Apple Tells Court Not To Force Them To Undermine iPhone Security
Apple on Thursday filed a motion to vacate the order compelling it to assist the government in the search of an iPhone seized from a terrorist in the San Bernardino attack. The company filed the motion in the U.S. District Court Central District of California Eastern Division.
On Feb. 16, 2016, the government asked the court to compel Apple to assist in the investigation. The court granted the request, thereby compelling the company to create new software to enable the government to hack into an iPhone 5c used by one of the attackers.
Apple, in its motion, said the case is not about an isolated phone but about the government seeking a dangerous power to force companies to undermine the privacy and basic security interests of hundreds of millions worldwide.
Back Door Will Undermine Security
Apple said the government demands that it create a back door to defeat the encryption on the phone, which would make confidential and personal information vulnerable to identity thieves, hackers, foreign agents and unwarranted government surveillance. It states the All Writs Act of 1789, on which the government bases its case, does not give the court a “roving commission” to command Apple in this manner.
Apple said no court has ever authorized what the government is trying to do, and no law authorizes such “sweeping use of judicial process, and the Constitution forbids it.”
In the face of hacking threats, Apple said it is dedicated to enhancing its devices’ security, so when customers use an iPhone, they can be confident their private personal information is safe. “To this end, Apple uses encryption to protect its customers from cyber-attack and works hard to improve security with every software release because the threats are becoming more frequent and sophisticated.”
Apple: Government Evades Congress
The two important interests in the case are the personal safety interests of the public and the needs of law enforcement, the motion noted. The government had the chance to amend the existing law and to ask Congress to adopt the position the government wants. But instead of seeking new legislation, the government has moved away from Congress and approached the courts, which Apple calls ill suited to address the “myriad competing interests, potential ramifications, and unintended consequences presented by the government’s unprecedented demand.”
By invoking terrorism, the government wants Apple to create a new operating system (OS), a “back door” to the phone which Apple considers too dangerous to build. Creating this OS would force Apple to develop new software with the ability to remove security features and create a capability to the operating system to undermine iPhone encryption.
Such software would allow a passcode to be input electronically, making it easier to unlock the iPhone by “brute force” by attempting to use thousands or millions of passcode combinations using the speed of a modern computer.
Vulnerable To Criminals
Once the process has been developed, it will offer a way for criminals and foreign agents to have access to millions of iPhones. “And once developed for our government, it is only a matter of time before foreign governments demand the same tool.”
The company noted that local and state officials have already declared their intent to use the proposed OS to open hundreds of other seized devices, including cases that have nothing to do with terrorism. “Once the floodgates open, they cannot be closed, and the device security that Apple has worked so tirelessly to achieve will be unwound without so much as a congressional vote.”
Apple said no legal principle would limit the technology to domestic terrorism. And even if it could, the technology would only drive adversaries further underground using encryption technology developed by foreign companies that cannot be conscripted into U.S. government service.
The FBI’s warnings that terrorists and criminals can “go dark” behind encryption methods proves this point, the motion noted.
New Government Powers
Lastly, considering the government’s “boundless interpretation of the All Writs Act,” Apple said it is hard to conceive of any limits on government edicts the government could obtain in the future. As an example, if the government can compel Apple to write code in this case and to bypass security features, what will stop the government form requiring Apple to write code and turn on the microphone in support of government surveillance, activate the video camera, surreptitiously record conversations or activate location services to track the phone’s user? Nothing, according to Apple.
By ordering Apple to take this action, the government is not contributing to the debate but seeking to avoid it, the company claimed.
Apple said it strongly supports efforts of law enforcement to seek justice against criminals and terrorists. But the “unprecedented” order the government has requested is not supported in the law and would violate the Constitution. The order would harm society, civil liberties and national security. It would also preempt decisions that should be left to laws that Congress passes and the President signs.
The company said that it provided data it possessed relating to the attackers’ accounts that the FBI asked for. The company participated in teleconferences, gave technical assistance and answered questions and suggested alternative ways for the government to get the data from the iPhone.
The FBI Mishandled The Phone
The company noted that the FBI, without consulting Apple or reviewing its public iOS guidance, changed the iCloud password connected to one of the attacker’s accounts, thereby foreclosing the chance of the phone executing an automatic iCloud backup of its data to the Wi-Fi network. Such an action, had it succeeded, would have obviated the need to unlock the phone and for the “extraordinary order” the government now seeks.
The creation, design, deployment and validation of the software would likely require six to 10 engineers and employees dedicating a “very substantial” portion of their time for at least two weeks, and as many as four weeks, the company noted.
Once created, the OS would have to go through Apple’s security and quality assurance testing process. Changing one feature of an OS often has unanticipated consequences. Thus, security testing and quality assurance would require that the new OS be tested on multiple devices and validated before deployment.
Apple Cites Legal Issues
The motion takes issue with the legality of the government’s order.
An order pursuant to the All Writs Act “must not adversely affect the basic interests of the third party or impose an undue burden,” Apple noted. The government order violates both requirements by conscripting Apple to create software that does not exist and that Apple has a compelling interest in not developing.
Apple has an interest in protecting its data protection systems that ensure the security of customers who depend on and store confidential data on their iPhones.
An order compelling the company to create software that defeats such safeguards undermines those systems and adversely affects the company’s interests and those of iPhone users around the globe.
Responding to these demands would require the company to create full-time positions in a new “hacking” department to service government requests and to create new versions of the back door software every time iOS changes. It would further require company engineers to testify about this back door as government witnesses at trial.
Featured image from Shutterstock.