N.Y. prosecutor wants Apple to turn back security clock to 2013

29.02.2016
A New York prosecutor tomorrow plans to urge Congress to write legislation that would require Apple to roll back iPhone security to the model of 2013's iOS 7, according to prepared testimony published today.

Cyrus Vance Jr., the District Attorney for New York County, will testify before the House Judiciary Committee tomorrow as one of three witnesses at a hearing to discuss encryption. The others include Bruce Sewell, Apple's general counsel, and Susan Landau, a professor of cybersecurity policy at the Worcester Polytechnic Institute in Worcester, Mass.

The hearing will be closely watched, as both Apple and the federal government -- the latter in the form of the Federal Bureau of Investigation (FBI) -- have suggested Congress discuss the long-term implications of last week's court order that would compel Apple to assist the FBI in gaining entry to an iPhone used by Syed Rizwan Farook.

Farook and his wife, Tafsheen Malik, killed 14 in San Bernardino, Calif. on Dec. 2, 2015 before they died in a shootout with police. The government has labeled the attack an act of terrorism.

Vance has been one of prosecutors most vocal in arguing that Apple should be forced to help not only the FBI, but law enforcement nationwide, to access locked iPhones.

"We want Apple, Google, and other technology companies to maintain their ability to access data at rest on phones pursuant to a neutral judge's court order," Vance wrote in the prepared remarks he will deliver at the House hearing.

Specifically, Vance wanted Apple to return to the security model it used through 2013's iOS 7. "We want smartphone makers to offer the same strong encryption that Apple employed before iOS 8," Vance said [emphasis added].

Vance has made the same arguments previously. In November, his office issued a report, On Smartphone Encryption and Public Safety that proposed Congress enact a statue that would require "any designer of an operating system for a smartphone or tablet manufactured, leased, or sold in the U.S. to ensure that data on its devices is accessible pursuant to a search warrant."

The prosecutor's beef with Apple resulted from the Cupertino, Calif. company's introduction of iOS 8 in September 2014. That edition, and its 2015 successor, iOS 9, encrypted all on-phone contents using a key created from entangling the user-created passcode -- the alphanumeric string of at least four characters used to unlock the phone's start screen -- with a cryptographic key unknown to Apple.

Apple has contended that without the passcode, it cannot unlock an iPhone running iOS 8 or later. A Feb. 16 court order would compel Apple to create a workaround -- essentially a heavily modified version of iOS that disables protections meant to prevent "brute force" password cracking -- and install it on Farook's iPhone 5C, which runs iOS 9.

Apple is contesting that order on several levels, including that the work it would be required to do would be an "undue burden."

According to Vance, his office now has 175 case-related iPhones that it cannot access because of the security baked into iOS 8 and later. And he wants the information on those devices.

"The real-world effect of all of this is that Apple's encryption policy frustrates the ability of law enforcement to prevent, investigate, and prosecute criminals," said Vance, who added that the cases run the gamut from attempted murder and sex trafficking to robbery and identity theft.

"Technology companies should not be able to dictate who can access key evidence in criminal investigations," Vance said near the end of his prepared testimony. "I do not believe Americans would want to cede this vast authority to private enterprise. That authority should rest with the people's elected officials. I urge Congress to enact a national solution."

Sewell's and Landau's prepared testimony has also been posted on the House House Judiciary Committee's website.

The committee will live-stream the hearing starting at 1 p.m. ET (10 a.m. PT).

(www.computerworld.com)

Gregg Keizer