If Apple doesn’t comply with the court order requiring it to weaken the security on the San Bernardino shooter’s iPhone, it may be asked to hand over the source code to the entire operating system instead, the Department of Justice has implied.
In its formal legal rebuttal to Apple, the department addressed one of Apple’s key legal arguments: that forcing it to write the code, which would remove key security features from Syed Farook’s iPhone would be unduly burdensome.
The department wrote in a footnote to its filing: “The FBI cannot itself modify the software on Farook’s iPhone without access to the source code and Apple’s private electronic signature.
“The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labour by Apple programmers.”
Such an order would not be unprecedented. In August 2013, Lavabit, the secure email service used by NSA leaker Edward Snowden, abruptly shut down citing government interference. It later emerged that the FBI had attempted to force the site’s owner, Ladar Levison, to hand over the encryption keys for his email service so that they could monitor any emails sent by Snowden. Levison refused and was sanctioned for contempt of court as a result.
In its filing regarding Apple, the US government cited the precedent set by Lavabit.
Possession of Apple’s private key wouldn’t just allow the FBI to modify Farook’s iPhone. It would also make it possible for the organisation to write new versions of iOS in future cases, and deliver them in other ways. For instance, if the FBI were able to intercept the net connection of a target (known as a “man in the middle” attack), with Apple’s private key it could plausibly push an update that looked like a real software release from the company.