lolloj - Fotolia

Apple vows to raise security as FBI breaks into iPhone

Apple says it will help law enforcement with investigations, but will increase the security of its products after the FBI broke into an iPhone

Apple has vowed to increase the security of its products after the FBI bypassed the security of the San Bernardino gunman’s iPhone 5C with the help of a third party.

For nearly six weeks Apple has been under pressure after a judge ordered the company to help the FBI by creating a backdoor to access data held on the device.

The court order fuelled debate over encryption and privacy, and prompted big US technology firms such as Google, Microsoft and Facebook to come out in support of Apple.

When Apple refused to obey the court order, the FBI filed a court case aimed at forcing the company to unlock the iPhone of San Bernardino gunman Syed Rizwan Farook.

The court showdown was set for 22 March 2016 – but the FBI postponed at the last minute, to test a way of accessing the data offered by an unnamed third party.

The case has subsequently dropped after the FBI announced that the unspecified method of bypassing the iPhone’s security systems to access data on the device proved successful.

“It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with co-operation from relevant parties or through the court system when co-operation fails,” US Department of Justice spokeswoman Melanie Newman said.

“We will continue to pursue all available options for this mission, including seeking the co-operation of manufacturers and relying on the creativity of both the public and private sectors.”

Read more about encryption

  • A report from US district attorney Cyrus Vance claims the encryption of data on mobile operating systems has had severe consequences for public safety.
  • The Wikimedia Foundation calls on all websites to join its move to encrypt all connections by default.
  • Seven more security suppliers join Blue Coat’s encrypted traffic management programme amid fresh warnings of attackers using encryption to hide malicious activity.

Putting people at risk

Apple issued a statement in response saying: “From the beginning, we objected to the FBI's demand that Apple build a backdoor into the iPhone, because we believed it was wrong and would set a dangerous precedent. As a result of the government's dismissal, neither of these occurred. This case should never have been brought.”

The company said it would continue to help law enforcement with their investigations, but it also vowed to continue to increase the security of its products in the face of increasingly frequent and sophisticated attacks on data.

Apple said it believed people around the world deserve data protection, security and privacy.

“Sacrificing one for the other only puts people and countries at greater risk. This case raised issues which deserve a national conversation about our civil liberties, and our collective security and privacy. Apple remains committed to participating in that discussion.”

Read more about the Investigatory Powers Bill

The US Department of Justice has declined to comment on whether it will share with Apple the method it has used to bypass the iPhone’s security features.

Officials also declined to say whether the FBI would share the method with other state agencies working on cases that require bypassing iPhone security measures.

If the method exploits a flaw, Apple is keen to fix it so that it could not be exploited by cyber criminals, but US government officials have classified the information, according to the Guardian.

Legal debate remains

News of the iPhone security bypass method has raised concerns that it may not work only for the iPhone 5C running iOS9, but for other models and versions of the operating system, if not all.

Although the battle between the FBI and Apple may be over for now, it will probably only be a matter of time before the issue raises its head again, either with Apple or some other technology company being ordered to build a backdoor, according to independent security consultant Graham Cluley.

“Maybe next time the FBI will take on a company which doesn't have the backbone of Apple, and isn't as prepared to stand up - meaning a precedent might be set much more easily,” he wrote in a blog post.

Cluley said that by dropping the case, the FBI has prevented an important debate in court and it remains unknown if law enforcement agencies can compel a company’s software engineers to write code that they did not want to write.

Los Angeles lawyer Stephen Larson who represents seven families of those killed in the San Bernardino attack welcomed the outcome, reports Phys.org.

"For this to have dragged out in court battles would not have served the interests of either" the victims or law enforcement, he said.

But Alex Abdo, a lawyer representing the American Civil Liberties Union said the case is far from settled and it was "just a delay of an inevitable fight" about whether the government can force a company like Apple to undermine the security of its products to facilitate an investigation.

In the UK, several technology suppliers have raised concerns about the government’s draft Investigatory Powers Bill, and some have indicated that they have contingency plans to leave the UK if the final draft of the bill is not clear that it will not require weakened encryption or back door access.

Investigatory Powers Bill

In a written submission to the Investigatory Powers Public Bill Committee published on 24 March 2016, technology firms Apple, Facebook, Google, Microsoft, Twitter and Yahoo reiterated their concerns about the planned legislation.

The areas of concern include the bill’s extra-territorial jurisdiction, the lack of clarity around encryption, judicial authorisation, bulk collection, transparency, judicial process, oversight, and network integrity and cyber security requirements.

The US tech firms have called for several amendments, including the introduction of statutory provisions recognising the importance of network integrity and cyber security.

Read more on Privacy and data protection