Responding to a recent controversy over Apple’s being ordered by a magistrate judge to help the FBI override the passcode on an iPhone formerly belonging to mass-shooter who attacked a county government office last December. Following a response from Apple CEO Tim Cook that Apple would not create a “backdoor” per the judge’s order that would prevent an encrypted iPhone from erasing itself after a certain number of unsuccessful login attempts, the White House has weighed in with a dubious claim that the technique would be limited to use in this one particular case.
Still unclear is why the FBI, the magistrate judge, and now the White House want the data from the recovered iPhone. The shooter, Syed Rizwan Farook, along with his wife Tashfeen Malik, killed 14 people and injured another 22 in an attack targeting the San Bernadino County Department of Public Health that has been described as a religiously-motivated “terrorist attack,” even though the case bears more of a resemblance to sadly-typical workplace massacre shootings. Farook, who was born in the US and had worked at the health department, and his wife attacked the event in an attempted bombing along with the mass shooting. The couple were killed in a shootout with police four hours after the attack.
The agency has already declared that Farook and Malik were not members of any terrorist organization or “sleeper cell” agents, and had become “radicalized” on their own without working with any co-conspirators. Emails between the couple talking about the attack were already recovered from the wife’s smartphone and social media accounts. White House spokesman Josh Earnest told reporters that the government is not asking for Apple to “create a new backdoor to its products,” even though that is precisely what the FBI is in fact demanding, and exactly what the judge ordered Apple to make.
Apple itself would not be unlocking the recovered iPhone: it is instead being ordered to create software that would prevent the iPhone from erasing itself after a number of unsuccessful login attempts. With that restriction removed, the FBI could brute force the passcode, a relatively trivial task for the commonly-used four-digit passcode used by most users today (a six-digit passcode is now available in the latest versions of iOS 9). It is not yet clear if such software is even possible to create, since the auto-erase functionality is likely part of the iPhone’s firmware.
In a response saying the company would challenge the judge’s order, Apple CEO Tim Cook predicted that the government would make exactly this claim, that it wants this backdoor for this one particular (and particularly un-urgent) need — but that the backdoor, once created, would be used again — and exploited in an abusive fashion by hackers and criminals, the government, and others in instances outside the scope of this one specific case.
“In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession,” Cook noted in his response.
The FBI has been public in its opposition to the use of encryption by Apple and other tech companies to protect users’ data, arguing that it makes recovering data from seized devices harder.
Apple has previously said it lacks the ability to decrypt the encryption used on its iPhones, since it does not possess a key to decrypt the material. However, it can and has provided general metadata and other information when lawfully requested by authorities, such as the time or recipients of emails or iMessages sent using its iCloud service (but not the content of those emails or messages).