2. The government wants Apple to exploit a security vulnerability built in to older iPhones. Theres a lot of public discussion about whether the order would require Apple to create a backdoor into the iPhone. I think its probably more accurate to say that this particular model phone, the iPhone 5C, has a built-in security weakness depending on how you define the term, a kind of backdoor already. The governments order would require Apple to exploit the potential backdoor in Apples design. Importantly, though, Apple redesigned its phones after the iPhone 5C
to close this potential backdoor [but see update below]. Later phones, starting with the iPhone 5S, have apparently eliminated this potential way in. As a result, the specifics of the order in the San Bernardino case probably only involve certain older iPhones.
Heres some background. The order in this case does not require Apple to decrypt the phone for the government. The phone used the iOS9 operating system. Apple intentionally designed that operating system in a way that Apple cant decrypt the phone even with a warrant. (That was the big issue
back in 2014, when Apple introduced the earlier iOS8.) Instead, the order obtained in this case requires Apple to disable features on the phone that were designed to frustrate password-guessing as a way to break into the phone.
Specifically, the government knows that this particular phone had the iOS9 auto erase function turned on before the time of the attacks. Although no one can be sure, that feature was probably still on when the attacks occurred. Apple designed the auto-erase feature to thwart passcode-guessing. If someone guesses the passcode 10 times incorrectly, the phone permanently destroys the data in the phone needed to decrypt the phone. The government wants to keep guessing passcodes until it finds the right one what is usually called a
brute-force attack. But it cant do that because of the features Apple designed, and that Farook apparently had on, to thwart passcode-guessing.
But there is another way in for this particular model phone. Apparently, Apple has the technical capability to send a software update to the phone that will disable the auto-erase function and some other similar features. Apple designed its system so that the update has to come from Apple, using its unique cryptographic signature, in order for it to work. The Apple software update could let the phone run with the passcode-guessing-frustrating features turned off. The FBI could then use a fast computer to guess passcodes to try to find the one that Farook used. That might allow the FBI to find the passcode quickly, or it might take them years. How long it might take just depends on what kind of passcode Farook used.
But heres
an interesting technical twist. It appears that Apple redesigned its later phones so Apple cant send a software update to the phone without the user first entering in the passcode. Starting with the iPhone 5S, Apple designed the phones so that this feature is embedded in the hardware. The idea was for Apple to take away its own power to send a software update without the users authorization. If the phone Farook used had been an iPhone 5S or an iPhone 6, Apple probably would have been unable to disable the password-guessing features. (I say probably, because there is
some speculation that it would still be possible.) But because this phone is an iPhone 5C, its at least technically possible for Apple to write a software update that will disable the features that Apple created and Farook apparently used to thwart password-guessing.
[UPDATE: It looks like the speculation that this is still possible for newer phones is correct. Apple has plans for future phones and software to no longer allow this, but that is a future plan rather than the current state of technology.]
The backdoor, if you want to call it that, is that Apple retains the technical ability to send a software update to the phone that would disable the optional password-guessing-thwarting functions that Farook probably used. Apple hasnt written that software update, and it strongly opposes being required to write it.