IPhone encryption developers may quit Apple if they are ordered to work with the FBI

Original author: John Markoff, Katie Benner, Brian X. Chen
  • Transfer

Apple headquarters in Cupertino, California

If the FBI wins the lawsuit and forces Apple to remove the protection of the iPhone, the agency may face another obstacle: these are the developers.

Apple employees are now discussing what to do if an order is received to help law enforcement. Some claim that they will refuse to comply with such an order, while others say that they would rather quit a well-paid job than destroy the security of the software that they themselves created.

This opinion is expressed by almost a dozen NYTimes interviewed programmers involved in the development of mobile systems and security systems, as well as former security system developers and management representatives.

Possible employee resistance adds to the open public confrontation between Apple, the most expensive company in the world, and the US authorities for accessing the iPhone smartphone of one of the criminals who took part in the mass shooting of citizens in San Bernardino.

It also directly confirms the arguments that Apple cited in court documents that the government’s demands infringe on freedom of speech when a company must force people to do what they consider disgusting.

“Such coercion fundamentally contradicts Apple’s core principles and poses a serious threat to the autonomy of the company and its engineers,” Apple’s lawyers wrote in a final summary to the California Central District District Court.

Employee concerns also show Apple's corporate culture. Despite the outward attributes of Silicon Valley's wealth, this culture is still based on opposing the establishment - a principle that founders Steven Jobs and Steve Wozniak established decades ago.

“It's an independent, rebellious culture,” said Jean-Louis Gassée, a venture investor who used to work as a development manager at Apple. “If the government tries to force them to testify or require some action from these developers, good luck with that.”

Tim Cook, chief executive of Apple, made it clear last month how employees can respond to such coercion in an open letter to users : “The same engineers who created strong iPhone encryption to protect our users will now be ordered to weaken this protection and degrade security".

Fear of losing a salary is not particularly relevant for security professionals who work at Apple, because the demand for such professionals is very high. In the end, hiring them might be a matter of honor for IT companies that share Apple’s skepticism about the government’s intentions.

“If someone tries to get them to work on something that is against their personal values, they can look for a better place to work,” said Window Snyder, Fastly’s security director for startup and former senior security manager at Apple’s security division. and confidential data.

Apple informed a court last month that it would take 6 to 10 engineers a month to meet the authorities’ requirements. However, since the staff is divided, the creation of the so-called "GovtOS" will be much more difficult if key employees refuse to work.

Within Apple, different development teams collaborate poorly with each other - for example, hardware engineers usually do not work in the same office as programmers.

When a company is close to launching a product, key employees from different teams come together to put the finishing touches, such as fixing bugs, security audits and final polishing of the appearance and functionality of the software.

A similar process will have to be launched to develop the program at the request of the FBI. It will take the participation of a number of programmers with technical experience in writing highly secure software - including those people who have developed Apple's security system over the past ten years.

Such a team does not exist now, and Apple has no intention of creating it until it is required to do so by law. But Apple employees say they already have an idea who exactly should be part of this hypothetical team.

Firstly, the programmer who developed the software for the iPhone, iPad and Apple TV. This programmer used to work for an aerospace company. Another is a leading quality control engineer who is described as an “bug catcher” expert with experience testing Apple products starting with the iPod. The third is likely to be a specialist in the security architecture of the iPhone, Mac, and Apple TV operating systems.

“In a hierarchy of civil disobedience, asking a software engineer to endanger users is a worse evil than professional disobedience,” says Marc Rotenberg, executive director of the Electronic Privacy Information Center. “It's like asking a doctor to prescribe a deadly medicine.”

There are other ways to resist employees other than dismissal, such as absenteeism. Now this is a purely theoretical discussion. It may take a long time before the employees have to make a choice, the legal process can drag on for a long time.

Those representatives of the technology industry who are involved in information security have a particularly strong “healthy paranoia”, for them topics such as data encryption are much more critical and important than for others, said Arian Evans, vice president of RiskIQ, which specializes in security systems on the Internet. But their determination may fade if a lot of money comes at stake, he said.

"If - and this is a big" if "- every Apple engineer who can write such code will quit, and another big" if ", Apple will be able to prove to the court the absence of such programmers, then the company has the right not to comply with the court’s request," Joseph explained Demarco (Joseph DeMarco), former federal prosecutor. “It's like asking my lawn mower to write the code.”

Joseph Demarco advocated for law enforcement in support of the Ministry of Justice. He also noted that if programmers refuse to comply with the order instead of directly quitting, "then, I think, the court will have more reason to accuse Apple of disrespect."

In addition to being accused of disrespect, cryptography specialist Riana Pfefferkorn from the Stanford Center for Internet and Society says the company may be liable to a daily fine if the judge decides that Apple is delaying the execution of the court decision.

The US government already has experience of reprisals against technology companies. Not so long ago, the court imposed a daily fine of $ 10,000 on a small secure email provider, Lavabit, when he refused to give encryption keys to investigators in the case of Edward Snowden, the owner of the mailbox Ed_Snowden@lavabit.com.

The small company’s response to the demands of the authorities shows how individual employees can respond to such an order. When they started to put pressure on Lavabit, its owner chose to close the company and destroy the encryption keys,but disobey the government .

Also popular now: