IEFBE 1713

De weergave van dit artikel is misschien niet optimaal, omdat deze is overgenomen uit onze oudere databank.

A public debate on ‘backdoors’ in the light of the recent developments in the Apple FBI iPhone case

Bijdrage ingezonden door Bernd Fiten, Student KU Leuven/LinkedIn. A brief analysis of the different arguments in the Apple FBI iPhone case. Factual background
On February 16, 2016, the US Justice Department filed an order to compel Apple to assist agents in search. Apple was ordered by a Federal Court1 to help the Federal Bureau of Investigation (FBI) unlock an iPhone 5C2  used by one of the two attackers of the San Bernardino attacks3 in December last year, the most deadly act of terrorism on American soil since 9/11. The filing4 at issue by the US Justice Department cited the 18th-century All Writs Act, a 230-year old catchall statute to allow courts to issue a writ, or order, which compels a person or company to do something5.

The Apple FBI iPhone case is particularly interesting because the FBI is not asking Apple to unlock the iPhone at issue, but instead to write a new software tool to eliminate specific security protections Apple built into its phone software to protect customer data6.  Providing the FBI with new software, a so-called custom firmware file (IPSW file, essentially a crippled version of its iOS software), or called ‘GovtOS’7 by Apple , would enable law enforcement to ‘brute force’ the four digit passcode lockout on the iPhone 5C8.  While the data on the iPhone will, in principle, be permanently deleted after ten unsuccessful attempts to enter the passcode, the custom firmware file will remove this limited number of passcode attempts, so that the FBI can make an unlimited number of attempts (‘brute force’, try every combination until by chance the right one is hit). According to Will Strafach, ex-jailbreaker and CEO of mobile security firm Sudo Security Group, a four digit passcode should be possible to ‘brute force’ in less than an hour, because there are only 10.000 possible combinations.

The US Justice Department decided not to wait for Apple’s response to file a motion9 asking the Federal Court to compel Apple to comply with the court’s February 16, 2016 order 10.  As a response, Apple filed a motion to vacate the court order and opposed the motion to compel assistance.11   This was Apple’s first official legal response to the court order compelling Apple to help the FBI. However, this official legal response by Apple came as no surprise, because the previous bold statement by Tim Cook, CEO of Apple, already indicated that Apple planned to fight the court order.12

Since the court order by the Federal Court, many have expressed their concerns. A survey conducted among 130 high-profile security and privacy experts, indicated that 60% was of the opinion that Apple should not comply with the court order to help the FBI hack into the iPhone in question. However, a similar survey conducted among 1000 American citizens indicated that 38% was of the opinion that Apple should not help the FBI, while 51% said that Apple should help the FBI 13.  In the meantime, the case has drawn worldwide attention and is shaping up to be one that may have huge implications for privacy and security. Let’s assume that the FBI can force Apple to help them, could this mean that, in the future, the FBI will be able to compel all sorts of other US companies to change their products to serve law enforcement?

On the basis of the aforementioned court order and the motions, three types of arguments can be raised in the debate about the Apple FBI iPhone case, although these arguments might overlap or might be inherently linked to each other. The general-philosophical, legal and technical arguments will be discussed below.

General-philosophical arguments
Security and privacy experts pointed out that ‘backdoors’ would fundamentally undermine encryption and could be exploited by criminals14.  According to Tim Cook, providing the FBI with custom firmware would be the equivalent of making available a so-called ‘master key’ capable of opening hundreds of millions of locks. In other words, the custom firmware file would not just weaken the security of one iPhone, but could threaten millions of iPhones worldwide15  and could possibly open the door to massive surveillance16.  This is why the debate should not focus too much on the technical aspects, but on the fact that the US Justice Department would be weakening the security of a private company’s product. Therefore, Tim Cook stated that the dangerous precedent of encryption ‘backdoors’ would threaten everyone’s civil liberties17.  He said that the court order was an unprecedented step which threatens the security of their customers and that the court order has implications far beyond the legal case at hand. In the meantime, Tim Cook was supported by Google18, WhatsApp19, Twitter, Facebook and other tech organizations and civil rights groups20.  Nevertheless, the US Justice Department emphasizes that they are asking Apple for access to the single iPhone at hand.21  However, many security experts are skeptical. Especially since the revelations by whistleblower Edward Snowden, which harmed the trust in the US government not to abuse its powers of surveillance.

The most remarkable statement in my opinion was the first statement of Bill Gates, founder of Microsoft. Although he nuanced his statement later on, he backed the FBI hack request at first, in contrast to founders and CEO’s of other technology companies, by stating that “[t]his is a specific case where the government is asking for access to information. They are not asking for some general thing, they are asking for a particular case”.22 However, Microsoft Corporation, as member of the Reform Government Surveillance (RGS)23, is probably on the side of the other technology companies like Apple and Google, strongly advocating for protecting security of customers and their information.24  Eventually, Brad Smith, President and Chief Legal Officer of the Redmond company, also officially stated that Microsoft (which previously not weighed in directly on the high-profile issue) is wholeheartedly siding with Apple in the Apple FBI iPhone case at hand.25 

The aforementioned survey indicated that a majority of security and privacy experts in the US are of the opinion that Apple should not help the FBI. However, the outcome of the Apple FBI iPhone case could also have some important effects for foreign non-US iPhones, for instance in Europe. The European Commission Vice-President, Andrus Ansip, stated to be strongly against having any kind of ‘back door’ 26.   Although, he did not want to talk about the Apple FBI case specifically, because it is up to the US authorities to deal with this issue. Nevertheless, only one year ago, Gilles de Kerchove, EU’s counter-terrorism coordinator27, stated in a leaked meeting document28 that the European Commission should come up with rules that require technology companies to help national governments snoop on possible suspects by handing over encryption keys to security and intelligence agencies, as part of a wider crackdown on terrorism.29 

The terrorist attacks of last year (Charlie Hebdo attack and Paris attacks) also played an important role in the debate surrounding ‘backdoors’. The terrorists attacks are referred to by some individuals to serve their own agendas. Reacting on the iPhone case, James Comey, director of the FBI, publicly lobbied for the insertion of encryption ‘backdoors’ into software and hardware to allow law enforcement agencies to bypass authentication and access a suspect’s data surreptitiously. In the same vein, M. Rogers, head of the NSA, once again noted that the Paris attacks would not have happened without end-to-end encrypted IM services such as Telegram, hiding terror plans from security agencies. Additionally, he blamed the leaks by whistleblower Edward Snowden for terrorists and criminals rushing to use such encrypted IM services30.  In contrast to that, A. Ansip noted that there is no evidence about the fact that terrorists in the Paris attacks used encrypted IM services. Instead, due to a mobile phone found at the scene of one of the Paris attacks, it may be evidenced that an unencrypted text messaging system was likely to be used by the terrorists of the Paris attacks.31

A good illustration of the concerns that have been raised is the cartoon ‘Trap Door’, made by Stuart Carlson.32  It addresses the fact that the consequences of a ‘backdoor’ may be more far reaching than only the FBI unlocking the iPhone 5C in question. Although the FBI may have good intentions, there could be a cascade of untrusted third parties also exploiting the ‘backdoor’. For instance, hackers with bad intentions could exploit the ‘backdoor’ for illegitimate purposes, or in the end, even repressive regimes could exploit the ‘backdoor’ to violate civil liberties and human rights, by making similar, perhaps even broader, demands for access in less justified cases. Also, some argue that Apple will find it hard to resist in the future, having conceded once.

As a humorous side note, J. McAfee33 even offered to the FBI to decrypt the iPhone 5C used in the San Bernardino attacks, free of charge so that Apple doesn’t need to place a ‘backdoor’ on its iOS software. J. McAfee said that he works with a team of the best hackers on the planet and that he will eat his shoe if they cannot decrypt the iPhone 5C in three weeks 34.

The individuals that argue that Apple should help the FBI often refer to Apple’s concern for its business model and marketing strategy, or they refer to the fact that the owner of the iPhone was actually Farook’s employer, the San Bernardino County Department of Public Health, a government agency. S. Baker, the first Assistant Secretary for Policy at the US Department of Homeland Security under the Presidency of George W. Bush35, noted that “Apple has an obligation to assist the government if it can do so” and that “[a]s a practical matter, Apple’s technical and legal position elevates Farook’s privacy over the interests of the iPhone’s real owner […] the San Bernardino County Department of Public Health, which issued it to Syed Farook to use at work.”36  However, many of those arguing that Apple should help the FBI preferred to remain anonymous, but they argued, for instance, that “[Apple is] willing to harvest every drop of personal information from their users and sell it to the highest bidders via ad networks, but won’t let it be used in a real life/death law enforcement situation?”, and that “[a]ccording to Newsweek, Apple has unlocked their phones at least 70 times since 2008. […]  So why the big protest now? Because it’s a marketing ploy”37.  The latter statement is also supported by the US Justice Department. They argued that Apple’s recalcitrance appears to be based on nothing more than “its concern for its business model and public brand marketing strategy.”38 

Legal arguments
As a preliminary remark, it should be noted that there is currently no US legislation that forces US technology companies to weaken their encryption by installing a ‘backdoor’ for the law enforcement. The question whether such legislation would be desirable, is again a question of philosophical nature. Consequently, the legal argument most often put forward is that the All Writs Act does not provide an adequate legal basis for the court order to compel Apple to help the FBI. According to Apple, the boundless interpretation of the All Writs Act by the US Justice Department, makes it hard to conceive of any limits on future court orders. In its motion to vacate the court order, Apple argued that the All Writs Act (on which the court order is legally based) is intended only to fill the gaps covering scenarios not covered by other laws (in Latin: lex specialis derogat legi generali). Instead, the Communications Assistance for Law Enforcement Act (CALEA) is a law that was passed specifically to cover this sort of cases. The CALEA defined the circumstances under which private companies must assist law enforcement in executing authorized electronic surveillance and the nature of, and limits on, the assistance such companies must provide. It specifies when a company has an obligation to assist the government with decryption of communications, and made clear that a company has no obligation to do so where, as in the case at issue, Apple does not retain a copy of the decryption key.39  In short, Apple is leaning heavily on the idea that CALEA pre-empts the All Writs Act here, and that CALEA explicitly says that companies can't be forced into helping to decrypt encrypted content.40

Another legal (and partly technical) argument pointed to the undue burden of the court order to create the custom firmware file. The US Justice Department suggested to create the software only for the iPhone in question and to delete it afterwards. However, Apple argued that this would not lessen the burden, because “building everything up and tearing it down for each demand by law enforcement” is an enormously intrusive burden. Furthermore, Apple argued that the alternative of keeping and maintaining the software would impose a different but not less significant burden, forcing Apple to take on the task of securing the software against disclosure, for instance. In other words, Apple argued that the requested (technical) assistance by the US Justice Department is not reasonable. Additionally, there are constitutional arguments, namely a violation of the First Amendment (freedom of expression) and the Fifth Amendment (due process). However, it should be noted that the Federal Court will only address these constitutional arguments when it deems the All Writs Act applicable.

As already mentioned, the legal arguments are linked with some general-philosophical arguments. For instance, A. Ghappour, law professor at UC Hastings, stated that the government is “using a catch-all statute from the 18th century to compel a technology company to 'assist' law enforcement by designing custom software to ‘backdoor’ an encrypted device. […] The ramifications of such a precedent could be tremendous. If the government can compel Apple to provide custom software, why can’t they compel Facebook to customize analytics that predicts the criminality of their user base?"41  In the same vein, B. Smith, Microsoft’s President and Chief Legal Officer, said that the Redmond company does not believe that courts should seek to resolve issues of this century’s technology with the All Writs Act that was written in the era of the adding machine. Therefore, Microsoft will file an ‘amicus brief’42 (a third party observation), to back Apple in its position. Microsoft also took this opportunity to emphasize again the need for an update of global data sovereignty laws, as Microsoft itself is embroiled in a similar case43.

Technical arguments
In addition to the general-philosophical and legal arguments, some arguments are more (or partly) of a technical nature. The US Justice Department stated in its motion to compel Apple to comply with the court order that “Apple has attempted to design and market its products to allow technology, rather than the law, to control access to data which has been found by this Court to be warranted for an important investigation. […] Despite its efforts, Apple nonetheless retains the technical ability to comply with the Order, and so should be required to obey it.” 44  In essence, the FBI requests that Apple updates the iPhone in question, so that the extra security features (like a maximum of ten passcode attempts) are removed, making ‘brute forcing’ the iPhone feasible. The FBI could, theoretically, write such an update itself, but updates for iPhones require a special, encrypted Apple certificate in order to accept the update, so that Apple’s help is rendered necessary.

Furthermore, Apple pointed to the high costs of providing the custom firmware file, because Apple would be required to create new software, not just disable existing code functionality. In this regard, Apple stated that it could tie up resources for as long as a month to create the so-called ‘GovtOS’, although it is difficult to estimate, because it has never been done before, the design, creation, validation, and deployment of the software likely would necessitate six to ten Apple engineers and employees dedicating a very substantial portion of their time.

Another technical argument relates to the fact that there are other possible technical means than writing new software. Apple argued that the US Justice Department failed to demonstrate that the court order was absolutely necessary to effectuate the search warrant, including that the US Justice Department failed to exhaust all other technical means and avenues for recovering information. Thus, Apple holds the opinion that the US Justice Department should at first request technical assistance from other federal agencies, before they ask the Federal Court to compel Apple to write new software. It is, for instance, technically possible to retrieve data from iCloud backups of Farook’s iPhone, but the US government changed the iCloud password associated with the iPhone in question, so that an automatic iCloud backup is prevented. But let’s not forget that, once the iPhone 5C is unlocked, there are still plenty of encrypted IM services, many written outside the US and thus beyond the reach of the US government.

Closing remarks
To conclude, the arguments used by both camps can roughly be categorized in three types of arguments (general-philosophical, legal and technical), but it should be noted that these arguments might overlap or might be inherently linked to each other. Individuals that argue that Apple should not help the FBI emphasize the fact that this would essentially create a ‘backdoor’ and open the door to massive surveillance, not only by law enforcement, but also by other untrusted third parties like hackers and repressive regimes. While those that argue that Apple should help the FBI, hold the opinion that this is just a marketing campaign by Apple, because the FBI only requests to access the iPhone 5C at issue. They also tend to give the anti-terrorism purposes of the FBI more weight in their analysis.

As this case wends its way through the US courts at the time of writing (potentially ending up at the US Supreme Court)45, it is already clear that the public debate about the encryption ‘backdoor’ argument is not ended yet. Also foreign non-US iPhone users could possibly be affected, so the Apple FBI iPhone case could also have some serious extraterritorial, worldwide effects. In any case, it seems that both the FBI and Apple are not inclined to give in to each other and that there is a possibility that Apple could drag this out with the FBI for a very long time, as both the FBI and Apple have a great deal at stake46.  The next formal hearing in the Federal Court will take place on March 22, 2016. To be continued.

Bernd Fiten
1)   By US Magistrate Judge Sheri Pym who wrote: “Apple's reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.” (C. FARIVAR, Judge: Apple must help FBI unlock San Bernardino shooter’s iPhone,

2)  Full encryption is enabled by default since iOS8, which is the predecessor of iOS9 running on the iPhone 5C at issue. In September 2014, Apple stated: “For all devices running iOS 8 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess.” (Apple, We believe security shouldn’t come at the expense of individual privacy,; J. SCHELLEVIS, Apple: wij kunnen niet langer passcodes omzeilen,
3)  On December 2, 2015, a heavily armed man (Syed Rizwan Farook) and woman terrorized the city of San Bernardino (California), killing at least 14 people and wounding at least 17 at a social services center before leading the police on a manhunt culminating in a shootout that left the two suspects dead (A. NAGOURNEY, I. LOVETT, R. PÉREZ-PENA, San Bernardino Shooting Kills at Least 14; Two Suspects Are Dead,
4)  Available at
5)  C. FARIVAR, Judge: Apple must help FBI unlock San Bernardino shooter’s iPhone,
6)  K. ZETTER, Apple’s FBI Battle Is Complicated. Here’s What’s Really Going On,; in this article, K. Zetter explains the technical side of the issue.
7)  A. CARMAN, This is what it would take to build what Apple calls ‘GovtOS',
8)  S. VAN VOORST, Apple moet iPhone van aanslagpleger helpen ontsleutelen met speciale firmware,
9)  Available at
10)  K. ZETTER, DoJ Files Motion to Force Apple to Hack iPhone in San Bernardino Case,, O. VAN MILTENBURG, Justitie VS: Apple is weerbarstig toegang tot iPhone te geven wegens marketing,
11)  This ‘motion to vacate’ is a formal request to overturn (or reverse) the earlier court’s order to unlock the iPhone 5C in question; available at
12)  T. COOK, A Message to Our Customers,
13)  PEW RESEARCH CENTER, More Support for Justice Department Than for Apple in Dispute Over Unlocking iPhone,
14)  M. CAROLLO, Influencers: Apple should not help FBI crack San Bernardino iPhone,
15)  R. WYDEN, This Isn’t about One iPhone. It’s About Millions of Them,
16)  J. SANCHEZ, This Is the Real Reason Apple Is Fighting the FBI,
17)  B. QUINN, UK surveillance bill could bring ‘very dire consequences’, warns Apple chief,; E. LICHTBLAU, Judge Tells Apple to Help Unlock iPhone Used by San Bernardino Gunman,; K. BENNER, E. LICHTBLAU, Tim Cook Opposes Order for Apple to Unlock iPhone, Setting Up Showdown,; S. FOLEY, T. BRADSHAW, Bill Gates backs FBI iPhone hack request,; S. VAN VOORST, Apple moet iPhone van aanslagpleger helpen ontsleutelen met speciale firmware,
18  J. GRUBER, Sundar Pichai on the Apple/FBI Encryption Fight,
19  Jan Koum, CEO and co-founder of WhatsApp, stated on his Facebook account: “I have always admired Tim Cook for his stance on privacy and Apple's efforts to protect user data and couldn't agree more with everything said in their Customer Letter today. We must not allow this dangerous precedent to be set. Today our freedom and our liberty is at stake.” (available at
20)  S. VAN VOORST, Google-directeur steunt Apple in encryptiedebat,; J. DE VRIES, John McAfee wil San Bernardino-iPhone kraken om backdoors te voorkomen,; R. LAWLER, Twitter, Facebook support Apple in its fight with the FBI,; J. RIBEIRO, White House says FBI isn't asking Apple for an iPhone back door,; D. BASS, Microsoft, Google, Facebook Back Apple in Blocked Phone Case,; D. SEETHARAMN, J. NICAS, Tech Companies to Unite in Support of Apple,
21)  REUTERS, U.S. DOJ is asking Apple for access to one device: White House,
22)  S. FOLEY, T. BRADSHAW, Bill Gates backs FBI iPhone hack request,; however, in a subsequent interview on ‘Bloomberg Go’, Bill Gates said that he was disappointed with the aforementioned report suggesting that he supports the US government in its clash with Apple (J. CAO, Bill Gates ‘Disappointed’ by Reports He Backs FBI Over Apple,
23)  The Reform Government Surveillance is a coalition between technology companies Microsoft, Apple, Dropbox, Evernote, Facebook, Google, LinkedIn, Twitter and Yahoo! The alliance said while it is extremely important to deter terrorists and criminals, technology companies should not be required to build in backdoors to the technologies that keep their users information secure (REFORM GOVERNMENT SURVEILLANCE, Reform Government Surveillance Statement Regarding Encryption and Security,; more information about the RGS available at
24)  PTI (INDIA TODAY), Rules need to catch up with tech to protect privacy: Microsoft,; T. WARREN, Microsoft offers tepid support for Apple's battle with FBI,
25)  R. LERMAN, M. DAY, Microsoft takes Apple’s side in iPhone dispute with FBI,
26)  J. RIBEIRO, White House says FBI isn't asking Apple for an iPhone back door,; BBC, Apple order: White House says San Bernardino request is limited,
27)  COUNCIL OF THE EUROPEAN UNION, Coördinator voor terrorismebestrijding,
28)  This document was leaked by London-based civil liberties group Statewatch (available at
29)  N. NIELSEN, EU wants internet firms to hand over encryption keys,
30)  C. PLEASANCE, Paris attacks 'would not have happened' without encrypted apps hiding terror plans from security agencies, says NSA chief,
31)  J. VALERO, Ansip: ‘I am strongly against any backdoor to encrypted systems’,; D. VOLZ, E. BEECH and P. COONEY, Tech group rejects post-Paris call for data encryption ‘backdoors’,
32)  Available at
33)  Founder of McAfee (now Intel Security Group), which is an American global computer security software company headquartered in Santa Clara, California, and the world's largest dedicated security technology company.
34)  J. MCAFEE, JOHN MCAFEE: I'll decrypt the San Bernardino phone free of charge so Apple doesn't need to place a back door on its product,
35)  Stewart Baker was the first Assistant Secretary for Policy at the United States Department of Homeland Security under the Presidency of George W. Bush and he was in private practice with the Washington, DC-based law firm Steptoe & Johnson LLP from 1981 to 1992 and again from 1994 to 2005.
36)  S. BAKER, Has Apple made iPhones illegal in the financial industry?,; S. BAKER, Or is Apple happy to enable a backdoor as long as it makes money from it?,; the statement that law enforcement is the real owner of the iPhone 5C at issue, is also supported by Donald Trump (Republican presidential candidate). When he called to boycott Apple for not helping the FBI, he was ridiculed on Twitter for using an iPhone himself (P. HUYGHEBAERT, Trump wil Apple boycotten, maar twittert lustig op een iPhone,
37)  M. CAROLLO, Influencers: Apple should not help FBI crack San Bernardino iPhone,
38) K. ZETTER, DoJ Files Motion to Force Apple to Hack iPhone in San Bernardino Case,
39) 47 U.S.C. § 1002(b)(3) CALEA.
40)  M. MASNICK, We Read Apple's 65 Page Filing Calling Bullshit On The Justice Department, So You Don't Have To,
41)  Ahmed Ghappour is a law professor at the University of California Hastings College of Law. He specializes in the intersection of law, security and technology (A. GHAPPOUR, Apple Challenges Use Of All Writs Act In Order To Unlock Attacker’s iPhone,; UC HASTINGS, Introducing Professor Ahmed Ghappour and the Liberty, Security & Technology Clinic,
42) An amicus curiae (legal Latin) is someone who is not a party to a case and offers information that bears on the case, but who has not been solicited by any of the parties to assist a court. This is a way to introduce concerns ensuring that the possibly broad legal effects of a court decision will not depend solely on the parties directly involved in the case.
43)  In the Microsoft Ireland case, which is still pending, Microsoft was ordered by a US court order to turn over the contents of a customer’s email account stored at an Irish data center (see K. PORTER, Microsoft versus the Federal Government; Round Three,
44)  K. ZETTER, DoJ Files Motion to Force Apple to Hack iPhone in San Bernardino Case,
45)  B. GROSS, Apple encryption fight with FBI could go to the Supreme Court,
46)  J. GUY-RYAN, A brief history of the U.S. trying to add backdoors into encrypted data,; this article provides some historical background on the encryption backdoor debate. It deals with the Enigma machine, Clipper chips and the backdoor into the Dual_EC_DRBG algorithm (a cryptographic algorithm that was supposed to generate random bit keys for encrypting data), for which the NSA paid RSA, a computer security company (proved by documents leaked by Edward Snowden in 2013, see K. ZETTER, How a Crypto ‘Backdoor’ Pitted the Tech World Against the NSA,