The legal battle between Apple and the FBI turned ugly yesterday. In a response brief filed by the DOJ yesterday, the government said that Apple’s arguments regarding security amount to nothing more than a diversion while also accusing the company of deliberately trying to engineer products that the government has no way of accessing.
One of the more interesting nuggets buried within the DOJ’s 43-page brief raises the possibility that the government might seek to compel Apple to hand over the source code to iOS along with the electronic signature an iPhone needs to run modified software.
The DOJ’s argument in this regard comes in the wake of Apple’s assertion that developing the modified version of iOS demanded by the FBI would be unduly burdensome. Specifically, Apple indicated via court filings that doing so would require the creation of a dedicated team comprised of approximately 6 to 10 Apple engineers. What’s more, Apple adds that the scope of the project would require the team to dedicate a “very substantial portion of their time” for upwards of four weeks.
Not buying into this argument in the slightest, the DOJ yesterday argued that creating such a team would hardly constitute a burden for a multi-billion dollar company like Apple. And in an effort to speed things along, the DOJ said it may be easier for all parties involved if it could simply force Apple to hand over its iOS source code and let the FBI’s own programmers do the modifications.
The pertinent portion of yesterday’s DOJ filing reads in part:
For the reasons discussed above, the FBI cannot itself modify the software on Farook’s iPhone without access to the source code and Apple’s private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers.
Talk about a thinly veiled threat.
The DOJ then cites a previous court ruling wherein a tech company was hit with contempt sanctions for failing to comply with a court order which required them to assist law enforcement authorities “with effecting a pen register on encrypted email which included producing a private SSL encryption key.”
Needless to say, Apple was none too pleased by the DOJ’s brief, with Apple’s top lawyer, Bruce Sewell, categorizing it as an offensive attempt to smear and vilify Apple with “false accusations and innuendo.”
And as a final point of interest, Apple’s response brief from two weeks ago further details the amount of work and resources that would be needed to comply with the FBI’s request. In case you missed it the first time, here it is below.
The compromised operating system that the government demands would require significant resources and effort to develop. Although it is difficult to estimate, because it has never been done before, the design, creation, validation, and deployment of the software likely would necessitate six to ten Apple engineers and employees dedicating a very substantial portion of their time for a minimum of two weeks, and likely as many as four weeks. Members of the team would include engineers from Apple’s core operating system group, a quality assurance engineer, a project manager, and either a document writer or a tool writer.
In addition, Apple would need to either develop and prepare detailed documentation for the above protocol to enable the FBI to build a brute-force tool that is able to interface with the device to input passcode attempts, or design, develop and prepare documentation for such a tool itself. Further, if the tool is utilized remotely (rather than at a secure Apple facility), Apple will also have to develop procedures to encrypt, validate, and input into the device communications from the FBI. This entire development process would need to be logged and recorded in case Apple’s methodology is ever questioned, for example in court by a defense lawyer for anyone charged in relation to the crime.
Once the new custom operating system is created and validated, it would need to be deployed on to the subject device, which would need to be done at an Apple facility. And if the new operating system has to be destroyed and recreated each time a new order is issued, the burden will multiply.