Cryptologists And Computer Science Experts Rally Around Apple
A court order requiring Apple to help the FBI unlock one of the San Bernardino shooters' iPhones represents a grave security risk, a group of renowned technology experts argued in an amicus brief released Thursday
WASHINGTON — A group of elite computer security researchers has filed an amicus brief in support of Apple, as the Cupertino company fights a major legal battle against the FBI over an encrypted iPhone.
“This Court’s Order seeks to address law enforcement’s legitimate interest in conducting investigations,” the brief, released Thursday, begins. “However, in commanding Apple to create forensic software that would bypass iPhone security features, the Order endangers public safety.”
Among the seven co-signatories of the amicus brief are: Bruce Schneier, considered to be one of the world’s top security technologists; Jonathan Zdziarski, an independent researcher renowned for his expertise in iOS forensics; and Charlie Miller, a mobile security specialist and former NSA employee who has discovered several iPhone and Android vulnerabilities.
A judge recently ordered Apple to help the FBI break into a locked iPhone belonging to one of the San Bernardino shooters, setting off a national debate over encryption, consumer privacy, national security, and the limits of government surveillance.
The technologists argue that the San Bernardino case will set a legal precedent, in which law enforcement will be emboldened to demand new security-suppressing tools from American technology companies. While the Justice Department insists that the software it’s asking Apple to create will only be used for one confiscated iPhone, the security experts disagree. The security bypass, the technologists said, “almost certainly will be used on other iPhones in the future.”
The technologists went on to say that the spread of government-sanctioned software would increase the likelihood it would “escape Apple’s control.”
“If that happens, the custom code could be used by criminals and governments to extract sensitive personal and business data from seized, lost, or stolen iPhones, or it could be reverse engineered, giving attackers a stepping stone on the path towards their goal of defeating Apple’s passcode security.”
In a congressional hearing Tuesday, FBI Director James Comey dismissed this concern, however, pointing to what he sees as Apple’s stellar record of keeping its code secure and away from prying eyes.
But the experts, in turn, looked to the security practices of all the other institutions who might gain access to the code. “Even if Apple can reliably secure its own headquarters in Cupertino, Apple could be required by future courts in future cases to provide the Custom Code to U.S. or other governmental’ agents, whose physical security practices are beyond Apple’s control," they argued.
The technologists also looked abroad, citing places where Apple employees might be exposed to jail time or to the seizure of inventory if they refuse to comply with the demands of foreign governments. The security experts framed the international implications of the San Bernardino court order as a strategic foreign policy misstep, saying, “Once the capability of bypassing the passcode limitations exists, the United States will have thrown away both a moral and a practical argument against authoritarian abuse of iPhone customers.”
Dozens of technology companies, privacy groups, and other interested parties are expected to file friend of the court briefs by the end of the day.