A US federal magistrate has ordered Apple to help the Federal Bureau of Investigation unlock the iPhone of one of the San Bernardino shooters.
The order is the most high-profile case yet of the federal government trying to figure out how to use existing law to get around stronger encryption being used in consumers’ phones. It is likely to add more fire to an already heated debate between Silicon Valley and Washington DC about the balance between national security and electronic privacy.
In this case, FBI director James Comey has said his agents have been locked out of one of the shooter’s phones as they search for evidence about the mass shootings in December 2015.
Investigators are still trying to determine to what extent the shooters were influenced by radical Islamic terrorist groups and who they had been in touch with before the rampage.
In 2014, Apple began making iPhones with additional encryption software that they said they couldn’t unlock, even if faced with a court order. Apple said this was done in the name of consumer privacy and cybersecurity, but the company has been locked in a public feud with the FBI since.
The problem for the FBI is that it is difficult to tell one of America’s most popular companies how they should make their products. In the San Bernardino case, they are attempting a novel workaround to get into the suspect’s iPhone 5c, which would have Apple’s encryption software if its operating system is up to date.
Sheri Pym, the federal judge, has ordered Apple not to turn off its encryption but to make it easier for federal agents to randomly guess the suspects’ iPhone passcode. Apple has built a security feature into iPhones so that a phone slows down anyone trying to “brute force” his way into a phone by guessing passcode after passcode.
The built-in delay is so substantial that Apple said it would take someone 5 1/2 years to guess every possible code for a single device.
“It will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred Apple hardware,” read a copy of the court order.
The magistrate also wants Apple to turn off any “auto-erase” functions on the phone, if enabled.
This will be done with a program Apple is ordered to write and will allow FBI agents to install it on the suspect’s phone at a federal or Apple facility, according to the order. Apple is allowed to provide a cost estimate and rebuttal if it “believes that compliance with the Order would be unreasonably burdensome”. It also allowed Apple the option of coming up with another way to achieve the same result.
Apple didn’t immediately respond to a request for comment.
The case is the most high-profile one in which a federal court has ordered Silicon Valley to help the US government get around new security measures added since the Edward Snowden leaks.
After the former National Security Agency contractor leaked government spy secrets to the Guardian and other news outlets, Silicon Valley started adding more encryption to many of its products. This was to boost user security and, in part, because of embarrassment over revelations that some tech executives had worked closely with the NSA.
Comey, the bureau’s director, has recently acknowledged the Obama administration won’t dictate how Apple should code its wildly popular phones. That meant his agency had to figure out ways in existing law to still get access to the information.
One option is a 225-year-old law called the All Writs Act, which magistrate Sheri Pym cites in her three-page order dated 16 February. The law gives courts broad authority to ensure their orders are fulfilled.