ras-slava - Fotolia
A US federal judge has given Apple five days to help the FBI to access the data on the iPhone 5C running iOS9 used by San Bernadino gunman Syed Rizwan Farook.
The order acknowledges Apple cannot access the data, but orders the iPhone maker to enable the FBI to find the passcode using a trial-and-error approach, however Apple has announced that it will contest the order.
Apple chief executive Tim Cook said in a statement that US government has demanded that Apple take an "unprecedented step which threatens the security of our customers."
"We oppose this order, which has implications far beyond the legal case at hand," he said.
Judge Sheri Pym ordered Apple to create a custom firmware file to enable the FBI to bypass or disable the auto-erase function and brute force crack the phone’s passcode to access and decrypt data stored on the device.
Farook and his wife Tashfeen Malik killed 14 people when they opened fire on an office party on 2 December 2105. Malik reportedly pledged her allegiance to IS leader Abu Bakr al-Baghdadi through social media on the day of the attack.
In a 40-page filing, the US Attorney's Office in Los Angeles said the government had been unable to complete a search of the device, because it cannot access the iPhone's encrypted content.
“Apple has the exclusive technical means which would assist the government in completing its search, but has declined to provide that assistance voluntarily,” the filing said.
Prosecutors said they need to access the phone's data to find out who Farook and Malik were communicating with, who may helped them plan and carry out the attack, and what their movements were leading up to the attack.
In what could be a landmark ruling, Judge Pym ordered Apple to provide "reasonable technical assistance" to the government in recovering the data on Farook’s iPhone.
Read more about encryption
- A report from US district attorney Cyrus Vance claims the encryption of data on mobile operating systems has had severe consequences for public safety.
- The Wikimedia Foundation calls on all websites to join its move to encrypt all connections by default.
- Seven more security suppliers join Blue Coat’s encrypted traffic management programme amid fresh warnings of attackers using encryption to hide malicious activity.
Tech firms encrypt after Snowden
The ruling comes just a week after FBI director James Comey cited the San Bernardino shootings in testimony before Congress about the challenges of smartphone encryption.
Since September 2014, all data on Apple devices has been encrypted by default. Apple is among several technology companies that have introduced encryption in an attempt to restore customer trust after whistleblower Edward Snowden’s revelations about government surveillance operations.
To secure the ruling in the San Bernardino case, the government reportedly used the All Writs Act – an 18th-Century catch-all statute that allows courts to compel a person or company to do something – according to Ars Technica.
Ahmed Ghappour, a law professor at the University of California, told Ars Technica it was unprecedented for the government to use the All Writs Act to compel a technology company to create custom software to break into an encrypted device.
"The ramifications of such a precedent could be tremendous. If the government can compel Apple to provide custom software, why can’t they compel Facebook to customise analytics that predicts the criminality of their user base?”
Setting a civil liberties precedent
The US government has reportedly advised Apple that it intends to continue to invoke the All Writs Act in an attempt to require Apple to assist in bypassing the security of other Apple devices in the government’s possession.
Igor Baikalov, chief scientist at security firm Securonix said: “It's a really sensitive topic, although most of the sensationalism around it comes from the attempts to institute a generic approach to a very diverse set of circumstances.
“The San Bernardino case is a no-brainer but, when one considers a long line of inquiries lined up after that one – claiming similar urgency plus preventive potential, but not having a the benefit of hindsight – the question becomes where to draw the line, and who is the one to draw it,” he said.
Considering technology suppliers are under pressure from customers and law enforcement, Baikalov said it is only fair to leave the determination to them.
“Give them the ability to balance their privacy policies with legal pressure, because the success and often the survival of their business is at stake here, whether they want it or not,” he said.
In the UK, several technology suppliers have raised concerns about the government’s draft Investigatory Powers Bill, and some have indicated that they have contingency plans to leave the UK if the final draft of the bill is not clear that it will not require weakened encryption or back door access.