Privacy matters at heart of Apple decrypt battle
By Jim Finkle and Joseph Menn
A court order demanding that Apple help the U.S. government unlock the encrypted iPhone of one of the San Bernardino shooters is shaping up as a crucial test case of how far the government can go in forcing technology companies to help security and intelligence investigations.
Law enforcement agencies have for years faced off against tech firms and privacy advocates over their ability to monitor digital communications, and the government to date has largely lost the battle.
But the specific circumstances of the San Bernardino case, a young married couple who sympathized with Islamic State militants and killed 14 people and wounded 22 others in a shooting rampage at a holiday party, could give government officials the legal precedent they need to reverse the tide.
A federal judge in Los Angeles on Tuesday ordered Apple to provide “reasonable technical assistance” to investigators seeking to read the data on an iPhone 5C that had been used by Rizwan Farook, who along with his wife, Tashfeen Malik, carried out the shootings.
The government argues that the iPhone is a crucial piece of evidence. But civil liberties groups warn that forcing companies to crack their own encryption endangers the technical integrity of the Internet and threatens not just the privacy of customers but potentially that of citizens of any country.
On Wednesday, Republican lawmakers and presidential candidates came out strongly on the side of law enforcement, raising the possibility of another legislative effort to require tech companies to put “backdoors” in their products.
White House spokesman Josh Earnest said the Department of Justice was asking Apple for access to just one device, a central part of the government’s argument, which Apple Chief Executive Officer Tim Cook has said was “simply not true.”
“They are not asking Apple to redesign its product or to create a new backdoor to one of their products,” Earnest told reporters at a daily briefing.
The Department of Justice stressed in a statement on Wednesday that its request was “narrowly tailored,” and chided Apple. “It is unfortunate that Apple continues to refuse to assist the department in obtaining access to the phone of one of the terrorists involved in a major terror attack on U.S. soil.”
Most technology security experts, including many who have served in government, have said technical efforts to provide government access to encrypted devices inevitably degrades security for everyone. It is an argument that has been made since the 1990s, when the government tried and failed to force tech companies to incorporate a special chip into their products for surveillance purposes.
“The government suggests this tool could only be used once, on one phone,” Cook said in a statement on Tuesday. “But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices.”
Google Chief Executive Sundar Pichai endorsed Cook’s stance in tweets on Wednesday.
“We build secure products to keep your information safe and we give law enforcement access to data based on valid legal orders,” he wrote. “But that’s wholly different than requiring companies to enable hacking of customer devices and data. Could be a troubling precedent.”
Representatives of several tech companies did not respond to requests for comment on the ruling. Not surprisingly, however, trade groups that count thousands of software companies, smartphone makers and network security firms as members decried the government’s position, while law enforcement groups backed the Justice Department.
The industry was “committed to working with law enforcement to keep Americans safe,” the Software & Information Industry Association said, but in the Apple case, “the government’s position is overbroad and unwise.”
The Computing Technology Industry Association said if the order was carried out, “it could give the FBI the power to call for some sort of back end to encryption whenever they see fit.”
If the federal judge, Magistrate Sheri Pym, rejects Apple’s arguments, the Cupertino, California-based company can appeal her order to the district court, and then up the chain to the 9th U.S. Circuit Court of Appeals in San Francisco and ultimately the U.S. Supreme Court.
The 9th Circuit is known to be pro-privacy. “The government ultimately will have an uphill fight,” said Robert Cattanach, a former Justice Department lawyer who advises companies on cyber security issues.
Farook was assigned the phone by the county health department for which he worked, prosecutors said in a court filing on Tuesday. The health department had “given its consent” to authorities to search the device and to Apple to assist investigators in that search, the document said.
San Bernardino County’s top prosecutor, District Attorney Mike Ramos, said Apple’s refusal to unlock the phone was a slap in the face to the victims of the shooting and their families.
“They’d like to know details like any of us in America would like to know. Were there other threats? Were there other individuals involved?” Ramos said in a telephone interview.
Dan Guido, an expert in hacking operating systems, said that to unlock the phone, the Federal Bureau of Investigation would need to install an update to Apple’s iOS operating system so investigators could circumvent the security protections, including one that wipes data if an incorrect password is entered too many times.
He said only Apple could provide that software because the phones will only install updates that are digitally signed with a secret cryptographic key.
“That key is one of the most valuable pieces of data the entire company owns,” he said. “Someone with that key can change all the data on all the iPhones.”
The notion of providing that key is anathema to the Electronic Frontier Foundation, an online rights group. “Once this master key is created, governments around the world will surely demand that Apple undermine the security of their citizens as well,” the foundation said in a statement.
Lance James, an expert in forensics who is chief scientist with cyber intelligence company Flashpoint, said Apple could respond to the order without providing crypto keys or specialized tools that could be used to unlock other phones.
Apple technicians could create software that would unlock the phone, allowing the company to create a backup file with all of its contents that they could provide to law enforcement, James said.
American Civil Liberties Union staff attorney Alex Abdo said the government’s request risked a “dangerous” precedent. “The Constitution does not permit the government to force companies to hack into their customers’ devices,” he said.
Apple was a topic of discussion on the presidential campaign trail on Wednesday.
Donald Trump, front-runner for the Republican Party’s nomination to run in the Nov. 8 election, said on Fox News Channel’s Fox & Friends, “I agree 100 percent with the courts. In that case, we should open it (the iPhone) up … We have to use common sense.”
Another Republican candidate, U.S. Senator Marco Rubio of Florida, called it a “tough issue” that would require government to work closely with the tech industry to find a solution. Rubio said he hoped Apple would voluntarily comply with the court order.