WASHINGTON — Apple engineers have already begun developing security measures that would make it impossible for the government to break into a locked iPhone using methods similar to those at the center of a court fight in California, the New York Times reported, speaking to people close to the company and security experts.
If Apple succeeds in upgrading its security — and experts say it almost surely will — the company will create a significant technical challenge for law enforcement agencies, even if the Obama administration wins its fight over access to data stored on an iPhone used by one of the killers in last year's San Bernardino, Calif., rampage. The FBI would then have to find another way to defeat Apple security, setting up a new cycle of court fights and, yet again, more technical fixes by Apple.
The only way out of this back-and-forth, experts say, is for Congress to get involved. Federal wiretapping laws require traditional phone carriers to make their data accessible to law enforcement agencies. But tech companies like Apple and Google are not covered, and they have strongly resisted legislation that would place similar requirements on them.
"We are in for an arms race unless and until Congress decides to clarify who has what obligations in situations like this," said Benjamin Wittes, a senior fellow at the Brookings Institution.
Companies have always searched for software bugs and patched holes to keep their code secure from hackers. But since the revelations of government surveillance made by Edward Snowden, companies have been retooling their products to protect against government intrusion.
Apple built its recent operating systems to protect customer information. As its chief executive, Tim Cook, wrote in a recent letter to customers, "We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business."
But there is a catch. Each iPhone has a built-in troubleshooting system that lets the company update the system software without the need for a user to enter a password. Apple designed that feature to make it easier to repair malfunctioning phones.
In the San Bernardino case, the FBI wants to exploit that troubleshooting system by forcing Apple to write and install software that strips away several security features, making it much easier for the government to hack into the phone. The phone in that case is an old model, but experts and former Apple employees say that a similar approach could also be used to alter software on newer phones. That is the vulnerability Apple is working to fix.