FBI–Apple encryption dispute
FBI–Apple encryption dispute
From Wikipedia, the free encyclopedia
In 2015 and 2016, Apple Inc. has received and objected to or challenged at least 11 orders issued by United States district courts under the All Writs Act of 1789. Most of these seek to compel Apple "to use its existing capabilities to extract data like contacts, photos and calls from locked iPhones running on operating systems iOS 7 and older" in order to assist in criminal investigations and prosecutions. A few requests, however, involve phones "with more extensive encryption, which Apple cannot break with its current capabilities". These orders seek to compel Apple to "design new software to let the government circumvent the device's security protocols and unlock the phone".
The most well-known instance of the latter category is a February 2016 court case in the United States District Court for the Central District of California. The FBI wanted Apple to create and electronically sign new software that would enable the FBI to unlock an iPhone 5C it recovered from one of the shooters in a December 2015 terrorist attack in San Bernardino, California, that killed 14 people and injured 22. The two attackers later died in a shootout with police; a work phone issued to one of the attackers by his employer was recovered intact, but that phone was locked with a four-digit password and was set to eliminate all its data after ten failed password attempts. Apple declined to create the software, and a hearing on the San Bernardino case was scheduled for March 22, 2016. However, a day before the hearing was supposed to happen, the government was granted a delay, after requesting it on the grounds that they had found a third party to unlock the phone. On March 28, the FBI announced that the third party had helped it unlock the iPhone, and the Department of Justice dropped the case.
- 1 Background
- 2 Apple ordered to assist the FBI
- 3 Other All Writs Act cases involving iPhones
- 4 Reactions
- 5 See also
- 6 References
- 7 External links
It was revealed as a part of the 2013 mass surveillance disclosures by Edward Snowden that the NSA and the British Government Communications Headquarters (GCHQ) had access to the user data in iPhones, BlackBerry, and Android phones and could read almost all smartphone information, including SMS, location, emails, and notes.
According to The New York Times, Apple developed new encryption methods for its iOS operating system, versions 8 and later, "so deep that Apple could no longer comply with government warrants asking for customer information to be extracted from devices." Throughout 2015, prosecutors advocated for the U.S. government to be able to compel decryption of iPhone contents.
In September 2015, Apple released a white paper detailing the security measures in its then-new iOS 9 operating system. The iPhone 5C model can be protected by a four-digit PIN code. After more than ten incorrect attempts to unlock the phone with the wrong PIN, the contents of the phone will be rendered unaccessible by erasing the AES encryption key that protects its stored data. According to the Apple white paper, iOS includes a Device Firmware Upgrade (DFU) mode, and that "[r]estoring a device after it enters DFU mode returns it to a known good state with the certainty that only unmodified Apple-signed code is present."
Apple ordered to assist the FBIThe FBI recovered an Apple iPhone 5C owned by the San Bernardino County, California government, that had been issued to its employee, the shooter Syed Rizwan Farook. He was involved in the December 2015 San Bernardino attack. The attack killed 14 people and seriously injured 22. The two terrorists died four hours after the attack in a shootout with police, having previously destroyed their personal phones. Farook's work phone was recovered intact, however. The phone had been locked with a four-digit password.
On February 9, 2016, the FBI announced that it was unable to unlock the county-owned it recovered, due to its advanced security features, including encryption of user data. As a result, the FBI asked Apple Inc. to create a new version of the phone's iOS operating system that could be installed and run in the phone's random access memory to disable certain security features that Apple refers to as "GovtOS". Apple declined due to its policy to never undermine the security features of its products. The FBI responded by successfully applying to a United States magistrate judge, Sherri Pym, to issue a court order, mandating Apple to create and provide the requested software. The order was not a subpoena, but rather was issued under the All Writs Act of 1789. The court order, called In the Matter of the Search of an Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus IS300, California License Plate 35KGD203, was filed in the United States District Court for the Central District of California.
The use of the All Writs Act to compel Apple to write new software was unprecedented and, according to legal experts, it was likely to prompt "an epic fight pitting privacy against national security." It was also pointed out that the implications of the legal precedent that would be established by the success of this action against Apple would go far beyond issues of privacy.
Technical details of the orderThe court order specified that Apple provide assistance to accomplish the following:
- "it will bypass or disable the auto-erase function whether or not it has been enabled" (this user-configurable feature of iOS 8 automatically deletes keys needed to read encrypted data after ten consecutive incorrect attempts)
- "it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available"
- "it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware"
There has been much research and analysis of the technical issues presented in the case since the court order was made available to the public.
Apple's opposition to the orderApple announced its intent to oppose the order, citing the security risks that the creation of a backdoor would pose towards customers. It also stated that no government had ever asked for similar access. The company was given until February 26, 2016, to fully respond to the court order.
On February 16, 2016, Apple chief executive officer Tim Cook released an online statement to Apple customers, explaining the company's motives for opposing the court order. He also stated that while they respect the FBI, the request they made threatens data security by establishing a precedent that the U.S. government could use to force any technology company to create software that could undermine the security of its products. He said in part:
The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand. This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.In response to the opposition, on February 19, 2016, the U.S. Department of Justice filed a new application urging a federal judge to compel Apple to comply with the order. The new application stated that the company could install the software on the phone in its own premises, and after the FBI had hacked the phone via remote connection, Apple could remove and destroy the software. Apple has hired attorneys Ted Olson and Theodore J. Boutrous Jr. to fight the order on appeal.
The same day, Apple revealed that it had discussed with the FBI four methods to access data in the iPhone in early January, but, as was revealed by a footnote in the February 19, 2016, application to the court, one of the more promising methods was ruled out by a mistake during the investigation of the attack. After the shooter's phone had been recovered, the FBI asked San Bernardino County, the owner of the phone, to reset the password to the shooter's iCloud account in order to acquire data from the iCloud backup. However, this rendered the phone unable to back up recent data to iCloud unless its pass-code is entered. This was confirmed by the U.S. Department of Justice, which then added that any backup would have been "insufficient" because they would not have been able to recover enough information from it.
Legal argumentsThe government cites as precedent United States v. New York Telephone Co., where the Supreme Court ruled in 1977 that the All Writs Act gave courts the power to demand reasonable technical assistance from the phone company in accessing phone calling records. Apple responded that New York Telephone was already collecting the data in question in the course of its business, something the Supreme Court took note of in its ruling. Apple also asserts that being compelled to write new software "amounts to compelled speech and viewpoint discrimination in violation of the First Amendment. … [W]hat is to stop the government from demanding that Apple write code to turn on the microphone in aid of government surveillance, activate the video camera, surreptitiously record conversations, or turn on location services to track the phone's user?" A hearing on the case was scheduled for March 22.
San Bernardino County District Attorney Michael Ramos filed a brief stating the iPhone may contain evidence of a "lying dormant cyber pathogen" that could have been introduced into the San Bernardino County computer network, as well as identification of a possible third gunman who was alleged to have been seen at the scene of the attack by eyewitnesses. The following day, Ramos told the Associated Press that he did not know whether the shooters had compromised the county's infrastructure, but the only way to know for sure was by gaining access to the iPhone. This statement has been criticized by cyber-security professionals as being improbable.
On March 21, the government requested and was granted a delay, saying a third party, later identified in news outlets citing anonymous sources as Israeli company Cellebrite, had demonstrated a possible way to unlock the iPhone in question and the FBI needed more time to determine if it will work. On March 28, the FBI said it unlocked the iPhone with the third party's help and an anonymous official said the hack's applications were limited; the Department of Justice vacated the case.
Other All Writs Act cases involving iPhonesApple had previously challenged the U.S. Department of Justice's authority to compel it to unlock an iPhone in a drug case in the United States District Court for the Eastern District of New York in Brooklyn (In re Order Requiring Apple Inc. to Assist in the Execution of a Search Warrant Issued by the Court, case number 1:15-mc-01902), after the magistrate judge in the case, James Ornstein, requested Apple's position before issuing an order. On February 29, 2016, Judge Ornstein denied the government's request, saying the All Writs Act cannot be used to force a company to modify its products: "The implications of the government's position are so far-reaching – both in terms of what it would allow today and what it implies about Congressional intent in 1789 – as to produce impermissibly absurd results." Ornstein went on to criticize the government's stance, writing, "It would be absurd to posit that the authority the government sought was anything other than obnoxious to the law." The Justice Department has appealed the ruling to District Court Judge Margot Brodie. Apple has requested a delay while the FBI attempts to access the San Bernardino iPhone without Apple's help.
In addition to the San Bernardino case and the Brooklyn case, Apple has received at least nine different requests from federal courts under the All Writs Act for iPhone or iPad products. Apple has objected to these requests. This fact was revealed by Apple in court filings in the Brooklyn case made at the request of the judge in that case. Most of these requests call upon Apple "to use its existing capabilities to extract data like contacts, photos and calls from locked iPhones running on operating systems iOS7 and older" (as in the Brooklyn case), while others "involve phones with more extensive encryption, which Apple cannot break" and presumably seek to order Apple to "design new software to let the government circumvent the device's security protocols and unlock the phone" (as in the San Bernardino case).
ReactionsNational reactions to Apple's opposition of the order were mixed. A CBS News poll that sampled 1,022 Americans found that 50% of the respondents supported the FBI's stance, while 45% supported Apple's stance.
Support for AppleThe Reform Government Surveillance coalition, which includes major tech firms Microsoft, Facebook, Yahoo!, Twitter, and LinkedIn, has indicated its opposition to the order. By March 3, the deadline, a large number of amicus curiae briefs were filed with the court, with numerous technology firms supporting Apple's position, including a joint brief from Amazon.com, Box, Cisco Systems, Dropbox, Evernote, Facebook, Google, Lavabit, Microsoft, Mozilla, Nest Labs, Pinterest, Slack Technologies, Snapchat, WhatsApp, and Yahoo!. Briefs from the American Civil Liberties Union, the Electronic Frontier Foundation, Access Now, and the Center for Democracy and Technology also supported Apple.
The think tank Niskanen Center has suggested that the case is a door-in-the-face technique designed to gain eventual approval for encryption backdoors and is viewed as a revival of the Crypto Wars.
U.S. Representative Mike Honda, a Democrat who represents the Silicon Valley region, has voiced his support for Apple.
On February 23, 2016, a series of pro-Apple protests organized by Fight for the Future were held outside of Apple's stores in over 40 locations.
Zeid Raad al-Hussein, the United Nations High Commissioner for Human Rights, warned the FBI of the potential for "extremely damaging implications" on human rights and that they "risk unlocking a Pandora's box" through their investigation.
General Michael Hayden, former director of the NSA and the Central Intelligence Agency, in a March 7 interview with Maria Bartiromo on the Fox Business Network, supported Apple's position, noting that the CIA considers cyber-attacks the number one threat to U.S. security and saying that "this may be a case where we've got to give up some things in law enforcement and even counter terrorism in order to preserve this aspect, our cybersecurity."
Salihin Kondoker, whose wife was shot in the attack but survived, filed a friend of the court brief siding with Apple; his brief said that he "understand[s] that this software the government wants them to use will be used against millions of other innocent people. I share their fear."
Edward Snowden said that the FBI already has the technical means to unlock Apple's devices and said, "The global technological consensus is against the FBI."
McAfee founder John McAfee had publicly volunteered to decrypt the iPhone used by the San Bernardino shooters, avoiding the need for Apple to build a backdoor. He later indicated that the method he would employ, extracting the unique ID from inside the A7 processor chip, is difficult and risks permanently locking the phone, and that he was seeking publicity.
In an interview for a Time magazine cover story, Cook said that the issue is not "privacy versus security...it's privacy and security or privacy and safety versus security." Cook also said, "[T]his is the golden age of surveillance that we live in. There is more information about all of us, so much more than ten years ago, or five years ago. It's everywhere. You are leaving digital footprints everywhere. Also there's cameras everywhere..."
On a March 21, 2016 Apple press conference, Cook talked about the ongoing conflict with the FBI by saying, "...[W]e have a responsibility to protect your data and your privacy. We will not shrink from this responsibility."
Support for FBISome families of the victims and survivors of the attack indicated they would file a brief in support of the FBI.
The National Sheriffs' Association has suggested that Apple's stance is "putting profit over safety" and "has nothing to do with privacy." The Federal Law Enforcement Officers Association, the Association of Prosecuting Attorneys, and the National Sheriffs' Association filed a brief supporting the FBI.
Senator Dianne Feinstein of California, a Democrat and vice chairman of the Senate Intelligence Committee, has voiced her opposition to Apple. All candidates for the Republican nomination for the 2016 U.S. presidential election at the time supported the FBI's position, though several expressed concerns about adding backdoors to mobile phones.
On February 23, 2016, the Financial Times reported that Bill Gates, founder of Microsoft, has sided with the FBI in the case. However, Gates later said in an interview with Bloomberg News "that doesn't state my view on this." He added that he thought the right balance and safeguards need to be found in the courts and in Congress, and that the debate provoked by this case is valuable.
San Bernardino Police Chief Jarrod Burguan said in an interview:
I'll be honest with you, I think that there is a reasonably good chance that there is nothing of any value on the phone. What we are hoping might be on the phone would be potential contacts that we would obviously want to talk to. This is an effort to leave no stone unturned in the investigation. [To] allow this phone to sit there and not make an effort to get the information or the data that may be inside of that phone is simply not fair to the victims and their families.Manhattan District Attorney Cyrus Vance, Jr., said that he wants Apple to unlock 175 iPhones that his office's Cyber-Crime Lab been unable to access, adding, "Apple should be directed to be able to unlock its phones when there is a court order by an independent judge proving and demonstrating that there's relevant evidence on that phone necessary for an individual case."
FBI Director Comey, testifying before the House Judiciary Committee, compared Apple's iPhone security to a guard dog, saying, "We're asking Apple to take the vicious guard dog away and let us pick the lock."
Calls for compromiseBoth 2016 Democratic presidential candidates—former Secretary of State Hillary Rodham Clinton and Senator Bernie Sanders—suggested some compromise should be found.
U.S. Defense Secretary Ashton Carter called for Silicon Valley and the federal government to work together. "We are squarely behind strong data security and strong encryption, no question about it," he said. Carter also added that he is "not a believer in back doors."
In an address to the 2016 South by Southwest conference on March 11, President Barack Obama stated that while he could not comment on the specific case, "You cannot take an absolutist view on (encryption). If your view is strong encryption no matter what, and we can and should create black boxes, that does not strike the balance that we've lived with for 200 or 300 years. And it's fetishizing our phones above every other value. That can't be the right answer."
- Bernstein v. United States—a case on software as speech
- List of United States Supreme Court cases involving the First Amendment § Compelled speech
- Riley v. California—holding unconstitutional the warrantless search of a cellphone during an arrest, noting cellphones' unique privacy implications
- United States v. New York Telephone Co.—holding that law enforcement officials may obtain a court order forcing telephone companies to install pen registers in order to record the numbers called from a particular telephone.
- Universal City Studios, Inc. v. Reimerdes—another case holding software is a form of speech
- "Modern cell phones are not just another technological convenience. With all they contain and all they may reveal, they hold for many Americans 'the privacies of life.'" Riley v. California, 573 U. S., ___, No. 13-312, slip op. at 28 (2014).
- Apple FAQ on the controversy
- FBI director's comments on the 2016 dispute
- Online source for legal filings in the 2016 dispute at Cryptome
- PR Statement of United States Attorney Eileen M. Decker on Government Request to Vacate Order Directing Apple to Help Access iPhone
The iPhone is a county owned telephone that may have connected to the San Bernardino County computer network. The seized iPhone may contain evidence that can only be found on the seized phone that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino's infrastructure.
Did he use the county's infrastructure? Did he hack into that infrastructure? I don't know. In order for me to really put that issue to rest, there is one piece of evidence that would absolutely let us know that, and that would be the iPhone.