On Thursday, Apple filed a legal response to the court order directing it to build a back door on a terrorist’s iPhone for the FBI.
The filing includes testimony from Erik Neuenschwander, manager of user privacy at Apple.
It’s the best look Apple has provided at what it would have to do on a technical basis to give the FBI access to the encrypted data on Syed Farook’s iPhone 5C.
Apple CEO Tim Cook called what the FBI wants the “software equivalent of cancer.” Neuenschwander, who says he would be the head of the project if Apple ends up losing the case, calls this custom software “GovtOS.”
If the FBI wins, here’s what Apple would have to do:
GovtOS would run in RAM and would “not modify the operating system on the actual phone.”
To recap: the FBI wants custom software that would both bypass the “erase data” function — which wipes the phone after 10 missed passcodes attempts — and enable the FBI to plug in passcodes electronically as opposed to manually.
According to Neuenschwander, this software would not actually replace the original OS, but instead would operate in the phone’s temporary memory.
GovtOS would need to be cryptographically signed by Apple — which means that Apple needs to include a closely-guarded code that tells the device it’s a “legitimate Apple Product.”
The cryptographic signature is something only Apple could do — while there is code that bypass the iPhone lockscreen out in the wild, modern iPhones won’t accept them unless they’re signed by Apple itself.
Apple believes GovtOS would require “between six and 10 Apple engineers and employees” working for a month.
Neuenschwander isn’t sure how long creating GovtOS would take, although he estimates it could take between two and four weeks.
This group he would need to build GovtOS would include “two engineers from Apple’s core operating system group, a quality assurance engineer, a project manager, and either a document writer or a tool writer.”
Of course, Apple couldn’t trust new employees to perform these tasks.
Apple wouldn’t be able to just remove a few lines of codes from an existing version of iOS. GovtOS would require extensive work and testing, especially to implement the demand that it needs to be able to input passcodes electronically.
Neuenschwander says that GovtOS would require a “communications protocol that would also have to be designed.”
Plus, as every engineer knows, after building the software, Apple would need to prepare detailed documentation — basically, a user manual — for the FBI.
Neuenschwander points out the entire development process would be documented and might eventually become public record because Apple could be challenged in court.
Given Apple’s penchant for secrecy, having its development processes in the public record is a undesirable possibility. Apple also argues that even if GovtOS was deleted forever, the records of how it was created, which likely would be included as evidence, would act as a “roadmap to Apple’s methodology.”
Apple would do a rigorous quality assurance testing process to ensure that “GovtOS functions as required by the government’s request.”
A bug could be significantly more catastrophic than an iTunes glitch: Apple points out that if it screws up in the construction of GovtOS, damage to the encrypted data on Farook’s iPhone could be irreversible.
Neuenschwander says that the installation of GovtOS onto Farook’s iPhone will “need to be done at an Apple facility.”
The FBI also wants Apple to install GovtOS on Farook’s iPhone.
The justification Neuenschwander provides is that GovtOS is not intended to run on devices out in the wild, and if they simply handed the code over to the government, the government would be the institution in charge of making sure the code never gets out into the wild.
Remember the federal government has had digital security issues in the past, such as the OPM breach.
If Apple started to receive multiple valid government requests to repeat the GovtOS development process, then the “burden on Apple will increase significantly.”
In the event that the FBI finishes brute-forcing passcodes on Farook’s iPhone, Apple would restart the device so GovtOS would be wiped from its memory.
But if the San Bernardino case becomes precedent, then Apple would need to repeat the development and QA process for each request that will likely follow on this case’s heels, or figure out a way to store and keep secure the code that comprises GovtOS.
That possibility is one of the key reasons why Apple is fighting this case with such vigour.
Here’s the full Apple motion to dismiss filed on Thursday:
Business Insider Emails & Alerts
Site highlights each day to your inbox.