate conspiracy involving the Feds at every level. Nope.
Easy conclusion, not knowing anything about the technology. And wrong.
Claire, I am accompanying this story with the NSA component. Thus far the government has made the argument that they must be allowed to build nodal networks with Americans’ communication metadata and now they are demanding that smartphone developers allow them to have cart blanch access to the devices of private citizens without a specified warrant. The forth amendment still applies in this country. If the government fears that I am a threat, then the burden of proof is on them to secure a warrant to be able to build a case against me. It is not on Apple to just allow them to have access so that they can pre-empt any signs of there being a threat. That is exactly what is at stake here. Get a warrant or go to hell.
Although the order is limited to one particular telephone, once the technology is created as ordered, it will be applied to additional phones. If it can be ordered for one, it can be ordered again and again. Once the technology is created for one phone, expect the government to demand a back door to all phones, because the technology for the back door then exists. Drip, drip, drip incremental invasion of privacy. That is how I see it.
How so?
They have a warrant.
I don’t think Tim Cook cares primarily about civil liberties. He cares about being on the right side of progressive opinion. If Dylan Roof had an encrypted iPhone, Apple would have unlocked it lickety-split. Rightly, in my opinion.
On what basis? The basis on which they’re asking this is that the phone belonged to a terrorist who killed 14 American citizens, and is associated with a terrorist organization that’s killed many more and plans to keep killing. Why would they be able to extend this logic to all phones?
Control is always an illusion.
But this isn’t a nuclear weapon. Do you really think that Apple has refrained from doing this so far because they fear becoming Shiva, destroyer of Worlds? That they invented this security feature but dare not disable it? Come on.
I agree with Tim Cook, and am glad Apple is resisting.
If we lived under rule of law, this discussion might be moot. “Rational ends” is no longer a limit of any type. One of the fruits of progressive governance.
The solution seems simple enough: The FBI needs to wait their turn at the Apple Genius Bar. Problem solved. They are geniuses, after all.