Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Government hints it may demand iOS source code, signing key

Gregg Keizer | March 14, 2016
Not-so-subtle threat that if Apple won't comply with court order, there's a Plan B … which could be a Lavabit-like ultimatum

The US government yesterday hinted that it may demand that Apple hand over the iOS source code and the encryption key the Cupertino, Calif. company uses to sign updates if it won't comply with a court order to help authorities unlock an iPhone.

In a footnote in a Thursday brief, the Department of Justice (DOJ) said it would be happy to have Apple's source code and digital signing key.

"For the reasons discussed above, the FBI cannot itself modify the software on Farook's iPhone without access to the source code and Apple's private electronic signature," the footnote read. "The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."

Yesterday's brief was the latest volley by the DOJ in its efforts to force Apple to help the Federal Bureau of Investigation (FBI) access information stored on an iPhone used by Syed Rizwan Farook. Along with his wife, Tafsheen Malik, Farook killed 14 in San Bernardino, Calif. on Dec. 2, 2015. The two died in a shootout with police later that day.

The government has labeled the attack an act of terrorism.

A February court order required Apple to help the FBI by building a customized version of iOS that would disable several security safeguards, then put the software on the device so authorities can bombard it with passcode guesses. Only Apple can place the reworked iOS on Farook's phone, as the only updates that an iPhone will accept are those Apple "signs" using its own cryptographic key.

Apple has contested the order, objecting on legal and constitutional grounds, as well as because the work would be a burden on the company that it should not be asked to accept. The last was what the DOJ referenced in the footnote when it said, "[handing over iOS source code and the key] may provide an alternative that requires less labor by Apple programmers."

Because Apple would hardly give authorities its source code and key without a fight, the implication was that, failing compliance of the current order, the government may demand them.

That was made clear by additional language in the footnote, which reminded the judge -- and obviously Apple -- that another court has applied contempt sanctions in the case that involved Lavabit, an encrypted email service whose founder shuttered his company in 2013, shortly after being forced to give the government the firm's private encryption key.

Lavabit had reportedly been used by former National Security Agency (NSA) contractor Edward Snowden to alert the media of an upcoming press conference.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.