N.Y. prosecutor wants Apple to turn back security clock to 2013

A New York prosecutor tomorrow plans to urge Congress to write legislation that would require Apple to roll back iPhone security to the model of 2013's iOS 7, according to prepared testimony published today.

Cyrus Vance Jr., the District Attorney for New York County, will testify before the House Judiciary Committee tomorrow as one of three witnesses at a hearing to discuss encryption. The others include Bruce Sewell, Apple's general counsel, and Susan Landau, a professor of cybersecurity policy at the Worcester Polytechnic Institute in Worcester, Mass.

The hearing will be closely watched, as both Apple and the federal government -- the latter in the form of the Federal Bureau of Investigation (FBI) -- have suggested Congress discuss the long-term implications of last week's court order that would compel Apple to assist the FBI in gaining entry to an iPhone used by Syed Rizwan Farook.

Farook and his wife, Tafsheen Malik, killed 14 in San Bernardino, Calif. on Dec. 2, 2015 before they died in a shootout with police. The government has labeled the attack an act of terrorism.

Vance has been one of prosecutors most vocal in arguing that Apple should be forced to help not only the FBI, but law enforcement nationwide, to access locked iPhones.

"We want Apple, Google, and other technology companies to maintain their ability to access data at rest on phones pursuant to a neutral judge's court order," Vance wrote in the prepared remarks he will deliver at the House hearing.

Specifically, Vance wanted Apple to return to the security model it used through 2013's iOS 7. "We want smartphone makers to offer the same strong encryption that Apple employed before iOS 8," Vance said [emphasis added].

Vance has made the same arguments previously. In November, his office issued a report, On Smartphone Encryption and Public Safety that proposed Congress enact a statue that would require "any designer of an operating system for a smartphone or tablet manufactured, leased, or sold in the U.S. to ensure that data on its devices is accessible pursuant to a search warrant."

The prosecutor's beef with Apple resulted from the Cupertino, Calif. company's introduction of iOS 8 in September 2014. That edition, and its 2015 successor, iOS 9, encrypted all on-phone contents using a key created from entangling the user-created passcode -- the alphanumeric string of at least four characters used to unlock the phone's start screen -- with a cryptographic key unknown to Apple.

Apple has contended that without the passcode, it cannot unlock an iPhone running iOS 8 or later. A Feb. 16 court order would compel Apple to create a workaround -- essentially a heavily modified version of iOS that disables protections meant to prevent "brute force" password cracking -- and install it on Farook's iPhone 5C, which runs iOS 9.

Apple is contesting that order on several levels, including that the work it would be required to do would be an "undue burden."

According to Vance, his office now has 175 case-related iPhones that it cannot access because of the security baked into iOS 8 and later. And he wants the information on those devices.

"The real-world effect of all of this is that Apple's encryption policy frustrates the ability of law enforcement to prevent, investigate, and prosecute criminals," said Vance, who added that the cases run the gamut from attempted murder and sex trafficking to robbery and identity theft.

"Technology companies should not be able to dictate who can access key evidence in criminal investigations," Vance said near the end of his prepared testimony. "I do not believe Americans would want to cede this vast authority to private enterprise. That authority should rest with the people's elected officials. I urge Congress to enact a national solution."

Sewell's and Landau's prepared testimony has also been posted on the House House Judiciary Committee's website.

The committee will live-stream the hearing starting at 1 p.m. ET (10 a.m. PT).

IDG Insider


« Node.js 5.7 released ahead of impending OpenSSL updates


Google's self-driving car has caused its first accident »
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?