Should Apple help the government hack into encrypted devices?

[Snowboarder_Bo]

[The story:

A U.S. magistrate has ordered Apple to help the Obama administration hack into an iPhone belonging to one of the shooters in San Bernardino, California.

The ruling by Sheri Pym on Tuesday requires Apple to supply highly specialized software the FBI can load onto the phone to cripple a security encryption feature that erases data after too many unsuccessful unlocking attempts.

](http://bigstory.ap.org/article/145860f91b854a709c1a47190563c86e/judge-apple-must-help-us-hack-san-bernardino-killers-phone)

Apple has refused and CEO Tim Cook posted a letter saying so on their website. He makes the case that doing what the government wants would create a backdoor that, essentially, could never be closed.[

Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.

Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.

For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.

But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

](Customer Letter - Apple)
According to the linked AP article, there is a similar case in the U.S. District Court for the Eastern District of New York, so it seems unlikely that if this order stands it would be the last and only time that Apple (or another company or person) would be forced to help hack into a device.

Should the government’s order stand? Should Apple (or any company or person) cooperate?

[Crotalus]

WordMan has a similar thread here.

[Bricker]

For reference. this PDF is the court’s order, which is in my view quite troubling.

[Snowboarder_Bo]

Thanks, Bricker. What exactly is it that you find troubling?

[Fotheringay-Phipps]

ISTM that there are two separate questions:

[ol]
[li]Whether the benefits of forcing Apple to do this outweigh the risks[/li][li]Whether the government has the power to do this under current law.[/li][/ol]
The answers to these questions are not directly correlated, and are worth keeping separate.

I’m not a legal expert, but I’m puzzled as to how the government has the power to force Apple - a company not subject to any criminal suspicion in this matter - to create a new system (as opposed to merely releasing information that they already have). That itself is troubling, even beyond Apple’s stated concerns.

[Boyo_Jim]

I don’t like the idea, but conceptually it is similar to forcing a reluctant witness to testify at a trial. But I do hope Apple continues to resist.

[T.M]

I can understand Apples concerns, but, would it be possible for apple to unlock and download the information and give the information to the FBI and still deny the FBI the technical information to unlock the phones

[Ravenman]

I don’t find Tim Cook’s letter very compelling, but perhaps some others could clear up a few factual matters for me that I think are very important.

Let’s say Apple creates this new version of iOS, which per the court order is installed on the single target device. The FBI would then have to brute force the unlock code for that iPhone, without the risk of the iPhone being wiped. Am I correct so far?

Cook’s letter basically says that there is a huge risk of the techniques used by this special version of the iOS leaking out into the world, compromising all iPhones. What I’m not quite clear on is whether the concern is that the actual modified iOS software would leak out, or that the software engineers, once they figure out how to bypass the security of the iPhone in order to write this special version of the iOS, can’t be trusted to keep their mouths shut, and they would reveal the techniques used to write the software to other, bad people.

I’m of the opinion that it is totally pointless to require manufacturers to install backdoors in all devices and software, but the futility of this idea doesn’t diminish from the seriousness that law enforcement will have fewer tools to catch criminals. Others who are much stronger on the pro-encryption side, and tend to diminish or gloss over the impacts on law enforcement, have often said that backdoors are a terrible idea because law enforcement could always use other, more targeted techniques to often get what they are looking for. Upon first reflection, this seems like one of those targeted techniques.

I think analogies that compare encryption to safeboxes are always strained, but it seems like Cook’s argument boils down to, if we figure out a way to break into the safe we built, then all safes are compromised, and we think that’s a bad idea. What I’m missing here is the legal basis for Apple to challenge the judge’s order. Perhaps Bricker or some others can illuminate whether search warrants or similar judicial orders can or have been successfully challenged on the basis of “it is bad government policy?”

[Smapti]

Apple needs to comply with the court order or be held liable for contempt.

[running_coach]

T.M:

I can understand Apples concerns, but, would it be possible for apple to unlock and download the information and give the information to the FBI and still deny the FBI the technical information to unlock the phones

Whatever solution is developed will escape into the wild.

[bump]

For me, the most troubling parts are that the government expects Apple to essentially compromise its own product, and to do it on their own nickel. Apple has nothing to do with this case; it’s more that they made security that’s tough enough that the government can’t get into it without these dubious shenanigans. They don’t have any real obligation to help the government here, especially considering it might cost them business and/or tarnish their reputation.

If I was Apple, I’d consider telling the government to go to hell, AND launching a major publicity campaign about the security of iPHones, touting just how secure they are, and trot out the court order as proof. (“So secure, even the FBI can’t get into an iPhone!”)

[bump]

Smapti:

Apple needs to comply with the court order or be held liable for contempt.

That’s not the way it works… there are any number of ways Apple can contest a court order, and I’m betting they’re willing to try all of them.

[Boyo_Jim]

Smapti:

Apple needs to comply with the court order or be held liable for contempt.

Agreed, with the hope that they’re willing to spend a few million in legal fees to fight it as far as they can get in the court system.

[Smapti]

bump:

If I was Apple, I’d consider telling the government to go to hell, AND launching a major publicity campaign about the security of iPHones, touting just how secure they are, and trot out the court order as proof. (“So secure, even the FBI can’t get into an iPhone!”)

So, essentially, market the iPhone to terrorists.

[Boyo_Jim]

Market it to anyone who doesn’t want their phone pried into. Yes, that would include terrorists, and I’m ok with that.

[Ravenman]

bump:

For me, the most troubling parts are that the government expects Apple to essentially compromise its own product, and to do it on their own nickel.

For what its worth, I’d consider the government compelling some company to direct its personnel to go do some particular thing a taking, and in my opinion the government ought to compensate the company for that effort.

[running_coach]

Smapti:

So, essentially, market the iPhone to terrorists.

You think they don’t already know?

[ISiddiqui]

Ravenman:

For what its worth, I’d consider the government compelling some company to direct its personnel to go do some particular thing a taking, and in my opinion the government ought to compensate the company for that effort.

So every subpoena request is a taking?

[cmyk]

They want Apple to create a version of the OS that can be installed so it’ll allow the FBI to brute force guess at passcodes/passwords at trillions of times a second without increasing time delays or limited attempts before wiping the phone. Then put this in the hands of who knows how many people at the agency?

Not a Good Idea™.

[Smapti]

cmyk:

They want Apple to create a version of the OS that can be installed so it’ll allow the FBI to brute force guess at passcodes/passwords at trillions of times a second without increasing time delays or limited attempts before wiping the phone. Then put this in the hands of who knows how many people at the agency?

Not a Good Idea™.

Yes, just think of the potential harm that could be done if anyone at the FBI could try to break into Syed Farook’s phone and only Syed Farook’s phone, seeing as the court order specifies the software be installable only on that specific device.