Not-so-subtle threat that if Apple won’t comply with court order, there’s a Plan B … which could be a Lavabit-like ultimatum
By Gregg Keizer
Computerworld | Mar 11, 2016 12:24 PM PT
The government yesterday hinted that it may demand that Apple hand over the iOS source code and the encryption key the Cupertino, Calif. company uses to sign updates if it won’t comply with a court order to help authorities unlock an iPhone.
In a footnote in a Thursday brief, the Department of Justice (DOJ) said it would be happy to have Apple’s source code and digital signing key.
Yesterday’s brief was the latest volley by the DOJ in its efforts to force Apple to help the Federal Bureau of Investigation (FBI) access information stored on an iPhone used by Syed Rizwan Farook. Along with his wife, Tafsheen Malik, Farook killed 14 in San Bernardino, Calif. on Dec. 2, 2015. The two died in a shootout with police later that day.
The government has labeled the attack an act of terrorism.
A February court order required Apple to help the FBI by building a customized version of iOS that would disable several security safeguards, then put the software on the device so authorities can bombard it with passcode guesses. Only Apple can place the reworked iOS on Farook’s phone, as the only updates that an iPhone will accept are those Apple “signs” using its own cryptographic key.
Apple has contested the order, objecting on legal and constitutional grounds, as well as because the work would be a burden on the company that it should not be asked to accept. The last was what the DOJ referenced in the footnote when it said, “[handing over iOS source code and the key] may provide an alternative that requires less labor by Apple programmers.”
Because Apple would hardly give authorities its source code and key without a fight, the implication was that, failing compliance of the current order, the government may demand them.
That was made clear by additional language in the footnote, which reminded the judge — and obviously Apple — that another court has applied contempt sanctions in the case that involved Lavabit, an encrypted email service whose founder shuttered his company in 2013, shortly after being forced to give the government the firm’s private encryption key.
Before Lavabit founder Ladar Levison complied and gave the government his SSL/TSL (Secure Socket Layer/Transport Layer Security) encryption key, he was being fined $5,000 a day for not complying.
“See In re Under Seal, 749 F.3d 276, 281-83 (4th Cir. 2014) (affirming contempt sanctions imposed for failure to comply with order requiring the company to assist law enforcement with effecting a pen register on encrypted e-mail content which included producing private SSL encryption key),” the DOJ’s brief stated.
The case cited was Lavabit’s.
“In simpler terms, this attempted use of the All Writs Act is a blatant and unabashed attempt to circumvent Congress, and pass a heaping pile of bovine feces off as edible,” Levison said in a statement last week about the amicus brief and the 1789 law, the All Writs Act, that the government has used to obtain the federal court order compelling Apple to help crack Farook’s phone. “In fact, the FBI is using a hard case in an attempt to force bad law on the American people. We were all horrified by the attack in San Bernardino. The American people, however, should not have to sacrifice their rights to privacy and digital security as a result.”
Oddly, elsewhere in the DOJ’s brief, government lawyers argued that, even if the FBI had the iOS source and Apple’s signing key, it would still demand that Apple cooperate further.
A hearing on Apple’s objections and the government’s response is slated for March 22 before a federal magistrate.
Read the entire article at the following link: