Should the FBI prevail in getting Apple to offer a backdoor for an encrypted iPhone, the agency may have trouble getting anyone to build it.
At least that’s the word from several current and former Apple employees—including security engineers—who
spoke anonymously to the New York Times. Some said they’re refuse to do the work, or quit their jobs if necessary, rather than create what they believe is a major security compromise for all users.
Apple is currently
appealing a U.S. District Court order to build a separate version of iOS that would allow the FBI to unlock one particular iPhone 5c. The FBI wants access to the phone of Syed Rizwan Farook, one of the shooters responsible for killing 14 people and injuring 22 others in San Bernadino last December. With iOS 8 and higher, unsuccessfully guessing the phone’s password too many times automatically erases the phone’s data, so the FBI wants Apple to load a separate version that allows unlimited brute force password attempts.
Apple has argued that this type of software can’t technically be limited to just one phone, and would therefore harm security for all users, because there’s no guarantee that the FBI could keep it from slipping into the wrong hands. Furthermore, the court’s order
creates a precedent that would allow the government to unlock any phone, and could compel other governments to issue their own backdoor demands. To date,
not a single security or cryptography expert has taken the Department of Justice’s side.
The Times mentions three employees in particular—though not by name—who have the expertise to create the government’s version of iOS if Apple exhausted all its legal options, but it’s unclear whether they are the ones that have vowed to resist the FBI’s demands. If those employees did walk away from the task, pulling replacements might be challenging, as Apple tends to compartmentalize its product development into highly-focused teams.
Career-wise, those employees who resisted would likely do just fine. Other tech firms might leap at the chance to hire security engineers with experience at Apple, and their unwillingness to sacrifice user security might be seen as a badge of honor.
Meanwhile, one former federal prosecutor speculated to the Times that Apple might not have to comply with the court order if it was unable to do so.
Why this matters: This is all an interesting thought experiment, but would only be a nuclear option and seems a bit far-fetched. After all, Apple itself has
described security as a never-ending battle against potential treats. If Apple lacked the necessary engineers to write an iPhone backdoor, it would also lack the necessary engineers to keep iOS secure in countless other ways. We can only hope this is a hill Apple engineers never have to die on.