U.S. Markets closed

Apple resists government request to weaken iPhone security

Aaron Pressman
Technology Reporter

A U.S. magistrate judge in California on Tuesday ordered Apple (AAPL) to help the FBI break into the iPhone of deceased San Bernardino terrorist Syed Farook. But the order prompted a strong rebuke from Apple CEO Tim Cook, who argued that meeting the FBI's request in the case would weaken the security of all iPhones everywhere. So what's really going on?

Farook and his wife were killed by police shortly after their Dec. 2 attack. The couple threw away several mobile phones used during the attack in a dumpster, but authorities also found an iPhone 5C issued to Farook by his employer in the back of Farook's mother's Lexus. The contents of the phone are encrypted and can't be read without entering the correct passcode, which has so far prevented the FBI from seeing any data stored on the device. FBI Director James Comey told Congress on Feb. 9 that criminals are increasingly "going dark" through the use of encrypted communications. "We still have one of those killer's phones that we have not been able to open," Comey said about Farook's iPhone.

Apple doesn't keep copies of its customers' passcodes and can't read the encrypted contents of an iPhone without the codes. So Magistrate Sheri Pym ordered Apple to assist the FBI by making it easier in essence to guess Farook's passcode.

An ordinary iPhone can be set to erase its contents after 10 incorrect passcode guesses. The FBI wants Apple to write a special version of its iOS software that will allow unlimited guesses without the erasure feature and then load it onto the Farook's phone. The FBI also asked that the special version eliminate a delay imposed by the usual iOS software after each wrong guess, and allow each guess to be input electronically instead of having to be tapped onto the keypad by a person. (The FBI wants to be able to circumvent the keypad by connecting a computer to the iPhone directly via a cable and electronically sending in the passcode as fast as it can.) Together, the three changes would greatly speed up the FBI's ability to guess the passcode and eliminate the risk of erasing the data on the phone.

But the changes still wouldn't guarantee that the FBI could unlock the phone. If Farook used a simple 4-number PIN, the FBI would be able to input every possible combination in 15 minutes or less with the special version of iOS. However, if Farook chose to use a longer code including numbers and letters, inputing all the possible combinations could take so long as to be virtually unbreakable.

Tim Cook argued in a public letter to Apple customers that creating a special, weakened version of iOS would be tantamount to creating a backdoor to break into all iPhones.

"Building a version of iOS that bypasses security in this way would undeniably create a backdoor," Cook wrote. "And while the government may argue that its use would be limited to this case, there is no way to guarantee such control."

The request in the magistrate's order for Apple to create a weaker version of iOS software isn't the same as the "backdoor" that law enforcement agencies have typically called for in the past. Last year, Comey sought a more direct backdoor, calling on Congress to require Apple and other phone makers to include a way for law enforcement to access encrypted information. That would likely entail creating a special master code that could unlock any iPhone instantaneously.

But Cook argued that the weakened version of iOS made specially for Farook's iPhone could not be contained and could be used against millions of other iPhones, thus making it the equivalent to a backdoor, if a slightly less useful one than a master code.

"The government suggests this tool could only be used once, on one phone," Cook wrote. "But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable."

Another aspect of the debate revolves around the government's legal authority to compel Apple to write the new, weaker version of iOS. In a typical investigation, law enforcement agencies seek to compel companies to turn over information they possess, such as phone records or email. But in this case, the FBI wants Apple to write a new software program to help it obtain information which Apple does not possess itself. Government lawyers have cited a law dating to 1789, the All Writs Act, that was used as the justification decades ago to compel telephone companies to install devices to track phone numbers.

But Cook says the 18th century law should not apply and Congress needs to consider whether to add such a requirement.

The dispute drew the attention of a wide range of commenters, ranging from Republican presidential contender Donald Trump, who blasted Apple for resisting the FBI's request, to whistle blower and former NSA contractor Edward Snowden, who repeatedly tweeted supporting Apple's position.