Apple will fight a US court ruling that tries to force it to create a backdoor for the iPhone.
In a rare open letter published by CEO Tim Cook, Apple drew a line in cooperating with law enforcement at intentionally weakening the security of its devices.
The ruling relates to a terror attack carried out by a husband and wife in California that left 14 dead and 22 seriously injured late last year.
The FBI has so far been unable to access the content on a phone used by one of the attackers, and this week won a court ruling compelling Apple to help them bypass the phone’s security features.
Specifically, the ruling targets a feature of iOS that wipes data from the phone if too many incorrect password attempts are made.
But the ruling has created alarm both inside Apple and with privacy advocates, and provoked a rare public response from Apple.
“The FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation,” Cook said.
“In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
“The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor.
“And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”
Cook said that building a backdoor for even one iPhone created a dangerous precedent – as well as a dangerous tool that could be reused over and over again.
“In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes,” he said.
“No reasonable person would find that acceptable.”
Cook also said that building a backdoor would undermine “decades of security advancements that protect our customers”.
“The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe,” Cook said.
Cook saw a slippery slope if the US succeeded in forcing Apple to backdoor iOS, questioning where the invasion of users’ privacy would end.
“The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge,” he warned.
Cook said Apple did not take its challenge of the ruling “lightly”. Cook said he felt compelled to speak out publicly against what he saw as “an overreach by the US Government”.
Electronic Frontier Foundation (EFF) said it supported Apple’s decision to fight the ruling and would file an amicus curiae brief with the court to support Apple’s own filings.
“Apple is fighting the order which would compromise the security of all its users around the world,” EFF said.
One reason EFF had stepped in was over fears that a backdoor tool would end up in the hands of a number of governments worldwide.
“We can all imagine the myriad ways this new [backdoor] authority could be abused,” EFF said.
“Even if you trust the US Government, once this master key is created, governments around the world will surely demand that Apple undermine the security of their citizens as well.”
Others, like Google chief executive Sundar Pichai, are watching the unfolding case with interest.
1/5 Important post by @tim_cook. Forcing companies to enable hacking could compromise users’ privacy
— sundarpichai (@sundarpichai) February 17, 2016
2/5 We know that law enforcement and intelligence agencies face significant challenges in protecting the public against crime and terrorism
— sundarpichai (@sundarpichai) February 17, 2016
3/5 We build secure products to keep your information safe and we give law enforcement access to data based on valid legal orders
— sundarpichai (@sundarpichai) February 17, 2016
4/5 But that’s wholly different than requiring companies to enable hacking of customer devices & data. Could be a troubling precedent
— sundarpichai (@sundarpichai) February 17, 2016
5/5 Looking forward to a thoughtful and open discussion on this important issue
— sundarpichai (@sundarpichai) February 17, 2016