Here's why Apple won't unlock San Bernardino killer's iPhone
NEW YORK -- Faced with a federal judge's order to help investigators break into an iPhone used by one of the San Bernardino, California, shooters, Apple may well argue that the request places an unreasonable burden on the company.
In fact, experts say that complying with the government's request wouldn't be particularly challenging for Apple. But doing so might set a dangerous precedent that could threaten the data security of the millions of iPhone users around the world.
The phone in question was used by Syed Farook, who along with his wife, Tashfeen Malik, killed 14 people in a December attack. Investigators don't know if the phone contains important evidence about the attack or the couple's communications - and because its contents are encrypted, they won't unless they can get the passcode to unlock it. The phone was issued by Farook's employer, the county of San Bernardino.
Investigators can't just try random passcodes until they hit on the right one, either. The phone has apparently enabled an Apple security feature - a sort of self-destruct option that would render the phone's data unreadable after 10 incorrect passcode attempts.
Cyberwarfare expert David Gewirtz said that Apple is pointing to a "valid risk" of potentially compromising user information down the line.
"What Apple is saying is that if they create a broken version of iOS with a backdoor (and let's be clear, there are and always have been jailbroken versions of iOS out there), then the Apple-provided version might fall into the wrong hands and be used on more than just one phone," Gewirtz wrote in an email to CBS News.
Many leading tech companies - Facebook, Microsoft, Twitter and Yahoo - were conspicuously silent about the dispute on Wednesday, although some trade groups issued statements endorsing Apple's position. Google CEO Sundar Pichai also voiced support for Apple in a series of tweets late in the day. "Forcing companies to enable hacking could compromise users' privacy," Pichai wrote, adding that the case "could be a troubling precedent."
Others commenting on Apple's decision, included Edward Snowden, who posted a tweet saying:
The judge's order requires Apple to create a unique software package - one Apple CEO Tim Cook described as "a new version of the iPhone operating system" - that would allow investigators to bypass the self-destruct system. The same software would also let the government enter passcodes electronically, eliminating both the tedium of manual entry and the enforced delays the iPhone system imposes after a few wrong guesses.
Apple opposes the order, arguing that such software would amount to a security "backdoor" that would ultimately make iPhone users across the globe more vulnerable to information or identity theft. Both the ACLU and the Electronic Frontier Foundation have pledged to support Apple, saying that the government's request endangers security and privacy.
From a technical perspective, making such software shouldn't be difficult for Apple, experts say. But once created, it would be nearly impossible to contain, says Ajay Arora, CEO and co-founder of Vera, a startup that provides companies with encryption services.
"Imagine if that got into the wrong hands," he says. "What they're asking for is a God key - and once you get that, there's no going back."
The demands being made of Apple border on the bizarre, says Lee Tien, a staff attorney for the Electronic Frontier Foundation, a digital rights group. "Asking a technology company to make its security less secure is a crazy, stupid thing to do," he says. "It's like asking water not to be wet."
The government's best bet may be to argue that its request doesn't actually create a backdoor, even if that's how Apple characterizes the request, says Robert Cattanach, a former Justice Department attorney. But Apple is probably right to worry that a government win in this case will lead to broader requests down the road.
"If the court rules in favor of the government, then I think the stage has been set for the next step, which is, 'Thanks for removing the auto-wipe. Now you need to help us defeat the code'," Cattanach says. "If you're the government, you're going to ask for that."
Where do you stand on this debate? Tell us what you think by taking the poll below.