What happens if the FBI wins its iPhone fight?
SAN FRANCISCO—How do you get from a fight between the FBI and Apple over a locked iPhone to a spike in attacks on social justice across the globe? Very easily, says Nicholas Renault, who describes himself as a longtime LGBT rights activist here.
“LGBT people are under attack around the world,” Renault said during a “Don’t Break Our Phones” protest Tuesday afternoon in front of the Union Square shopping district’s Apple Store.
About 100 people with diverse interests—civil-rights activists like Renault, government surveillance protesters wearing the Guy Fawkes/V for Vendetta masks popularized by Anonymous, even the protest singing group Occupella—gathered in the warm afternoon’s fading light to express their support of Apple in fighting a court order to develop technology to unlock the iPhone 5C the San Bernardino County health department issued Syed Rizwan Farook, who with his wife in December fatally shot 14 people in the California city.
An iPhone security technology is preventing the FBI from accessing its data. There are myriad what-if’s surrounding the device that basically boil down to this: Had Farook’s employer properly implemented common device management technology, the FBI would already have access to it; its case against Apple would be moot.
Magistrate Sheri Pym of the U.S. District Court of Central California essentially ordered the company to throw hydrochloric acid on the lock protecting Farook’s iPhone. To Apple CEO Tim Cook, who said in a public letter that the federal government wants “to build a backdoor to the iPhone,” anyone across the globe in possession of the code Pym is ordering Apple to write, with any number of motives, could use it to unlock other iPhones. Apple on Thursday said it had filed a motion to vacate the magistrate’s order, citing its Constitutional rights under the First and Fifth amendments.
“Breaking encryption puts LGBT people at risk of attacks, persecution, and death,” said Renault, a man with graying dark hair who has been advocating for LGBT rights since at least 2001. “People are getting attacked with a vengeance like I’ve never seen in my life.”
Renault and technologists fear that any code created for this case will leak beyond the confines of Apple and the U.S. government, and find its way into the hands of people—and regimes—intent on limiting dissent and differences.
“There’s no question that others will use the rhetoric that if we have backdoors, then they can have backdoors too.” — Eva Galperin, global policy analyst, Electronic Frontier Foundation
An FBI win, moreover, would set a precedent for governments around the world to compel technology companies operating within their borders to build special decoding tools on demand, argues Eva Galperin, global policy analyst for the technology rights group Electronic Frontier Foundation. She says the EFF is working on an amicus brief to support Apple, which sells its products in 39 countries worldwide and does more than 60 percent of its business outside the United States.
Computer “encryption and anonymity” tools empower ordinary people “to exercise their rights to freedom of opinion and expression in the Digital Age and, as such, deserve strong protection,” David Kaye, the United Nations’ special rapporteur on the promotion and protection of the right to freedom of opinion and expression, concluded in a May 2015 report. Requiring encryption backdoor access, “even if for legitimate purposes,” Kaye said, “threatens the privacy necessary to the unencumbered exercise of the right to freedom of expression.”
Kaye said governments around the world are working to undermine use of computer encryption tools precisely because of their ability to protect communications. Ethiopia, for example, cited resident journalists’ training in communications encryption as evidence of criminal behavior. Countries including Russia, China, Iran, Brazil, Venezuela, and Vietnam already either prohibit anonymous speech, or require public registration by people who use the Internet.
What happens when the iPhone fight goes global
Now imagine if some of those countries mandate that Apple build for them the same kind of phone-unlocking technology that the United States is demanding.
Or imagine if the federal government lost control of the iPhone-unlocking code. As proven by last year’s Office of Personnel Management breach, the federal government isn’t exactly a sound steward of digital data. That attack saw 5.6 million sets of fingerprints and the personal data of 21.5 million federal employees stolen—most likely by state-sponsored hackers from China, a country where Apple makes tens of billions of dollars every quarter.
There is far more at stake than just the one phone or just this one case.
While it’s far from unprecedented for a federal agency to demand that a tech company change its behavior—just look at 1990s-era antitrust cases against Microsoft or IBM—it’s practically unheard of for the government to willingly risk state and corporate security so brazenly, Galperin said.
“When [FBI Director] Jim Comey was pushing for encryption backdoors in U.S. legislation, China cackled with glee,” she said. “There’s no question that others will use the rhetoric that if we have backdoors, then they can have backdoors too.”
Comey wrote a short but pointed letter to the editor of the Lawfare blog last weekend, arguing that the FBI’s demands for an iPhone encryption backdoor—though he never calls it that—are quite sensible.
“The relief we seek is limited, and its value increasingly obsolete, because the technology continues to evolve,” he wrote. “We simply want the chance, with a search warrant, to try to guess the terrorist’s passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That’s it.”
That may be it for Comey, but since then, we’ve learned that while the case at hand concerns only Farook’s phone, there are about a dozen other iPhones in unrelated cases to which the Department of Justice wants access, and another 175 phones the Manhattan district attorney—a noted opponent of encryption—wants to crack open. It is not unreasonable, surmises policy analyst Julian Sanchez, that Apple would face “thousands of similar demands” per year, domestically and internationally.
To be fair, Apple’s bottom line benefits from convincing customers that it cares more about user security and privacy than its competitors, and as legal experts Susan Hennessey and Benjamin Wittes point out on Lawfare, the company could be “trying to carve out a zone of impunity,” a magic bubble where Apple doesn’t have to submit to warrants to help unlock encrypted phones.
For all we know, Cook’s vocal opposition to the court order could be a cynical part of Apple’s corporate strategy to underscore the differences between the iPhone and its competitors, to goose an expected drop in revenue.
There is no law preventing Apple from improving its encryption to the point where the company can’t access its customer data. And yet the ruling from Magistrate Pym, in addition to several recent American polls, reflects a sentiment that regardless of the technological efficacy of a phone’s encryption—and no matter what it takes—government investigators should be able to closely examine it.
One question federal agents and those poll participants might not yet have fully considered: Are you prepared to sacrifice the security of your own iPhone?