Apple is fighting a federal court order to help the FBI unlock an iPhone belonging to Syed Rizwan Farook, one of the two San Bernardino attackers responsible for killing 14 people last December.
Tim Cook, Apple's CEO, said in a statement, “The FBI wants us to make a new version of the iPhone operating system, circumventing several important security features and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession."
George Edwards, a cyber security expert at Quandary Peak Research, an LA-based software consulting firm, analyzed the news.
Could Apple do what the FBI asked?
– It would be within Apple's technical ability to do what the FBI is asking. It’s important to note that the FBI is not asking Apple to decrypt the data on the phone directly. It is impossible to decrypt the data on the phone without the password, and Apple doesn't have the password. Rather, the FBI wants Apple to change the software on this particular iPhone 5C, which was used by one of the San Bernardino shooters, in a way that would help the FBI to figure out the password, and then decrypt the phone's data themselves.
Specifically, the FBI wants Apple to change the software of the shooter's iPhone to allow many passwords to be guessed in very rapid succession. This would be accomplished by transmitting a large number of password guesses from another computer, rather than having a person type them in the way iPhone users normally do, which is obviously much slower. Also, the software on this specific phone would have to be changed so that it didn't automatically destroy the data after 10 incorrect guesses.
Can Apple avoid unlocking that phone after the U.S. federal magistrate order?
– The judge's order gives Apple five days to argue that assisting the FBI in this way would be "unreasonably burdensome”. It seems clear from the statement made by Tim Cook that Apple believes the order to be unreasonably burdensome and will contest it. Apple could argue that the order is burdensome, not only because of the effort required to implement the software update, but also because of the collateral damage to Apple's reputation and increased risk to Apple's customers.
If they agree to decrypt the phone, will it threaten the security of Apple’s customers?
– The decryption wouldn't immediately threaten the security of other iPhone users, since the proposed software update would only be applied to this one phone. However, it would result in the creation of a software program that, when loaded on an iPhone, creates a "back door" that allows the user's password to be guessed. It would then be relatively easy for Apple to modify the program for use on other iPhones. In other words, Apple users could no longer assume that their data cannot be accessed by anyone, even Apple.
If Apple were to help the FBI, how could this so-called ‘back door’ method be abused in the future?
– There are several possible ways the back door could be abused. One possibility is that the FBI could start requesting that Apple apply the back door software to lots of other phones. For example, the FBI might want to decrypt phones belonging to everyday sorts of criminals rather than just terrorists, or they might want to decrypt phones belonging to suspected terrorists without obtaining a warrant. The second possibility is that the back door software might somehow fall into the wrong hands. For example, if hackers were able to obtain the software and modify it in a way that allowed it to be installed on other iPhones, they could use it to decrypt users' data.
How will the situation develop, in your opinion?
– I expect Apple to fight the ruling vigorously. Apple obviously has substantial resources at their disposal and an excellent team of lawyers, so they have the ability to put forward a forceful argument. If, however, they fail to reverse the ruling in court, I think they would eventually comply rather than defying the order outright.
- By Dmitry Belyaev