Apple's VP Of Software Engineering: No, We Have Never Given A Backdoor To Any Government
from the shut-up-DOJ dept
One of the more ridiculous claims in the DOJ’s filing against Apple last week, was its decision to pick up on former NSA lawyer Stewart Baker’s conspiracy theory that Apple had built backdoors into its products for China (side note: I met Stewart in person for the first time recently, and he mocked me about this, saying that I should agree with him on this point). However, as we noted in our post last week, there doesn’t seem to be much evidence to support Baker’s claims. The two key issues were using the Chinese wireless standard WAPI — which some have claimed includes some sort of backdoor, but it was also the only real local area wireless tech in China for a while — and the decision to store iCloud data in China. However, as we noted, there have been reports that the Chinese government tried to then conduct a man in the middle attack against the iCloud servers. If Apple had actually given the government a backdoor, then why would it need to do that?
Either way, in a declaration attached to Apple’s response, Apple had Craig Federighi, its senior VP of software engineering, tell the court directly that it has never installed a backdoor for any government ever:
Apple uses the same security protocols everywhere in the world.
Apple has never made user data, whether stored on the iPhone or in iCloud, more technologically accessible to any country’s government. We believe any such access is too dangerous to allow. Apple has also not provided any government with its proprietary iOS source code. While governmental agencies in various countries, including the United States, perform regulatory reviews of new iPhone releases, all that Apple provides in those circumstances is an unmodified iPhone device.
It is my understanding that Apple has never worked with any government agency from any country to create a “backdoor” in any of our products or services.
Now, some may push back on the point about WAPI, but again, making use of a third party technology that potentially has backdoors (some of which could be protected against) and being told by the government to build special backdoors just for that government are still vastly different scenarios.