Cut The Crap, Apple, And Open Syed Farook’s iPhone

Cut The Crap, Apple, And Open Syed Farook’s iPhone

Apple can help the FBI open San Bernardino shooter Syed Farook’s iPhone, which could lead to other terrorists. Apple has declined.
Gabriel Malor

For the sake of national security, Apple must assist the FBI in breaking into a seized phone. This particular iPhone 5C, said to belong to San Bernardino shooter Syed Farook, was lawfully obtained by the FBI pursuant to a warrant to search Farook’s Lexus. It may lead the authorities to additional terrorists living in our midst—if law enforcement can obtain access to its contents.

The issue here is practical, not legal. Nobody denies, not even Apple, that the FBI may lawfully search the contents of Farook’s iPhone. The problem is that the phone’s software prevents the FBI from performing its search. The phone is encrypted and locked with a passcode that imposes three barriers to access.

First, the iPhone’s software includes an option to erase the phone if more than 10 unsuccessful passcode entries are made. There is no way to know if Farook enabled this software option. Second, the iPhone’s software requires that the passcode be entered by hand using the device’s touch screen. Third, the iPhone’s software imposes a waiting period between unsuccessful passcode entries. Without these hurdles, the FBI could use a brute force attack using a computer to enter possible passcodes until it finds the right one and unlocks the phone.

Apple Has the Power

It is within Apple’s power to voluntarily disable these software-imposed practical challenges to the FBI’s lawful search of Farook’s iPhone. Apple has declined to help. That’s where the contentious February 16, 2016, order (PDF) comes in. Using the All Writs Act—a modern version of a law the American Founders passed in the first Congress—a federal magistrate judge has ordered Apple to help the FBI gain access to the device’s contents. Under the All Writs Act, a court can order a third party who stands in the way of administering justice to provide assistance so long as an alternative is not available, the ordered assistance is not unduly burdensome, and the third party is reasonably compensated.

Because only Apple has these signatures, only Apple can update Farook’s iPhone. The FBI cannot do this without Apple’s help.

Apple has the ability to temporarily update the software on Farook’s iPhone and remove the three barriers to using a brute-force attack. But before any iPhone will accept new software, it checks to see if the software update has a valid signature from Apple. Because only Apple has these signatures, only Apple can update Farook’s iPhone. The FBI cannot do this without Apple’s help.

Here, the court’s order is specifically tailored to both Apple’s and the government’s concerns. First, it requires Apple to use its access to temporarily remove only the three barriers to using a brute force attack discussed above. It does not require any adjustment to the iPhone’s encryption. Second, the order requires Apple to explicitly restrict its software update so that it can only run on Farook’s iPhone and be both temporary and reversible. It does not require altering any other software or access to any other iPhones. Third, the order allows Apple to comply with the order at its own facility, if it so chooses.

In other words, the FBI wants to bring Farook’s iPhone to Apple, let the manufacturer perform the temporary update, and then allow the FBI to remotely perform a brute force attack to discover Farook’s passcode. Once the FBI has discovered the passcode, Apple simply reverses the update and returns the iPhone with its original software and contents to the FBI.

The Objections Are Spurious

It must be emphasized: under the court’s order, at no point does Apple’s valid signature providing access for an iPhone update ever have to leave Apple’s control. It already has these signatures and uses them every time an iPhone anywhere in the world is updated. Claims that this order endangers the privacy of iPhone users are simply untrue. This order, issued pursuant to a lawful search warrant, has nothing to do with the privacy of iPhone users other than one dead terrorist. It is customized to respect Apple’s need to control access to its software and signatures and to restrict the application of temporary software to Farook’s phone alone.

This order, issued pursuant to a lawful search warrant, has nothing to do with the privacy of iPhone users other than one dead terrorist.

Opponents of the court’s order, including Apple’s Tim Cook, are using the loaded term “backdoor” to refer to the court’s proposed software update. Encryption backdoors have been a pipe dream for intrusive governments for decades. However, virtually everyone agrees that there is no way to create such backdoors without undermining security and privacy.

Until this week, discussions about removing the auto-erase and delay features of passcodes have never considered such an alteration to be a backdoor. Uses of the term to refer to the order in this case are thus misleading. This order does not require Apple to hand over a key to its encryption that could be used on other devices.

Another objection is that the court’s order could set a new precedent requiring aid from technology manufacturers in future cases. But this is not new precedent; this is old precedent. The All Writs Act derives from the Founders’ acknowledgment that sometimes courts require aid from third parties to administer justice. To the extent that Apple and other phone manufactures worry they may be asked to help law enforcement in the future, the Supreme Court set that precedent in a 1977 case called United States v. New York Telephone Co.

A third objection is that the court’s order is a step down a slippery slope to pervasive and secret government surveillance of our electronic devices. This is lingering fear from the National Security Agency scandal projected onto a transparent and lawful process. The court’s order was issued publicly, is now being debated publicly, and, as noted above, was only made possible because of a previously issued warrant. Even were Farook alive to assert a Fourth Amendment challenge, there is no question that the government has probable cause to both seize and search his cell phone. Apple has no constitutional standing to assert dead Farook’s privacy rights.

In light of the foregoing, it is wrong for Apple to attempt to frustrate the FBI’s efforts to gain access to the content of Farook’s iPhone. The privacy concerns are unresponsive to the court’s order. The security need is patent. Complying with the order is not unreasonably burdensome. And there is no alternative. Apple has vowed to appeal; it should lose.

Gabriel Malor is an attorney and writer in Washington, D.C. Follow him on Twitter.

Copyright © 2016 The Federalist, a wholly independent division of FDRLST Media, All Rights Reserved.

comments powered by Disqus