Apple spells out what it would take to comply with government's iPhone order
In a motion filed Friday with a California court, Apple ticked off several constitutional arguments against helping the FBI break into the iPhone used by Syed Rizwan Farook, who along with his wife, Tafsheen Malik, killed 14 in San Bernardino, Calif., on Dec. 2, 2015, before they died in a shootout with police.
But it also directly addressed the concept of "undue burden."
Case law has established that the All Writs Act -- the 1789 legislation cited by the government for forcing Apple to comply -- can be used only when an order does "not adversely affect the basic interests of the third party or impose an undue burden." Apple seized on that language to describe what it would take to assist the FBI.
"No operating system currently exists that can accomplish what the government wants, and any effort to create one will require that Apple write new code, not just disable existing code functionality," Apple said in its motion. "Experienced Apple engineers would have to design, create, test, and validate the compromised operating system, using a hyper-secure isolation room within which to do it, and then deploy and supervise its operation by the FBI to brute force crack the phone's passcode."
That task -- creating a specialized version of iOS that would run only in the target iPhone's RAM -- would be a chore, Apple said as it estimated what it would take to complete.
"I would estimate that the design, creation, validation, and deployment of GovtOS would necessitate between six and ten Apple engineers and employees dedicating a very substantial portion of their time for two weeks at a minimum, and likely as many as four weeks," said Erik Neuenschwander, Apple's manager of privacy, in a declaration filed alongside his firm's motion. Neuenschwander would be the one in charge of planning the project if it were required.
"GovtOS" was the moniker Neuenschwander stuck on the one-of-a-kind modified iOS that would be produced.
In his declaration, Neuenschwander gave a glimpse of Apple's usual development process, which he said would be followed for GovtOS to ensure it worked properly and didn't disturb any of the data currently on the iPhone. All work would have to be logged, recorded and preserved, he said, in case Apple's methodology was later questioned in court.
"Once GovtOS is created, Apple will need to set up a secure, isolated physical facility where the FBI's passcode testing can be conducted without interfering with the investigation or disrupting Apple's operations," added Neuenschwander.
Some of Neuenschwander's declaration was devoted to commentary about not only this instance, but the potential of repeated demands by the government if the order was granted and then cited in subsequent cases. That commentary was similar to arguments Apple had made previously, and in the Friday motion, that although the FBI has characterized the assistance as a one-time deal, Apple will probably have to comply with scores, even hundreds, of similar orders related to other cases, most of them involving not terrorism, but run-of-the-mill criminal investigations of drug dealers, purveyors of child pornography, and the like.
The government has demanded Apple's assistance in at least 12 cases since September, but court records show that many more, some of them languishing for over a year, have been submitted.
In one of the latter cases, an agent with the Department of Homeland Security working in Sioux Falls, SD, asserted that Apple already has a logjam of requests. "I know based on my experience that Apple has a backlog of 9 to 12 months for password bypasses," said Special Agent Craig Scherer in a Feb. 16 deposition in a case involving trafficking in methamphetamine.
"If this order is permitted to stand, it will only be a matter of days before some other prosecutor, in some other important case, before some other judge, seeks a similar order using this case as precedent," Apple's lawyers wrote in their Friday motion. "Once the floodgates open, they cannot be closed, and the device security that Apple has worked so tirelessly to achieve will be unwound without so much as a congressional vote."
Neuenschwander echoed that.
"Given the complexity of designing, creating, validating, deploying, and eradicating a bespoke operating system such as the government demands, the burden on Apple will increase significantly as the number of requests to Apple increase," he said. "Each such commissioned operating system will need to be tailored to the specific combination of hardware and operating system running on the relevant device."