US government still pressing Apple for iPhone backdoor

US government still pressing Apple for iPhone backdoor

Image:
US government still pressing Apple for iPhone backdoor

A bill that could make it a legal requirement for Apple to build a data backdoor into iPhones is circulating in the US Senate.

Originally called 'The Lawful Access to Encrypted Data Act', Judiciary Committee Chairman Lindsey Graham, and Senators Tom Cotton and Marsha Blackburn, introduced the bill [pdf] in July 2020.

While it didn't proceed as far as a vote then, it is possible that the bill's provisions could become law through inclusion in another bill.

'It is common for legislative text to be introduced concurrently in multiple bills (called companion bills), re-introduced in subsequent sessions of Congress in new bills, or added to larger bills (sometimes called omnibus bills),' according to Govtrack website.

The senators who introduced the bill last year said its aim was to strengthen national security interests and to better protect communities across the country.

The bill proposes that a device manufacturer, when presented with a search warrant, will assist law enforcement officials in accessing the data from the device.

That requirement is in line with existing legislation, where companies are required to assist in data access for lawful purposes.

What makes the Lawful Access bill different is that it also proposes making it a legal requirement for any tech firm selling more than one million device units in the USA to build a backdoor into its devices. Security services could then use that backdoor to unlock devices and access data.

Such a step would be a significant move away from the current situation, where firms can decline to unlock a device if they don't have the means to do so.

If enacted, the bill would force companies like Apple to build a way of accessing user data into devices they sell and cloud services they operate.

If the bill were to pass into law, it would mean that companies would no longer be able to choose to make it impossible (or close to it) to unlock someone else's device.

The only exception is when it is technically impossible access the device due to the 'independent actions of an unaffiliated entity' - if the user has set up additional third-party protections, for example.

The debate over encryption and lawful access to data has been ongoing for several years. In 2016, the US government tried to force Apple to create a backdoor into iPhone software, in a move that both Apple and privacy advocates opposed.

The order was made to enable US law enforcement agencies to access the data on the iPhone of the San Bernardino gunman, Syed Farook.

Apple CEO Tim Cook vowed to fight the government's order, warning that it would set a dangerous precedent that would undermine the privacy of all iPhone users - not just in the USA, but around the world.

Experts have frequently warned that there is no way for Apple - or other companies - to create a backdoor that criminals could not exploit.

More recently, however, Apple has been accused of softening its stance on protecting users' privacy, especially following its announcement of the iPhoto CSAM scanning feature in its devices.

Apple announced earlier this month that its upcoming versions of iOS and iPadOS would be equipped with 'new applications of cryptography' - enabling the company to identify child sexual abuse material (CSAM) images as they are uploaded to iCloud Photos.

More than 5,000 individuals and organisations have signed an open letter urging the company to rethink its decision. They warned that the photo-scanning feature amounts to creating a backdoor in Apple's software, which threat actors could use.

The Electronic Frontier Foundation (EEF) said that Apple was actually 'opening the door to broader abuses', while the Center for Democracy and Technology noted that the changes 'mark a significant departure' from Apple's long-held privacy and security protocols.