Apple has been ordered by a US federal judge to help the Justice Department unlock an iPhone used by one of the shooters involved in the San Bernardino attacks last December.
Tuesday’s ruling requires Apple to disable the built-in security feature that causes the device to wipe its memory after 10 unsuccessful unlock attempts. This will allow the FBI to use brute force — trying millions of combinations of passcodes — without risking the loss of data.
FBI director James Comey said that the agency hasn’t been able to crack the phone even after two months of trying.
Apple says it doesn’t store the decryption keys for iPhones on its servers — those stay on the device. The Washington Post reports that industry officials say Apple can’t disable the 10-tries-and-wipe feature — it can only be turned off in the phone’s settings after it’s unlocked.
Here’s where things get interesting: US Magistrate Judge Sheri Pym said that Apple can write software to bypass the security feature for the device in question. However, that, in many ways, is essentially a request for Apple to create a backdoor for iPhones and it’s likely that Apple will resist the order.
Even if Apple found a way to disable the wipe feature, the FBI still has to figure out a way to efficiently run millions of password attempts.
The company says it could take more than five years to crack a six-digit lower-case alphanumeric password if run on the phone. A supercomputer could help speed up the process by many orders of magnitude, but that would require the phone’s hardware key which, again, Apple doesn’t store.
It’ll be interesting to see how this plays out, as Apple is under tremendous pressure to assist in unraveling the deadliest terrorist attack on the US since September 11, 2001, and also to stick to its promise of offering truly secure personal devices.
The outcome may also set a standard for cases involving encryption and private data in future investigations. Apple has five days to respond to the order.
Update: Apple CEO Tim Cook has issued a public statement in which he states the company opposed the court order and explains his stance on the need for encryption, the implications of the ruling and the threat it could pose to data security.
The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.
For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.
He added that the federal ruling was asking more from Apple than just assistance in bypassing a single phone:
We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.
The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.
The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.
We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.