ACLU Backs Apple, Explains How Hackers Would Exploit An FBI iPhone Backdoor

A pro-government decision in the legal dispute between Apple and the FBI could be just the beginning of the headaches for CEO Tim Cook and company. Indeed, building the type of software the FBI is requesting would almost certainly make Apple headquarters into a target for international hackers seeking to break iOS encryption, according to the American Civil Liberties Union.

The ACLU waded into the Apple vs. FBI legal dispute Wednesday by warning that a government order for the company to break its own encryption would be disastrous for millions of international users. The FBI is trying to force Apple to build new software capable of unlocking the iPhone 5c used by one of the two San Bernardino, California, shooters who killed 14 people during an early-December terror rampage and died in a shootout with police shortly after.

The government has portrayed it as a narrow request that would only unlock a single phone, while Apple and cybersecurity experts have warned that once that software exists, it instantly becomes a prize for criminal hacking groups.

In a conference call with reporters Wednesday, the ACLU shed more light on how a so-called surveillance backdoor could be exploited. Staff attorney Alex Abdo said the FBI is seeking to create a “legal backdoor” that would circumvent much of the legislative debate currently going on in Congress by setting a legal precedent.

“But just as important as this legal backdoor is the fact that if [the government] succeeds, Apple and other companies subject to these orders will begin to get hundreds or thousands of requests a year, and they’ll soon have to establish compliance divisions to comply with all the requests,” he said.

“One reason you’ve heard computer scientists and researchers say this is a disastrous idea is because the division in each company [that is] responsible for delivering malicious updates to its users is going to become the technological backdoor. That will be where foreign governments and malicious cyber actors focus their efforts. That division will become an irresistible target for malicious hackers,” Abdo said.

The ACLU plans to file an amicus brief on Apple’s behalf before the March 3 deadline, Abdo added, to outline the civil liberties group’s concerns with the case. They previously filed a brief on Apple’s behalf in the Eastern District Court of New York, where the U.S. Department of Justice has asked that Apple be forced to break the encryption on a phone used as part of a case against Jun Feng, a defendant who pleaded guilty to selling methamphetamine.

Judge James Orenstein, who has a record of pro-privacy decisions, is presiding over the case, though the status of the FBI request is unknown as the case remains under seal.

“The only other case we know about until the San Bernardino case was the one in New York,” Abdo said. “We filed an amicus brief in that case and Judge Orenstein politely told us ‘Apple has its own lawyers and I’ll wait to hear from them.’ But we’ve been following that case and plan to file an amicus brief in the San Bernardino case."

The ACLU is one of a number of rights groups that have backed Apple in the increasingly contentious legal battle against the FBI. Facebook founder Mark Zuckerberg, Google CEO Sundar Pichai, U.S. National Security Agency whistleblower Edward Snowden and a range of rights groups, including the Electronic Frontier Foundation and Amnesty International, have taken the same stance.

Conflicting opinion-poll figures released this week show the American public is divided pretty evenly on the issue.

The ACLU’s remarks came on the same day House Homeland Security Committee Chairman Michael McCaul, R-Texas, and Sen. Mark Warner, D-Va., a member of the Senate Intelligence Committee, announced they plan to unveil a bill next week meant to set up a commission on the issue. A bipartisan group of lawmakers, law enforcement officials and technology industry representatives would meet to discuss the best way to balance how to combat terrorist activities online and free speech in America.

“The 9/11 Commission is the model,” Warner said, adding that the commission means to publish a list of recommendations within six months. “We'd not be seeing this current litigation had Congress acted on this before … This could, in many ways, set the template for further congressional action and, hopefully, the next presidential administration.”

Hundreds of new apps are added to the Apple app store every day, the lawmakers said Wednesday in a conference at the Bipartisan Policy Center, and many of those programs are encrypted. “I think Congress has a responsibility to act on this,” McCaul said.