What has Apple been ordered to do?
The US court has told Apple to write a piece of software that lowers an iPhone’s defences, enabling the FBI to use brute force to break in by bombarding the device with many possible passwords until it gets the right answer. The new tool would do three things:
1) Disable the auto-erase function that wipes all the data on an iPhone when a wrong password has been entered 10 times;
2) Overcome an automatic delay mechanism that limits how fast new passwords can be tried out;
3) Create new ways for the FBI to enter potential passwords electronically, making it easier to speed-test many different possibilities.
Before handing the software over, Apple would enter a 12-digit identifier for the device, so it would only work on the San Bernardino killer’s phone.
That sounds like a very limited order targeted at just one iPhone, made in very exceptional circumstances.
Why does Apple think it’s so unreasonable?
Once written, the same piece of software could be used to help open any iPhone, provided the correct 12-digit identifier is entered. Although not technically a “back door” – a vulnerability deliberately placed in a device so that someone can break in later – it would be a true master key for the iPhone.
Other US law enforcement agencies would then be able to apply to a court to use the software, drawing in cases far removed from suspected terrorism. And not just in the US: other countries where the iPhone is on sale, including ones with undemocratic regimes, could also insist on getting access.
But if Apple is ultimately in control of the key, doesn’t that make it OK?
If Apple tried to withstand valid legal requests from countries like China, the commercial effects could be painful. Eventually, it could be left with the sort of predicament that Google faced: the search company quit China in 2010 rather than comply with legal censorship demands.
Also, even Apple might not be able to guarantee that it could keep the master key completely safe. The value of the software code would be so high - it would offer the ability to break into any iPhone in the world - that it would be a magnet for criminal hackers and foreign security services. Or it might just take a single, disaffected Apple insider to leak the code.
An earlier US government proposal to build back doors into digital devices, known as the Clipper Chip, was abandoned after a tech industry backlash over what were claimed to be uncontrollable risks.
Wouldn’t this only affect older iPhones? My iPhone 6 has a fingerprint reader, so I feel safe.
At least in theory, the new tool would be able to break into any iPhone. Ultimately, the security in a phone is the product of policy rules that determine how it should respond to different prompts, and those rules are baked into its software. Apple is in a position to write software that overrides its iOS operating system, putting it in position to create master keys for all its devices.
What happens next?
Apple has five business days from Tuesday to respond in court to the order. In its reply, Apple must demonstrate that creating the software would be “unreasonably burdensome” but it is also likely to contest the grounds under which the order it was made.
The underlying authority is the All Writs act, signed into law by President George Washington in 1789, which gives US courts a broad remit in unusual legal situations to issue any order that is "necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law".
Apple chief Tim Cook called the application of this law "unprecedented" and suggested that such a demand should be debated by Congress rather than decided through the courts.
- Copyright The Financial Times Limited 2016