Apple rejects 'backdoor' to gunman's iPhone

Apple will fight a court order demanding it unlock an iPhone belonging to one of the San Bernardino shooters as it could create a 'backdoor' for access to personal data.

After a number of failed attempts by the FBI, the tech giant was asked to circumvent security software by creating and installing a new operating system on the phone of gunman Syed Rizwan Farook.

In a statement, Apple chief executive Tim Cook called for a 'public discussion' claiming the FBI's request 'ignores both the basics of digital security and the significance of what the government is demanding'.

Cook described the US government's demands as an 'unprecedented step', which could place tens of millions of American citizens at risk from sophisticated hackers and cybercriminals.

The FBI intends to rely on the All Writs Act 1789, which allows the government to justify an expansion of its authority, such as forcing Apple to comply with its request.

A new operating system was proposed which would permit a tactic of 'brute force' - enabling a computer to try millions of combinations to unlock the smartphone.

Cook labelled the implications of these demands as 'chilling' suggesting the government could extend this breach of privacy and request Apple to build surveillance software to intercept customers' messages and financial data.

Last summer, Apple refused to comply with a court order obtained by the US Justice Department demanding the company allow access to real time text messages between suspected criminals using iPhones.

Peter Wright, managing director of data privacy specialists Digital Law UK, said the latest case 'fits in with Apple's stance on things' but he was 'very surprised' that the matter has not been settled without the need for a hearing.

'In the US you have a very high level of data surveillance across social media and technology as a whole. It's interesting that the government agency has been direct enough to seek a warrant and wants to actually get inside the device,' said Wright.

The data privacy specialist believes there are wider issues behind the US government 'pushing so hard to make an example of Apple'.

'I'm sure the security services would quite like it to be even more open in terms of their access to things like this,' he said. 'I'm sure others, for example, insurers and banks, would like to have access to that for their credit reports and credit worthiness reports.

'This could be an excuse to further erode people's rights when it comes to their own mobile devices on when you can look at it and who can open it up.'

 

Tech tensions Jeremy Harris is a partner in the  IP and technology disputes team at Kemp Little 'Apple’s position on this is interesting from a UK law perspective, not least because Apple is also in the process of lobbying Parliament to make changes to the UK’s Investigatory Powers Bill, which the government is trying to rush through Parliament. The Investigatory Powers Bill would give the UK government and security forces the right to require tech companies to provide just the sort of assistance that Apple is trying to resist in the US. In particular, under the proposed legislation, tech companies could be required to provide assistance in investigating devices, by altering the way their devices work or providing backdoors (i.e. methods of bypassing normal authentication) to circumvent security settings. 'Apple’s challenge, both here and in the US, highlights the tension between ensuring that security forces have all the powers they need to help prevent or investigate issues of national security, and putting consumers in danger by forcing tech companies to compromise the security measures on their devices. However, given that the latter is more of a theoretical risk, while the former would only be requested where specific and significant risks have been identified, it seems that Apple is facing an uphill task in resisting the US court order and attempting to get the draft Investigatory Powers Bill amended. 'However, even if the Investigatory Powers Bill gets through Parliament, tech companies might be able to rely on a proviso in the draft legislation to resist requests for assistance. The clause in question states that a ‘technology provider’ would not be required to implement measures which ‘are not reasonably practicable for it to take’. The scope of this qualification is not clear and would need to be interpreted by the Courts. However, tech companies could theoretically rely upon it where providing assistance would mean incurring disproportionate costs, or (if it can be proved) creating real and potentially damaging vulnerabilities within its products which could cause significant risks to consumers.'