Google CEO backs Apple in resisting court order to create iOS backdoor for San Bernardino investigation

David bisson
David Bisson

Sundar Pichai

Google’s top executive is standing with Apple for refusing to comply with a court order that would require it to create an iOS backdoor in order to assist with an ongoing federal investigation into last year’s San Bernardino shooting.

On Wednesday, Google CEO Sundar Pichai tweeted out a five-part defense of Apple’s actions. That message reads as follows:

Some observers have pointed to the nuances of Pichai’s rhetoric as a sign that Google might be staking out a position on the court order that is different than Apple’s.

However, these voices ignore the fact that Google along with Dell, Facebook, Hewlett Packard, and the other tech giants who populate Silicon Valley’s Information Technology Industry Council released a joint statement in which they too expressed their concerns over “requiring technology companies to cooperate with governments to disable security features, or introduce security vulnerabilities,” as quoted by CNN Money.

When it comes down to it, Google has every reason to stand up with Apple and defy the FBI. The issues at hand are well beyond the scope of any one company.

San bernadino killers

On December 2nd, Syed Rizwan Farook and his wife killed 14 people and injured 22 others at a holiday luncheon for Farook’s co-workers. The couple was killed in a shootout with police.

Authorities recovered Farook’s iPhone 5C device in the investigation that followed. However, they have been unable to access any of Farook’s data because they do not know his passcode.

Earlier this week, a magistrate ruled in the favor of federal prosecutors, who argued that Apple should create a backdoor for Farook’s particular iPhone 5C that would disable a self-destruct mechanism that would delete some mobile data after 10 unsuccessful passcode attempts. That backdoor would allow the FBI to brute-force their way onto that phone only, argues the federal government.

But Apple’s Tim Cook sees a much larger, grimmer picture:

“The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers – including tens of millions of American citizens – from sophisticated hackers and cybercriminals… The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.”

Members of the security community have one back and forth whether the FBI’s demands are ethical, let alone feasible.

Dan Kaminsky on the Trail of Bits blog feels that Apple can comply with those demands without compromising its devices’ security by locking the customized iOS version to that particular iPhone, by conducting all recovery by itself, and by refusing to share the firmware image with the FBI.

AppleOthers are not so sure this is possible.

“I haven’t seen any guiding principle that would prevent this from getting out of hand,” Matthew Green, who teaches cryptography and computer security at Johns Hopkins University, told CNN. “It could easily result in every American becoming less secure.”

If we have learned anything about the ongoing encryption debate that always resurfaces following a national security incident or terrorist attack, it is that technology cannot be contained once it has been created.

Just as we cannot create encryption features that protect harmless ordinary users but not terrorists, there is no way to absolutely ensure that the iOS backdoor wouldn’t fall into the wrong hands somewhere down the road and used in a malicious attack campaign.

And what then? Would anyone continue to use an iOS device if they knew their phones could at some point be subjected to brute-force attacks by the federal government? I’m not so sure.

As Apple states in its letter, it has cooperated with the federal government in its investigation of the incident. But it has to draw a line somewhere. That line just so happens to fall on an action that could single-handedly betray the trust of Apple users all over the world.

Update: Check out Graham Cluley’s video on this very topic.

Should Apple weaken iPhone security for the FBI? | Graham Cluley

Further reading: Poll: Do you think Apple should help the FBI crack open the San Bernardino iPhone?

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

4 comments on “Google CEO backs Apple in resisting court order to create iOS backdoor for San Bernardino investigation”

  1. Mark Jacobs

    Of course the Google CEO backs it. If Apple let the FBI see the phone's data, they would discover that the CIA were complicit in brainwashing, arming and training the culprits. This has nothing to do with privacy – it's to do with covering the CIA's tracks.

  2. Kevin Savage

    The issue is one of setting a precedence under US law, and of course Apple's reputation in the big wide world, where they've sold these devices as being secure, especially the 6's.

  3. Bob

    People may be interested to know that Apple WERE going to create the tool the FBI wanted on the condition that they kept it a secret. As a result Apple pleaded with the FBI to make their court application "under seal" but instead the FBI released it to the world.

    Story from the New York Times:

    "Apple had asked the F.B.I. to issue its application for the tool under seal. But the government made it public, prompting Mr. Cook to go into bunker mode to draft a response, according to people privy to the discussions, who spoke on condition of anonymity. The result was the letter that Mr. Cook signed on Tuesday, where he argued that it set a “dangerous precedent” for a company to be forced to build tools for the government that weaken security."

  4. Bob

    Here's a perspective from Albert Gidari of Stanford Law School.

    Section 1002(b)(1) of CALEA suggests that the government CANNOT compel Apple under the All Writs Act.

    (1) Design of features and systems configurations. This subchapter does not authorize any law enforcement agency or office

    (a) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services;

    (b) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.