Apple invites security debate, will challenge government's order


In an open letter, Tim Cook stated the Apple will challenge the government's order to develop a solution to defeat iOS security measures.

Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.

The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by "brute force," trying thousands or millions of combinations with the speed of a modern computer.

First, it's noteworthy that Apple isn't challenging technical feasibility of this request. Apple has stated repeatedly it's no longer able to unlock customer devices. I'd expect Apple has consulted with the government as to what is possible, which appears to be a means of weakening the security to allow for a brute force attack on the device. Here Apple instead is challenging the legality of the request.

In this particular case, it seems the government is requesting Apple to develop a custom version of iOS to be loaded into the device's memory. This version of iOS will disable security measures that open allow for a brute force attack on the device PIN. Presumably, this custom installation would still need to be signed by Apple. So, only Apple should be able to deploy such an exploit and presumably Apple would expire that deployment so not to be used elsewhere. In this respect, this could be a practical compromise that keeps encryption intact, but better accommodate legal access to devices by law enforcement. However, what happens when the government wishes to unlock a device with a complex password/passphrase? Such a situation likely would make this solution impractical if not impossible.

Apple, however, warns once it starts building custom installs of its software for law enforcement, it may not stop at device security countermeasures:

The implications of the government's demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone's device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone's microphone or camera without your knowledge.