Monday, February 22, 2016

Apple Versus the Feds: How a Smartphone Stymied the FBI


When Syed Farook and Tashfeen Malik died in a hail of gunfire last December 2 after killing 14 people at a San Bernardino office party, the FBI recovered Farook's iPhone within a few hours.  One of the critical unanswered questions about the San Bernardino shootings is whether the couple had outside help, and the data on the iPhone may hold the answer.  Problem is, the FBI can't get at the data, and Apple, the iPhone's maker, won't help them.

Why not?  Let's let Tim Cook, CEO of Apple, answer that one:  "[T]he U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone."  A little historical perspective is in order to put this situation into context.

With the advent of powerful digital computers, advanced encryption algorithms were designed and adopted by both sides of the Cold War (both the U. S. and the Soviet Union) for secret communications in the 1970s and onward.  The U. S. National Security Agency, long used to spying on analog communications in which good radios were the most elaborate equipment needed, found itself behind the technology curve and spent millions on advanced computing technology to maintain its ability to crack enemy codes.  The computing power of those early NSA computers now resides on your smartphone, and after a run-in with NSA a few years ago involving spying on Apple, the tech company and its president resolved to do a better job than ever in protecting its customers' privacy.  The latest iPhone operating system has a feature that not only encrypts the user's private data, but destroys the internal encryption key if it detects more than 10 attempts to unlock the phone using the 4-digit password.  After that happens, nobody but God can retrieve the data. 

At first the FBI was hoping that the phone was backed up to the iCloud, where the data might be recovered.  But it turns out that the automatic backup feature was turned off last October, possibly by Farook to avoid just such snooping.  After trying everything they could think of, including things Apple suggested, the FBI has asked Apple to do something that the firm claims is unprecedented. 

The FBI wants Apple to write a new operating system for Farook's phone that will allow unlimited password tries electronically, which will allow the FBI to access the phone's data.  They say it will only be used on Farook's phone, and so there is no risk to anybody else's phone.  The FBI has put this request in the form of a court order, and Tim Cook has vowed to fight it.

Why?  Apple claims the risks of that system getting loose, either accidentally or by command, are simply too great, and they have dug in their heels.  For example, it has been suggested that once it becomes generally known that Apple has developed such a backdoor, repressive regimes will order the firm to give it to them, or else kick Apple out of the country.

This is not the first time that Apple and the federal government have been at loggerheads over encrypted data.  In a 2014 case, Apple was ordered to extract data from an iPhone, but it is not immediately clear from the record whether they complied.  In both that case and the San Bernardino situation, the FBI cited as its authority the All Writs Act of 1789, which basically lets courts issue writs (orders) "necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law."   To the ears of this non-lawyer, it sounds like the law basically says you can do whatever you want, but the Act is typically hauled out as a kind of last resort, as subsequent case law has erected a set of four conditions that must be fulfilled before a court can issue an order under the Act.  Of course, the FBI thinks the conditions are fulfilled, and Apple doesn't.

Apple's stand is based on the idea, not that common among high-tech companies, that even Apple doesn't have any business with your personal data, which is why they designed the iPhone operating system to be so hard to crack.  This differs from practices of other firms, who happily mine their customers' private data for commercially valuable things like brand names and so on.  Privacy advocates from across the political spectrum have joined Cook in his opposition to the order, and the outcome of this case could have wide implications not only for the FBI and smartphones, but for digital privacy generally.

National Review commentator Kevin Williamson (from whose column I first learned about this matter) takes the view that the FBI is taking the easy way out by simply ordering Apple to do its job.  There is evidence to support this claim.  For example, in its instructions to Apple, the FBI asked them to rig a bluetooth link to the phone so they could try the 9999 different number combinations electronically, instead of having to make somebody sit there and do it by hand.  This apparently minor detail has the aroma of a royal order to underlings—"and while you're at it, fix it so I don't mess up my manicure wearing my fingers out on that touchscreen of yours."  Back in the days of telephone hacking in the 1960s, teenagers with time on their hands would amuse themselves by dialing all 9999 numbers in a given 3-digit telephone exchange (e. g. 292-0000 to 292-9999) just for the thrill of discovering the test and supervisory numbers the phone company used for long-distance routing and maintenance.  Apparently, the FBI can't be bothered with such tedium.

The matter is in the hands of lawyers now, and if the issue does indeed go all the way to the Supreme Court, its fate may well depend on whether President Obama gets to appoint a new member after Justice Scalia's recent demise, or whether the next president does, or whether a split Court ends up doing nothing (split decisions leave the lower court's decision standing).  Whatever happens, I admire Tim Cook for taking a principled and consistent stand for a cause that he could so easily abandon:  the notion that privacy still means something in a digital age.

Sources:  Kevin Williamson's column "Hurray for Tim Cook" can be found at National Review Online at http://www.nationalreview.com/article/431491/apples-tim-cook-right-resist-governments-demand.  I referred to articles by ABC News reporter Jack Date carried on Feb. 19, 2016 at http://abcnews.go.com/US/san-bernardino-shooters-apple-id-passcode-changed-government/story?id=37066070 and Feb. 17 at http://abcnews.go.com/US/fbi-iphone-apples-security-features-locked-investigators/story?id=36995221.  I also referred to an article in The Guardian online at http://www.theguardian.com/technology/2016/feb/19/apple-fbi-privacy-encryption-fight-san-bernardino-shooting-syed-farook-iphone, and Wikipedia articles on encryption software and the All Writs Act of 1789.

No comments:

Post a Comment