Everything We Know About Apple vs the FBI
Radio Motherboard discusses Apple's showdown with the FBI.
Image: Perspecys Photos/Flickr
Earlier this week, a federal judge in California ordered Apple to help the FBI brute force hack into the encrypted iPhone belonging to one of the San Bernardino shooters, setting up a legal showdown that could have far-reaching ramifications for the future of encryption and privacy in the United States.
Motherboard has been exploring what's sure to be one of the biggest ongoing tech stories of the year (maybe of this decade?). There's lots more to come, but our security reporter Lorenzo Franceschi-Bicchierai and I decided to sit down and record a short podcast discussing everything we know about the case thus far.
The podcast is available on iTunes and all podcasting apps.
The FBI would like to get into an encrypted phone belonging to one of the San Bernardino terrorists, who shot and killed 14 people last year. The FBI can't do it because the phone has a passcode on it, so it got a District Court judge in California to order Apple to help them.
If you have a passcode on your iPhone, it's encrypted. When you unlock an encrypted phone, you are asked to type a four- or six-key passcode to unlock it. If you fail 10 times in a row, the phone automatically deletes the phone's encryption key.
The federal judge ordered Apple to disable this feature on the phone, which will allow the FBI to "brute force" its way in, meaning it can try every single possible combination of passcode until one works.
Tim Cook, Apple's CEO, vehemently responded to the order late on Tuesday, saying that the demand "would undermine the very freedoms and liberty our government is meant to protect." He wrote his company would be fighting the order, and that the order itself sets the stage for much wider use of back-doors.
"The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand," the statement starts.
Apple immediately contested the order, calling it an "unprecedented step" where the government is essentially asking the company to "hack" its own users and create a "backdoor" that could be used any other time in the future.
For the US government, on the other hand, this is simply "writing software code," which is not an "unreasonable burden for a company that writes software code as part of its regular business," as the prosecutors argued in the case. This code, moreover, will only be targeted for this specific phone, according to the feds. In other words, they're claiming this is just a one-time solution and doesn't constitute a backdoor.
But given what is known about how the iPhone protects users' data with encryption, and what the feds are asking in this case, that is likely untrue—not just according to Apple, but also security experts who have studied the company's software.
The government's demands, the experts argue, ultimately have very little to do with unlocking a single phone, and everything to do with establishing far-reaching powers, and a technical way for the US government—and presumably, any government—to force companies to hack their own products."
It may be the case that Apple can help the FBI, but that doesn't mean it has to. In the1999 case Bernstein v US Department of Justice, the Ninth Circuit Court of Appeals (which covers the District Court the Apple case is being heard in) ruled that software source code is "speech" that is protected by the First Amendment. In that case, a graduate student at Berkeley was initially prevented by the DOJ from publishing the source code for an encryption protocol, claiming it could be considered an illegal arms export. The Ninth Circuit ruled that this was a "prior restraint" against speech.
That case is important because if code is speech, the FBI is asking Apple to create speech specifically for the government, according to Nate Cardozo, a lawyer at the Electronic Frontier Foundation.
"We've never seen a compelled speech case that comes close to doing what the government is asking Apple to do here. We've never seen any case where the government has compelled a third party to subvert its own systems in this way," Cardozo said.
This week, a federal judge ordered Apple to assist in brute-forcing the passcode to a seized iPhone, spurring a vibrant cybersecurity debate. Meanwhile, in the UK, a proposed surveillance law could allow the government to force companies to do much the same thing, but in secret.
The draft Investigatory Powers Bill, which is currently being redrafted after scrutiny by several committees, would introduce a new set of regulations overseeing surveillance carried out by law enforcement, security and intelligence agencies.
As always, thanks for listening—we'll have more in the weeks and months to come.