I’ve said a few things about this on Twitter already, but what amazes me here is that they are not asking Apple to turn over the key, or even to decrypt the data using a key they already have. Instead, they are trying to say they can force a private company to dedicate resources to writing a special version of their software, installing it on a device and then allowing the FBI remote access to the device.
More Than One
The court order states it applies only to the one phone & generously allows Apple to write the modified software in such a way that it cannot run on another iPhone. While that may be possible, those making the request are no doubt totally aware that whatever identifier is used to achieve that locking can easily be changed to match the next phone they want unlocked. The core change will be reusable on any iPhone. And I’m very sure they know that. As do other law enforcement agencies; some have already said they will submit their own requests. This one request will turn into hundreds or thousands per year. Which is going to cost Apple directly. As a shareholder, that sounds wrong to me (unless these demands come with payment to cover the cost of the work).
Another aspect that I don’t think has been well thought through is the simple fact that if US law enforcement can get iPhones unlocked, then similar agencies in other countries will demand the same, or more. Want to keep selling phones in China or wherever, then you’d better allow the government to unlock any they want unlocked. No questions asked.
That is pretty chilling already, but where does it end? Suppose they (and remember, it doesn’t have to be the US) decide Apple could write, or even just sign, an over the air update to snoop on somebody, or on a group of people, without their knowledge. Or everybody (i.e. install a backdoor in every iPhone sold in the country).
How about they decide it would not be an undue burden for Ford, Toyota or BMW to push an OTA update to some people’s cars to track where they drive & report it, or to activate the hands free mic and record everything that is said. In fact, why stop at just a few; why not have every car secretly tracked, and every phone monitored. The East German Stasi would have loved that.
It’s Just Software
Software is an integral part of many electronic products. It enables so much that would be impossible without it that there is no turning back. As IoT catches on, more and more of the devices we own will be run by software & be online. The claim made by US Attorney Decker that “writing software code is not an unreasonable burden for a company that writes software code as part of its regular business” could apply to almost every company with electronics in their product.
That claim is also false. Just because a company does something every day doesn’t reduce the effort involved. Sure, they have employees with the right skills, but those engineers, especially ones who work on security code, are almost certainly already busy on other projects directly related to the company’s business. Those projects will be delayed while the specialists are working on these demands.
Should any government be allowed to demand that private companies create & install whatever special versions of their software they are asked for? It is one thing to ask for guidance, or for existing information to be provided, but quite another to require things that don’t exist to be created.