Note from the editor of The Stack
As Fortune has noted, We made a mistake with this post, and I take responsibility for the errors it contains regarding Apple’s previous actions in accessing iPhone data across a confusing range of iPhone models with varying zero-knowledge encryption facilities, ranging from none to software-only to hardware+software. We jumped on this and in our haste got it plain wrong. I apologise for the error, and promise that we’ll take steps not to let it happen again.
Martin Anderson, editor, thestack.com
Apple CEO Tim Cook announced this week that the company would refuse to unlock an iPhone belonging to one of the San Bernadino shooters, sparking a heated debate over privacy and technology issues. However, a 2015 court case in New York revealed that Apple had unlocked phones for government authorities over 70 times previously – including OS versions incorporating zero-knowledge encryption, leading to questions of whether their current stance is a matter of principled user privacy, or an opportunity for positive public relations.
In an open letter to customers on Wednesday, Cook stated the company’s objections to the FBI-issued search warrant in three parts. The first is the need for encryption of private data by users – most of the users of iPhones require secure devices for perfectly innocent reasons, and “compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.”
Second, he said that the technical request that the FBI has made – that Apple create a new version of the iPhone operating system that circumvents security features, and install it (presumably via DFU) on the San Bernadino shooter’s phone – would create a new technology that would “undeniably create a backdoor” capable of unlocking any iPhone, any time.
Finally, Apple is concerned that the FBI’s use of the All Writs Act of 1789 would set a dangerous legal precedent. If Apple complies with the current search warrant, the same legal reasoning could be used to justify further government intrusions into personal privacy through mobile devices including accessing location, microphone, and camera data without the user’s knowledge.
The 2015 case in New York involved a meth dealer using an iPhone with a version 7 OS, and Apple’s brief for the court stated, “For these devices, Apple has the technical ability to extract certain categories of unencrypted data from a passcode locked iOS device.”
However, the company went on to state that while it had the ability to extract data, it shouldn’t be forced to without clear legal authority, as that could “threaten the trust” between Apple and its customers, and “substantially tarnish the Apple brand.” The company admitted that it had the technical ability to get the information requested, but objected to the requirement to do so based on the potential to damage the company’s reputation in the eyes of its customers. So Apple has the ability to gain passcode-protected information, and has done so in many previous cases, including one involving an iPhone 5c running iOS9, capable of full encryption. Why the objection now?
A cynical view would be that Apple has judged the time right for a very public debate on technology and privacy, positioning itself as the champion of the people in protecting user data from government intrusion.
But in light of these developments, the government’s request is suspect as well. If Apple admittedly has the ability to recover passcode-protected data from iPhones, why does the FBI request include a requirement that Apple build an unsecured version of the iPhone operating system that can be applied to any iPhone, rather than just the device in question?
Additionally, further evidence in the New York iPhone case revealed that the Homeland Security Department has the ability to override passcode protections and access device data. While that referenced only one specific release of version 8 of the operating system, it is not beyond credibility that the government has some internal resources to bear on the San Bernadino iPhone hack, casting further suspicion on the requirements of the search warrant served to Apple in California.
With Apple expected to file new legal briefs in the case any day, this issue can be expected to drag out for months, as US courts debate the relevance of the 18th-century All Writs Act and its application to modern technology.