By Gregg Keizer
Computerworld | Mar 2, 2016 1:24 PM PT
The American Civil Liberties Union (ACLU) today filed an amicus brief with a California federal court, taking Apple’s side in the dispute about whether the company should be compelled to help the government access an iPhone.
The friend-of-the-court brief set out multiple arguments why Apple should not be forced to assist the Federal Bureau of Investigation (FBI) in brute-forcing the passcode on an iPhone used by Syed Rizwan Farook. Farook and his wife, Tafsheen Malik, killed 14 in San Bernardino, Calif. on Dec. 2, 2015, before they died in a shootout with police. Authorities later labeled it an act of terrorism.
Last month, a federal magistrate ordered Apple to help the FBI gain access to Farook’s iPhone by creating a heavily modified version of iOS that would disable several security safeguards, then put the software on the device so authorities can bombard it with passcode guesses. The FBI has repeatedly said it believes there is unique information on Farook’s iPhone that will help its investigation.
Apple is fighting that court order. And the ACLU was the first to file an amicus brief supporting the Cupertino, Calif. company in that battle.
“This case is not about a single phone — it’s about the government’s authority to turn the tech companies against their users,” Alex Abdo, an ACLU staff attorney, said in a Wednesday statement.
In the brief, the ACLU argued constitutional as well as case law, citing the Fifth Amendment, for example, and asserting that the All Writs Act — a 1789 law that the Department of Justice (DOJ) used to compel Apple’s assistance — does not give the government the authority to force the firm’s hand.
But while many of the ACLU’s arguments had been made by Apple in its motions before the same court, one had not.
“The burden imposed by the government’s request extends far beyond Apple itself,” the brief said. “If the government’s interpretation of the law holds, not only could it force Apple to create the cryptographically signed software it seeks here, but it could force Apple to deliver similar signed software using Apple’s automatic-update infrastructure. This would be devastating for cybersecurity, because it would cause individuals to legitimately fear and distrust the software update mechanisms built into their products.”
Earlier this week, Christopher Soghoian, a prominent privacy researcher and activist who currently works for the ACLU as the principal technologist with its Speech, Privacy, and Technology Project, wrote a piece for the Washington Post in which he made the same case about software updates.
“If consumers fear that the software updates they receive from technology companies might secretly contain surveillance software from the FBI, many of them are likely to disable those automatic updates,” Soghoian said.
In 2012, security researchers discovered that Flame, sophisticated nation-state-grade cyber-espionage malware, had spoofed Microsoft’s Windows Update service, and so could trick a PC into accepting a file as an update from Microsoft when in reality it was nothing of the kind.
Flame’s creators were able to do that after leveraging a bug in a Microsoft service to generate digital signatures that were “signed” by the Redmond, Wash. company.
Others are expected to file amicus briefs this week, including the Electronic Frontier Foundation and Microsoft on behalf of Apple’s position, and law enforcement agencies supporting the government’s stance.
The ACLU’s brief can be found on its website.
Read the entire article at the following link: http://www.computerworld.com/article/3040356/apple-ios/aclu-you-can-kiss-trust-in-software-updates-goodbye-if-apples-forced-to-help-the-fbi.html