Why is the US government at war with Apple to get it to help hack its newly enhanced encrypted iPhones in both California and New York?
Why doesn’t Apple want to help law enforcement in any way it can to track down the terrorists who may still be at large connected with the horrific December San Bernadino terror attack by Syed Rizwan Farook and Tafsheen Malik which claimed the lives of 14 US civilians?
The latest development was a late Monday US appeal against a New York court’s ruling that would let Apple refuse to unlock one of its iPhones for the government in a New York drug case that is lower profile than San Bernadino.
The US appealed in the hoping of getting a court order compelling Apple’s cooperation, as it already received in California - an order which Apple is appealing.
Is the headline on this story the fears of overzealous government officials opening Pandora’s Box which will unintentionally deal a mortal blow to the security of iPhones worldwide?
Or is it technology companies overdoing their commitment to privacy in a backlash against cooperating with the US government’s desire for backdoors after they were embarrassed by the Edward Snowden disclosures that they were handing over zillions of pieces of data from telephone calls and emails?
Part of the answer is technical and part of it is about the broader competing trends and priority placed on combating terror versus privacy concerns.
The technical part, which almost no one understands but is crucial to properly grasping the real issues, first.
In 2014, Apple specifically altered its iPhone software to make sure that it would not be able to unlock its own customers’ phones and decrypt their data. The San Bernadino iPhone in question is reportedly the iPhone 5c running the iOS9 version of Apple’s software.
One of the new security features that Apple installed was a feature which permanently locks out a phone if a hacker (or anyone) guesses the wrong password too many times by using a “brute force” technique which rapidly guesses a large number of passwords to arrive at the correct one.
Another new feature is a time delay between each password guess. While the delay is slight for normal people’s guesses, here where the FBI may need to guess a six digit passcode of both numbers and letters, the delay could take five-and-a-half-years even using techniques to rapid-guess.
All of these new features were at least partially motivated by a desire to restore customer trust that Apple will protect their privacy after revelations by former NSA operative Snowden that virtually all of the technology companies were sharing their customers’ private data with the government.
The FBI wants Apple to design a way for it to hack into its iPhones which will not run into the permanent lock-down feature, which reportedly kicks-in after only 10 guesses, or the time delay feature. Essentially, it wants Apple to create a special crippled software package to download onto the iPhone so that the new enhanced security features will be disabled.
That means that when some law enforcement officials have said that this is no different than asking a bank to open a safe deposit box, that the comparison is either disingenuous or wrongheaded.
Law enforcement is asking Apple to do something much more active and complex than has been done before.
On to the debate about combating terror versus privacy concerns.
In its motion to the California Court, the US government said it needed Apple’s assistance to access the iPhone to “determine…who Farook and Malik may have communicated with to plan and carry out the…shootings, where Farook and Malik may have traveled to and from before the incident, and other pertinent information…about their and others’ involvement in the deadly shooting.”
Ever since Snowden’s 2013 disclosure of the backdoors that technology companies built into their systems for the US to grab data to combat terror, companies like Apple, Google and others have pushed back hard, accusing the government of undermining constitutional rights to privacy.
Apple and its supporters say that passively turning over information in their possession is not the same as actively creating new software to be the government’s subcontractor in hacking their own customers.
They say that this new hacking software will end up in the wrong hands and could lead to a new worldwide criminal hacking spree into millions of iPhones all over the world.
Further, they say that other countries, some less democratic and less interested in their citizens’ privacy on any level, will demand the software for crippling security once Apple gives it to the US.
US law enforcement says that Apple was irresponsible when it added the new 2014 features without considering that it was effectively aiding and abetting terrorists and criminals to hide evidence from the law.
New York DA Cyrus Vance has said that his office currently cannot access 175 Apple devices to solve crimes up from 111 last year and representing 25 percent of the devices his unit has examined since 2010.
Law enforcement says that these devices hold messages between sex traffickers and their victims, videos of homicides and connections between criminal and terrorist conspirators.
That means that Apple is not necessarily taking full responsibility for a new problem it caused, potentially giving criminals and terrorists a way to hide evidence, in seemingly overreacting to the Snowden disclosures and in pushing for new highs in customer security.
There is also an active debate about whether a variety of laws passed in recent decades or dating back to 1789, but none of which explicitly related to or predicted the newest technologies, can be applied to compel Apple and others to comply with law enforcement’s concerns.
Ultimately, the US Congress, the Us Supreme Court or both will likely need to step in to the resolve the issue. But Congress does not appear to have an appetite to jump in before there is a greater feel of where a compromise might be struck or until there is greater public pressure for a solution.
This is why San Bernadino is key compared to the New York case.
If law enforcement loses the New York case, public opinion may be split on the result, as the drug case itself is not remarkable (even as law enforcement wants to set a precedent for being able to hack into encrypted Apple devices for unremarkable cases.)
In contrast, the San Bernadino attack struck a national chord very hard crossing normal political lines.
The American public could react with furor if it believed that the key to catching at large conspirators in the San Bernadino attack was being withheld by Apple.
How these cases are handled will likely set the playing field for the final battle down the road in Congress.