Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

FBI’s iPhone Backdoor Request Sparks Debate

Google and others applaud Apple’s decision to refuse the FBI’s request for the creation of a backdoor to the iPhone, but some U.S. politicians lashed out against the company for not complying with the court order.

Google and others applaud Apple’s decision to refuse the FBI’s request for the creation of a backdoor to the iPhone, but some U.S. politicians lashed out against the company for not complying with the court order.

A magistrate judge ordered Apple on Tuesday to help the FBI search the iPhone 5C belonging to Syed Rizwan Farook, who in December shot and killed 14 people in San Bernardino with the help of his Pakistani wife Tashfeen Malik.

The mass shooting has been classified as a terrorist attack and an extensive investigation has been conducted. But authorities haven’t been able to hack Farook’s phone on their own so they have asked a judge to order Apple to asssist.

The FBI wants Apple to ensure that the phone’s “Erase Data” function, which erases all data stored on a device after 10 failed passcode attempts, is either disabled or bypassed. The tech giant has also been ordered to build a custom firmware that would disable security features to allow investigators to brute-force the shooter’s PIN and gain access to his data.

Farook’s iPhone is running iOS 9, which makes it impossible for Apple to directly decrypt the data stored on the device. However, experts agree that what the FBI wants is technically possible.

The main concern with the FBI’s request is that it’s basically asking Apple to create a backdoor to the iPhone, which could set a dangerous precedent. In response to the court order, Apple CEO Tim Cook said his company has no sympathy for terrorists and pointed out that it has been assisting the FBI in its investigation. However, creating the software authorities want poses a serious threat to data security because there is no guarantee that it will not fall into the wrong hands or that the government will use it for just this one case, Cook said.

Privacy researcher and activist Christopher Soghoian believes U.S. intelligence agencies are capable of hacking Farook’s iPhone, but then the government wouldn’t get what it wants, namely legal precedent.

Google and EFF support Apple

Advertisement. Scroll to continue reading.

Apple fans are planning to protest the court order and they are organizing rallies at Apple stores across the United States.

Google initially didn’t comment on the court ruling, but after being accused by NSA whistleblower Edward Snowden of taking the government’s side, the search giant’s CEO, Sundar Pichai, posted a series of tweets condemning the government’s actions, noting that it could set a “troubling precedent.”

The EFF has also announced that it’s prepared to support Apple in its battle with the government.

“The U.S. government wants us to trust that it won’t misuse this power. But we can all imagine the myriad ways this new authority could be abused. Even if you trust the U.S. government, once this master key is created, governments around the world will surely demand that Apple undermine the security of their citizens as well,” the EFF’s Kurt Opsahl said.

WhatsApp CEO Jan Koum also posted a brief statement on Facebook saying that he supports Tim Cook’s decision.

Even some politicians took Apple’s side. Congressman Ted Lieu said that while the San Bernardino terrorist attack demands a strong response, he believes the FBI ordering a private company to write software would turn that company into an “arm of law enforcement.”

“Forcing Apple to weaken its encryption system in this one case means the government can force Apple—or any other private sector company—to weaken encryption systems in all future cases. This precedent-setting action will both weaken the privacy of Americans and hurt American businesses,” Lieu said. “And how can the FBI ensure the software that it is forcing Apple to create won’t fall into the wrong hands? Given the number of cyberbreaches in the federal government—including at the Department of Justice—the FBI cannot guarantee this back door software will not end up in the hands of hackers or other criminals.”

Apple accused of siding with terrorists

Several U.S. government officials have been pushing for legislation that would force tech companies to place backdoors in their encryption products so it’s not surprising that some are not happy with Apple’s decision.

“Apple chose to protect a dead ISIS terrorist’s p‎rivacy over the security of the American people. The Executive and Legislative Branches have been working with the private sector with the hope of resolving the ‘Going Dark’ problem. Regrettably, the position Tim Cook and Apple have taken shows that they are unwilling to compromise and that legislation is likely the only way to resolve this issue,” stated Senator Tom Cotton.

“The problem of end-to-end encryption isn’t just a terrorism issue. It is also a drug-trafficking, kidnapping, and child pornography issue that impacts every state of the Union. It’s unfortunate that the great company Apple is becoming the company of choice for terrorists, drug dealers, and sexual predators of all sorts,” Sen. Cotton added.

Presidential candidate Donald Trump has also criticized Apple for its stance.

“To think that Apple won’t allow us to get into her cellphone? Who do they think they are? No, we have to open it,” Trump told Fox News.

U.S. Attorney Eileen M. Decker issued a statement defending the FBI’s request.

“We have made a solemn commitment to the victims [of the San Bernardino terrorist attack] and their families that we will leave no stone unturned as we gather as much information and evidence as possible. These victims and families deserve nothing less. The application filed today in federal court is another step – a potentially important step – in the process of learning everything we possibly can about the attack in San Bernardino,” Decker said.

The White House also sided with the FBI, arguing that the request is not for a backdoor to the iPhone, and instead targets a single device.

The statements made by some officials over the past period regarding encryption backdoors have demonstrated their lack of technical knowledge on the subject. A recent study has shown that encryption backdoors would be futile due to the large number of products available worldwide.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.