‘Cyber pathogen’ or ‘Pandora’s Box’? Officials’ war of words over San Bernardino iPhone

© Dado Ruvic
The San Bernardino district attorney said that the iPhone officials want Apple to decrypt may be harboring a “cyber pathogen,” but the UN human rights chief cautioned that unlocking the device may open “Pandora’s Box” and damage rights worldwide.

The seized iPhone belonged to Syed Rizwan Farook, who along with his wife is suspected of killing 14 people during a shooting spree in San Bernardino, California last year, and is at the center of an escalating battle between the Justice Department and Apple. The FBI wants the Cupertino-based company to help it bypass the phone’s encryption, while Apple is resisting over fears of violating privacy.

In a court filing dated Thursday and obtained by Ars Technica, San Bernardino County District Attorney Michael Ramos argued that not only may the iPhone hold key information about other potential co-conspirators in the shooting spree, but also that it may be home to malicious software that could damage county infrastructure.

"The iPhone is a county-owned telephone that may have connected to the San Bernardino County computer network,” the filing reads. “The seized iPhone may contain evidence that can only be found on the seized phone that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino's infrastructure.”

No other details about what kind of software may be stored on the iPhone were made available. The county itself said that it was the DA’s office alone that was responsible for the filing.

Later on Thursday, the DA’s office said it had “compelling governmental interest in acquiring any evidence of criminal conduct, additional perpetrators, [or] potential damage to the infrastructure of San Bernardino County.”

However, iPhone security expert Jonathan Zdziarski questioned the DA’s claim because "the world has never seen what he is describing coming from an iPhone.”On his blog, he also said no evidence has been presented indicating the network has been breached.

“Ramos’s statements are not only misleading to the court, but amount to blatant fear mongering,” he wrote. “They are designed to manipulate the court into making a ruling for the FBI, and in my opinion are egregious enough that Ramos should be held in contempt just for filing what amounts to a crazy apocalypse story.”

Meanwhile, the UN’s chief human rights official said Friday that US law enforcement officials need to use “great caution” in the case over the iPhone, as a successful ruling against Apple could potentially benefit authoritarian regimes.

“In order to address a security-related issue related to encryption in one case, the authorities risk unlocking a Pandora’s Box that could have extremely damaging implications for the human rights of many millions of people, including their physical and financial security,” said Zeid Ra’ad al-Hussein, the UN’s high commissioner for human rights.

Al-Hussein said the FBI deserves full support in its investigation of the shooting, but added that encryption isn’t only used by criminals. It is also used by human rights defenders, political dissidents, journalists and whistleblowers to protect freedom of expression.

A successful case against Apple “is potentially a gift to authoritarian regimes, as well as to criminal hackers,” he said. “There have already been a number of concerted efforts by authorities in other States to force IT and communications companies such as Google and Blackberry to expose their customers to mass surveillance.”

While the San Bernardino DA’s office is the first to mention that dangerous malware may be in the iPhone, the FBI has been less certain about what it may find. Testifying before Congress on February 21, FBI Director James Comey acknowledged that there is a “reasonably good chance that there is nothing of any value on the phone." Farook and his wife destroyed their personal phones during their shooting spree.

The FBI has also downplayed fears that Apple’s help in bypassing the phone’s encryption would establish a dangerous precedent.

"The code the judge has directed Apple to write works only on this one phone," Comey said at a House Intelligence Committee hearing last week.

For its part, Apple has argued that the law does not require companies to actually write software in order to help law enforcement break into devices. The company has also suggested it can’t write software for one device that wouldn’t affect all its products.

"There's probably more information stored on that iPhone than a thief could steal by breaking into your house,” Apple’s general counsel, Bruce Sewell, said at the same House hearing Comey was at last week. “The only way we know to protect that data is through strong encryption."