Published on January 18th, 2020 📆 | 4379 Views ⚑
0How Apple’s latest conflict with the FBI is different than previous battles.
On Tuesday night, President Donald Trump abruptly dived into a long-running battle between Apple and the FBI over iPhone encryption:
Trumpâs demand that Apple âstep up to the plateâ is in reference to the FBIâs current attempts to break into two iPhones. They belonged to a second lieutenant in the Saudi Air Force who investigators believe killed three people in a shooting at a Pensacola, Florida, naval base in December. (He was killed by police when they arrived to respond to the shooting.) Attorney General William Barr publicly admonished the company on Monday, stating: âSo far, Apple has not given any substantive assistance. This situation perfectly illustrates why it is critical that the public be able to get access to digital evidence once it has obtained a court order based on probable cause.â Apple claims that it has already assisted the FBI in retrieving âgigabytes of informationâ for the investigation, including iCloud backups, transaction data, and account info. The bureau, however, is pressing the company to weaken the iPhonesâ encryption in order to gain full access to the devices.
Appleâs iPhones take advantage of a security measure known as encryption, which scrambles the info held in the device and makes it unintelligible unless you have a string of code known as a key to decipher the data. By entering a PIN code, or scanning a fingerprint or face, a user enables the key to unlock whatâs held in the phone. Apple radically improved data encryption with the release of iOS 8 in 2014, making the iPhone 5S and subsequent models much harder to crack.
That same year, the company announced that it would not undermine security protections to grant the government access to iPhones. Since then, Apple has perpetually sparred with the FBI over encryption. While the FBI has argued that gathering all available information from suspectsâ phones is crucial to high-stakes investigations, Apple maintains that creating a back door for its encryption would weaken the security of all of its customersâ devices. The first prominent clash over the issue came in 2016, when the bureau brought Apple to court in an abortive attempt to force the company to unlock an iPhone 5C used by a shooter responsible for the deaths of 14 people in San Bernardino, California, in 2015. The same fight erupted after the shooting of a Texas church in 2017.
Trump and Barrâand Barrâs predecessor, Jeff Sessionsâhave taken a more aggressive stance on Apple than the previous administration did. Former President Barack Obama and former Attorney General Eric Holder had both generally called for a better balance between privacy and physical safety in the debateâimplicitly calling on tech companies to soften their encryption stancesâbut didnât wade in directly.
During the investigation into the San Bernardino shooting, which coincided with the 2016 election, then-candidate Trump called for a boycott on Apple products. Yet his very public attempt to leverage U.S. trade policy in his Tuesday tweet also adds another wrinkle to the dispute. Apple CEO Tim Cook has had a particularly friendly relationship with the president, whose 2017 tax cuts have saved the company tens of billions of dollars and whose tariffs have spared Apple products in the trade war with China. The encryption affair may test Cookâs attempts to remain on Trumpâs good side.
Appleâs response to the pressure has also been somewhat surprising. According to the New York Times, people within the company are frustrated that âthe Justice Department hasnât spent enough time trying to get into the iPhones with third-party tools.â (Apple did not respond to an inquiry about this reporting.) Companies like Cellebrite and Grayshift have long offered iPhone hacking services to governments around the world. The FBI reportedly used Cellebriteâs technology to access the San Bernardino shooterâs phone, and, according to Bloomberg, the bureau should be able to use the same methods with the phones in the Pensacola case. Indeed, the Pensacola suspect had an iPhone 5 and an iPhone 7, older models with weaker security; researchers recently discovered a security flaw in the chips of iPhones released between 2011 and 2017, which includes both those devices.
While it may seem strange for Apple to prefer that the FBI consult a service that exploits weaknesses in its devicesâ security features, this may actually be the least harmful solution to the current predicament. âIt is a worse problem for the government to pressure and demand that Apple stop innovating on security,â says Jennifer Granick, who serves as surveillance and cybersecurity counsel for the ACLU. âAttack and defense are always in relationship to each other in cybersecurity. Thereâs always going to be advances in defense and advances in attack. The offense usually has the upper hand.â Forcing Apple to purposefully build a back door to its encryption would hobble the defense side of this equation.
Also, if it becomes clear that the company is not actually making its product as secure as possible, users may lose trust in features that actually do safeguard their privacy. âFor fundamental cybersecurity practices, we trust the integrity of what developers tell us about how they work,â says Jake Laperruque, senior counsel at the Project on Government Oversightâs Constitution Project. If developers are purposefully weakening security measures, users have a harder time trusting patches and software updates, which may in fact have a legitimate purpose.
To be sure, phone hacking tools like those from Cellebrite and Grayshift are dangerous and can be easily abused; authoritarian governments have used them to crack down on journalists and political dissidents. Yet, if law enforcement really wonât relent on accessing the contents of the Pensacola shooterâs phones, hacking in this case is the lesser of two evils. As Sharon Bradford Franklin, the policy director for New Americaâs Open Technology Institute, notes, âWhereas government hacking involves the exploitation of unintentional vulnerabilities in particular products, a backdoor mandate would require building known vulnerabilities into every product, so the impact is much greater and more problematic.â (New America is a partner with Slate and Arizona State University in Future Tense.) Finding and figuring out how to take advantage of these vulnerabilities is much more expensive and time-intensive than just waltzing through a back door put in by the manufacturer, but tech advocates say the privacy threat is not worth the convenience. This likely explains, though, why Barr and law enforcement officials are pressing Apple to weaken the iPhone encryption when they could most likely just go to a third party to get the job done.
Future Tense is a partnership of Slate, New America, and Arizona State University that examines emerging technologies, public policy, and society.
Gloss