Apple posts open letter: ‘Answers to your questions about Apple and security’

Apple has posted an open letter to customers: “Answers to your questions about Apple and security.”

Here it is, verbatim:

Why is Apple objecting to the government’s order?

The government asked a court to order Apple to create a unique version of iOS that would bypass security protections on the iPhone Lock screen. It would also add a completely new capability so that passcode tries could be entered electronically.

This has two important and dangerous implications:

First, the government would have us write an entirely new operating system for their use. They are asking Apple to remove security features and add a new ability to the operating system to attack iPhone encryption, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

We built strong security into the iPhone because people carry so much personal information on our phones today, and there are new data breaches every week affecting individuals, companies and governments. The passcode lock and requirement for manual entry of the passcode are at the heart of the safeguards we have built in to iOS. It would be wrong to intentionally weaken our products with a government-ordered backdoor. If we lose control of our data, we put both our privacy and our safety at risk.

Second, the order would set a legal precedent that would expand the powers of the government and we simply don’t know where that would lead us. Should the government be allowed to order us to create other capabilities for surveillance purposes, such as recording conversations or location tracking? This would set a very dangerous precedent.

Is it technically possible to do what the government has ordered?

Yes, it is certainly possible to create an entirely new operating system to undermine our security features as the government wants. But it’s something we believe is too dangerous to do. The only way to guarantee that such a powerful tool isn’t abused and doesn’t fall into the wrong hands is to never create it.

Could Apple build this operating system just once, for this iPhone, and never use it again?

The digital world is very different from the physical world. In the physical world you can destroy something and it’s gone. But in the digital world, the technique, once created, could be used over and over again, on any number of devices.

Law enforcement agents around the country have already said they have hundreds of iPhones they want Apple to unlock if the FBI wins this case. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks. Of course, Apple would do our best to protect that key, but in a world where all of our data is under constant threat, it would be relentlessly attacked by hackers and cybercriminals. As recent attacks on the IRS systems and countless other data breaches have shown, no one is immune to cyberattacks.

Again, we strongly believe the only way to guarantee that such a powerful tool isn’t abused and doesn’t fall into the wrong hands is to never create it.

Has Apple unlocked iPhones for law enforcement in the past?

No.

We regularly receive law enforcement requests for information about our customers and their Apple devices. In fact, we have a dedicated team that responds to these requests 24/7. We also provide guidelines on our website for law enforcement agencies so they know exactly what we are able to access and what legal authority we need to see before we can help them.

For devices running the iPhone operating systems prior to iOS 8 and under a lawful court order, we have extracted data from an iPhone.

We’ve built progressively stronger protections into our products with each new software release, including passcode-based data encryption, because cyberattacks have only become more frequent and more sophisticated. As a result of these stronger protections that require data encryption, we are no longer able to use the data extraction process on an iPhone running iOS 8 or later.

Hackers and cybercriminals are always looking for new ways to defeat our security, which is why we keep making it stronger.

The government says your objection appears to be based on concern for your business model and marketing strategy. Is that true?

Absolutely not. Nothing could be further from the truth. This is and always has been about our customers. We feel strongly that if we were to do what the government has asked of us — to create a backdoor to our products — not only is it unlawful, but it puts the vast majority of good and law abiding citizens, who rely on iPhone to protect their most personal and important data, at risk.

Is there any other way you can help the FBI?

We have done everything that’s both within our power and within the law to help in this case. As we’ve said, we have no sympathy for terrorists.

We provided all the information about the phone that we possessed. We also proactively offered advice on obtaining additional information. Even since the government’s order was issued, we are providing further suggestions after learning new information from the Justice Department’s filings.

One of the strongest suggestions we offered was that they pair the phone to a previously joined network, which would allow them to back up the phone and get the data they are now asking for. Unfortunately, we learned that while the attacker’s iPhone was in FBI custody the Apple ID password associated with the phone was changed. Changing this password meant the phone could no longer access iCloud services.

As the government has confirmed, we’ve handed over all the data we have, including a backup of the iPhone in question. But now they have asked us for information we simply do not have.

What should happen from here?

Our country has always been strongest when we come together. We feel the best way forward would be for the government to withdraw its demands under the All Writs Act and, as some in Congress have proposed, form a commission or other panel of experts on intelligence, technology, and civil liberties to discuss the implications for law enforcement, national security, privacy, and personal freedoms. Apple would gladly participate in such an effort.

Source: Apple Inc.

Read Apple CEO Tim Cook’s letter regarding these issues here.

MacDailyNews Take: Apple has the resources and the reach to get the truth out there.

Every time a government official says “We’ll only use this once,” that government official is either ignorant and/or lying to your face.

SEE ALSO:
Apple vs. the U.S. government: Who elected Tim Cook? – February 21, 2016
Apple could easily lock rights-trampling governments out of future iPhones – February 20, 2016
Prediction: Apple will cave to U.S. government demand to crack open iPhone, Donald Trump will get the credit – February 20, 2016
Apple: Terrorist’s Apple ID password changed in government custody, blocking access – February 19, 2016
Petition asks Obama administration to stop demanding Apple create iPhone backdoor – February 19, 2016
Newspaper editorials back Apple over U.S. government 8 to 1 – February 19, 2016
Apple likely to invoke First Amendment free-speech rights in against U.S. government backdoor demands – February 19, 2016
Donald Trump calls for Apple boycott over San Bernardino terrorist iPhone encryption – February 19, 2016
Secret memo details U.S. government’s broader strategy to crack phones – February 19, 2016
DOJ escalates war against Apple, files new motion to compel company to break into iPhone – February 19, 2016
Apple is still fighting Big Brother – February 19, 2016
Apple co-founder Woz: Steve Jobs would have fought this U.S. government overreach, too – February 19, 2016
Mother who lost son in San Bernardino terrorist attack sides with Apple against U.S. government backdoor demands – February 19, 2016
iPhones don’t kill people, people kill people – February 19, 2016
Tim Cook posts open letter opposing U.S. government demands to bypass iPhone encryption – February 17, 2016

41 Comments

    1. The NSA already has the metadata from that phone (and all our phones). The FBI has by now probably gotten it from them but the FBI wants to play their public, idiotic “If it solves just one crime…” game to set a ridiculously dangerous precedent. What the government wants, the government takes. I really worry that this won’t end well fo Apple and for us. Nope. I don’t trust ’em.

  1. Apple has been consistent in it’s protection of our our personal information on our devices. I do not trust our government agencies enough to allow them a backdoor or even “one time use” special software.

    1. Apple cares. Apple cares! Apple said!
      In the above piece, Apple just revealed part of how someone could get data from an iPhone by joining a previously joined network and backing up the phone.

      Apple doesn’t care about anything but making money. If your broke or sick or in trouble with or can’t afford a new computer and need one, Apple will not only not help you, they won’t care.

      Stop blindly following a corporation. Stop worshipping companies and being manipulated by them.

      It is impossible to believe a company as secure and secretive as Apple can’t find a solution for the FBI and to keep it secure.

      If keeping something secure is impossible in the digital world like Apple implies, then no company would be able to capture and store things like credit card information online. Apple has a gazillion iTunes accounts with credit card information in databases that are protected and encrypted.

      Impossible isn’t in Apple’s vocabularly. This is PR bullshxt. Apple simply doesn’t want any negative impact on its brand. This is about money, nothing more.

      Do not believe that Apple can’t successfully do what the FBI is asking and keep the way they did it secure. There are multiple solutions to this problem.

  2. “We’ve always had a very different view of privacy than some of our colleagues in the valley. We take privacy extremely seriously. We worry a lot about location in phones, and we worry that some 14-year-old is going to get stalked, and something terrible is gonna happen because of our phone. As an example: before any app can get location data, we don’t make it a rule that they have to put up a panel and ask, because they might not follow that rule. They call our location services, and we put up the panel saying, “this app wants to use your location data is that okay with you” every time they want to use it. We do a lot of things like that to ensure that people understand what these apps are doing. That’s one of the reasons we have the curated App Store. We have rejected a lot of apps that want to take a lot of your personal data and suck it up into the cloud, a lot. A lot of people in the valley think we’re really old-fashioned about this, and maybe we are, but we worry about stuff like this. Privacy means people know what they’re signing up for in plain english and repeatedly, that’s what it means. I am an optimist I believe people are smart and some people want to share more data than other people do, ask them, ask them every time, make them tell you to stop asking them if they get tired of you asking them. Let them know precisely what you’re going to do with their data, that’s what we think.”

    “Steve Jobs Bio: The Unauthorized Autobiography.”
    https://itun.es/nl/qB1h3.l

  3. The Obama administration likes to tell all industries how to operate and all people how to live. Banking, Manufacturing, Agriculture, Health Care, Energy, Pharmaceuticals, Automotive, etc. etc. – Democrats and big government Republicans like to give orders to private businesses. And the public is OK with it. Most of the tech world applauds the government telling hospitals and oil companies and auto companies and toilet manufacturers and bakeries how they must run their business. Apple supports big government. Apple has big government Al Gore on its board. If Apple wants to determine its own destiny it should stop supporting The State when it comes to political choices and instead should support “liberty” and “free enterprise”. You can’t have an all powerful central government and expect to exempt yourself from the coercive forces. If Apple wants to be free it should start supporting freedom. So should its followers.

    1. What a foolish rant. First of all, it’s not just the Obama administration; remember the Bush administration, with the Patriot Act, wireless wiretapping, even torture? We have 2 Republican senators calling for legislation to penalize Apple and other companies for not complying with these type of requests. Talk about privacy; Republicans want to invade your most private lives and deny reproductive rights and gay rights.

      But let’s get the bigger picture here: it’s easy to bash the government. But then you drive on a road system built by government. No private company is going to build a road system. When you need the police or fire department, you use govt. The military is an arm of the govt, so if you don’t like big govt then you should be for abolishing our entire military. So if you like the security our military provides then you should reevaluate your stance. Like clean water and food? That’s only possible with govt regulations. Look back to the way it was before govt involvement. Not pretty.

      The list goes on and on. It would probably blow your mind if you knew how much you rely on govt. We are a country of over 300 million people with an advanced economy; there will be big govt no matter what because that’s the only way for society to survive. Try anarchy and you’ll wish for even bigger govt.

      1. Dear Idiot

        I wasn’t talking about roads. I was talking about private industries that make products for pro care individuals.

        Second, since you can’t read, I included “big government” Republicans in the indictment. All Democrats are big government today.

        You can be all for the government regulating every private industry. Just don’t complain when it commands Apple to modify its products to suit it’s needs. After all, the government does make roads.

  4. Does anyone else remember the States of New York and California loudly trumpeting for a more secure iPhone because of the number of thefts of iPhones? New York even purposed a law that iPhones with out passwords after rebooting could not be sold in the state. New York got iOS 8, exactly what they wanted. NYPD spoke of the lower rate of theft and beating over the iOS 8 protective measures Apple employed. What a change.

    There are too many idiots in all phases of government.

    1. There are idiots everywhere in all organizations; it’s just that some people like to bash govt, and of course, when someone makes a mistake in most companies, the press is not there to amplify that.

      Most people who work in govt are very good and competent at their jobs and you should be glad to have them there. This case simply shows that you have competing interests in many real life situations, and that is what democracy is all about: working these questions out.

    1. Tell your representative to oppose the assault on ALL COMPANIES and stop telling them how to make their products. If you value freedom. Otherwise quit whining about Obama telling Apple to end security on the iPhone.

  5. Sorry folks, I see a lot of holes in Apples argument. Especially the one about creating it once and in the digital world you cannot destroy things like you can in the physical world.

    Just unplug the computer you are MODIFYING iOS on from the network. Then destroy the computer after the passcode has been recovered and give the iPhone back to the FBI.

    Done, no one is harmed, Apple’s marketing strategy is in tact. Everyone is happy, even the criminals who have something to hide like you and me.

    And…, this is not a totally new operating system. Apple is now in the business of mis-information. It’s a sad day for Apple.

      1. That’s the point. Apple knows how to do it by their own admssion. I am sure Apple would not destroy their work but that would be Apple’s decision. TC said it could not be destroyed. He is wrong.

        If whomever orders Apple to do it again I am sure whomever will have the proper warrants the next time before Apple will do it again.

        1. Maybe Apple doesn’t want it created because … well, because their own employees would know how to do it once it’s created. And if NOBODY knew how to do it then there is no secret that can escape from anybody.

          1. Someone at Apple already knows how the security in the iPhone works and that same somebody can write the work-around in their garage if they did not value their job.

            I work with the stuff all day for a long time and it ain’t rocket science.

            Besides, I am sure Apple knows how to keep secrets.

    1. You sound blissfully naïve. To believe that the whole idea of this particular request is to unlock just this one particular phone, just this one time, and never to speak about it ever again is truly immature.

      There are very many pieces of information out there that clearly indicate that the strategic goal of the American government here is to take every possible conceivable and available action in order to create as many legal precedents allowing them to force software and hardware manufacturers, domestic or foreign, to permit access for not just law enforcement, but also intelligence and national security agencies, to every single piece of encrypted / protected / locked hardware and software, whenever they want it.

      I’m not sure how all this will be sorted out and who will win. While the American media seems to be on the side of Apple by a wide margin (recent survey puts it at 7:1), that may not matter that much when it comes to judges, courts and juries.

      One thing is quite clear, though; if the government prevails in this case over Apple, and Apple is essentially forced to re-engineer their iOS, there is no doubt that the re-engineered version of the iOS will very quickly end up on bit-torrents, available to anyone with broadband, anywhere in the world, to put on any iPhone and essentially completely obliterate the most basic security feature of the phone — lock-screen passcode.

      More importantly, the very next day after Apple complies with this request and delivers the re-engineered iOS to the American law enforcement agency that asked for it, the same agency will immediately submit their next request; this time, not just for the ability to bypass the number of attempts to unlock the phone (or to allow for entering passcode remotely, rather than from the touchscreen), but for a key to decrypt the entire content on the phone (not just content created using Apple’s own apps, but also for third-party apps and their content). And that will be the end of meaningful encryption on our computing devices; once iPhone is gone, everything else goes right behind it.

      1. Predrag, you may think I am naive but obviously, you are not following the story.

        There are two things going on here. The general concept that governments want a backdoor for themselves all the time. That ain’t gonna happen.

        The second is this one iPhone.

        TC is wrong in his letter because Apple can meet this request this one-time, and at other times in the future, without risking the privacy of their customers.

        This is just a PR stunt by Apple. Apple may have the money, but they don’t have the guns. Guns win all the time. The government knows it and our founding father’s knew it. Hence, the second amendment.

        It’s time you wake up to reality.

        1. You are clearly naïve. Or asleep. Or both.

          These two are most certainly NOT separate things. Precisely by making an effort to develop a customized iOS for the government, so that it will allow them to crack the passcode, Apple will essentially be allowing a colossal precedent to be set. Once courts approve the government’s request here, it will be literally impossible to deny government a request tomorrow for Apple to build a decryption tool for all the data on the iPhone. In the view of the law, there is no difference between the first and the second. Legal precedents are a big thing (just look at major ones throughout the American history, such as Plessy v. Ferguson, or Brown v. Board of Ed, or Roe v. Wade…) Once a court has ruled, and the ruling affirmed by the highest legal body in the country, it becomes the standard interpretation of the law of the land. Apple will no doubt pursue this to the SCOTUS if necessary, and once all has been exhausted, that final decision will determine whether our computing devices are actually secure or not.

          Your founding fathers (all of them, not just one) knew it, hence the first, fourth and fifth amendments (second really has nothing to do with this case, other than obliquely imply that the government may be oppressive). Any government, even in a democratic societies, will always try to expand its reach; this is in their nature. They will only stop when forced back. If anyone believes that the American government will consider this particular iPhone case a sui generis (a special, one-time case), well, they are clearly inexperienced and, as I said before, naïve.

          At least in America, there are ways and means to control government overreach. There are many countries in this world, some of them quite powerful, where government is omnipotent and unchallenged.

            1. You did:

              “TC is wrong in his letter because Apple can meet this request this one-time, and at other times in the future, without risking the privacy of their customers.”

              And this “one-time” request is for Apple to develop a customized version of iOS that will be different from the standard iOS in two features:

              1. There will be no limit, nor time-delay, for pass-code entry attempts;
              2. The pass-code can be entered via other means of input (such as via a computer, connected to the phone), instead of only via touch-screen.

              So, in order to meet this “one-time” request, Apple must develop this insecure version of iOS. Once it does, and it is available for “government use”, it immediately compromises security of all other iPhones, because there is no way Apple would be then able to prevent anyone (government, hackers, whomever) from installing this iOS onto your iPhone (other than you and your own guns…).

              Some posters need to keep track of what they are posting.

            2. Get your head out of the sand. No where did I say Apple would have to give it to the government. They may do it for the government, any 5th grader can read that, but they don’t have to give the “new iOS” to the government. Besides, it would not be a NEW iOS. (another mis-direction by TC – like I said, there are a lot of holes and un-truths in TC open letter but TC worshippers can’t see that).

              Again, you need to wake up and comprehend. This can be done without risking the security of anyone.

            3. As I said, you are clearly asleep (or naïve).

              Well, I had already quoted exactly what you said: that Apple should comply with the government’s request. And that request is that Apple develop a version of iOS that will have those two critical security features disabled. And yes, it is a version of iOS that they would need to develop, in order to deploy it to the iPhone in question.

              And you really need to wake up. You clearly believe this can be safely done “one-time”, just this phone, nothing else, really, but the moment that iOS has been developed, an FBI agent will appear at Apple HQ with a court-ordered warrant to hand over that iOS to the law enforcement. If you truly believe that this won’t happen, then you must be living on Mars and just landed on Earth fifteen minutes ago.

        2. Hoffbegone. Glad to know that you have the inside scoop on what Apple’s capabilities are. It’s really amazing that the iPhone didn’t get shot up in the melee.

          1. Thank you for having a head on your shoulder and comprehending what is am saying.

            There is one line of code to n iOS that compares the number of passcode tries to the number 10. All Apple has to do is change the number 10 to 999999+1 which will allow Apple or the Govt to try all the possible pass odes. If Apple does it and does not give the modified iOS to the Govt then everyone’s privacy settings s protected. Predrag is so full of himself that he can’t see this simply LE solution but instead makes strawman arguments or hears imaginary things.

    2. I see zero of what you say. Apple has always been about privacy of its customers. That’s why you will never see an employee of a store offer to back up any data on any of Apple’s owned equipment. In fact even if you tried the computers are setup in such a way that you would not be able to do it. That’s how strongly Apple feels about customer privacy. Tim Cook is totally right in this fight and the implications will be world wide if the US government keeps pushing this. It will be even easier for communist countries to take anyones data as they please if Apple loses this. All other companies who are acting so smug right now like Google will see there day come to as if this case is lost by Apple everyone loses which means everything on the internet will be free rain for the government as they choose. If you think Tim Cook is wrong, go ahead and let this happen. Not me.

      1. As long as our politicians are careless with their communications as Hillary was and probably still is, worrying about our privacy from communist countries is moot.

        Apple is not protecting us from our enemies and neither is our government. You need to wake up, also.

  6. “Absolutely not … about business model and marketing strategy”. OK, Tim. But it is about something even bigger, isn’t it?

    The Apple brand and its key values.

    Just what enables Apple to sell its products at around 40% gross margin, when all the competitors are recording losses? Yes the design, yes the build quality, yes the ease of use and ecosystem, but these are ultimately matters of degree. The real differentiator is bigger than the sum of these.

    While Steve was there it became confused with his personal aura, the “reality distortion field”, but Apple still has its magic dust, its unique brand values. And one of those is to provide for its customers the safest and most secure communications environment possible, the best in the world.

    The result of the manifestly incompetent US security authorities winning this fishing expedition is incalculable for Apple’s brand globally. Not sure I’d pay the 40% premium without at least the current level of security. There are a lot of adequate smartphones out there now!

    1. So, in cases involving terrorism, the Constitution does not apply? Should the government be able to snatch US citizen-suspects off American streets, torture them until they confess, and then execute them without trial? If you do not think that, then this comes down to a question of whether the order to Apple is legal. That is something that Apple is entitled to contest until there is a definitive final unappealable court decision supporting the Government position.

  7. So Apple suggested that access can be gained via iCloud backups, implying software may exist to decrypt and get to all data in the backup. This nulifies the entire section on never giving government access to iPhones. iPhone data is the same data as on the iCloud at the time of backup and includes ALL data, not just meta-data. So recent iPhone data may not be accessible if backups are infrequent. How many will backup their phones in he future? Only the dumb terrorists and lots of honest people that Apple wants to think their data is safe. Conclusion: only you can protect your own data by only using your Mac computer for backups and secure it from the government. Otherwise, risk having no backups and all iPhone protection turned on.

    1. I sense the conflicting statements from Apple as well. I think when everything is said and done we are going to discover that security and encryption is just a smoke screen PR stunt to make people believe their data is safe.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.