Apple Pay

Apple Vs. The DoJ

Just about a month ago, Apple CEO Tim Cook was standing at the White House, side by side with President Obama, talking about how protecting the world against cyberattacks could only happen through the cooperative action between public servants and private technologists.

The visual was, on some level, surprising since Apple and federal authorities have long butted heads over encryption and consumer privacy rights. But, with that WH photo op, it seemed that peace in the Valley in the face of a bigger threat was the order of the day.

Well, maybe only that day.

Today, Apple and the Justice Department are in the midst of a nasty fight over a phone.

Not just any phone, of course — one of the phones of the now-deceased San Bernardino shooters Syed Rizwan Farook and Tashfeen Malik. The problem, said simply, is that the phone is locked; federal authorities literally can’t get past the front page of the phone screen, which requires the input of a four-digit code. Forcibly breaking that code — by running random number combinations against it via a supercomputer — is not an option. Apple’s security protocols cause iPhones to start deleting data after too many failed attempts since the hack method described above is, generally speaking, more popular with criminals than with investigators.

The root of the nasty back and forth now is that the FBI wanted Apple to unlock the phone. It said no. After mediated discussions broke down, the case went to a federal magistrate, who ruled that Apple has no choice and must provide the FBI with what it needs to get into the shooter’s iPhone.

Apple responded with one word.

No.

That’s the simple version of a very complicated story, a story that is complicated because of its scope and how said scope is being defined.

Is the FBI asking Apple to decrypt one phone in the service of keeping the world safe, or is the FBI looking to take us down that slippery slope where it has the power to decrypt any phone, anytime it says it needs to, in order to keep the world safe? And is it legit to hold modern tech firms to the letter of a law written in the 1700s?

 

“The Worst Case Scenario Has Come True”

Such are the words of Reynaldo Tariche, an FBI agent on Long Island, according to The New York Times. Tariche was reacting to the situation that officials find themselves in: staring at a phone that may (or may not — more on that in a minute) contain information vital to stopping the War on Terror that they can’t get at because they don’t know a four-digit code to unlock it. And the phone’s owners can’t help because they are dead.

What the FBI wants Apple to do, in essence, is build a slightly different version of its OS that disables security protocols like the one that causes too many wrong answers to erase critical data on the phone. It would like Apple to do that so that the FBI can essentially brute force the phone open with a random number generator.

The FBI argues that Apple, as the architects of the OS, has it within its power to build this software tool so that the agency can then gain access to the data that it believes it needs to investigate the case. The federal magistrate who heard the case and argument — U.S. Magistrate Judge Sheri Pym of the U.S. District Court for the Central District of California — agreed with the government’s case and ordered Apple to create the software the FBI needs.

But Apple didn’t agree and is reportedly angry that the FBI aired the issue in public, while the negotiations were in progress. Apple said no and vowed to appeal. The DOJ is, expectedly, none too happy with Apple’s refusal.

“It is unfortunate,” the department said in a statement, “that Apple continues to refuse to assist the department in obtaining access to the phone of one of the terrorists involved in a major terror attack on U.S. soil.”

Apple views this a little differently.

“The U.S. government has asked us for something we simply do not have and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.”

Apple has not just said no to the government and prepared to try its case all the way to the Supreme Court if it has to. Apple has decided to bring its case to the people. So, Tim Cook did in an open letter to Apple’s users.

Cook affirmed Apple’s great respect for law enforcement and desire to be helpful in the War on Terror and cybercrime but stated that Apple would not and could not comply with the DoJ’s request.

Could not because the tool needed to overwrite its own encryption hasn’t been built.

Would not because building such a tool, according to Cook, is the equivalent of swatting a fly with a thermonuclear weapon.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

In fact, Cook noted, it would be much easier to guarantee a loss of such control because digital data is unique in that way. However much the FBI wants to argue that this is a tool for one phone, the reality, Cook said, is that the knowledge is far more broadly applicable. If the government doesn’t understand that, Cook’s note implies that the FBI either doesn’t understand the nature of digital data or it doesn’t think anyone else does.

In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

And, finally, Apple plainly does not believe that the government has the authority to order Apple to destruct its intellectual property or detonate its relationship with its customers by fiat. The law is not on its side, according to Apple, and Cupertino quite obviously thinks it might just do better with a higher (and more publicly scrutinized) court.

 

The Spirit Of 1789 And The Great Statutory Question

The legal issue is probably the most complex part of the case. The federal government has unquestionable authority with a court order to tap a phone line or demand data from a phone if that data is in plain text. That is well covered by telecom laws passed in the 90s and the Patriot Act.

But these laws were all written before the smartphone era and before Edward Snowden broke pretty spectacularly with his employers in the federal government over citizen surveillance and blew the whistle before moving to Russia. In the post-Snowden world, companies like Apple (among many, many others) moved to encrypt everything on a phone, meaning that no third party (including itself) could view the data on it in usable form without the owner’s permission. There is no explicit legislation that allows the government to order a firm to decrypt its tech or provide a decryption key, though such legislation has been written.

In the wake of the Snowden debacle, however, that legislation got dropped into the cooler with President Obama’s declaration that he would not sign it. President Obama has clearly changed his mind as FBI sources say that they are moving forward in their case against Apple with the White House’s “full support.”

And this case — dealing with the most modern technology in the world — is being waged over a law that was passed in 1789. The All Writs Act gives judges the authority to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”

The government’s argument is that this is essentially a blank check that allows any judge to compel a “third party” to execute a court order.

Apple does not agree.

“The All Writs Act may not apply here because, among other reasons, the bounds of mandatory law enforcement assistance have already been drawn by the Communications Assistance for Law Enforcement Act (CALEA),” wrote Apple’s lawyers, “and because Apple does not own or control the device in question.”

Moreover, Cook in his open letter noted that if the federal government wants these powers, it has a means of getting them by ways other than using an obscure law that is as old as the Constitution to force the company to do something.

If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location or even access your phone’s microphone or camera without your knowledge.

Which, it’s worth mentioning, the French government does. It passed its own (highly criticized) version of the Patriot Act in May 2015, allowing the government to monitor telephone calls and forcing telcos to store customer metadata that it can access as it wishes.

What’s next in the U.S. remains to be seen, though a protracted and pretty ugly fight between security and privacy advocates seems likely. No one argues the merits of keeping the world safe from terrorists. What’s at stake, though, is whether the means, in this case, justify the end.

We’ll keep you posted.

——————————–

Featured PYMNTS Study:

More than 63 percent of merchant service providers (MSPs) want to overhaul their core payment processing systems so they can up their value-added services (VAS) game. It’s tough, though, since many of these systems date back to the pre-digital era. In the January 2020 Optimizing Merchant Services Playbook, PYMNTS unpacks what 200 MSPs say is key to delivering the VAS agenda that is critical to their success.

TRENDING RIGHT NOW