Friday, 19 February 2016

Apple rejects FBI order to create ‘Backdoor’ for iPhone

US judge told firm to provide technical help to FBI in probe into San Bernardino rampage
The Straits Times, 18 Feb 2016

SAN FRANCISCO • Apple has rejected a judge's order to help the Federal Bureau of Investigation (FBI) break into an iPhone used by one of the San Bernardino shooters, warning that it was "too dangerous" to create such a backdoor to the smartphones.

United States Magistrate Judge Sheri Pym ordered Apple on Tuesday to provide "reasonable technical assistance" to the FBI, including disabling an auto-erase feature after too many unsuccessful attempts are made to unlock the iPhone 5C.

Apple v the FBI – video explainer
Apple v the FBI – video explainerApple is facing a legal showdown with the FBI over control of its encryption code. The iPhone maker is resisting court orders to bypass security on the phone belonging to Syed Rizwan Farook, who took part in the killing of 14 people in San Bernadino last year. Apple is standing firm for now and has received support from other technology giants – but how far is its boss Tim Cook willing to go to preserve his company’s claim to user security?
Posted by The Guardian on Thursday, February 18, 2016

Federal prosecutors had filed a motion requesting Apple's help after the FBI failed to crack the phone's code two months into the investigation on the December rampage.

Syed Farook, a US citizen, and his Pakistani wife Tashfeen Malik gunned down 14 people at an office party in San Bernardino, California, before they were killed in a shootout with police.

But Apple said it would fight the judge's order, firing the latest shot in a growing debate over encryption pitting the government against technology companies.

"The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers," Apple chief executive Tim Cook said in a statement on the company's website.

"We oppose this order, which has implications far beyond the legal case at hand."

Mr Cook said it was too risky to provide the requested software because it could allow ill-intentioned individuals to unlock any iPhone and raises major privacy concerns.

"The US government has asked us for something we simply do not have and something we consider too dangerous to create. It has asked us to build a backdoor to the iPhone.

"In the wrong hands, this software - which does not exist today - would have the potential to unlock any iPhone in someone's physical possession."

"While the government may argue that its use would be limited to this case, there is no way to guarantee such control," Mr Cook said, adding that Apple has cooperated with the FBI thus far.

By disabling the security features, the FBI would be able to attempt as many different password combinations as needed before gaining access to the phone. It was the property of the San Bernardino County Department of Public Health, which employed Farook, and the authority had agreed to the search of the phone.

Judge Pym ordered Apple to provide software that would run only on the device in question, or any other technological means to access its data.

But Apple said it was impossible to create such a tool that could be used only once, on one phone.

"Once created, the technique could be used over and over again, on any number of devices," it said.

"In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks - from restaurants and banks to stores and homes. No reasonable person would find that acceptable."

Apple vs. the FBI
Let's break down exactly what the FBI wants from Apple Inc., and why the company is pushing back hard. Do you think Apple is right to refuse the court order?
Posted by CNET on Thursday, February 18, 2016

The US government is concerned that commercially available encryption benefits criminals.

Tech companies, intent on securing the trust of consumers after government spying revelations made by Mr Edward Snowden, have been reluctant to be seen as helping the authorities spy on users.

"We can find no precedent for an American company being forced to expose its customers to a greater risk of attack," Apple said. "The implications of the government's demands are chilling.

"If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone's device to capture his data."

Mr Cook warned that if Apple complied with the order, the government could demand surveillance software to intercept and access health and financial data, track users' locations or access a phone's microphone or camera without the user's knowledge.

"We are challenging the FBI's demands with the deepest respect for American democracy and a love of our country," he added.

FBI director James Comey revealed last week that investigators had not been able to crack open the phone two months into the investigation.

"It affects our counter-terrorism work," he said.


"The U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create," Tim Cook wrote.
Posted by NBC News on Wednesday, February 17, 2016

What are Apple and the US government fighting over? Some of the issues at stake
The Straits Times, 18 Feb 2016

WASHINGTON (REUTERS) - Apple Inc is resisting a federal court order that it help the United States government break into the iPhone 5c of Rizwan Farook, who along with his wife killed 14 people in a December shooting in San Bernardino, California, which the government has described as a terror attack.

Here is an explanation of the technology and data privacy issues at stake.


The government wants Apple to provide technical assistance to help it break into Farook's phone. Apple's mobile operating system encrypts virtually all of its data so that forensics experts cannot access e-mail, text messages, photos or other information unless they enter a password.

The phone requires two digital "keys" to unscramble the data: a passcode entered by the user when they want to use the device, and a unique 256-bit AES key that is coded into the hardware during manufacture.

The hardware key cannot be removed from the device, which prevents hackers from copying the contents of its hard drive and then cracking the passcode with the help of powerful computers.

Apple's mobile iOS system offers an auto-erase function that will wipe the device after 10 failed attempts to unlock it. The government says it is not sure if Farook enabled that function but has not attempted to unlock it because it does not want to risk losing the data.


The government has asked Apple to create a new version of iOS that disables the auto-erase function. It also requested the new software circumvent a feature that causes delays of up to one hour when nine wrong passwords are entered - making it possible to break into the phone using the "brute force" method of trying millions of different passwords. The government says it is possible for Apple to create software that will only work on the device used by Farook.


Apple says that such a tool would essentially create a "backdoor" that could be used by the FBI or others to break into any iPhone. Apple chief executive Tim Cook, in a letter to customers, cited the possibility of the specially created software falling into the "wrong hands" and rejected the notion that it would only be used in this single case.

Mr Cook also said that the move would establish a dangerous precedent.

"The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone's microphone or camera without your knowledge," he said.



It is not clear why Apple would worry about the specially created software being stolen or misused, since the work would take place in Apple's labs and would presumably be no more subject to theft than any other Apple software.

Apple is known for its strong security and there are no known incidents of its source code or cryptographic keys being stolen.

Further, the same technique would not work on devices launched after the 5c because they are equipped with a chip known as "Secure Enclave", which helps encrypt data using both the password and a unique user ID that is provisioned during manufacturing and not known to Apple.

The bigger concern is the precedent. If Apple complied, it would mark the first time a software company created a tool to break into its own products in response to an order from the law enforcement authorities.

Technology companies and privacy advocates fear an endless stream of similar requests - not just from the US government, but also from foreign governments and even litigants in civil cases. Technologists are horrified by the very idea of deliberately creating software that undermines security.


Apple is drawing a line in the sand to avoid setting a precedent.


Prosecutors say they believe data on the phone could help determine who Farook and his wife Tashfeen Malik communicated with as they planned the shootings, where they travelled to before and after the attack, and other details about the attack.


Not necessarily. Even if the government is right in its assumption that the phone was used to plan that attack, Farook may have used encrypted apps that wipe all evidence of communications.

For example, the Islamic State in Iraq and Syria (ISIS) uses an mobile messaging service known as Telegram for propaganda and recruitment. The service allows the group to broadcast messages to large numbers of followers, then move to private, one-to-one encrypted messaging that likely cannot be retrieved by forensics experts.


Smartphones powered by Google's Android operating system offer a variety of encryption options, depending on the manufacturer and model.

Forensic technicians can "bypass" passcodes on some of the devices, according to a November report by Manhattan's district attorney.

Google can remotely reset the passcodes, when served with a search warrant and an order instructing them to assist law enforcement officials to extract data, allowing the authorities to view the contents of a device.

Tech giants back Apple's refusal to hack iPhone
Silicon Valley companies say order from US govt will set troubling precedent
The Straits Times, 19 Feb 2016

SAN FRANCISCO • Google and other technology companies are backing Apple in its fight against the US government, which is trying to get the company to unlock an encrypted iPhone, a move that the industry fears will lead to greater access by any authorities to private data.

Google's chief executive officer Sundar Pichai tweeted on Wednesday that asking companies to create a way to hack into people's devices and data would set a "troubling precedent".

"We build secure products to keep your information safe and we give law enforcement access to data based on valid legal orders," he said. "But that's wholly different than requiring companies to enable hacking of customer devices and data. Forcing companies to enable hacking could compromise users' privacy."

In a letter to customers on Tuesday, Apple's chief executive officer Tim Cook rejected a court order to help the US Federal Bureau of Investigation unlock an iPhone used by one of the shooters in a terrorist attack in California.

He called it a "chilling" attack on civil liberties and warned that ultimately the government could "demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone's microphone or camera without your knowledge".

His stance drew endorsements in Silicon Valley. "I have always admired Tim Cook for his stance on privacy and Apple's efforts to protect user data and couldn't agree more with everything said in its customer letter today. We must not allow this dangerous precedent to be set. Today our freedom and our liberty is at stake," said WhatsApp CEO Jan Koum on Twitter.

"Silicon Valley stands with Apple," Mr Bret Taylor, co-founder of Quip and former chief technology officer of Facebook and co-creator of Google Maps, posted on Twitter.

Reform Government Surveillance, a group representing companies including Google and Facebook, issued a statement on Wednesday reiterating that while it is "extremely important" to deter crime and terrorism, no company should be required to build backdoors to their own technology.

Apple and other technology companies say creating an opening in their products for government investigators would create a vulnerability that Chinese, Iranian, Russian or North Korean hackers could exploit.

White House spokesman Josh Earnest said the Department of Justice was asking Apple for access to just one device, a central part of the government's argument, which Mr Cook has said was "not true". "They are not asking Apple to redesign its product or to create a new backdoor to one of its products," Mr Earnest told reporters at a daily briefing.

The Justice Department showed no sign of backing down on Wednesday. The dispute could initiate legislation in Congress, with Republicans and Democrats alike criticising Apple's stance and calling for tougher decryption requirements.


"The FBI is creating a world where citizens rely on Apple to defend their rights, rather than the other way around." - Edward Snowden
Posted by CNN on Wednesday, February 17, 2016


51% said Apple should unlock the phone
Posted by TIME on Monday, February 22, 2016

Bill Gates: “This is a specific case where the government is asking for access to information. They are not asking for some general thing.”
Posted by The Guardian on Tuesday, February 23, 2016


iPhone hack bad for US: Apple
CEO likens code for breaking into phone to cancer that should never be unleashed
The Straits Times, 26 Feb 2016

SAN FRANCISCO • Apple chief Tim Cook went public on Wednesday in his battle with the Federal Bureau of Investigation (FBI), saying unlocking an iPhone in the name of fighting terrorism would be "bad for America".

He equated code capable of breaking into an iPhone to a "software equivalent of cancer" that should never be unleashed on the world.

"This is not about this phone," Mr Cook said in an interview with ABC News. "This is about the future."

Apple is involved in a legal fight with the FBI, which wants it to help hack the iPhone of Syed Farook, a US citizen who gunned down 14 people with his wife Tashfeen Malik in San Bernardino in December. It is also fighting another 10 cases related to unlocking its devices.

When asked how he felt about Apple taking the stand with a chance the information on Farook's iPhone might prevent another terrorist attack, Mr Cook responded: "Some things are hard and some things are right. And some things are both. This is one of those things."

He maintained that the definite dangers of creating a way to crack iPhone encryption trumped concerns about "something that might be there".

Apple is being asked to write software that it believes would make iPhones vulnerable. The only way it knows to get more information from Farook's iPhone would be to "write software that we view as the software equivalent of cancer... it is bad news to write", Mr Cook said.

He argued that the FBI demand threatens to "trample on civil liberties" and starts a slippery slope that could lead to other court orders, such as building police surveillance capabilities into devices.

"It is clear that it can be a precedent," Mr Cook said. "If the government can order Apple to create such a piece of software, it could be ordered for anyone else as well."

Mr Cook planned to discuss the case with US President Barack Obama, and said his company was prepared to take the matter all the way to the Supreme Court.

"We have no sympathy for terrorists," he said. "We aren't protecting their privacy; we are protecting the privacy of everyone else. A physical key you could shred. A software key would stay living."

He called for the clash to be settled by Congress passing law that clearly defines what private companies are required to do in such cases.

But Apple engineers are already developing security measures that would make it impossible for the government to break into an iPhone.

This will create a challenge for law enforcement agencies, even if the government wins its fight over access to data on Farook's iPhone.

"For all of those people who want to have a voice but they're afraid... we are standing up for our customers because protecting them, we view as our job," Mr Cook said.


The United States Department of Justice has dropped its case against Apple, saying the FBI – Federal Bureau of Investigation has accessed the iPhone of one of the gunmen in the San Bernardino shooting.
Posted by CNN on Monday, March 28, 2016

No comments:

Post a Comment