Apple Encryption Fight Could Escalate With Demand for 'Source Code'

The latest filing in the legal war between the planet’s most powerful government and its most valuable company gave one indication of how the high-stakes confrontation could escalate even further.

In what observers of the case called a carefully calibrated threat, the US Justice Department last week suggested that it would be willing to demand that Apple turn over the “source code” that underlies its products as well as the so-called “signing key” that validates software as coming from Apple.

Together, those two things would give the government the power to develop its own spying software and trick any iPhone into installing it. Eventually, anyone using an Apple device would be unable to tell whether they were using the real thing or a version that had been altered by officials to be used as a spy tool.

Technology and security experts said that if the US government was able to obtain Apple’s source code with a conventional court order, other governments would demand equal rights to do the same thing.

“We think that would be pretty terrible,” said Joseph Lorenzo Hall, chief technologist at the nonprofit Center for Democracy & Technology.

The battle between Apple and the US Justice Department has been raging since the government in February obtained a court order demanding that Apple write new software to help law enforcement officials unlock an iPhone associated with one of the shooters in the December attack in San Bernardino, California that killed 14 people.

Apple is fighting the order, arguing that complying with the request would weaken the security of all iPhones and create an open-ended precedent for judges to make demands of private companies.

The Justice Department’s comments about source code and signing keys came in a footnote to a filing last week in which it rejected Apple’s arguments. Apple’s response to the DOJ brief is expected on Tuesday.

(Also see:  Apple in a ‘Fight of Its Own Making’, Says US DoJ)

Justice Department lawyers said in the brief that they had refrained from pursuing the iOS source code and signing key because they thought “such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labour by Apple.”

The footnote evoked what some lawyers familiar with the case call a “nuclear option,” seeking the power to demand and use the most prized assets of lucrative technology companies.

A person close to the government’s side told Reuters that the Justice Department does not intend to press the argument that it could seize the company’s code, and someone on Apple’s side said the company isn’t worried enough to counter the veiled threat in its brief due Tuesday.

But many people expect the iPhone matter to reach the US Supreme Court, and thus even fallback legal strategies are drawing close scrutiny.

Odds of success unclear
There is little clarity on whether a government demand for source code would succeed.

Perhaps the closest parallel was in a case filed by federal prosecutors against Lavabit LLC, a privacy-oriented email service used by Edward Snowden. In trying to recover Snowden’s unencrypted mail from the company, which did not keep Snowden’s cryptographic key, the Justice Department got a court order forcing the company to turn over another key instead, one that would allow officials to impersonate the company’s website and intercept all interactions with its users.

“Lavabit must provide any and all information necessary to decrypt the content, including, but not limited to public and private keys and algorithms,” the lower court ruled.

Lavabit shut down rather than comply. But company lawyer Jesse Binnall said the Fourth Circuit Court of Appeals, which upheld the lower ruling, did so on procedural grounds, so that the Justice Department’s win would not influence much elsewhere.

In any case, full source code would be even more valuable than the traffic key in the Lavabit case, and the industry would go to extreme lengths to fight for it, Binnall said.

“That really is the keys to the kingdom,” Binnall said.

Source code is sometimes inspected during lawsuits over intellectual property, and the Justice Department noted that Apple won permission to review some of rival Samsung’s code in one such case. In that case and similar battles, the code is produced with strict rules to prevent copying.

No cases brought by the government have led to that sort of code production, or at least none that have come to light.

But intelligence agencies operate under different rules and have wide latitude overseas. Some advanced espionage programs attributed to the United States used digital certificates that were stolen from Taiwanese companies, though not full programs.

US software code may have been sought in other cases, such as investigations relying on the Patriot Act or the Foreign Intelligence Surveillance Act (FISA), which applies within American borders.

Several people who have argued before the special FISA court or are familiar with some of its cases say they know of no time that the government has sought source code.

[“source-ndtv”]

Categorized in: