In most issues of EFFector, we give an overview of all the work we’re doing at EFF right now. This week, we present a deep dive on the FBI’s fight with Apple over its customers’ privacy.
A U.S. federal magistrate judge has ordered Apple to undermine the security of an iPhone that was used by one of the perpetrators of December’s San Bernardino shootings. If carried out, the order would compromise the security of every Apple customer in the world. Fortunately, Apple is fighting back and standing up for its users, and EFF is filing an amicus brief in support of Apple’s position.
The government is doing more than simply ask for Apple’s assistance. For the first time ever, the government is telling Apple to write brand new code that eliminates the security features of its own products—features that benefit everyone who uses Apple products or even communicates with iOS users. Essentially, the government is asking Apple to create a master key so that it can open a single phone. And once that master key is created, we’re certain that both our government and others will ask for it again and again.
iOS can be set to erase its keys after 10 incorrect passcode guesses. The FBI wants software with this feature disabled.
iOS imposes increasingly long delays after consecutive incorrect passcode guesses to slow down guessing. The FBI wants software that accepts unlimited guesses with no delays.
iOS requires individual passcodes to be typed in by hand. The FBI wants a means to electronically enter passcodes, allowing it to automatically try every possible code quickly.
The FBI’s goal is to guess Syed Rizwan Farook’s passcode to unlock his phone. If it just tries entering passcodes, though, it might erase the device’s keys, at which point the data may never be recoverable. Hence, it’s telling Apple to write special software to allow unlimited guesses. The FBI claims that it has the right to make this request under the 1789 All Writs Act, a claim that many legal experts have questioned.
The problem with the FBI’s request is twofold. First, the risk of this piece of software getting into unauthorized hands is very high, and the damage that it could do is obvious.
Second, writing this code would probably encourage more government requests—potentially from other governments around the world. Even if you trust the U.S. government, once this master key is created, governments you don’t trust will surely demand that Apple undermine the security of their citizens as well.
“We know who the shooters were. We know who they were talking to. The FBI already has the metadata. They chose this case because they want precedent that they can order a company to design a particular feature at their whim.” EFF’s Nate Cardozo explains why the FBI’s order has very little to do with Farook’s phone and everything to do with setting a new precedent.
There is no such thing as a master key that only the good guys can use. EFF attorney Sophia Cope shows how carrying out the FBI’s order could open iPhone users to large-scale threats, both from criminals and from authoritarian world governments.
“Privacy nihilism is seductive, but deeply misguided. Privacy is not dead, and only those who wish to kill it claim otherwise.” EFF attorney Nate Cardozo debates James Andrew Lewis of the Center for Strategic and International Studies, explaining why it’s so important that Apple fight the FBI order.
Supported by Donors
Our members make it possible for EFF to bring legal and technological expertise into crucial battles about online rights. Whether defending free speech online or challenging unconstitutional surveillance, your participation makes a difference. Every donation gives technology users who value freedom online a stronger voice and more formidable advocate.
If you aren't already, please consider becoming an EFF member today.
EFF is attending the meeting to express civil liberties concerns with proposals to add digital cryptographic capabilities to the JPEG image format. We will explain our vision for how JPEG can implement security, securely. February 23, 2016
La Jolla, California
The symposium will focus on the latest developments in the US-EU Safe Harbor Framework, the roles of startups and businesses in the expansion of the Internet of Things into homes, and the evolving jurisprudence around the right to anonymity. EFF’s Jamie Lee Williams will speak. February 26, 2016
EFF staffers including General Counsel Kurt Opsahl, Staff Attorney Andrew Crocker, Staff Technologist Cooper Quintin, and Director of Grassroots Advocacy Shahid Buttar will share short presentations about EFF’s ongoing work before opening the floor for questions from the audience at BSides. February 28, 2016
San Francisco, CA