The Real Stakes of Apple’s Fight With the FBI

On Tuesday, the government obtained a court order compelling Apple to hack into an iPhone as part of the FBI’s investigation into the San Bernardino shooters. While the government’s investigation is an important one, the legal order it has obtained crosses a dangerous line: It conscripts Apple into government service and forces it to design and build what is, in effect, a master key that could be used as a mold to weaken the security of an untold number of iPhones.

The resulting order is not only unconstitutional, but risks setting a precedent that would fundamentally undermine the security of all devices, not just the one iPhone being debated in the news.

A bit of background is necessary to understand this debate.

As part of its investigation, the FBI has apparently obtained an iPhone 5C used by one of the shooters. The bureau has said that the phone is encrypted and protected by a passcode, and that it needs Apple’s assistance to unlock the phone. Specifically, it has asked Apple to design and write custom software that would disable several security features on the phone.

While Apple has generally cooperated in the investigation, it has refused the FBI’s latest demand to write malware that would help the FBI hack the device. To its credit, Apple has poured incredible resources into securing its mobile devices. One consequence of that effort is that Apple does not have a ready way of breaking into its customers’ devices. In the words of Apple’s CEO, Tim Cook: “We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”

But the FBI is dismissive of that effort. According to its legal filing, the FBI believes that Apple could, if compelled, build a master key that would allow the FBI to try to break into iPhones like the one involved in the San Bernardino investigation. The FBI acknowledges that this would require Apple to write new software and then cryptographically “sign” that software (as the iPhone will accept only software updates signed by Apple).

A federal magistrate judge granted the FBI’s request the same day, but it gave Apple five days to object. Again to its credit, Apple has vowed to fight.

It is critically important that Apple win—for cybersecurity and for the fate of privacy in the digital age—for several reasons.

First, the government’s legal theory is unbounded and dangerous. The government believes it has the legal authority to force Apple into government service, even though the company does not actually possess the information the government is after. Of course, historically, the government has sought and obtained assistance from tech companies and others in criminal investigations—but only in obtaining information or evidence the companies already have access to.

The difference between those cases and Apple’s is a radical one. If Apple and other tech companies—whose devices we all rely upon to store incredibly private information—can be forced to hack into their customers’ devices, then it’s hard to imagine how any company could actually offer its consumers a secure product. And once a company has been forced to build a backdoor into its products, there’s no way to ensure that it’s only used by our government, as opposed to repressive regimes, cybercriminals or industrial spies.

Second, this debate is not about one phone—it’s about every phone. And it’s about every device manufactured by a U.S. company. If the government gets its way, then every device—your mobile phone, tablet or laptop—will carry with it an implicit warning from its manufacturer: “Sorry, but we might be forced to hack you.”

Some might accept that risk if it were possible to limit access to legitimate governmental purposes, overseen by a judge. But as Apple’s Cook points out, backdoors are uniquely dangerous: “Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.”

That risk is only growing every day as the “Internet of Things” expands. For the government, every device connected to the Internet will be more than just a novel convenience—it will be a new window into your home. The fridge that responds to your verbal commands might have a backdoor to allow for remote listening. The TV that allows you to video chat with your family might be commandeered into a ready-made spy camera.

These are the real stakes of the debate: Either American companies are allowed to offer secure products to their consumers, or the U.S. government is allowed to force those companies to break the security of their products, opening the door for malicious hackers and foreign intelligence agencies alike. For the sake of both our privacy and our security, the choice is clear.

This post was originally published by Time.

View comments (73)
Read the Terms of Use

Scott

I used to be an I.T. Manager, though in a different branch - databases and networks.
However, it seems to me that if the data is stored on a physical component like a SIM card, and the software to prevent access is stored elsewhere on the iphone in ROM, it ought to be technically possible for the government engineers to physically remove the memory card - and remember, this is a phone that was owned by the government agency that employed the male attacker. Then, the FBI could hire a firm to reverse-engineer a device to read the card, if there is not something off-the-shelf already, obviously without any password encryption in between.
We used to do data dumps all the time with older incompatible systems (e.g. NCRs) that needed to be transferred to other more modern computer systems, including the then new Apple Macintoshs.
This would preserve the right to privacy by Apple, but also allow law enforcement a way - albeit limited to having the physical phone - to get to critical information from a suspect.

Anonymous

I agree with anonymous. The ACLU is over-reacting to the government's request for a "master key" is necessary to combat terrorism here. I'm only a novice when it comes to understanding the newest of technologies, but I do believe America is in its greatest danger of being attacked, most probably this year, by ISIS or some foreign terrorist organization. Of course, if President George Bush hadn't attacked Iraq when he did, it's most likely that we would not now be worrying about future attacks here and abroad. I find it quite ironic that the ACLU didn't demand our government being held accountable once No Weapons of Mass Destruction Were Found in Iraq. Since the ACLU is an organization based on Civil Rights, ask yourself, why the ACLU didn't at least call for George Bush's impeachment or resignation. Did anyone hear outcries from the ACLU to the Iraq invasion? I think this time however Apple should/must assist the FBI in whatever way it can to resolve the San Bernardina massacre and bring to justice any and all those involved. Thank you.

Anonymous

I think that the argument about the precedent being used by thuggish counties is the strongest. In short order, every brutal regime will demand that Apple upload a modified OS on their citizens phones, so that they can break in more easily. It will probably come with a clause compelling Apple to deny that it ever received the order. Dissidents are arrested, and the phone's are used to find other dissidents, and anyone who has dared communicate with them. Then the country starts uploading the OS to phones of interest in other countries. Or does China never seek to bypass security on foreign devices?

Ms LIBERTY

The News is being dishonest in reporting that Apple refuses to do this for the FBI----and seems to neglect to say that Apple would have to create an actual software work to do this! So---the FBI is demanding that Apple create a brand new item for them, but an item that would jeopardize security for all users round the world. And--- if it can force Apple---- then Google and every other compny will have to, in effect, work for the government at the government's bidding. The FBI seems to be treating Apple the way tht it treats Muslims and refugeees. Wow. even Corporate people are not safe from threat from the FBI! THIS security loss would affect everyone-----and it would be like the 4 minute mile---------an act that was impossible------until Roger Bannister did it! LIke the Nuclear bomb too, soon everyone will have one and NO ONE is safe! How stupid is that judge about technolohy and how unfair for the FBI and the judge to get togerher and not allow Apple to speak to this issue of security! I bet the judge doesn't understand enough about softwre and what was asked-----and of course, it was a Riverside judge too------was this an attempt by said judge to make sure that the locals reelected him or her by being tough on crime? Donlad Trump is an idiot on this----- and if he thinks this will mke people safe then let's just put everything he said in private on line for the FBI and see how fast leaks appear. I am really angry at you FBI, because the Riverside people who owned the phone screwed up the process by changing the code....APPLE is teling you that's why we need things to stay the way they are and that the county interferred with the phone and that proves the security of this phone. Apple should not have to create a new iten for you to spy on the world becaause YOU, FBI seem to be the clear and present danger to me! The FBI shows that it is not above awfulness when one of its agents decided to get inbolved with the Patreaus thing because one of its agents knew the friend involved....so that shows me you have too much power and can't handle your own agents as it is----------and we the people have no control over this shadow government and YOU, FBI, by insisting on this are putting the world at risk in terms of copyright, patents, government worlers and all kinds of original works, plus who is to day that you and private contractors aren't already using this shadow power to steal from people , nations and government now? Oh----- and if the government can do this to its own Constitution, then we haven't really got a nation, have we? There is a famous cartoon with a possum who said, 'We have seen the enemy and it is us." well FBI---- that's close, but the enemy I see is YOU, ! By this one act of force FBI, , YOU will the killer of our Constitution and of America! 'Absolute power corrupts absolutely," is not an idle sayig! Neither is "Most great nations fall from within." YOU, FBI are the epicenter of this Constitutional earthquake. I'm sure the J Edgar types love it, but there must be honest people in the FBI too-----------where are you? Speak up now======or we haven't got an America anymore!!

Thaddeus Austin...

I think the ACLU is coming down on the wrong side on this one. To my mind, there are sufficient due process safeguards in place in this case. This is no different than a Bank being required to drill open somebody's safe deposit box to deliver evidence in a criminal case. This is not a surveillance dragnet, this is not a blanket order. This is one criminal defendant. And don't fool yourselves: Apple already has a back door into these devices. they just don't want to admit it.

Jim Lareau

If Apple is so concerned about this code being used to unlock/hack all iPhones, why are they unable to write the code to require multiple keys to use it? The keys could be held by the government, Apple, and a third party entity. When a court order is issued, all 3 come together to provide the (unique) keys necessary to unlock the phone. The uniqueness of the keys could be generated based on the serial number of the phone. The keys could be secured by establishing a "top secret" equivalent environment for storage, isolated from the Internet and all public access.

Joan

I would rather that Apple assist in the investigation so the info from the phone can be used to convict the killers--BTW, those killers reason for killing is due to their religious beliefs. Those killers took advantage of our religious freedom. We don't need to shelter their info, which might include other planned shootings to kill again in the future. We need to protect ourselves for such dangerous people.

Nancy

The FBI doesn't need the data on the phone to "convict the killers". THEY ARE DEAD. SMH

So you think these killers took advantage of our religious freedom? Did you feel the same way about the Olympic Park bomber and the Oklahoma City bomber? Or is it only abusing religious freedom when people with dark skin, funny sounding names, and a different religion from yours kill and cite their religion as the motivation?

Anonymous

Apple is right. The FBI is wrong as usul. They were real good buddies with the Klan in the time of the civli rights movement, caused so much of mad Cold War hysteria which all now wish we could forget. Who need these weirdos. Why don't they go out to earn an honest living like other folks do? Your taxpayers' dollars pay for their violations of your rights.

HenryCT

The email ACLU sent me ended with "And once a company has been forced to build a backdoor into its products, there’s no way to ensure that it’s only used by our government, as opposed to repressive regimes, cybercriminals or industrial spies."

We have to be wary of Our government as well. It too is not to be trusted. Our government may be less repressive than some of its close allies like Saudi Arabia, but it nonetheless massively lies to us (e.g. invasion of Iraq, Libya), covers up misdeeds of various government entities (Pentagon, CIA - Abu Ghraib; Justice Department - fining corporate lawbreakers but allowing them huge tax writeoffs), imprisons our fellow humans indefinitely without charge (Guantánamo) and actively prosecutes whistleblowers (Manning, Kiriakou). Oh yes, Our government occasionally protects us. But if that were primary, then we wouldn't need the ACLU, Center for Constitutional Rights and the like.

I approve of the ACLU's efforts to prevent once again the government's overreach, but it shouldn't weaken its argument by placing Our government in a special category with a white hat.

Pages

Stay Informed