While Apple engineers don’t consider the U.S. government part of their “primary threat model,” they seem to have handily evaded the government’s attempts to gain access to one of the phones of the San Bernardino shooters (thereby giving it a doorway to access the millions of phones the company sells globally).
Although the company may have won this round, recent updates to Apple’s security protocols and new roles within its corporate structure suggest that it may be building up a defense against future government requests, which Apple claims would put the privacy of all of its users at risk.
As an article in TechCrunch recounts, Apple recently made headlines after it refused to yield access to the phone to government officials investigating the shootings at the Inland Regional Center in San Bernardino, CA, that claimed the lives of 14 people. The FBI put pressure on Apple to design custom software that would allow them to unlock an iPhone belonging to Syed Farook, one of the shooters. After a much-publicized standoff, the government dropped its case, claiming it had been approached by a third-party vendor offering a way into the phone.
According to TechCrunch, Apple engineers claim that the recent pushback against the FBI was motivated not by a desire to impede a terrorism investigation but rather to defend its ability to protect users against nongovernmental threats.
Last week (April 15), Apple released a whitepaper and held a press event to discuss its security philosophies. TechCrunch, who attended, categorized statements from senior engineers at Apple as decidedly not anti-government. As the engineers explained, government intrusion is not their primary threat model when designing iPhone security. Engineers highlighted the features outlined in the company’s security whitepaper, explaining to reporters exactly how Apple secures its customers’ data from the “silicon level.” As TechCrunch explained, Apple’s latest phones ship with the Secure Enclave, a portion of the phone’s hardware that manages the keys used to encrypt the device, built directly into the phone’s processing chip.
In the weeks since Apple’s standoff with the government became front page news, Apple CEO Tim Cook has also made several strong statements, describing security as a lynchpin of Apple’s strategy. It’s not shocking, then, that Apple would continue to build out its capabilities in these areas. As TechCrunch notes, Apple is revamping its internal security teams, which, among other things, act as a sort of filtration system for the security practices that govern nearly every aspect of what the tech giant does — from developing, to shipping, to monitoring usage of its devices.
While Apple, through public statements, has encouraged the U.S. government to become a leader in cybersecurity by forming a committee and employing industry experts to advise its role in the private tech sector, it seems Apple is also hedging its own bets with continued diligence in its own security protocols.