Apple engineers could walk away from FBI’s iPhone demands

Current and former Apple employees say they’d rather quit than make the iPhone more vulnerable to attack.

Should the FBI prevail in getting Apple to offer a backdoor for an encrypted iPhone, the agency may have trouble getting anyone to build it.

At least that’s the word from several current and former Apple employees—including security engineers—who spoke anonymously to the New York Times. Some said they’re refuse to do the work, or quit their jobs if necessary, rather than create what they believe is a major security compromise for all users.

Apple is currently appealing a U.S. District Court order to build a separate version of iOS that would allow the FBI to unlock one particular iPhone 5c. The FBI wants access to the phone of Syed Rizwan Farook, one of the shooters responsible for killing 14 people and injuring 22 others in San Bernadino last December. With iOS 8 and higher, unsuccessfully guessing the phone’s password too many times automatically erases the phone’s data, so the FBI wants Apple to load a separate version that allows unlimited brute force password attempts.

Apple has argued that this type of software can’t technically be limited to just one phone, and would therefore harm security for all users, because there’s no guarantee that the FBI could keep it from slipping into the wrong hands. Furthermore, the court’s order creates a precedent that would allow the government to unlock any phone, and could compel other governments to issue their own backdoor demands. To date, not a single security or cryptography expert has taken the Department of Justice’s side.

The Times mentions three employees in particular—though not by name—who have the expertise to create the government’s version of iOS if Apple exhausted all its legal options, but it’s unclear whether they are the ones that have vowed to resist the FBI’s demands. If those employees did walk away from the task, pulling replacements might be challenging, as Apple tends to compartmentalize its product development into highly-focused teams.

Career-wise, those employees who resisted would likely do just fine. Other tech firms might leap at the chance to hire security engineers with experience at Apple, and their unwillingness to sacrifice user security might be seen as a badge of honor.

Meanwhile, one former federal prosecutor speculated to the Times that Apple might not have to comply with the court order if it was unable to do so.

Why this matters: This is all an interesting thought experiment, but would only be a nuclear option and seems a bit far-fetched. After all, Apple itself has described security as a never-ending battle against potential treats. If Apple lacked the necessary engineers to write an iPhone backdoor, it would also lack the necessary engineers to keep iOS secure in countless other ways. We can only hope this is a hill Apple engineers never have to die on.

Join the CSO newsletter!

Error: Please check your email address.

Tags Apple

More about AppleDepartment of JusticeFBI

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jared Newman

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place