A court ordered Apple to unlock the iPhone of Syed Rizwan Farook, a suspect in the San Bernadino terrorist attack, December 2. Tim Cook isn’t happy, but he’s not making sense—he says Apple can’t give the FBI any more help, and claims that utilizing the law justifying the court’s order is “unprecedented.”

Well, no—on both counts. You see, neither statement is really correct: There are recent legal precedents for the use of this All Writs Act for exactly this purpose, and there are other technical avenues that Apple follow to help the FBI gather crucial evidence.

Well, this is awkward. You’d be forgiven for seeing Apple PR as cynically opportunistic.

In IT Blogwatch, bloggers dig into the story. Not to mention: Mike Matas’s “The Brain”...

Your humble blogwatcher curated these bloggy bits for your entertainment. [Developing story: Updated 8:18 am PT with more comment]



What’s the craic? Ellen Nakashima reports—Judge orders Apple to help unlock iPhone used by Calif. shooter:

A slippery slope

A federal judge has ordered Apple to help the government unlock the iPhone used by one of the shooters [in] San Bernardino. … The government said that the firm failed to provide assistance voluntarily.

…

The order … does not ask Apple to break the phone’s encryption but rather to disable the feature that wipes the data … after 10 incorrect tries. [So] the government can try to crack the password using “brute force.”

…

The Silicon Valley giant has steadfastly maintained that it is unable to unlock its newer iPhones for law enforcement. … However, U.S. Magistrate Judge Sheri Pym said in her order, Apple can.

…

The government requested the order under the All Writs Act, a law dating to the colonial era. … The Supreme Court in 1977 held that the law gave … authority to direct a phone company to execute a search warrant.

…

Some legal scholars, however, said the use of the All Writs Act … presents a slippery slope.



Here’s a pretty pickle, then. Tim Cook speaks, in this Message to Our Customers:

An unprecedented use of the All Writs Act

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. [It] calls for public discussion.

…

We were shocked and outraged by the deadly act of terrorism in San Bernardino. … We have worked hard to support the government’s efforts. … We’ve offered our best ideas on a number of investigative options at their disposal.

…

Rather than asking for legislative action … the FBI is proposing an unprecedented use of the All Writs Act of 1789. … The implications … are chilling. If the government can use the All Writs Act [it] could extend this breach of privacy.



Uh, wait Tim, stop! Your (ahem) “ignorance” of history is noted. Here’s Cyrus Farivar, back in 2014:

Apple has routinely complied with such orders

DOJ is pursuing an unusual legal strategy to compel cellphone makers to assist investigations. … Prosecutors have now invoked the … 18th-century federal law [which] simply allows courts to issue an … order [that] compels a person or company to do something.

…

About six weeks after Apple announced that it would be expanding encryption under iOS 8 … prosecutors asked [Apple] to "assist in the execution of a federal search warrant by facilitating the un-locking of an iPhone." … "This Court has the authority to order Apple, Inc., to use any capabilities it may have," … an assistant US attorney, wrote to the court and cited the All Writs Act. … "Additionally, Apple has routinely complied with such orders."

…

In response, Magistrate Judge Kandis Westmore ordered that Apple "provide reasonable technical assistance … but Apple is not required to … enable law enforcement’s attempts to access any encrypted data." … Westmore’s language is a near-duplicate of a June 6, 2014 order issued by … Magistrate Judge Howard Lloyd [who] ordered Apple to assist in the search of an iPad.

…

Use of the All Writs Act is not as novel as it may seem.



Not only that—it gets worse. Dan Guido says that Apple’s claim of impotence is bogus anyway—Apple can comply with the FBI court order:

Recovery of the PIN within a half hour

Many have argued whether these requests from the FBI are technically feasible. … Based on my initial reading of the request and my knowledge of the iOS platform … the FBI’s requests are technically feasible.

…

The iPhone is the property of the San Bernardino County Department of Public Health … and the FBI has permission to search it. [And] the recovered iPhone is a 5C [which] lacks … the Secure Enclave. [So] nearly all of the passcode protections are implemented in software by the iOS operating system and, therefore, replaceable by a firmware update.

…

Without the Secure Enclave … iOS can guess one passcode every 80ms. [With] a 4-digit PIN, this speedup will result in recovery of the PIN within a half hour.

…

Apple has allegedly cooperated with law enforcement in the past by using a custom firmware image. … In order to limit the risk of abuse, Apple can lock the customized version of iOS to only work on the specific recovered iPhone.



What about the wider implications, though? Here’s Christopher Soghoian:

If you can, the gov will force you to

Forcing a company like Apple to use its code signing keys to sign malicious software raises a number of troubling First Amendment issues.

…

Apple's marketing team must be over the moon. That DOJ has to go to court to break the security of iOS is PR that money can't buy.

…

Surely the NSA can help the FBI do this. That they're going the legal route suggests they just want to set precedent.

…

If you can circumvent your product security, the gov will force you to do so. Going forward, smart tech companies will tie their own hands.



Update: Installing custom firmware is something only Apple can do. As Nathan “v1” Fisher reminds us:

What if this is just a show?

Unlike firmware updates on many devices … Apple iOS devices … require the firmware to be "signed", each time it is installed. … If it's invalid, the phone's hardware will refuse to install it

…

Around 1-2 weeks after Apple releases a new iOS, they stop signing the old one. This prevents you from downgrading.

…

So users cannot hack the firmware. … But Apple has the secret part of the key [so] can roll their own custom firmware, sign it … and the device will accept it. If Apple really wanted to fully cooperate, it would be trivial.

…

[But] what if [the FBI] already can access the data … and this is just a show? … Right now the terrorists are keeping a close eye on this case, trying to decide whether it's a "good idea" to use the iphone.



If … the FBI shrugs and goes away moping, but suddenly has a breakthrough a few months from now … well, guess what. … They want the terrorists to think the iPhone is a safe haven … so they continue to have access to it.

…

This is a perfect parallel to … Britain's cracking of enigma etc. Their greatest efforts went into making sure Germany didn't believe their code had been broken. The FBI is doing exactly the same.

And Finally …

Mike Matas’s “The Brain”: A neural network built entirely in Quartz Composer

[hat tip: Andy Baio]