Tim Cook calls FBI backdoor demand 'dangerous,' vows to fight case

Posted:
in iPhone edited February 2016
Apple chief executive Tim Cook has promised to oppose a court order that would have the company create a compromised version of iOS with weakened encryption, the result of FBI requests for help in accessing data stored on an iPhone 5c used by a gunman in the San Bernardino shooting.




"The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers," Cook wrote in an open letter posted on Apple's website. "We oppose this order, which has implications far beyond the legal case at hand."

Cook notes that while Apple has done as much as it can to cooperate with law enforcement officers, the FBI's request to crack iOS encryption used by the San Bernadino shooters would fundamentally harm the security of iOS users around the world:

"We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software -- which does not exist today -- would have the potential to unlock any iPhone in someone's physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.


Cook's strongly worded critique comes less than a day after a federal judge ordered Apple to aid law enforcement technicians attempting to break into an iPhone used by Syed Rizwan Farook. Officially the property of the county health department for which Farook worked, the iPhone 5c was password protected by the gunman and is set to erase a stored decryption key after ten unsuccessful login attempts.

According to Apple's own documents, it is nearly impossible to break into an iOS device running the latest operating system revision, in this case iOS 9. Apple stopped storing security keys with iOS 8 to implement an encapsulated encryption method that entangles a pass key with the device UID. Any attempt to break this strong encryption would have to take place on the phone itself.

Further, the validity of the FBI's bid to sequester Apple's help is tenuous at best. The order notes officials hope to employ a brute force attack after Apple provides a custom software image file capable of disabling or bypassing the iOS password attempt counter. If such software exists, code breakers would still need to overcome the 80 millisecond cool down period between tries.

Apple estimates it would take a supercomputer over five and a half years to crack a six-digit passcode with lowercase letters and numerals. Brute-forcing a stronger passcode could take decades. In short, iOS was built to withstand the very attack vectors proposed by the FBI.

The full text of Cook's letter is included in its entirety below:

February 16, 2016

A Message to Our Customers

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.

The Need for Encryption

Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.

All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.

Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.

For many years, we have used encryption to protect our customers' personal data because we believe it's the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.

The San Bernardino Case

We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government's efforts to solve this horrible crime. We have no sympathy for terrorists.

When the FBI has requested data that's in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we've offered our best ideas on a number of investigative options at their disposal.

We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software -- which does not exist today -- would have the potential to unlock any iPhone in someone's physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

The Threat to Data Security

Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.

In today's digital world, the "key" to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

The government suggests this tool could only be used once, on one phone. But that's simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks -- from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers -- including tens of millions of American citizens -- from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.

A Dangerous Precedent

Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.

The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by "brute force," trying thousands or millions of combinations with the speed of a modern computer.

The implications of the government's demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone's device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone's microphone or camera without your knowledge.

Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

We are challenging the FBI's demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

While we believe the FBI's intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

Tim Cook
mr obrakkenanantksundaramSpamSandwichcalimagman1979kevin kee
«1345678

Comments

  • Reply 1 of 153
    I read the whole letter earlier, very scary implications and Its a sad day if this happens as its completely fascist!
    mr owilliamlondonlatifbpcornchipSpamSandwichradster360tdknoxpalominecalijbdragon
  • Reply 2 of 153
    mr omr o Posts: 1,046member
    I stand with you Tim!

    Very lame of the FBI and the US Government. IF Bernie is to be believed, the US Government itself is kept hostage by those that fund the candidates. So, where is it going to end? Sharing our health data with insurance companies in exchange for money to the Government?

    >:x
    brakkenwilliamlondonlatifbpbrian greencornchiptdknoxcalimanfred zornjony0lolliver
  • Reply 3 of 153

    If Apple were to lose this case, then say goodbye to your personal data forever, because once a so-called "back-door" is created – any hacker will have access to all your personal information. Fact: No gov't agency has ever been able to protect digital data from being hacked – including the Pentagon and White House. If they get an "encryption key", so will any serious hacker out there. They always do. And by setting a precedent, expect other governments in other countries to demand the exact same thing for any reason they feel like.

    To give government law enforcement agencies whatever they want with no legal protection for individual personal privacy is by definition a police state.

    williamlondonManyMacsAgodamonflatifbpbrian greenchiamike1cornchiptdknoxpalomine
  • Reply 4 of 153
    apple ][apple ][ Posts: 9,233member
    I'm with Tim Cook & Apple on this one!

    I appreciate that my iOS devices are very secure, and I'd rather not see Apple being forced by the govt to create weaker and compromised versions of iOS on purpose, something that would affect hundreds of millions of customers.

    The authorities and the administration should have just done their jobs better and those terrorists could have been caught before they carried out their act of workplace violence. Red flags were everywhere. 
    williamlondonanantksundarammwhitedamonfbrian greenlatifbpgtrcornchiptdknoxcali
  • Reply 5 of 153
    Brilliant marketing for the iPhone. It don't get better than this. 
    williamlondonlatifbpcornchipjbdragonjonagold
  • Reply 6 of 153
    Coming soon folks.
    The Apple iPhone 7 for use in the USA
    and
    The Apple iPhone s7 for use in the rest of the world and specifically not in the USA

    Just don't get caught with the latter in the 50 states.

    jonagold
  • Reply 7 of 153
    Who thinks Tim Cook doesn't have a back door to view all of your personal information?
  • Reply 8 of 153
    Next, China will ask for the same tool to crack political dissident’ phones, or even US spy suspects. If Apple won’t comply.. “out of the country!”.
    This is very short-sight from the judge.
    edited February 2016 williamlondonanantksundarambrian greenlatifbpchiachaickacaliretrogustojbdragonentropys
  • Reply 9 of 153
    Who thinks Tim Cook doesn't have a back door to view all of your personal information?
    Do you have an evidence that Tim Cook does?
    edited February 2016 williamlondonmwhitedamonfbrian greencalijbdragonlolliverkevin keekingofsomewherehotindyfx
  • Reply 10 of 153
    Who thinks Tim Cook doesn't have a back door to view all of your personal information?
    Wow you signed up for that comment? Troll much?
    williamlondonmwhitebrian greenlatifbpchiacornchipcaliicoco3magman1979melodyof1974
  • Reply 11 of 153
    macxpress said:
    Who thinks Tim Cook doesn't have a back door to view all of your personal information?
    Wow you signed up for that comment? Troll much?


    If I were Apple, I'd be more than willing to spend every single cent of their money to fight this. In the words of Steve Jobs, this is just gone Thermonuclear!
    mwhitelatifbpcornchipcalimagman1979lolliverkevin kee
  • Reply 12 of 153
    ronmgronmg Posts: 163member
    Now hold on everyone. Here's an idea. A secure enclave within the secure enclave that is also 256 bit encryption but requires that 5 physical keys be turned at precisely the same time in 5 different offices in order to unlock the iPhone: The President of the United States, the Head of the FBI, the Chief of the CIA, the Head of Homeland Security, and Tim Cook. So, you have hardware security and software security. The iPhone MUST be docked to one of the 5 key stations. Hell, we can start World War 3 with the turn of just 2 keys, this would be tons better, wouldn't it?!?!?

    I can just picture the movie coming from this. National Treasure 3. "How will we find the (insert priceless artifact name here)???" Nicholas Cage - "We're going to download the President's iPhone!! OK, we need to each break into the homes of the President, Tim Cook, and the leaders of the FBI, CIA, and Homeland Security, then remove the keys from around their necks while they sleep, take the President's iPhone 8, then break into the Oval Office, Pentagon, Apple Headquarters, and, well, wherever else the freaking offices are, then turn our keys at precisely 14:32:57. That's 2:32 AM, at exactly 57 seconds!! We have roughly 5 hours to accomplish this. Now, let's verify our iPhones have exactly the same time..."

    :-)


    cornchipcalikibitzermelodyof1974
  • Reply 13 of 153
    If it does come down to that, after exhausting all appeals, what would be a reasonable fee for such a customized version of iOS? 100 million, billion? Paid in advance of course
    retrogusto
  • Reply 14 of 153
    Apple's position on this is absurd. They should be working to devise a way to comply with the order and maintain security of all other products. The two goals are not incompatible. For example, require the work be physically contained and under Apple's control. The terrorist's phone does not leave the Apple facility. The FBI works with Apple's people on Apple's property with the agreement that the phone does not leave Apple's control with the work-around loaded into it.

    The entire attitude should be about getting this job done while maintaining the security of everyone else.

    Short of this or some approach along a similar line of thinking, the FBI should seek Tim Cook's arrest, fines and a period of imprisonment for Contempt of Court. If that fails to obtain the necessary response, further prosecution should follow.
  • Reply 15 of 153
    Cook is spot on about this. Open the door just an inch, and you've pretty much left everything open to everyone, in time. 

    As as an aside, is Apple the only maker of an OS with strong encryption? What does Google/Android do in this regard?
    williamlondonmwhitebrian greenchiacornchipdtidmorekibitzerhlee1169lolliverargonaut
  • Reply 16 of 153
    This isn't as bad as it sounds. Remember, this is a 5C we are talking about which doesn't use the secure enclave. That means there is no hardware delay when attempting to brute force passwords. Granted, they'll still need apple to sign whatever modified version of iOS they want to upload but after that they can brute force it themselves. 
  • Reply 17 of 153
    Boy there are a lot of trolls that signed up for this article.  Nice try.
    williamlondonmwhitebrian greencornchipbuzdotsyoyo2222calimagman1979kibitzernolamacguy
  • Reply 18 of 153
    cnocbuicnocbui Posts: 3,613member
    The problem arises if the court order is technically feasible.  If that is the case, they ultimately might be forced to comply. If that were the case, Apple could make it clear that their compliance would also result in them being forced relocate their iOS software development to a subsidiary in Ireland so that their US operations no longer had the technical capability to comply with such orders.

    They couldn't re-locate to the UK because that place is worse than Russia for the states attitude to surveillance of their citizenry.

    Switzerland might be a good choice also.
    edited February 2016 genovellelatifbpcornchipargonaut
  • Reply 19 of 153
    What Jack Bauer do?
  • Reply 20 of 153
    Hmmm...I wonder how this will play with the general public. Most people that don't know anything about the specifics will just see chyron's like the one below and think Apple is on the side of terrorists. Apple better have someone ready to go on TV defending this if necessary. image
    cornchipcaliargonaut
Sign In or Register to comment.