As the battle between Apple and the FBI intensifies over unlocking data from an iPhone used by one of the terrorists in a mass killing in San Bernardino, Calif., a Campbell University law professor called the government demands “chilling” but said the issue needs to be debated more fully.
“A more full-throated analysis of all relevant issues is needed,” Kevin Lee, an associate professor at the Normal Adrian Wiggins School of Law in Raleigh, wrote in a blog post about the legal issues surrounding the argument, with Apple so far defying a court order to unlock the phone out of concern for customer privacy.
“The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data,” he wrote. “The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location or even access your phone’s microphone or camera without your knowledge.”
The battle continues this week, with Microsoft co-founder Bill Gates weighing in against Apple. Meanwhile, Google, Facebook and other tech firms are backing Apple, and rallies in support of were held in Durham and other cities nationwide.
Apple has resisted providing a piece of programming that would help the FBI access the phone used by Syed Farook, who, along with his wife, killed 14 people at a county office building in San Bernardino in December.
The company argues that governments, both in the U.S. and overseas, are likely to use the program in other cases, undermining data privacy.
In an interview Tuesday with the Financial Times, Gates said “this is a specific case where the government is asking for access to information.” He likened it to the police getting records from a phone company.
The FBI said neither the company nor anyone else has anything to fear. Although they want to compel assistance from Apple to unlock Farook’s phone, authorities said the techniques they propose are limited in scope and pose no risk to the privacy of other iPhone users.
Security experts say it’s not so simple.
“It’s a very dangerous proposition to claim that this capability could not be reused,” said Will Ackerly, co-founder and chief technology officer at computer security firm Virtru and a former National Security Agency employee.
The legal argument
Campbell’s Lee points out that the legal argument at this point points to the FBI having the authority to make its demand, which so far Apple Chief Executive Tim Cook has chosen to fight.
“The ability to create a private space is essential for democracy,” Lee told WRAL News. “We have to think of where this is heading. I think the bigger question is, who should be in charge of making these decisions?”
Government attorneys have said the All Writs Act, a 1789 law, gives the court the power to compel Apple to cooperate with the FBI.
“They’re asking a low-level court to change policy that would affect a billion people without knowing that there’s anything of value on this phone,” Lee said. “The problem with that is, once that ‘key’ exists, every time law enforcement seeks to gain access to a locked phone, the pathway will be available.”
He said he he would like to see the U.S. Supreme Court take up the delicate balance of privacy rights and national security concerns.
“It’s a difficult case because it highlights a value we deeply hold, which is privacy,” said William Boettcher, an associate professor of political science at North Carolina State University. “But then it’s a case in which we’re talking about a terrorist who committed a heinous act and getting access to their information that could indicate their motivations, could lead to others who are co-conspirators.”
Boettcher said most people favor security over privacy, thinking they have nothing to fear from government intrusion unless they break the law. He said he believes Apple will eventually comply with the court order, and cases like this will become more common as technology takes an even bigger role in people’s lives.
“This is a crucial test case and will set a precedent that will be used by courts and companies in the future,” he said.
The back story
Essentially, the FBI wants Apple to write a program that disables some iPhone security features so that federal computer experts could guess the phone’s passcode. Unlocking the phone with the passcode automatically decodes encrypted files. In particular, the FBI wants to disable a “self-destruct” mechanism that could render the phone unreadable after 10 bad guesses, as well as an enforced delay of up to an hour between incorrect passcode attempts.
Authorities say their precautions would prevent anyone else – governments and criminal hackers included – from reusing that bypass software on other phones.
First, the government says Apple can design the program to work only when it recognizes Farook’s iPhone by checking the unique identifying code assigned to each device Apple makes. The iPhone won’t respond if the program doesn’t contain a cryptographic signature that verifies the software was created by Apple, the government said in its court filing.
Authorities say the program could be loaded onto the iPhone’s temporary memory, so it would disappear once the iPhone is turned off. As an additional precaution, the government says Apple could design the program to let investigators try different passcodes by submitting them electronically so that Apple could keep physical control over the iPhone while the special program is deployed.
“Compliance with the order presents no danger to any other phone,” prosecutors said Friday in a court document signed by Assistant U.S. Attorney Tracy Wilkinson.
Those measures should prevent anyone from getting their hands on the special software or reusing it on another phone, agreed Chris Eng, vice president of research at Veracode, a computer security firm. “From a technical perspective, I believe what’s being described is completely possible.”
‘The nature of software’
Eng said he’d be more concerned if the government was seeking a true “backdoor” – a change in Apple’s encryption algorithm that would let others break the code. That’s not what the FBI is pursuing in this case, he said.
But other experts warned of technical risks in the government’s plan. They said it would be difficult, but not impossible, to reverse-engineer the Apple program so it could work with other phones. Software is easy to copy, despite the government’s reassurances, said Bruce Schneier, a security expert and chief technology officer for Resilient Systems.
“That’s the nature of software,” he said.
The program wouldn’t work on another iPhone unless a hacker modified it to recognize that device, and that would require forging Apple’s digital signature, said Steve Bellovin, a computer science and security expert at Columbia University. But he said it’s not beyond the realm of possibility that sophisticated hackers or a foreign government could steal Apple’s signature code.
Any risk that the software could be stolen or modified would increase because other law enforcement agencies are likely to ask Apple to reuse that tool in the future, Apple contends.
“Law enforcement agents around the country have already said they have hundreds of iPhones they want Apple to unlock if the FBI wins this case,” the company said in a statement Monday.
Using the software even once could give authorities or outsiders new clues to how Apple’s security features work, potentially exposing vulnerabilities that could be exploited in the future, Ackerly said. If Apple allows federal investigators to submit passwords through a remote connection, he added, that could open the phone to intrusion, including efforts to copy the program.
The government has promised it won’t try to copy Apple’s software, of course, and doing so would risk a judge’s ire or even legal penalties.
Computer forensics expert Jonathan Zdziarski raised another possibility: If authorities find anything on the iPhone that they use in court – for example, to identify and prosecute any accomplices who aided the San Bernardino shooters – then Apple could be required to explain its software in court. A judge might also permit defense attorneys and their experts to study the program.
There’s a strong likelihood “this tool won’t be used once, but many times,” Zdziarski said in an email, adding that each time could expose the software to copying or misuse.