At the end of 2015, Tashfeen Malik (27 years old) and Syed Farook (28 years old) killed 14 people and wounded 22 others by invading the Inland Regional Center (a disability support institution in the city of San Bernardino, California) with two rifles and two pistols. Soon after, the FBI (Federal Bureau of Investigation) announced that it has gone on to investigate the attack as a terrorist act since the woman suspected of committing the crime with her husband has sworn allegiance to the Islamic State (IS) on Facebook. For now this story has Apple.
This week, as reported by NBC News, a federal judge ordered Apple to give investigators access to the encrypted data on the iPhone 5c used by one of the snipers, something the company had so far refused to provide voluntarily. J o The Washington Post says that, in fact, the Department of Justice wants “only” that Apple disable the feature that erases data from the device after ten incorrect code entry attempts so they can use “gross out” (tens of millions of combinations) to try to gain access to the iPhone.
After the shooting in San Bernardino, officials said they had recovered several cell phones from Farook and Malik, some of which had been damaged as they tried to destroy the devices just so they wouldn't fall into the hands of authorities. The iPhone 5c in question owned by Farook's employer, the San Bernardino County Department of Public Health, who assigned the device to him was found in a car belonging to Farook's family. Despite having a warrant in hand, the authorities simply cannot gain access to the contents of the iPhone.
The document also says that Apple needs to offer "reasonable technical assistance" to recover the sniper's data and that it has five days to answer whether such assistance would be "excessively expensive".
The discussion is not new. Many times Tim Cook (Apple's CEO) stated that in the compact with the idea of ​​putting a backdoor on Apple systems so that governments and / or intelligence agencies have access to user data because, once the breach is there, it could be used for both "good" and "evil".
Maintaining his position of being quite transparent when it comes to user privacy, Cook published an open letter on the Apple website. Here is our free translation:
A Message to Our Consumers
The United States government has requested that Apple take action that threatens the safety of our consumers. We oppose this request, which has implications well beyond the legal case in question.
This moment calls for public discussion, and we want our consumers and people across the country to know what is at stake.
The Need for Cryptography
Smartphones, led by the iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.
All of this information needs to be protected from hackers and criminals who want to access, steal and use it without our knowledge or permission. Consumers expect Apple and other technology companies to do everything in their power to protect their personal information, and at Apple we are deeply committed to protecting your data.
Compromising the security of our personal information can end up putting our personal security at risk. That is why encryption has become so important for all of us.
For many years, we have used encryption to protect our consumers' personal data as we believe that the only way to keep their information secure. We even put this data out of our reach, as we believe that the contents of your iPhone do not concern us.
The Case of San Bernardino
We were shocked and insulted by the fatal act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for everyone whose lives have been affected. The FBI asked for our help in the days following the attack, and we worked hard to respond to the government's efforts to resolve this terrible crime. We have no sympathy for terrorists.
When the FBI requested data that we own, we provided it. Apple consents to valid subpoenas and search warrants, and we did that in the case of San Bernardino. We also provide Apple engineers to advise the FBI and offer them our best ideas on various investigative options at their disposal.
We have great respect for FBI professionals and we believe that their intentions are good. To date, we have done everything within our reach and within the law to help them. But now the US government has asked us for something that we simply don't have, and something that we consider very dangerous to create. They asked us to build a back door (backdoor) for the iPhone.
Specifically, the FBI wants us to create a new version of the iPhone's operating system, skipping several important security features, and install it on an iPhone found during the investigation. In the wrong hands, this software that does not exist today would have the potential to unlock any iPhone under physical possession.
The FBI may even use different words to describe this tool, but make no mistake: creating an iOS version that ignores security that way will undeniably create a back door. And although the government argues that its use would be restricted to this case, there is no way to guarantee such control.
The Data Security Threat
Some will say that building a back door for just an iPhone is a simple, straightforward solution. But this ignores both the basic principles of digital security and the significance of what the government is asking for in this case.
In today's digital world, the "key" to an encrypted system is a piece of information that unlocks data, and it is only as secure as the protections around it. Once the information is known, or a way to ignore the code is revealed, the encryption can be broken by anyone with that knowledge.
The government suggests that this tool can only be used once, on a phone. But this is simply not true. Once created, the technique could be used numerous times, and on any device. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of restaurant locks to banks and home stores. No reasonable person would find this acceptable.
The government is asking Apple to hack into our own users and undermine decades of security advances that protect our consumers including tens of millions of American citizens from hackers and sophisticated cybercriminals. The same engineers who build strong encryption on the iPhone to protect our users would, ironically, be forced to weaken these protections and make our users less secure.
We could not find any precedent for an American company being forced to expose its customers to a greater risk of attacks. For years, cryptography and national security experts have been warning against weakening cryptography. Doing so would only harm good and lawful citizens who depend on companies like Apple to protect their data. Criminals and malefactors will still use cryptography, using tools at their disposal.
A Dangerous Precedent
Instead of requesting one from the legislature through Congress, the FBI is proposing an unprecedented use of the All Writs Act 1789 to justify the expansion of its authority.
The government would require us to remove security features and add new capabilities to the operating system, allowing a password to be entered electronically. This would make it easier to unlock an iPhone by “gross force”, experimenting with thousands or millions of combinations with the speed of a modern computer.
The implications of government demands are depressing. If the government can use the All Writs Act to facilitate unlocking your iPhone, it would have the power to enter any device in order to capture your data. The government could extend this privacy gap and demand that Apple build surveillance software to intercept your messages, access your health records and financial data, track your location, or even access your phone's microphone or camera without the your knowledge.
To counter that request is not something we are doing lightly. We feel that we need to face up to what we see as something beyond the bill by the US government.
We are challenging the demands of the FBI with the highest respect for American democracy and a love for our country. We believe it would be in the best interest of everyone to step back and consider the implications.
While we believe the FBI's intentions are good, it would be wrong for the government to force us to build a back door on our products. And in the end, we fear that this demand could just undermine the independence and freedom that our government seeks to protect.
Tim Cook
Undoubtedly a highly delicate subject, in which there is most likely no right or wrong. There are ideals. Cook believes that it is right to defend user privacy that few companies do like Apple, which is still a competitive advantage for her if you care about it tooth and nail and have done it in a commendable way.
This whole story, however, is far from over
Update · 02/17/2016 s 21:51
Jan Klum, co-founder of WhatsApp, posted the following message on Facebook in support of Tim Cook:
I admire Tim Cook for his stance on privacy, Apple for his efforts to protect user data and he couldn't agree more with everything he said in his letter to customers today. We must not allow this dangerous precedent to be set. Today our independence and freedom are at stake.
Edward Snowden also expressed Apple support:
The @FBI is creating a world where citizens rely on #Apple to defend their rights, rather than the other way around. https://t.co/vdjB6CuB7k
– Edward Snowden (@Snowden) February 17, 2016
@FBI is creating a world where citizens depend on #Apple to defend their rights and not the other way around.
And still left for Google
This is the most important tech case in a decade. Silence means @google picked a side, but it's not the public's. https://t.co/mi5irJcr25
– Edward Snowden (@Snowden) February 17, 2016
This is the most important technology case in a decade. Silence means that @google chose a side, but not the people's side.
(via Fortune, Cult of Mac)
Update II · 02/17/2016 s 22:37
It took time, but it was Google’s turn to position itself through its CEO, Sundar Pichai:
1/5 Important post by @tim_cook. Forcing companies to enable hacking could compromise users privacy
– Sundar Pichai (@sundarpichai) February 17, 2016
1/5 Important post from @tim_cook. Forcing companies to allow hacking could compromise users' privacy.
2/5 We know that law enforcement and intelligence agencies face significant challenges in protecting the public against crime and terrorism
– Sundar Pichai (@sundarpichai) February 17, 2016
2/5 We know that intelligence agencies and security agencies face significant challenges in protecting the public from crime and terrorism.
3/5 We build secure products to keep your information safe and we give law enforcement access to data based on valid legal orders
– Sundar Pichai (@sundarpichai) February 17, 2016
3/5 We create secure products to keep your information safe and give access to data to security agencies based on valid legal orders.
4/5 But thats wholly different than requiring companies to enable hacking of customer devices & data. Could be a troubling precedent
– Sundar Pichai (@sundarpichai) February 17, 2016
4/5 But this is totally different from requiring companies to allow hacking of devices and customer data. It can be a worrying precedent.
5/5 Looking forward to a thoughtful and open discussion on this important issue
– Sundar Pichai (@sundarpichai) February 17, 2016
5/5 We look forward to an open and thoughtful discussion on this important issue.
(via The Verge)
Update III · 02/18/2016 s 23:44
Here is the official statement from Facebook:
We condemn terrorism and have complete solidarity with the victims of terror. Those who seek to extol, promote or plan terrorist acts have no place in our services. We also appreciate the difficult and essential work of public security bodies to keep people safe. When we receive legal requests from these authorities, we comply. However, we will continue to fight aggressively against requirements for companies to weaken the security of their systems. These demands would set a chilling precedent and obstruct companies' efforts to protect their products.
And that of Jack Dorsey, one of the creators of Twitter:
We stand with @tim_cook and Apple (and thank him for his leadership)! https://t.co/XrnGC9seZ4
– jack (@jack) February 18, 2016
We are with @tim_cook and Apple (and we thank you for your leadership)!
On a related note, the Bloomberg now saying that Apple has more time to decide whether to go or not cooperate with the FBI in Tim Cook's letter, he says Ma would have five days to respond, but now the deadline would have jumped to February 26.
(via Re / code, 9to5Mac)
