Federal investigators have been unable to access data contained within the Apple iPhone that belonged to Syed Rizwan Farook, who was killed by police after he and his wife targeted his coworkers at a holiday party.
The company’s stance is being hailed by some as an important step in the digital privacy movement, but it is also adding fuel to the flames of the larger debate around law enforcement access to proprietary encrypted devices, like the iPhone and Microsoft’s Android devices.
Apple CEO Tim Cook said in a statement, released Feb. 16, that the company opposes the “chilling” order based on “implications far beyond the legal case at hand.”
Cook argued in his statement that a backdoor, once created, could be replicated and used to unlock other devices. While he said he believes the intentions of FBI investigators are good, he said the technology would simply be too dangerous in the wrong hands.
“Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone,” Cook wrote. “Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.”
Though Cook acknowledged the investigative intentions behind the order and preceding FBI request, he added that the creation of an access point into the iPhone could potentially grant unlimited access to the devices and negatively impact personal privacy protections.
“The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices,” he said in the statement. “In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.”
From the perspective of the U.S. Attorney Eileen Decker, the federal court order marks a “potentially important step” in the investigation and attempts to bring closure to the families affected by the attack.
“Since the terrorist attack in San Bernardino on Dec. 2, 2015, that took the lives of 14 innocent Americans and shattered the lives of numerous families, my office and our law enforcement partners have worked tirelessly to exhaust every investigative lead in the case," she said in a press release. "We have made a solemn commitment to the victims and their families that we will leave no stone unturned as we gather as much information and evidence as possible. These victims and families deserve nothing less. The application filed today in federal court is another step – a potentially important step – in the process of learning everything we possibly can about the attack in San Bernardino.”
FBI Director James Comey testified before the U.S. Senate Special Committee on Intelligence Feb. 9 saying that in the months following the shooting spree, the Bureau has been unable to gain access to one of the shooter’s iPhone.
At that time, he pointed to a need for access when approved by the court, but said he did not want a permanent “backdoor” into the communications device, rather a way for companies to comply with legal requests.
“I don’t want a door. I don’t want a window. I don’t want a sliding glass door. I would like people to comply with court orders, and that’s the conversation we are trying to have,” he said during the testimony. “Encryption is a problem in our investigations; it is also a great thing and therein lies the challenge…”
Shahid Buttar, director of Grassroots Advocacy with the Electronic Frontiers Foundation, said the reluctance on the part of Apple signals positive steps in the privacy fight.
From where he stands, the issue extends far beyond the case being made for investigative purposes. He said once a key or flaw was created, there would be nothing to stop its use among domestic agencies and outside authoritarian governments, where it could potentially be used illegally.
“One of the particular concerns here is that these devices are used globally, so if Apple has to create a new security flaw to allow the FBI to crack the password on this phone using brute force, there is nothing to keep that same flaw from being exploited by every autocratic government around the world,” he said.
He called the order an obvious overreach on the part of the court, and said the argument for access to the encrypted devices leads back to a larger discussion about the balance between collective security and the rights of the individual.
“In this case, the claim is collective security: the need to keep the streets safe, means nobody can have secure phones, which is basically what this order would mean because the nature of digital security is that once you create an exploit, it's essentially accessible by anyone. It’s like the cork in the bottom of a boat; you pull the cork and the water does not discriminate," Buttar said. “I suspect that the judge in Riverside did not think about the way his order would play in Burma, but I know that Apple will have a chance to file a responsive brief in a few days and we hope that the judge on reflection, makes a more informed, liberty-regarding choice.”
Buttar said he is hopeful Apple carries the legal fight as far as it can and that he is hopeful the courts will maintain their independent position on the larger issue and the far-reaching implications of forcing a company to build a flaw into its products for investigative purposes.
“In the meantime," he said, "I think there is going to be a great deal of public debate surrounding these issues."