Late yesterday afternoon a Federal court ordered Apple to assist the FBI in their investigation into the San Bernardino shootings by unlocking the iPhone belonging to the shooters. In response, this morning, Apple CEO Tim Cook released a public statement in which Apple refuses to comply, explaining the reasons that even if Apple can comply with the order, they will refuse to do so.
The full text of both the court order (it’s short, and fairly plain (tech) English), and Apple’s response, are below, but to us one interesting aspect of the court order is this paragraph:
Apple’s reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.
Now, it’s important to understand that in legal documents such as court orders, the word “shall” has a very specific meaning. It means “you will do it, no ifs, ands or buts”.
Judge Sheri Pym, in other words, in using “shall”, is conveying that this isn’t, in her mind, a case of ordering Apple to do this thing if it’s possible, she has already made up her mind that it is possible for Apple to do it, which, in turn means that if Apple doesn’t do it (even if because it’s impossible), Apple will be in contempt of court. And could face enormous fines, or worse.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
What Apple is being ordered to do in the above paragraph is to basically disable the time-out function that happens when you put the wrong passcode into an iPhone, and the ultimate destruction of the data on the phone after too many attempts, so that the FBI can attempt to discover the passcode and unlock the iPhone.
(It should be noted here that Apple has been working with the FBI on this case, and up to now has fully cooperated with the FBI. Cook also sounds all of the correct patriotic notes in his statement – it’s this one point – creating the highly sought-after (by the Feds) backdoor – over which Apple is firmly drawing a line.)
It’s also interesting to note that what the FBI asked for, and what the court ordered, isn’t that Apple unlock the phone for the FBI, but that Apple make it possible for the FBI to keep trying to figure out the passcode without the phone reaching the self-destruct point.
We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business. – Apple CEO Tim Cook
Can Apple even comply with this court order? Is it even possible?
(Note: Clearly the FBI doesn’t read the Internet Patrol, or they would already know how to avoid that time out when trying to figure out a passcode.)
In his response, Apple CEO Tim Cook doesn’t really say one way or the other. What he does say is that “We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”
While Cook never says whether or not what the government is asking, and the court is demanding, is something Apple can do, one can certainly infer from his statements that they could do it.
Rather Cook focuses on what a horrible, security-thwarting precedent this would set.
“The government suggests this tool could only be used once, on one phone. But that’s simply not true,” says Cook. “Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes.”
In other words, if Apple can and did do this, the security that currently exists on smartphones in general, and the iPhone in particular, would vanish in the hands of hackers.
And so, on principle, Apple is refusing to comply with the court’s order.
Which almost certainly also means that they will be appealing the order.
Opined Whistle Blower Laureate Edward Snowden, “The FBI is creating a world where citizens rely on Apple to defend their rights, rather than the other way around”, by which we assume he meant that instead of the government defending us against big business, big business is defending our rights against the government.
Here’s the full text of the court order, and below that is the full text of Tim Cook’s love letter to the court. Got questions? Please put them in the comments below and we’ll try to get to them asap.
Full Text of Court Order in the Demand for Apple to Decrypt the San Bernardino Shooters’ iPhone
EILEEN M. DECKER United States Attorney PATRICIA A. DONAHUE Assistant United States Attorney Chief, National Security Division TRACY L. WILKISON (California Bar No. Assistant United States Attorney Chief, Cyber and Intellectual Property Crimes Section ALLEN W. CHIU (California Bar No. 240516) Assistant United States Attorney Terrorism and Export Crimes Section 1500 United States Courthouse 312 North Spring Street Los Angeles, California 90012 Telephone: (213) 894-0622/2435 Facsimile: (213) 394-3601 Email: [redacted by the Internet Patrol so as to not facilitate spam] Attorneys for Applicant UNITED STATES OF AMERICA UNITED STATES DISTRICT COURT FOR THE CENTRAL DISTRICT OF CALIFORNIA IN THE MATTER OF THE SEARCH OF AN APPLE IPHONE SEIZED DURING THE EXECUTION OF A SEARCH WARRANT ON A BLACK LEXUS IS300, CALIFORNIA LICENSE PLATE 35KGD203 ------------- ORDER COMPELLING APPLE, INC. TO ASSIST AGENTS IN SEARCH ------------- This matter is before the Court pursuant to an application pursuant to the All Writs Act, 28 U.S.C. 1651, by Assistant United States Attorneys Tracy Wilkison and Allen Chiu, requesting an order directing Apple Inc. ("Apple") to assist law enforcement agents in enabling the search of a digital device seized in the course of a previously issued search warrant in this matter. For good cause shown, IT IS HEREBY ORDERED that: 1. Apple shall assist in enabling the search of a cellular telephone, Apple make: iPhone 5C, Model: A1532, P/N:MGFG2LL/A, S/N:FFMNQ3MTG2DJ, IMEI:358820052301412, on the Verizon Network, (the "SUBJECT DEVICE") pursuant to a warrant of this Court by providing reasonable technical assistance to assist law enforcement agents in obtaining access to the data on the SUBJECT DEVICE. 2. Apple's reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware. 3. Apple's reasonable technical assistance may include, but is. not limited to: providing the FBI with a signed iPhone Software file, recovery bundle, or other Software Image File ("SIF") that can be loaded onto the SUBJECT DEVICE. The SIF will load and run from Random Access Memory ("RAM") and will not modify the iOS on the actual phone, the user data partition or system partition on the device's flash memory. The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE. The SIF will be loaded via Device Firmware Upgrade ("DFU") mode, recovery mode, or other applicable mode available to the FBI. Once active on the SUBJECT DEVICE, the SIF will accomplish the three functions specified in paragraph 2. The SIF will be loaded on the SUBJECT DEVICE at either a government facility, or alternatively, at an Apple facility; if the latter, Apple shall provide the government with remote access to the SUBJECT DEVICE through a computer allowing the government to conduct passcode recovery analysis. 4. If Apple determines that it can achieve the three functions stated above in paragraph 2, as well as the functionality set forth in paragraph 3, using an alternate technological means from that recommended by the government, and the government concurs, Apple may comply with this Order in that way. 5. Apple shall advise the government of the reasonable cost of providing this service. 6. Although Apple shall make reasonable efforts to maintain the integrity of data on the SUBJECT DEVICE, Apple shall not be required to maintain copies of any user data as a result of the assistance ordered herein. All evidence preservation shall remain the responsibility of law enforcement agents. 7. To the extent that Apple believes that compliance with this Order would be unreasonably burdensome, it may make an application to this Court for relief within five business days of receipt of the Order. Signed: SHERI PYM UNITED STATES MAGISTRATE JUDGE Dated: FEB 16, 2016
Full Text of Apple’s Tim Cook’s Letter Regarding the FBI Court Decision
(You can also read the full text of Tim Cook’s letter on the Apple website.)
A Message to Our Customers
The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.
This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.
The Need for Encryption
Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.
All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.
Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.
For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.
The San Bernardino Case
We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists.
When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.
We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
The Threat to Data Security
Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.
In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.
The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.
The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.
We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.
A Dangerous Precedent
Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.
The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.
The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.
Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.
We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.
While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.