Hands off our iPhones!

An order issued by a US federal magistrate judge last week, requiring Apple to help the government break into an iPhone, has prompted widespread and escalating controversy. The phone in question belonged to Syed Farook, one of the San Bernardino shooters. Since seizing the phone in December the FBI has been unable to unlock it.

Legitimate concerns about the implications of the order have driven users around the country to raise their voices in defence of not only their privacy, but also the security of their online platforms.

While the FBI has framed its demand in terms of unlocking a single phone, it has failed to address concerns that the implementation of the order would necessarily compromise the security of millions of other devices and the people who use them.

The order would require the development of a new software vulnerability that, Apple says, ‘would have the potential to unlock any iPhone in someone’s physical possession’.

This tool would be dangerous, whether used by a black-hat hacker looking to infiltrate Apple’s systems, a future FBI investigation emboldened by this week’s order, or a dictatorship looking for new ways to oppress its people. As Nate Cardozo explained on PBS recently: ‘Authoritarian regimes around the world are salivating at the prospect of the FBI winning this order. If Apple creates the master key that the FBI has demanded, governments around the world are going to be demanding the same access.’

In that respect, the FBI’s demands reflect a familiar pattern of security agencies leveraging the most seemingly compelling situations – usually the aftermath of terror attacks – to create powers that are later used more widely, and eventually abused. For example, the US government programmes which monitor telephones and the internet were created in the wake of the 9/11 attacks. Those programmes undermined the rights of millions of people.

Giving intelligence agencies the power to force a company to undermine security protections for its customers may seem compelling in a particular case, but this order has very significant implications both for technology and the law. Not only would it require a company to create a new vulnerability, potentially affecting millions of users, but it would also create a dangerous legal precedent. The next time an intelligence agency tries to undermine consumer-device security, the government will have a supportive case to cite.

What’s worse, agency officials have a disturbing habit of twisting the facts, even when under oath, and misleading judges and legislators – that is, on the rare occasion they are forced to answer tough questions in court.

Ultimately, the FBI is ordering Apple to introduce a ‘backdoor’, which, in security parlance, refers to vulnerabilities used to access an otherwise closed system. One example is the vulnerabilities in Cisco routers that the NSA surreptitiously put in place after intercepting the company’s hardware shipments. While the order does not require Apple to create a backdoor per se, it does entail disabling core security features that would allow the FBI quickly and easily to hack the phone.

Some people have suggested that this is not a backdoor, since implementing the order would not, in itself, give the FBI access to the phone (it would still need to use brute force in order to access it). But the order does entail the removal of important security features, leaving the phone vulnerable to the same extent that removing the security gate in front of a door might leave it vulnerable to someone inclined to break it down.

Resistance to this half-baked and ill-advised judicial command has already taken many forms. The day after the order was issued, users congregated at the Apple Store in San Francisco to voice their support for Apple’s stance. Similar gatherings are planned in cities across the US, including the FBI headquarters in Washington DC.

Here’s hoping the government takes notice.

Shahid Buttar is director of grassroots advocacy group Electronic Frontier Foundation.

This is an edited version of an article published on the EFF website.

Picture by: Farls Algosalbl, published under a Creative Commons license.