Security experts are not happy about the FBI's proposal to break security on an iPhone linked to the San Bernardino attack. Today, seven of those experts submitted their arguments in an amicus brief to the court considering the order, arguing the proposed software would weaken lockscreen protections for iPhone users around the world, with potentially dire consequences. The seven authors include iOS specialist Jonathan Zdziarski, famous cryptographer Bruce Schneier, and Charlie Miller, best known for revealing vulnerabilities in Chrysler automotive systems. The brief is embedded in full below.
The brief's authors emphasize the danger the proposed "GovtOS" would pose if it fell into the wrong hands, a concern some have also raised outside of the court. "If [GovtOS escapes Apple's control], the custom code could be used by criminals and governments to extract sensitive personal and business data from seized, lost, or stolen iPhones," the brief reads, "or it could be reverse engineered, giving attackers a stepping stone on the path towards their goal of defeating Apple’s passcode security." As a result, the authors conclude that "in commanding Apple to create forensic software that would bypass iPhone security features, the Order endangers public safety."
"The custom code could be used by criminals and governments to extract sensitive personal and business data."
The authors also point out the many cases in which strong iPhone security prevents crimes or attacks from taking place. "An abusive partner might want to search the phone to keep tabs on [a phone’s] owner," the brief reads. "An economic competitor might want to steal trade secrets. An identity thief might want to find the owner’s credit card numbers, PINs, or social security number. An agent of an autocratic government might be looking to persecute journalists or human rights workers who use iPhones to communicate."
As an amicus brief, the filing has no legal force, but is submitted as a good faith effort to inform the court's decision. Similar briefs and letters to the court have been submitted by the ACLU, Access Now, and the husband of one of the San Bernardino victims. Most briefs are not yet available through the court website, but Apple has collected them here. To be considered by the court, briefs are required to arrive by 5PM PT today. Now that both the FBI and Apple have submitted filings, the court is preparing for a hearing in which both sides will interrogate the case, currently scheduled for March 22nd.