A decision from a federal United States Magistrate Judge seriously threatens smartphone encryption by requiring Apple to build a “backdoor” to the iPhone for the Federal Bureau of Investigation to use.
Apple has promised to fight the decision.
The FBI, in its investigation of the terrorist attacks in San Bernardino, has been unable to unlock Syed Farook’s work iPhone. Because it has been unable to unlock the work phone, the FBI turned to Apple in an effort to access the phone. Apple has been more than cooperative, according to Apple CEO Tim Cook,
When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.
This was not sufficient for the FBI, as it also wanted access to the locked device. The FBI, consequently, looked to the courts. Yesterday, the Magistrate ordered Apple to provide the FBI with technical assistance that will unlock the device as follows:
[It] shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.
As Mr. Cook more succinctly stated, the government has ordered Apple “to build a backdoor to the iPhone.”
The specific backdoor the Magistrate has ordered Apple to develop would allow the FBI unlimited opportunities to try different passcodes on the iPhone without the system deleting information after a predetermined number of unsuccessful attempts. Essentially, it would allow the FBI to “brute force” its way into the phone.
The language “build a backdoor” is also telling. Neither the technology nor the software currently exists. The court is ordering Apple to build it from scratch. And the backdoor would defeat years of Apple’s own research and development in the smartphone security field.
Apple enables full encryption on all its smartphones. Due to the encryption processes it and other smartphone manufacturers use, Apple is not able to decrypt the phones. Once iPhone consumers establish a passcode, only they possess the information – the keys – needed to decrypt the phones. Apple does not know the passcodes established by the consumers.
If Apple complies, and it indicates it will not comply with the order, the FBI will be able to use the software Apple develops on any Apple smartphone. It will not be limited to use just on the San Bernardino terrorists’ phones. And the FBI may share the software with other law enforcement agencies, such as state and local police. In short, the software developed for decrypting one device will gain a life for itself, find its way down the chain, and may very well find its way into the hands of hackers and identity thieves.
The federal Magistrate issued an order that is contrary to the stated intent of the Obama administration and in the absence of express federal legislation directing Apple to construct a backdoor. This heavy-handed approach to judicially mandating an encryption backdoor runs roughshod over the legislative process, threatens individuals’ security, and threatens to suppress confidence in innovative technologies.
Crossposted at www.alec.org.
Jonathon Hauenschild is a Legislative Analyst for the Center for Innovation and Technology at the American Legislative Exchange Council.