Court order in San Bernardino case could force Apple to jeopardize phone security – Los Angeles Times

11 months ago Comments Off on Court order in San Bernardino case could force Apple to jeopardize phone security – Los Angeles Times

Cyber security experts warned Wednesday that the battle over a court order requiring Apple to help the FBI access encrypted data on a cellphone belonging to the couple who killed 14 people in San Bernardino will have far-reaching consequences for the tech industry.

The dispute, the latest chapter in a long-brewing battle between Silicon Valley and Washington, D.C., over the tech industry’s role in combating terror plots, will now shift from a philosophical disagreement to a very real courthouse fight after Apple said it would not comply with the order.

In an open letter published early Wednesday morning, Apple Inc. CEO Tim Cook vowed to fight the directive issued earlier this week and said the FBI’s call for the company to help defeat security measures on a phone belonging to Syed Rizwan Farook would be a major blow to customer privacy.

See more of our top stories on Facebook >>

“Building a version of iOS that bypasses security in this way would undeniably create a backdoor,” Cook wrote. “And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”

On Tuesday, U.S. Magistrate Judge Sheri Pym in Riverside directed Apple to help the FBI get around the phone’s passcode protection and the device’s auto-erase function, which would permanently destroy any encrypted data on the phone after 10 unsuccessful login attempts. 

In a motion filed earlier Tuesday, the FBI argued that Farook intentionally disabled the phone’s iCloud backup function six weeks before the Dec. 2 terror attack at the Inland Regional Center. Any communications linked to the shooting, as well as location data that might help the FBI map the movements of Farook and his wife, Tashfeen Malik, after the attack are accessible only through the phone itself, the government argued.

Investigators want to unlock the phone by using a computer program to automatically guess numeric passcodes until one works, according to a court filing. But they say they require special access from Apple to attempt that on the phone without erasing data or getting bogged down in a long process.

Investigators recovered the phone after executing a search warrant on one of the couple’s vehicles. Farook and Malik died in a firefight with police hours after the attack.

NEWSLETTER: Get essential California headlines delivered daily >> 

In September 2014, Apple modified its encryption system in a move that made it more difficult for law enforcement to access data on its cellphones. Previously, forensic investigators could tap into a device’s hardware port and gain access to a phone’s data “independent of needing to try passcodes,” according to Clifford Neuman, director of USC’s Center for Computer System Security.

“That path into the device is no longer possible,” he said.

Pym’s order would require Apple to write a new software program, a “recovery bundle” that would reboot Farook’s iPhone 5C with different settings, allowing the FBI to repeatedly enter passcodes remotely without risk of destroying the data on the phone. The program also would allow agents to attempt to enter passcodes without incurring a delay between each incorrect attempt.

Robert Cattanach, a cyber security attorney and former Department of Justice special counsel to the secretary of the Navy, said the government’s request leaves Apple in a difficult position as the company is now thrust into the center of the battle to balance privacy needs against counterterrorism efforts.

“The FBI’s request to a U.S. Magistrate for an order requiring Apple to disable the auto-wipe feature after 10 unsuccessful attempts represents the next step in the journey to find the holy grail of back door unencryption, and the next salvo in the ever-escalating battle between law enforcement and tech companies,” Cattanach said.

Gregory T. Nojeim, director of the Freedom, Security and Technology Project at the Center for Democracy & Technology, said the federal government is essentially trying to win access that it failed to gain through legislation in recent years.

“If this decision is upheld, it would mean the FBI could get a judicially mandated back door into any device to get access to its content, and it would mean a weakening of encryption in all those devices,” he said.

That back door potentially could be used on other devices too, making it a “bigger deal” beyond the terrorist case, according to Nojeim, who said tech companies likely will rally around Apple.

“I suspect that the entire technology industry, security professionals and technologists will all line up against this and urge the court to reject it,” he said. “The consensus of the technical community of backdooring encryption is phenomenal.”

Chenxi Wang, chief strategy officer at the network security firm Twistlock, said the court battle will be a seminal moment in balancing “privacy and civil liberty against government data access.”

“If Apple succeeds in fighting the court order, it will set up a high barrier for the FBI and the other government groups to access citizen data from now on,” Wang said. “This will absolutely have a ripple effect. Apple is now viewed as the flag bearer for protecting citizen data, and if they succeed, there will be a flood of other companies following suit.”

Alex Abdo, a staff attorney for the American Civil Liberties Union, said the order “risks setting a dangerous precedent.”

Civil liberties advocates fear that totalitarian governments such as China will demand Apple use a similar tool to open phones of opposition leaders and human rights activists.

“If the FBI can force Apple to hack into its customers’ devices, then so too can every repressive regime in the rest of the world,” Abdo said in a statement.

Court order in San Bernardino case could force Apple to jeopardize phone security – Los Angeles Times