Despite the ongoing presidential nominating fracas going on in South Carolina and Nevada, the untimely death of Supreme Court Justice Anton Scalia, there was a bit of news that touched both the tech world and the political world: Apple’s refusal to assist the FBI in accessing data on one of the iPhones of the two terrorists that attacked San Bernardino California.
Federal judge Sheri Pym ordered Apple Computer to assist the FBI by disabling the feature that wipes the data on the phone after 10 incorrect tries at entering a password. The judge didn’t ask Apple to disable this function across its product line, or even on any other phone other than the phone of Syed Farook, who with his wife Tashfeen Malik murdered 14 people in San Bernardino, California on December 2. The FBI wishes to crack the password of the terrorist using “brute force,” a method of attempting tens of millions of combinations without risking the deletion of the data.
Here are some key points from the judge order:
Apple’s reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.
Apple’s reasonable technical assistance may include, but is not limited to: providing the FBI with a signed iPhone Software file, recovery bundle, or other Software Image File (“SIF”) that can be loaded onto the SUBJECT DEVICE. The SIF will load and run from Random Access Memory and will not modify the iOS on the actual phone, the user data partition or system partition on the device’s flash memory. The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE. The SIF will be loaded via Device Firmware Upgrade (“DFU”) mode, recovery mode, or other applicable mode available to the FBI. Once active on the SUBJECT DEVICE, the SIF will accomplish the three functions specified in paragraph 2. The SIF will be loaded on the SUBJECT DEVICE at either a government facility, or alternatively, at an Apple facility; if the latter, Apple shall provide the government with remote access to the SUBJECT DEVICE through a computer allowing the government to conduct passcode recovery analysis.
If Apple determines that it can achieve the three functions stated above in paragraph 2, as well as the functionality set forth in paragraph 3, using an alternate technological means from that recommended by the government, and the government concurs, Apple may comply with this Order in that way.
Apple’s CEO, Tim Cook, responded to the media that Apple would not comply with the judge’s order, saying doing so would create a “back door,” allowing the access to encrypted personal data, violating the privacy rights of its users. The response by Cook is a bit confusing, since repeatedly the order references the “subject device.”
One might wonder if Apple’s attorneys have offered Cook an incorrect interpretation of the judge’s order. Nothing in the order demands that Apple remove this functionality across its product line, or provide any access to data on any device other than the specific iPhone 5c of Syed Farook.
There must be some reason for Cook’s resistance to help the FBI access the data that could potentially identify other radicalized individuals or trace the “mastermind” behind the San Bernardino attack. Why would Apple want to hinder the actions of the FBI in what could save lives?
Some have suggested that Cook’s reticence is an attempt to avoid a “slippery slope,” where the government uses this single situation as precedence to future attempts to access personal data. It could be opined that Apple is standing with its customers to protect them against a prying government. This is why we have a court system. The FBI had to argue to a federal judge that, in this specific instance, the data of a known criminal was not protected by privacy rights. It’s no different than a search warrant. The judge concurred, hence taking the matter out of the civil arena into the criminal investigation domain.
Will Apple’s refusal to aid the FBI have an effect on their product sales? Probably not. However it does pose some interesting questions about whether a private company should or can refuse to assist the government in its investigations into criminal activity. Some will undoubtedly look at Apple’s approach to this very limited and device specific request as a stand where personal privacy trumps the welfare of the public. Others will view this as Apple seeing itself as above the law.
This could be Apple’s way of demonstrating just how secure data is on its iPhone. If the government’s most technologically equipped investigative agency cannot access your data on their products most Apple customers would feel very secure. Is it just a play for attention, sales or an ego-maniacal thumb in the eye of the feds?
In all likelihood Apple will be forced to comply; but not until they’ve made their point. How this will alter the public’s view of Apple the company is a story yet to unfold.