MIS4596 – Tony Messina – Section 002 – Spring 2016

Government hints it may demand iOS source code, signing key…

source-code-thinkstock-100573519-primary.idge

The government yesterday hinted that it may demand that Apple hand over the iOS source code and the encryption key the Cupertino, Calif. company uses to sign updates if it won’t comply with a court order to help authorities unlock an iPhone. “For the reasons discussed above, the FBI cannot itself modify the software on Farook’s iPhone without access to the source code and Apple’s private electronic signature,” the footnote read. “The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers.”

A February court order required Apple to help the FBI by building a customized version of iOS that would disable several security safeguards, then put the software on the device so authorities can bombard it with passcode guesses. Only Apple can place the reworked iOS on Farook’s phone, as the only updates that an iPhone will accept are those Apple “signs” using its own cryptographic key.

Apple has contested the order, objecting on legal and constitutional grounds, as well as because the work would be a burden on the company that it should not be asked to accept. The last was what the DOJ referenced in the footnote when it said, “[handing over iOS source code and the key] may provide an alternative that requires less labor by Apple programmers.”

Because Apple would hardly give authorities its source code and key without a fight, the implication was that, failing compliance of the current order, the government may demand them.

How do you think it might affect our privacy and confidentiality in the future if this will become possible?

Do you think the government is violating our rights and freedom by demanding the source code from Apple?

Source: http://www.huffingtonpost.com/entry/apple-iphone-source-code_us_56e773aae4b0860f99da32cc

2 Responses to Government hints it may demand iOS source code, signing key…

  • Maybe apple can turn over the source code on an encrypted drive.

    But in all seriousness I found this basic explanation of what a signature is and why it would be harmful to give to the FBI:
    What is this signature?
    The digital signature allows devices to confirm that the publishing server/device is what it claims to be. In this case, it’s Apple’s way of confirming that it’s Apple who published an update.
    What’s the harm?
    Apple sharing their signature would be akin to someone sharing their passport, except that computers don’t doubt signatures the way customs doubts passports.
    Following this path of logic, this would allow the DOJ (or anyone with whom they share the signature) to publish iOS updates to any device as though they were Apple.

    If the FBI is successful in legally requiring Apple to give over their signature this will create a precedent that the DOJ can obtain these signatures upon request from any company (US-based at least) which will singlehandedly end internet security at large.

  • It looks like this story has come to an end. According to CNN, after the long arguing and court involvement, FBI has got an access to the data stored on the iPhone 5C that belonged to the San Bernardino shooter. Regardless of Apple refusing to decrypt the phone, FBI was able to access the information with the help of third-party company. Soon after that, FBI has withdrawn its lawsuit.

    Apple reacted with the statement released on March 28: “This case should never have been brought. We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated.

    Of course that caused a few controversies to circulate in the press:
    1. Did Apple actually help FBI and this whole “we did it ourselves” thing is just a coverup?
    2. Has FBI actually got access to the information on that phone or it’s just trying to save its reputation.

    I guess we will never know 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *