Moment that mattered: Apple takes on the FBI

Protesters carry placards outside an Apple store in Boston, US, on 23rd February 2016

Protesters carry placards outside an Apple store in Boston, US, on 23rd February 2016

We believe the contents of your iPhone are none of our business,” wrote Tim Cook in an open letter to Apple’s customers on 16th February. “The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.”

With that one of the most intriguing legal stand-offs of the digital age spilled from closed courtroom to open debate. On one side the FBI, armed with a court order demanding that Apple create a software tool that would bypass its security mechanisms. On the other, Apple, steadfastly refusing to comply. In the centre, an iPhone 5C that once belonged to Syed Rizwan Farook, one of the two perpetrators of the 2nd December mass shooting in San Bernardino, California, that killed 14 people and seriously injured a further 22.

“This was not your average court proceeding,” says Andrew Crocker, staff attorney at digital rights group the Electronic Frontier Foundation, which supported Apple in the case by providing an amicus brief, a document from an independent party which advises the court. “Since 2014, the FBI has needed a warrant to search a smartphone,” says Crocker. “In most cases, the court would order the defendant to unlock the phone, but in this case the defendant was dead. So Apple was drawn in.”

In analogue terms it is the equivalent of gaining entry to a house to collect evidence. If the defendant cannot unlock the front door and it cannot be broken down by force, a locksmith can be ordered to help the authorities gain entry. But, Apple argued, this wasn’t the case of picking a solitary lock – this was creating a skeleton key for millions of doors.

“Apple couldn’t bypass the lock screen, nor could it decrypt the phone,” says Crocker. “So the FBI wanted Apple to re-engineer its operating system and then load it onto the phone to bypass the security features. It would need to use a cryptographic signing key to verify that it was authentic.” It was the signing key that was the particular point of contention. “In today’s digital world, the ‘key’ is only as secure as the protections around it,” Cook explained in his letter. “Once a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.” Apple’s fear was not just about the FBI abusing the software it had asked Apple to create – it was about this code falling into the wrong hands. If the key to Pandora’s box doesn’t exist, why create one?

Five days after Cook’s letter, FBI director James Comey responded in a public posting of his own. “It is about the victims and justice,” he wrote. “We can’t look the survivors in the eye if we don’t follow this lead … We have awesome new technology that creates a serious tension between two values we all treasure – privacy and safety. That tension should not be resolved by corporations that sell stuff for a living.”

“Apple argued this wasn’t the case of picking a solitary lock – this was creating a skeleton key for millions of doors”

“I think the FBI thought that public sympathy would be on their side,” says Crocker. “But smartphones have caused a big shift in how we interact with technology. Most people are within a small distance of their phone all the time. Even when you’re sleeping it is plugged in within arm’s reach. That leads to us incorporating technology into our lives in a way that we didn’t before, even with laptops. We now keep track of so many things through our smartphones, which accumulate so much data that they become an extension of us and could reveal lots of intimate details. We wouldn’t have carried around filing cabinets full of information everywhere we went in the past, but that’s the equivalent of what a smartphone does. We wouldn’t have carried around hundreds and hundreds of photo albums.” Crocker argues that a smartphone goes beyond the data that it stores – it has the potential to be turned into a potent surveillance device. “Once Apple has been ordered to write software to bypass security,” he says, “it could be ordered to do other kinds of things such as remotely turn on a camera, or the GPS chip in the phone, or the microphone.”

In the end the FBI cracked the phone without Apple’s help, buying details of a hitherto unknown vulnerability from a third party in order to break through the lock screen. But it wasn’t just the phone security that had been broken – relations between tech giants and law enforcement, which had been cordial in the past, now seemed severely damaged. On 21st April, Comey suggested that the FBI had paid more than $1.3m for the rogue software and would not share details of the vulnerabilities it had purchased with the manufacturers of the original software. For Crocker this is an important part of the story that
was lost in the coverage.

“One of the things that I’ve worked on over the last couple of years is trying to understand the policy that the government has when it finds out about these vulnerabilities,” he says. “The government has assured people that it has a policy weighted very strongly in favour of disclosing the vulnerabilities to the companies which build devices, so that they can fix them and malicious third parties such as hackers can’t use them. In this case, Apple will not find out about this vulnerability.”

The workaround prevented a legal precedent being set on whether the government could order a company to write code for its use. On 29th March, the US justice department asked the court to vacate its order that Apple should create such a tool. Crocker sees this as a small victory for Apple, but by no means the end of the battle. “You can see the FBI saying, ‘Well, if we can’t do this by means of litigation, maybe we need a specific law that will require Apple to engineer its system differently to begin with’, and that’s what we are seeing now – the FBI lobbying congress and members of the senate intelligence committee to introduce a law that would force all sorts of providers of encryption to provide a back door to their systems. That would bypass the need for the FBI to go to court and trigger this sort of press coverage.”

The crypto cold war may have only just begun.

Posted on Thursday, October 12th, 2023 - Categories: #22 - Jan-Mar 2016, App Issues.