Electronic Frontier Foundation – A Technical Perspective on the Apple iPhone Case
Electronic Frontier Foundation (EFF) presents a deep dive on the FBI’s fight with Apple over its customers’ privacy.
Apple is being asked to assist the FBI’s ongoing investigation of last December’s San Bernardino mass shooting by providing software to unlock a phone used by (deceased) suspect Syed Rizwan Farook (though owned by his employer, the San Bernardino County Department of Public Health).
Legally, the FBI is citing the All Writs Act, a general-purpose law first enacted in 1789 that can allow a court to require third parties’ assistance to execute a prior order of the court when “necessary or appropriate.” Judges have questioned the application of this general purpose law for unlocking phones.
A U.S. federal magistrate judge has ordered Apple to undermine the security of an iPhone that was used by Farook. If carried out, the order would compromise the security of every Apple customer in the world. Fortunately, Apple is fighting back and standing up for its users, and EFF is filing an amicus brief in support of Apple’s position.
This case is not about FBI vs. Apple. It’s about every consumer’s right to use secure technologies, and every technology company’s right to protect its customers’ privacy. EFF.org
The government is doing more than simply ask for Apple’s assistance. For the first time ever, the government is telling Apple to write brand new code that eliminates the security features of its own products—features that benefit everyone who uses Apple products or even communicates with iOS users. Essentially, the government is asking Apple to create a master key so that it can open a single phone. And once that master key is created, we’re certain that both our government and others will ask for it again and again.
There’s been a lot of confusion about what exactly the FBI is asking Apple for. In short, the FBI wants Apple to do three things:
– iOS can be set to erase its keys after 10 incorrect passcode guesses. The FBI wants software with this feature disabled.
– iOS imposes increasingly long delays after consecutive incorrect passcode guesses to slow down guessing. The FBI wants software that accepts unlimited guesses with no delays.
– iOS requires individual passcodes to be typed in by hand. The FBI wants a means to electronically enter passcodes, allowing it to automatically try every possible code quickly.
The FBI’s goal is to guess Syed Rizwan Farook’s passcode to unlock his phone. If it just tries entering passcodes, though, it might erase the device’s keys, at which point the data may never be recoverable. Hence, it’s telling Apple to write special software to allow unlimited guesses. The FBI claims that it has the right to make this request under the 1789 All Writs Act, a claim that many legal experts have questioned.
The problem with the FBI’s request is twofold. First, the risk of this piece of software getting into unauthorized hands is very high, and the damage that it could do is obvious.
Second, writing this code would probably encourage more government requests—potentially from other governments around the world. Even if you trust the U.S. government, once this master key is created, governments you don’t trust will surely demand that Apple undermine the security of their citizens as well.
EFF supports Apple’s stand against creating special software to crack their own devices. As the FBI’s motion concedes, the All Writs Act requires that the technical assistance requested not be “unduly burdensome,” but as outlined above creating this software would indeed be burdensome, risky, and go against modern security engineering practices.
The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows.
SOURCE: EFF.org, Cato.org