Apple Counters FBI's Backdoor Demand as Unconstitutional

2016-03-16T16:12:35
ID THREATPOST:0446684CEA129B6EF477889FDC273077
Type threatpost
Reporter Michael Mimoso
Modified 2016-03-24T13:15:03

Description

Apple has matched the Department of Justice’s recent vitriol, by this week calling the FBI’s request for code to help it unlock Syed Farook’s iPhone unconstitutional.

Furthermore, Apple in a court filing this week again challenged the validity of the government’s use of the All Writs Act of 1789 as justification in compelling Apple to build new firmware that will bypass existing security on the device.

“The government attempts to rewrite history by portraying the Act as an all-powerful magic wand rather than the limited procedural tool it is,” Apple’s attorneys wrote in a brief filed with a California District Court.

Apple argues in the brief that the All Writs Act has no authority to gain relief in situations where: “Congress enacts a specific statute prohibiting the precise action (i.e., says a court may not ‘order a smartphone manufacturer to remove barriers to accessing stored data on a particular smartphone,’), or where the government seeks to ‘arbitrarily dragoon’ or ‘forcibly deputize’ ‘random citizens’ off the street.

“Thus, according to the government, short of kidnapping or breaking an express law, the courts can order private parties to do virtually anything the Justice Department and FBI can dream up. The Founders would be appalled,” Apple wrote.

Apple stands by a legal declaration that computer code is the equivalent of speech, and is therefore protected under the First Amendment.

Last week, the Department of Justice countered a previous request by Apple that the courts vacate the order to comply with harsh language challenging Apple’s motives as marketing and brand driven, and calling its rhetoric “corrosive.”

“The government seeks to commandeer Apple to design, create, test, and validate a new operating system that does not exist, and that Apple believes—with overwhelming support from the technology community and security experts—is too dangerous to create,” Apple’s attorneys wrote. “Seeking to belittle this widely accepted policy position, the government grossly mischaracterizes Apple’s objection to the requested Order as a concern that ‘compliance will tarnish its brand'”

Apple has been asked to build new iOS firmware that would disable or bypass security provisions in the operating system that prevent brute-force attacks against the passcode unlocking the phone; the phone automatically wipes itself after 10 missed guesses. The government contends this is a one-time request, while Apple counters that its compliance would set a precedent that could be used in perpetuity. Apple has also submitted that the creation of an intentional vulnerability in iOS would be abused by hackers and foreign governments.

“The government’s assertion that ‘there is no reason to think that the code Apple writes in compliance with the Order will ever leave Apple’s possession,’ simply shows the government misunderstands the technology and the nature of the cyber-threat landscape,” Apple’s attorneys wrote.

The brief also quotes an Apple engineer who explains the cat-and-mouse game between hackers and defenders and the continuous cycle of patching and exploiting new vulnerabilities. An amicus brief filed March 3 by iOS and cryptography experts further makes the case of the dangers of building a backdoor.

“This spread increases the risk that the forensic software will escape Apple’s control either through theft, embezzlement, or order of another court, including a foreign government,” the amicus brief says. “If that happens, the custom code could be used by criminals and governments to extract sensitive personal and business data from seized, lost, or stolen iPhones, or it could be reverse engineered, giving attackers a stepping stone on the path towards their goal of defeating Apple’s passcode security. Compelling Apple to create forensic software for the government is also dangerous due to any bugs the software might contain.”