Apple Tells Judge FBI's Phone Unlocking Demands 'Burdensome' At Present, 'Impossible' In The Future
from the fresh-out-of-master-keys dept
Apple has entered its response to federal magistrate judge James Orenstein’s request that the company explain whether or not unlocking an encrypted iPhone would be “burdensome.” It was the judge calling the bluffs of everyone involved in the new Crypto War, but mainly the FBI’s.
A key issue in the encryption debate, part of a larger discussion of what the FBI calls its “going dark” problem, is to what extent the government can force companies to provide “technical assistance” under current law.
In the Apple case, the government asserted its request “is not likely to place any unreasonable burden on Apple.”
Orenstein said, “I am less certain.”
The DOJ is attempting to use a 1789 act to unlock a phone running a 2013 operating system. Orenstein made several points in his order requesting Apple’s participation, including the fact that the FBI’s abuse of an old law was at odds with director James Comey’s claim that he desired a “public debate” about encryption and public safety.
Apple’s brief points out that “burdensome” may soon become indistinguishable from “impossible.” As was noted earlier, this case concerns a phone running an older version of the iPhone’s system software. Apple admits it can access a certain amount of data if the judge signs off on the All Writs order.
For these devices, Apple has the technical ability to extract certain categories of unencrypted data from a passcode locked iOS device. Whether the extraction can be performed successfully depends on the device itself, and whether it is in good working order. As a general matter, however, certain user-generated active files on an iOS device that are contained in Apple’s native apps can be extracted. Apple cannot, however, extract email, calendar entries, or any third-party app data.
As for the question of whether this possibility veers into “burdensome” territory, Apple had this to say:
[T]he act of extracting data from a single device in good working order, running an operating system earlier than iOS 8, would not likely place a substantial financial or resource burden on Apple by itself. But it is not a matter of simply taking receipt of the device and plugging it into a computer. Each extraction diverts man hours and hardware and software from Apple’s normal business operations. And, of course, this burden increases as the number of government requests increases.
Apple then points out that the burden doesn’t end with unlocking the phone and retrieving whatever data it can. It would also need to send legal representatives and witnesses to court to explain the process and testify to the veracity of the retrieved data.
Apple also notes the “burden” would be felt in more than just man hours.
Apple has taken a leadership role in the protection of its customers’ personal data against any form of improper access. Forcing Apple to extract data in this case, absent clear legal authority to do so, could threaten the trust between Apple and its customers and substantially tarnish the Apple brand. This reputational harm could have a longer term economic impact beyond the mere cost of performing the single extraction at issue.
A footnote states that Apple has performed this sort of service for law enforcement on previous occasions, but only within the limited scope of warrants seeking specific data or information. It has never done so under the vague, broad authority of an All Writs order.
But the brief also points out that what is possible to achieve with this operating system version will no longer be possible going forward.
In most cases now and in the future, the government’s requested order would be substantially burdensome, as it would be impossible to perform. For devices running iOS 8 or higher, Apple would not have the technical ability to do what the government requests—take possession of a password protected device from the government and extract unencrypted user data from that device for the government. Among the security features in iOS 8 is a feature that prevents anyone without the device’s passcode from accessing the device’s encrypted data. This includes Apple.
Underscoring this point, Tim Cook spent the same day this response was delivered (Oct. 19th) being interviewed by Gerard Baker, the executive editor of the Wall Street Journal. Cook reiterated Apple’s stance on encryption: either it works and keeps everyone out or it doesn’t.
“We think encryption is a must in today’s world,” says Cook. “No back door is a must.”
“No one should have to decide privacy or security. We should be smart enough to do both.”
“If there was a way to expose only ‘bad’ people … that would be a great thing. But this is not the world,” says Cook.
“I think it would be in everyone’s best interest … if everyone is blocked out,” he says.
That’s the way it has to be if anything’s going to be truly secure. The FBI will have to find other routes to obtain data. It can no longer expect that running to the manufacturer of a phone will allow it obtain what it wants. It will have to find a new approach, one that engages with third-party applications and possibly even the owner of the phone, which is the way it should be.
Filed Under: backdoor, doj, encryption, fbi, unlocking
Companies: apple
Comments on “Apple Tells Judge FBI's Phone Unlocking Demands 'Burdensome' At Present, 'Impossible' In The Future”
I don't like a "closed garden"
However, I “may” have to rethink my stance on Apple in the future, all of my extended family uses apple products, I might join them. (I love to tinker though)
I don't like a "closed garden". Period.
Good for Apple, I suppose. However, I don’t like the closed garden, I don’t like the way the product look and I have no desire whatsoever of ever thinking about owning an Apple product.
The only thing that I do like about the Mac OS is that you can drop to a shell but past that .. meh.
Re: I don't like a "closed garden". Period.
So? Nobody’s forcing you to use Apple if you don’t want to. Just be happy that those who do prefer to use their products are being protected.
Unlocking Apple
I’m surprised that a mediocre 13YO hack hasn’t already showed an unlocked Apple.
What happened to the 4th Amendment as the best protection a device can be operated under? Surely someone whom does not know this is a rhetorical question will so willingly answer this.
I like a 'closed garden' if it's got a gate -- with a lock.
The closed garden isn’t so bad as long as you have the option to jailbreak.
However, it’s also nice to have a locked-down system that you have to tether to jailbreak — I tend to flip back and forth. But I may no longer be doing as much of that, now that Apple lets you compile and deploy your own projects. This means that we can now have an open ecosystem where people can provide full open-source projects on GitHub, and anyone can download and deploy/tweak them. This doesn’t get you root, but within the userland, you have pretty loose access these days. But for the most part, you still are protected against malicious actors.
The other thing you need for iOS is a VPN with privoxy on the other end, so you can use WiFi at any AP, and all the ads and potential malicious downloads get filtered out on WiFi AND cellular data.
With the iOS8+ encryption and these features/additions, it’s a pretty good (though still not perfect) solution to mobile computing.
Re: I like a 'closed garden' if it's got a gate -- with a lock.
Argh; and I still missed the one other thing I meant to say: the walled garden’s downside is that anything deployed inside of it stays inside — so you can get App lock-in. Enabling open-source deployment now fixes some of that, as you can take a single project and target it for both iOS and Android. Couldn’t do that last year.
It seems to me that history shows us when the FBI cannot make the law do what they want, they just break/ignore the laws to get want they want.
Re: Re:
Mathematical laws are quite hard to break. That’s what this article is all about.
But I still don’t trust Apple either, so.
I wonder if apple could use ISDS if forced to retrieve the data
“Forcing Apple to extract data in this case, absent clear legal authority to do so, could threaten the trust between Apple and its customers and substantially tarnish the Apple brand.”
I wonder if they could use ISDS because the government tarnished their brand.
I think the government would have a much easier time going after the iPhone backup file on the computer, which are way more likely to be unencrypted, instead of wasting time trying to unencrypt the actual phone.
Apple clearly misunderstood the question. The question wasn’t how hard it would be to decrypt data under current conditions, it was how hard it would be to add a backdoor so that the FBI could decrypt data at will.