Monday February 29, 2016, marked the beginning of Apple’s testimony before the House Judiciary Committee regarding the FBI court order demanding that the technology company unlock an iPhone from one of the San Bernardino attackers. In his opening statements before the Committee, Apple’s General Counsel Bruce Sewell framed the major reasons for Apple’s opposition to the FBI’s request: “The FBI is asking Apple to weaken the security of our products. Hackers and cyber criminals could use this to wreak havoc on our privacy and personal safety. It would set a dangerous precedent for government intrusion on the privacy and safety of its citizens.”
Those three claims, though succinct, carry serious implications on the privacy and security of civil society as a whole. Even though the FBI order specifies only one phone, carrying out the FBI’s request would create a ripple effect that affects all aspects of technology security, which is why it is important to understand each of Apple’s points in its entirety.
“The FBI is asking Apple to weaken the security of our products”
Right now, some of the basic security features Apple’s products depend on most are encryption and passcodes. Once your information has been encrypted, there is no way to access it unless you have a decryption key, which you enable on your device when you enter the correct series of numbers. Apple’s security includes a feature that “effectively wipes the phone’s contents…after 10 failed attempts.” What the FBI is asking Apple to do is write a code that would disable the erasing feature so the they can use “brute force” to find the passcode enabling the decryption key. With unlimited guesses, the FBI would eventually be able to access the information on the San Bernardino attacker’s iPhone.
Is the code itself weakening the security of Apple’s products? In terms of the device itself, it absolutely is. This tactic of overcoming decryption keys has been referred to as access through the ‘backdoors’ of encryption, and anyone who can circumvent encryption has access to all information on the device itself. So, this code would completely undermine the product’s security value.
Apple has recently been working on making its phones even more secure, to the point that not even Apple could circumvent encryption. As part of Apple CEO Tim Cook’s “no backdoor” campaign, the focus is now on end-to-end encryption, which promises Apple users full security. However, these updated security measures would only apply to newer Apple products, meaning anybody who uses older models (even an iPhone 5c like the San Bernardino attacker), can be hacked into. Thus, the FBI’s request would be weakening the security of Apple’s products.
“Hackers and cyber criminals could use this to wreak havoc on our privacy and personal safety.”
If Apple creates the code and opens this iPhone for the FBI, the code itself will exist and hackers will know about it. If somehow the code were to be accessed by cyber criminals (whether stolen from Apple’s databases or accidentally released to the public), hackers would essentially have the tool needed to get around encryption and access any information on your device.
FBI Director James Comey responded to this possibility with scepticism, saying “the code the judge has directed Apple to write works only on this one phone…So the idea of it getting out into the wild and working on my phone or your phone, at least the experts tell me, is not a real thing.” However, the individuality of the code does not change the fact that the code exists as a model for future use; codes are very often built off other codes, meaning it would not be impossible for a dedicated hacker to use Apple’s specific code and create variations that impact a much wider range of Apple’s devices.
As Apple has essentially dominated the market for personal devices, this would have a huge impact on millions of people’s information. A massive amount of personal and financial data could be stolen by cyber criminals, which affects both the privacy and general security of the individual. This problem also extends to a diplomatic level; as Senator Ron Wyden pointed out, “Once you have those keys out there, understand that cyber-hackers and nonstate actors who threaten the United States—you’re going to have a problem with making sure they don’t get them.”
“It would set a dangerous precedent for government intrusion on the privacy and safety of its citizens”
This is a very interesting topic from a legal perspective, and probably the most important in terms of the future of national security.
Apple has complied with law enforcement requests to unlock devices in the past; in fact, it has complied in 70 cases from the Justice Department. Each time, it was approached by the All Writs Act, a 1789 provision that “allows courts to require compliance with their orders even when not covered by existing law.” By the logic of precedence, Apple should be unlocking devices when pressed by the All Writs Act.
Apple initially justified its denial of the FBI request by claiming the issue was with the technology. Apple had updated its technology and, unlike in the previous 70 cases, was technologically not capable of breaking into the phone. Luckily for Apple, on February 29, a court in New York ruled that “the government can’t use the AWA to force Apple to assist in breaking an alleged meth dealer’s iPhone passcode.” This case could very easily be used to bolster Apple’s resistance to the FBI.
Comey did testify before Congress that his order for Apple would not apply beyond the San Bernardino iPhone and should not be seen as a precedent for all smartphones. However, that is a problematic position; where one case succeeds in drawing information out, other law enforcement bodies (such as the Justice Department) could cite the San Bernardino iPhone as a case justified under national security and pressure other technology companies to comply under similar orders.
The topic of encryption in terms of legislation has been a very complicated one. Despite the FBI’s intense pressure on technology companies to move away from full encryption for law enforcement purposes, there is not much similar support from other government bodies. US Defence Secretary Ashton B. Carter has voiced his opposition to backdoors or “a single technical approach.” The White House has made it clear it will not be seeking its own legislation to force technology companies to pass data to law enforcement agencies. Senate Intelligence Committee Chairman Richard Burr has been working on legislation for encryption tools, but politically speaking Congress will not be able to pass anything on this topic for quite some time. These legislative positions in Washington may explain why the FBI is struggling so hard to make sure Apple complies; succeeded in opening the one phone may provide the FBI justification in future action until Washington can create solid legislation.
So in terms of precedent, Apple does face a moral quandary here. If it opens the phone, Apple would be supporting law enforcement in the interests of national security, but risks opening up the information of its other consumers to cyber criminals. If it chooses not to open the phone and succeeds in denying the FBI order, Apple will establish a principle in which privacy can take priority over national security and bolster any other technology company which faces similar claims by US national security and law enforcement agencies.
What Apple Should Do From Here
Apple’s vocal opposition to the FBI has a lot to do with its general marketing campaign: Apple is selling itself as a secure mode for consumers who are concerned with the security and privacy of their information. This is incredibly important to Apple as a major technology firm, especially after the Snowden leaks in 2013 revealed technology firms gave the government consumer information when requested. If Apple were to comply with the FBI order in secret and it leaked out to the public, the firm could face a serious backlash from its customers.
Bringing its opposition to the FBI order to the public has been working in Apple’s favour. The media attention is forcing bodies other than the FBI and the Justice Department to take a stance on encryption policies, and many of those bodies have sided with the technology firms in prioritizing the security of consumers’ information over easy access for national security. This is going to change the discussion around privacy and national security immensely.
The FBI is only asking for one iPhone to be compromised in this case, but Apple does have some very good reasons to oppose the court order. With its prominent position within the technology industry and huge consumer base, Apple should continue to engage with the FBI and Justice Department in the public’s view. That way when a case comes along that does merit national security considerations over consumer privacy, there can be both a legal definition of where that line is drawn as well as a public understanding of what the government means by national security.