It’s Apple vs the FBI and privacy vs security, once again
The FBI wants Apple’s help unlocking two phones of the Saudi Air Force trainee who killed three people; they shouldn’t get it
As 2020 dawns, we’re mired in another privacy vs security dispute between Apple and the US federal government. Once again, the department of justice is demanding that the company break into a locked iPhone. Once again, the company is resisting. And once again, the rest of us are silent, worried spectators in a game of “Who do you trust?”
In particular, the FBI wants Apple’s help in unlocking two phones belonging to Mohammed Saeed Alshamrani, the Saudi Air Force trainee who killed three people in December at Pensacola Naval Air Station. Apple says it has turned over all the data it possesses but refuses to go further and create a backdoor past the encryption that protects its devices.
Presumably, the issue is headed for the courts.
We’ve traveled this road before — and the path is instructive. In 2016, the FBI demanded that Apple develop special software that would allow it to unlock an iPhone 5C used by Syed Rizwan Farook, one of two shooters in a terror attack that killed 14 people in San Bernardino. When Apple refused, the government obtained a court order.
Most of Big Tech weighed in on Apple’s side. Before the company’s appeal could be heard, however, the FBI surprised everybody with the announcement that it had unlocked Farook’s phone.1
The department of justice’s inspector-general later found that the FBI had not exhausted all possibilities before taking Apple to court.2 In particular — and it’s important to follow the rabbit down the hole here — the FBI’s cryptographic and electronic analysis unit had not asked for the assistance of the remote operations unit of the technical surveillance section of its own operational technology division.
The mere existence of such a technology is inconsistent with the basis on which the phone is sold. The company proudly trumpets its own inability to recover data from a locked iPhone
This mouthful of alphabet-soup matters because, as it turns out, the head of the remote operations unit knew of a “vendor” that was “almost 90% of the way” to finding a way to break into a locked iPhone. On learning of this, the department invited the vendor to demonstrate the capability. The next day, the suit against Apple was dropped.
Presumably, in-house communications have been better this time around. Even so, one can understand why the FBI is back to asking Apple for help. Back in 2016, techies agreed that whatever trick the department of justice used would work only once. Apple would find out how the unnamed vendor broke the encryption, and close that vulnerability in the next generation of phones.
Besides, Farook’s device was an iPhone 5. As as security goes, that’s practically the horse-and-buggy days. Quite likely, then, none of those alphabet-soup players have yet figured out how to break defeat the encryption on the newer devices.
Why does Apple continue to resist? And why do so many of us, notwithstanding our fears about terrorism, think Apple is right?
Here’s one reason: the company does not currently have a means of breaking into a locked phone. Forced to develop one, Apple would most likely create a software update that, once sent to the device, would allow the phone to be unlocked through some means other than a password (or facial recognition or fingerprint).
But the mere existence of such a technology is inconsistent with the basis on which the phone is sold. The company proudly trumpets its own inability to recover data from a locked iPhone once the user has exhausted 10 tries at entering the password. The value of this encryption is priced into the device.
Even if we assume that the value of this feature to the consumer is quite small — perhaps no more than 1% of the sale price — the total value is quite considerable to Apple. In the 12 months ended September 28 2019, Apple’s total revenue from selling iPhones was a bit more than $142bn. Thus a 1% security premium would come to $1.4bn — not pocket change even for a company whose market cap is currently 13 figures.
Even if the value of the encryption to the buyer is only one half of 1% of the price of the phone, the loss to Apple is $700m. If, on the other hand, you think the value of the security component is greater than 1% — very much my own suspicion — well, you can do the arithmetic.
In any case, lots of users are attracted to the notion that the Apple does not possess any secret way into the iPhone. (I certainly am.) The government, aware of this concern, insists it’s not asking Apple to create a backdoor; it only seeks a way to extract all the data on a pair of phones.
This bizarre bit of linguistic legerdemain is meaningless. To borrow from one of my mentors, you can call it Thucydides or you can call it banana peel, but it’s a backdoor all the same. Whatever the label, software that enables recovery of data without the password would mean a lot less privacy for users.
Still, perhaps you’re wary of absolutes; maybe you believe that in a particular case, the need to prevent crimes — particularly acts of terrorism — should outweigh the individual’s right to privacy. Fair enough. But do ask yourself this: Does history teach that the US federal government, once in possession of a surveillance tool, will remain discreet and humble in its use?
Sadly, the record isn’t good. That’s why we’re back here again. And why this time around, the fight will likely be to the finish.
1. The news media reported that the government had hired an unnamed “company outside the government” to break in to the phone. Some stories subsequently identified the company as Israel-based Cellebrite Mobile Synchronisation. Others insisted that the unlocking was achieved not by Cellebrite but by a group of professional hackers. Whichever version is true, we do know that on the same day the US justice department announced it had cracked the phone, Cellebrite received a $218,000 contract from the FBI for unspecified technological equipment. Whether or not Cellebrite was involved in the 2016 unlocking, the company does considerable business with the US federal government. In the words of The Intercept, “Cellebrite’s researchers have become, over the last decade, the FBI’s go-to hackers for mobile forensics.”
2. Current events tip: Always read the inspector-general’s report!
• Carter is a Bloomberg Opinion columnist. He is a professor of law at Yale University and was a clerk to US supreme court justice Thurgood Marshall. His novels include “The Emperor of Ocean Park,” and his latest non-fiction book is “Invisible: The Forgotten Story of the Black Woman Lawyer Who Took Down America’s Most Powerful Mobster.” This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.
Would you like to comment on this article or view other readers' comments?
Register (it’s quick and free) or sign in now.
Please read our Comment Policy before commenting.