Two iPhones have put Apple back into the FBI’s sights.
The phones belonged to a deceased Saudi national accused of fatally shooting three people at a Florida naval base in December. They could contain important information about his connections and motivation, but the phones are locked and the FBI says it can’t get in. It wants Apple’s help to unlock the phones.
But Apple is saying no, and it has its reasons, even at the expense of mocking tweets from President Donald Trump.
Apple and technology security experts have heard this kind of request before. And they say it’s not about the phones — it’s about a years-long push by the DOJ for broader government oversight of mobile technology. If Apple says yes to this request or anything like it, they say, it would jeopardise the privacy of every single iPhone user.
Nearly four years after a nearly identical situation ended with the FBI backing down — with the help of companies that have successfully broken into iPhones — the debate about whether Apple should create a way to break into their own phones is back.
The circumstances, however, have changed. Apple has limited its own capability to break the encryption of iPhones, so it may not be able to do much even if it were willing to, while Facebook and other tech companies have moved to embrace encryption in other forms such as messaging apps, raising the stakes of the fight.
And politically, the tech industry may be vulnerable in a way that it’s never been before.
“There’s blood in the water,” said Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society. “And this becomes a way for law enforcement to try to draw attention to encryption.”
While the core argument remains the same — there’s no way to give the government access without introducing an opening that can be exploited by nefarious actors — it’s taking place at a time when tech companies are now routinely grilled on Capitol Hill and the public is less likely to trust that they know best.
Technology industry veterans and academics believe the Department of Justice sees an opportunity to not just crack a couple iPhones but to capitalize on growing skepticism of tech companies to spur legislative change that will render encryption moot in all contexts.
Nicholas Weaver, a computer scientist at the University of California, Berkeley, said that the FBI’s efforts to push Apple to crack its own iPhones were “more disingenuous than normal.”
“It’s entirely about legislation, not the courts,” he said.
At issue are two iPhones owned by the gunman who carried out a shooting last month that killed three people at the Naval Air Station Pensacola, in Florida. There are some parallels with the FBI efforts four years ago to get apple to unlock an iPhone from the San Bernardino shooting that killed 14 people — a dispute that ended with the government breaking the phone’s security with the help of an outside vendor.
In the Pensacola case, the phones have been described as earlier model iPhones 5 and 7, which many technology experts say the FBI should also be able to unlock with the help of outside security vendors.
So if the FBI can break into the phones, why is Attorney General William Barr formally asking Apple to provide the key? The answer appears to lie in the legal history of the matter, and the government’s desire for a permanent solution.
In the time since the San Bernardino dispute, government officials have been dealt two major setbacks in court: a 2016 ruling in an unrelated but similar case in Brooklyn, siding with Apple and never appealed, and a 2018 ruling out of Fresno, though the details of that case and ruling are sealed and the case is on appeal.
That’s left the DOJ with narrower legal options to push tech companies to crack their own security systems.
“They have recognized that the law as it stands is not on the government’s side,” Pfefferkorn said.
There is not consensus in the U.S. government that the DOJ is pursuing the right course of action. While President Donald Trump tweeted for Apple to give in to the FBI, other agencies have disagreed with the Justice Department and FBI, and the Trump administration hasn’t released a consensus policy document.
Morgan Reed, president of The App Association, a trade group for software companies that says it has more than 5,000 members, met on Thursday with staff from the White House National Economic Council and the Office of Science and Technology Policy.
He said that despite the president’s tweets, the two offices are concerned that the FBI’s efforts could hurt U.S. companies.
“They want to solve the problem as well but they want to solve the problem in a manner that protects the economic security of the United States,” he said.
Reed also said the DOJ’s efforts were more to spur legislative change than to gain access to any particular iPhone.
“They’re using this crisis to essentially drive for a policy change that ultimately would require some potentially devastating technological changes that would put people’s personal information at risk,” he said.
The White House had no immediate comment on Friday. Representatives for the Justice Department did not immediately respond to a request for comment.
“It is very important to know with whom and about what the shooter was communicating before he died,” Barr said on Monday.
No such split exists in the broader technology industry. Tech companies and privacy advocates who are often at odds on most topics remain united in their opposition of the FBI’s efforts.
But the tech industry does face shifting social and political dynamics that have put it on the back foot. A Pew Research Center survey from June 2019 found that the percentage of both Republican and Democratic supporters who see tech as having a positive impact has dropped sharply in recent years, and a survey by Axios and Survey Monkey found growing support for tech companies to face greater regulation. Democratic presidential candidates now include tech policy ideas as part of their platforms.
Government efforts to limit or compromise encryption have also gained traction outside the U.S., drawing more coordinated efforts in the tech industry. In December, a coalition of 102 organizations and individuals sent a letter to senior officials in the U.S., U.K. and Australia warning that compromising encryption would hurt the privacy and security of billions. The three countries had earlier sent a letter to Facebook CEO Mark Zuckerberg asking him to delay plans to expand end-to-end encrypted messaging.
The FBI has likewise been grilled on its own credibility. An inspector general report from 2018 said that the FBI headed to court against Apple in the San Bernardino dispute without first exhausting its technical options. And the FBI acknowledged to The Washington Post that it had repeatedly inflated the number of devices it couldn’t access.
“We don’t have any actual data proving this is a serious problem,” said Andi Wilson Thompson, a senior policy analyst at New America’s Open Technology Institute.
For now, technologists and lobbyists see something of a stalemate, with no pending legislation or compromise gaining traction. Previous efforts to pass legislation around encryption and government access have fallen flat, with a 2016 bipartisan encryption bill roasted by critics as “technically illiterate.”
And with much of Washington, focused on the ongoing impeachment trial, Pfefferkorn said she is not too worried in the near term.
“Congress seems to be a little busy right now,” she said.