A US magistrate judge has ordered Apple to help the FBI gain access to the contents of a PIN-locked iPhone 5C used by Syed Farook, one of the shooters in the San Bernardino shooting spree that unfolded last December.
The order is pretty specific: the judge requires the company to bypass or disable the auto-erase function, make it possible for the FBI to submit passcodes to the device electronically instead of physically, and make sure that the entry of these passcodes can be performed without additional delay between the attempts.
She proposes that this be done by Apple creating and providing to the FBI a signed iPhone software file, recovery bundle, or other software image file (SIF) that can be loaded on the device without modifying anything already on it. To reassure that the provided solution can’t be used on other iPhone devices, the SIF should be coded to load and execute only on that particular device, she noted.
Forensic scientist Jonathan Ździarski and security researcher and Trail of Bits CEO Dan Guido both believe that Apple can do this, but the company says that they will oppose the order, as it “has implications far beyond the legal case at hand.”
“This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake,” Apple CEO Tim Cook wrote in an open letter to the company’s customers.
“(…) the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession,” he noted.
“The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”
He describes the implications of the government’s demands as “chilling,” and explained why:
“If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”
“We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications,” he concluded.
As cryptographer Matthew Green rightly noted, “If the US government dictating iPhone encryption design sounds ok to you, ask yourself how you’ll feel when China demands the same.”