Encryption & Key Management , Enterprise Mobility Management / BYOD , Governance & Risk Management

Feds Counter Apple's Arguments Over iPhone 'Backdoor'

Justice Department: Apple's Rhetoric Is 'False' and 'Corrosive'
Feds Counter Apple's Arguments Over iPhone 'Backdoor'

In a filing rebutting Apple's appeal of a court order requiring the company to help the FBI unlock the iPhone used by a shooter in the San Bernardino massacre, the Justice Department says Apple's rhetoric is "false" and "corrosive" to the institution that safeguards Americans' liberties and rights.

See Also: The Fraud Challenges in Mobile Financial Services

"The rule of law does not repose that power in a single corporation, no matter how successful it has been in selling its products," the Justice Department said in a 35-page motion filed March 10 with the U.S. District Court for the Central District of California.

DOJ, in its filing, says its request that Apple help the FBI to unlock the iPhone is a modest one that allows Apple to choose the least burdensome means to comply. It's a narrow, targeted order that will produce a narrow, targeted piece of software capable of running on just one iPhone in the security of Apple's headquarters, the DOJ argues.

A senior law enforcement official, speaking at a DOJ briefing March 10, accused Apple of creating a diversion by saying the case is not about a single iPhone and trying to alarm the court with issues of network security, encryption, backdoors and privacy, invoking larger debates before Congress and in the news media (see Apple, FBI Battle Before House Judiciary Committee).

"Apple deliberately raised technological barriers that now stand before a lawful warrant and an iPhone containing evidence related to a terrorist mass murder of 14 Americans," the senior law enforcement official said. "Apple, alone, can remove those barriers so the FBI can search the phone. They can do so without undue burden. Under those specific circumstances, Apple can be compelled to give aid. That is not lawless tyranny; rather it's ordered liberty vindicating the rule of law."

Apple Responds

Apple General Counsel Bruce Sewel says the tone of the government brief reads "like an indictment," adding that in his 30 years as a lawyer he had never "seen a legal brief that was more intended to smear the other side with false accusations and innuendo," according to media reports of a Thursday conference call with reporters.

Sewell said a number of the government's charges were groundless, including one that suggests that Apple's relationship with the Chinese government is different from ones with other countries. Government lawyers, he said, are "so desperate at this point that it has thrown all decorum to the winds."

The government, in its filing, says: " Apple appears to have made special accommodations in China as well: for example, moving Chinese user data to Chinese government servers, and installing a different WiFi protocol for Chinese iPhones. ... Such accommodations provide Apple with access to a huge, and growing, market."

U.S. Magistrate Judge Sheri Pym on Feb. 16 ordered Apple to assist the FBI by updating the iPhone to disable security features designed to wipe its memory or slow passcode entry to block brute-force attacks. Pym issued her order using the All Writs Act of 1789, which gives a judge the ability to issue court orders for matters not covered under current law (see Apple, FBI Draw Lines in Crypto Battle).

Focus on a Single iPhone

The Justice Department has framed its request as being limited to only unlocking a single phone: an iPhone 5C issued to Calif.-based Rizwan Farook, 29, by his employer, San Bernardino County. Farook and his wife Tashfeen Malik, 29, attacked Farook's work colleagues in a December shooting spree that left 14 people dead and 22 wounded. The government has also cited a legal precedent, recently noted by George Washington University law professor Orin Kerr, that it can force a suspect to help it crack an encryption scheme, in the form of the 1807 treason trial of Aaron Burr, when his clerk was compelled to decrypt a letter.

In an impassioned Feb. 17 letter, Apple CEO Tim Cook said that Apple would fight the "dangerous" court order. "We have no sympathy for terrorists," he said. "But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone."

Citing Supreme Court decisions, the DOJ reiterated earlier arguments that it can use the All Writs Act to compel Apple to comply with the court order. Apple, however, has argued that the All Writs Act would subvert Congressional powers.

Apple contends creating special software to help circumvent the iPhone's password protection would also be burdensome, a point the government dismisses. The filing cites Apple as asserting it would take six to 10 employees two to four weeks to develop new code in order to carry out the court's order. "Even taking Apple at its word, this is not an undue burden, especially given Apple's vast resources and the government's willingness to find reasonable compromises and provide reasonable reimbursement," the filing says.

Disarming a Booby Trap

One argument advanced by Apple and its supporters in the technology community is that if it creates a password workaround to gain access to the iPhone, the code could get into the hands of potential hackers, stolen by spies, or taken to another firm by the engineers who worked on the project.

But the government attempts to dismiss this point. The filing says Apple needn't share the code with the government, adding that the company has shown it's capable of protecting code that could compromise its security.

"Even if criminals, terrorists and hackers somehow infiltrated Apple and stole the software necessary to unlock Farook's iPhone, the only thing that software could be used to do is unlock Farook's iPhone," the filing said. "Far from being a master key, the software simply disarms a booby trap affixed to one door: Farook's."

Security, Crypto Experts Respond

Some security experts, however, have questioned the government's claim that it's not trying to set a precedent with this new case, or that it's only about one device. Indeed, as Nicholas Weaver, a researcher at the International Computer Science Institute and the University of California at Berkeley, has noted, the entire U.S. legal system is based on precedent.

Cryptographer Matthew Green, an assistant professor at the Johns Hopkins Information Security Institute, likewise said the Justice Department is attempting to set a dangerous precedent that allows it to seize any code created by U.S. software developers, which in this case would be the cryptographic code that Apple uses to sign iOS updates, without which devices won't run the code. Alternately, the DOJ's filing warns, it will compel Apple's developers to write code that performs to the government's specifications - no matter the potential repercussions.

But many legal experts have said that attempting to compel developers to write code would likely violate their and Apple's First Amendment rights.

Meanwhile, iOS security expert Jonathan Ździarski said that DOJ would likely already have attempted to seize Apple's signing code and write the update itself, but that it likely lacks developers that possess the requisite - highly specialized - programming skills that would be required.

Apple's appeal of Pym's order will be heard March 22. That's one day after Apple is expected to launch a new range of iPhones (see Report: Apple Building iPhone It Can't Hack).

Executive Editor Mathew Schwartz also contributed to this story, which has been updated.


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.in, you agree to our use of cookies.