Apple Fights Order to Unlock San Bernardino Gunman’s iPhone
By KATIE BENNER and ERIC LICHTBLAU

SAN FRANCISCO — Apple said on Wednesday that it would oppose and challenge a federal court order to help the F.B.I. unlock an iPhone used by one of the two attackers who killed 14 people in San Bernardino, Calif., in December.

On Tuesday, in a significant victory for the government, Magistrate Judge Sheri Pym of the Federal District Court for the District of Central California ordered Apple to bypass security functions on an iPhone 5c used by Syed Rizwan Farook, who was killed by the police along with his wife, Tashfeen Malik, after they attacked Mr. Farook’s co-workers at a holiday gathering.

Judge Pym ordered Apple to build special software that would essentially act as a skeleton key capable of unlocking the phone.

But hours later, in a statement by its chief executive, Timothy D. Cook, Apple announced its refusal to comply. The move sets up a legal showdown between the company, which says it is eager to protect the privacy of its customers, and the law enforcement authorities, who say that new encryption technologies hamper their ability to prevent and solve crime.

In his statement, Mr. Cook called the court order an “unprecedented step” by the federal government. “We oppose this order, which has implications far beyond the legal case at hand,” he wrote.

Asked about Apple’s resistance, the Justice Department pointed to a statement by Eileen M. Decker, the United States attorney for the Central District of California: “We have made a solemn commitment to the victims and their families that we will leave no stone unturned as we gather as much information and evidence as possible. These victims and families deserve nothing less.”

The F.B.I. said that its experts had been unable to access data on Mr. Farook’s iPhone, and that only Apple could bypass its security features. F.B.I. experts have said they risk losing the data permanently after 10 failed attempts to enter the password because of the phone’s security features.

The Justice Department had secured a search warrant for the phone, owned by Mr. Farook’s former employer, the San Bernardino County Department of Public Health, which consented to the search.

Because Apple declined to voluntarily provide, in essence, the “keys” to its encryption technology, federal prosecutors said they saw little choice but to get a judge to compel Apple’s assistance.

Mr. Cook said the order would amount to creating a “back door” to bypass Apple’s strong encryption standards — “something we simply do not have, and something we consider too dangerous to create.”

In 2014, Apple and Google — whose operating systems are used in 96 percent of smartphones worldwide — announced that they had re-engineered their software with “full disk” encryption, and could no longer unlock their own products as a result.

That set up a confrontation with police and prosecutors, who want the companies to build, in essence, a master key that can be used to get around the encryption. The technology companies say that creating such a key would have disastrous consequences for privacy.

“The F.B.I. may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a back door,” Mr. Cook wrote. “And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”

An Apple spokeswoman declined to elaborate on the statement, but the company’s most likely next step is to file an appeal.

The legal issues are complicated. They involve statutory interpretation, rather than constitutional rights, and they could end up before the Supreme Court.

As Apple noted, the F.B.I., instead of asking Congress to pass legislation resolving the encryption fight, has proposed what appears to be a novel reading of the All Writs Act of 1789.

The law lets judges “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”

The government says the law gives broad latitude to judges to require “third parties” to execute court orders. It has cited, among other cases, a 1977 ruling requiring phone companies to help set up a pen register, a device that records all numbers called from a particular phone line.

Apple, in turn, argues that the scope of the act has strict limits. In 2005, a federal magistrate judge rejected the argument that the law could be used to compel a telecommunications provider to allow real-time tracking of a cellphone without a search warrant.

Marc J. Zwillinger, a lawyer for Apple, wrote in a letter for a related case in October that the All Writs Act could not be interpreted to “force a company to take possession of a device outside of its possession or control and perform services on that device, particularly where the company does not perform such services as part of its business and there may be alternative means of obtaining the requested information available to the government.”

The government says it does not have those alternative means.

Mr. Cook’s statement called the government’s demands “chilling.”

He added: “If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”

The Electronic Frontier Foundation, a nonprofit organization that defends digital rights, said it was siding with Apple.

“The government is asking Apple to create a master key so that it can open a single phone,” it said Tuesday evening. “And once that master key is created, we’re certain that our government will ask for it again and again, for other phones, and turn this power against any software or device that has the audacity to offer strong security.”

The San Bernardino case is the most prominent such case, but it is not the first.

Last October, James Orenstein, a federal magistrate judge in Brooklyn, expressed doubts about whether he could require Apple to disable its latest iPhone security features, citing the failure of Congress to resolve the issue despite the urging of the Justice Department.

The judge said such requests should fall under a different law, the Communications Assistance for Law Enforcement Act of 1994, which covers telecommunications and broadband companies.

Congress has been debating whether to amend that act to include technology companies like Apple, Facebook and Google, and Judge Orenstein said he would consider ordering Apple to unlock the phone when and if Congress makes the change. That case is still pending.

Although Apple is portraying its opposition to Judge Pym’s order as a principled defense of privacy, one of its motivations is the preservation of its reputation for robust encryption, at a time of rising concerns about identity theft, cybercrime and electronic surveillance by intelligence agencies and overzealous law enforcement agencies.

Apple also says that a master key would amount to a vulnerability that hackers could exploit.

China is watching the dispute closely. Analysts say that the Chinese government does take cues from the United States when it comes to encryption regulations, and that it would most likely demand that multinational companies provide accommodations similar to those in the United States.

Last year, Beijing backed off several proposals that would have mandated that foreign firms provide encryption keys for devices sold in China after heavy pressure from foreign trade groups. Nonetheless, a Chinese antiterrorism law passed in December required foreign firms to hand over technical information and to aid with decryption when the police demand it in terrorism-related cases.

While it is still not clear how the law might be carried out, it is possible a push from American law enforcement agencies to unlock iPhones would embolden Beijing to demand the same. China would also most likely push to acquire any technology that would allow it to unlock iPhones. Just after Apple introduced tougher encryption standards in 2014, Apple users in China were targeted by an attack that sought to obtain login information from iCloud users.

拒解鎖槍擊案槍手iPhone 蘋果槓法官

美國聯邦地區法院一名法官下令蘋果公司協助聯邦調查局（FBI）解鎖加州聖伯納地諾槍擊案槍手法魯克使用的iPhone手機，遭到蘋果執行長庫克拒絕。庫克表示，法院要求蘋果創建解鎖軟體的風險太高，可能讓心懷不軌的人解開任何一支iPhone。

庫克在官網發表聲明：「美國政府要求蘋果公司採取空前的舉措，而這將威脅我們顧客的安全。我們反對這項命令，其影響遠超過目前正在處理的法律案件。」

加州中部地區的聯邦地區法院法官雪莉．皮姆命令蘋果公司提供FBI「合理的技術協助」，以便解鎖法魯克的iPhone 5C手機。她下令蘋果建立能用於解鎖的特殊軟體。

法魯克和妻子瑪麗克去年12月在聖伯納地諾一場派對上槍殺14人後被警方追捕擊斃。聯邦調查局認定此案為恐怖攻擊，兩人可能與伊斯蘭國有關。檢察官表示，法魯克使用的手機可能提供作案前的通聯資訊。

調查人員多次嘗試解鎖這支手機的密碼，都未成功，生怕嘗試10次後，手機內的資料會自動消除。

從2014年9月起，新款iPhone手機內的資料，例如簡訊和照片，都已自動加密。手機若上鎖，只有用戶的密碼能取得這些資料。若輸入10次錯誤的密碼，手機將自動把資料全部刪除。

蘋果表示，連蘋果員工都無法取得這些資料，這是在史諾登揭露政府偵監行動後，蘋果採取的措施。

FBI要求蘋果做兩件事：第一，改變法魯克的iPhone，讓調查人員能無限制嘗試輸入密碼，而不致使資料被消除；第二，要求蘋果協助快速嘗試各種密碼組合，不需要一一嘗試。

調查人員想用破解密碼的「暴力攻擊法」（brute force attack），利用程式來嘗試各種密碼組合，達到快速解碼的目的。

法魯克使用四個數字的密碼，意味有一萬種不同的組合。

庫克表示，FBI的要求，創下「危險的先例」，「FBI要求我們創造新版的iPhone作業系統，繞過一些重要的安全功能，並安裝在調查期間找到的一支iPhone上。」他說，法院的命令要求蘋果創造繞過加密標準的「後門」，「我們目前沒有，而且認為太危險。」

庫克說：「政府要求蘋果駭入我們自己的用戶，破壞幾十年來保護用戶的先進安全措施。」

他說：「反對法院命令不是小事，我們感到，在面對政府過分要求時，我們必須說出來。」

蘋果和其他科技公司表示，為產品的安全功能開「後門」，方便政府調查，但也會被中國大陸、伊朗、俄國或北韓的駭客利用。

原文參照：
http://www.nytimes.com/2016/02/18/technology/apple-timothy-cook-fbi-san-bernardino.html

紐約時報中文版翻譯：
http://cn.nytimes.com/technology/20160218/c18appleletter/zh-hant/

2016-02-18．聯合報．A13．國際．編譯田思怡