Carolyn Kaster / AP
Apple is still opposing the FBI’s orders to help decrypt the iPhone owned by the San Bernardino shooter.
The iPhone company spelled out all the reasons behind its decision in a new webpage that launched Monday morning.
Apple believes helping the government in the ways it’s asked will compromise the security of iOS, the encrypted mobile operating system on iPhones and iPads, and would set a dangerous legal precedent that could let the government expand its means of surveillance.
While previous reports implied the government was asking Apple to create a back door in iOS — making encryption weaker to help the FBI get into the system — Apple says the government wants Apple to “create a unique version of iOS which would bypass security protections on the iPhone’s lock screen,” adding an ability to enter passcodes electronically (to quickly and easily break the four- or six-digit passcode).
Apple says it is possible to build this new operating system, “but it’s something we believe is too dangerous to do,” since a tool like this could be abused or fall into the wrong hands.
There’s a lot of interesting information in the Q&A that explains Apple’s rationale in this case. Most notably, Apple says it has has not unlocked iPhones for law enforcement in the past, even though it admits to extracting data from iPhones that ran operating systems prior to iOS 8, which launched in 2014. The company also suggests creating a commission with experts in technology and civil liberties to figure out how law enforcement can use new technologies without impinging on personal freedoms like privacy.
Here’s the full Q&A, courtesy of Apple:
Why is Apple objecting to the government’s order?
The government asked a court to order Apple to create a unique version of iOS which would bypass security protections on the iPhone’s lock screen. It would also add a completely new capability so passcode tries could be entered electronically.
This has two important and dangerous implications:
First, the government would have us write an entirely new operating system for their use. They are asking Apple to remove security features and add a new ability to the operating system to attack iPhone encryption, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.
We built strong security into the iPhone because people carry so much personal information on our phones today, and there are new data breaches every week affecting individuals, companies and governments. The passcode lock and requirement for manual entry of passcode are at the heart of the safeguards we have built in to iOS. It would be wrong to intentionally weaken our products with a government-ordered backdoor. If we lose control of our data, we put both our privacy and our safety at risk.
Second, the order would set a legal precedent which expands the powers of the government and we simply don’t know where that would lead us. Should the government be allowed to order us to create other capabilities for surveillance purposes, such as recording conversations or location tracking? This would set a very dangerous precedent.
Is it technically possible to do what the government has ordered?
Yes, it is certainly possible to create an entirely new operating system to undermine our security features as the government wants. But it’s something we believe is too dangerous to do. The only way to guarantee such a powerful tool isn’t abused and doesn’t fall into the wrong hands is to never create it.
Could Apple build this operating system just once, for this iPhone, and never use it again?
The digital world is very different than the physical world. In the physical world you can destroy something and it’s gone. But in the digital world, once created the technique could be used over and over again, on any number of devices.
Law enforcement agents around the country have already said they have hundreds of iPhones they want Apple to unlock if the FBI wins this case. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks. Of course Apple would do our best to protect that key, but in a world where all of our data is under constant threat, it would be relentlessly attacked by hackers and cybercriminals. As recent attacks on the IRS systems and countless other data breaches have shown, no one is immune to cyber attacks.
Again, we strongly believe the only way to guarantee such a powerful tool isn’t abused and doesn’t fall into the wrong hands is to never create it.
Has Apple unlocked iPhones for law enforcement in the past?
We regularly receive law enforcement requests for information about our customers and their Apple devices. In fact, we have a dedicated team that responds to these requests 24/7. We also provide guidelines on our website for law enforcement agencies so they know exactly what we are able to access and what legal authority we need to see before we can help them.
For devices running the iPhone operating systems prior to iOS 8, and under a lawful court order, we have extracted data from an iPhone.
We’ve built progressively stronger protections into our products with each new software release, including passcode-based data encryption, because cyberattacks have only become more frequent and more sophisticated. As a result of these stronger protections which requires data encryption, we are no longer able to use the data extraction process on iPhones running iOS 8 or later.
Hackers and cybercriminals are always looking for new ways to defeat our security, which is why we keep making it stronger.
The government says your objection appears to be based on concern for your business model and marketing strategy. Is that true?
Absolutely not. Nothing could be further from the truth. This is and always has been about our customers. We feel strongly that if we were to do what the government has asked of us — to create a backdoor to our products — not only is it unlawful, but it puts the vast majority of good and law abiding citizens, who rely on iPhone to protect their most personal and important data, at risk.
Is there any other way you can help the FBI?
We have done everything that’s both within our power and within the law to help in this case. As we’ve said, we have no sympathy for terrorists.
We provided all of the information about the phone that we possessed. In addition, we proactively offered advice on obtaining additional information. Even since the government’s order was issued, we are providing additional suggestions after learning new information from the Justice Department’s filings.
One of the strongest suggestions we offered was that they pair the phone to a previously joined network which would allow them to back-up the phone and get the data they are now asking for. Unfortunately, we learned that while the attacker's iPhone was in FBI custody the Apple ID password associated with the phone was changed. Changing this password meant the phone could no longer access iCloud services.
As the government has confirmed, we’ve handed over all the data we have, including a backup of the iPhone in question. But now they have asked us for information we simply do not have.
What should happen from here?
Our country has always been strongest when we come together. We feel the best way forward would be for the government to withdraw its demands under the All Writs Act and, as some in Congress have proposed, form a commission or other panel of experts on intelligence, technology and civil liberties to discuss the implications for law enforcement, national security, privacy and personal freedoms. Apple would gladly participate in such an effort.