Cybersecurity

Big stakes in Apple’s showdown with feds

Apple and the government are locked in a standoff over the San Bernardino shooter’s iPhone that could determine the future of access to encrypted devices.

It’s the first high-profile example of a tech company refusing to help law enforcement obtain a suspected terrorist’s encrypted communications since the attacks in Paris and San Bernardino, Calif., last year.

Politics quickly entered the battle after Apple said Tuesday that it would defy a court order to assist in unlocking the San Bernardino suspect’s iPhone.

“Who do they think they are?” GOP presidential front-runner Donald Trump said of Apple.

Trump’s criticism reflects a danger for Apple — which is under pressure to take a strong stand against government overreach but could also find itself targeted by political opponents.

Lawmakers are already preparing a bill that could force tech firms to comply with the kind of court order targeting Apple.

“Court orders are not optional, and Apple should comply,” said Senate Intelligence Committee Chairman Richard Burr (R-N.C.).

Burr has been working with his committee’s ranking member, Sen. Dianne Feinstein (D-Calif.), on the bill that may outlaw Apple’s refusal.

“I understand there are privacy concerns,” Feinstein said. “But in this case the phone is owned by the county — which has consented to a search — and there is a valid search warrant.”

“It’s not unreasonable for Apple to provide technical assistance when ordered by the court,” she added.

Apple has long pitched itself as the tech industry’s primary defender of an individual’s privacy, leaving it little room to cooperate with an order that some say would make the world’s biggest tech company an arm of the state. 

“I think it will ultimately protect their brand and protect them as somebody who is on the vanguard of consumer privacy,” said John Kindervag, an analyst at Forrester focusing on the tech industry and security.

Apple is also interested in protecting its image in the United States and abroad.

“Apple is a global company,” Kindervag added. “Protecting consumer data is a huge thing worldwide.”

But Apple, one of the world’s most valuable companies, also risks alienating swaths of the American public that are concerned about the growing threat of domestic terrorism.

People may use this decision to feed a narrative — accurate or not — that Apple is unwilling to work with the government more broadly on fighting terrorism, said Jeff Pollard, another Forrester analyst who studies the tech and security industries.

“That’s certainly a market concern,” Pollard added.

The court order does not directly demand that Apple decrypt the phone, a government-owned iPhone 5c used by Syed Rizwan Farook for his job at the county health department. Instead, the order asks Apple to create software that would disable a failsafe that triggers the phone to wipe its own memory if an incorrect password is inputted 10 times in a row.

Apple — backed up by multiple technology groups and privacy advocates — has characterized such software as a “backdoor” that it considers “too dangerous to create.”

“In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession,” wrote Apple CEO Tim Cook in an open letter published early Wednesday.

Apple is expected to appeal the order, kicking off a legal battle that could go all the way to the Supreme Court.

“There is no doubt in my mind that this would be a showdown which could reach the highest levels of our courts,” said Matthew Adams, a partner at Fox Rothschild who works on cases involving digital forensics.

If the company is able to successfully oppose the order, it would represent a huge setback for law enforcement and lawmakers who argue that impenetrable encryption represents a significant danger to public safety.

Supporters of the federal government’s position say the request is a reasonable solution to a critical national security concern: The FBI is unable to access what may be valuable information in its investigation of a brutal terrorist attack that killed 14 people on U.S. soil.

“Instead of telling Apple to hack the phone, they are saying, ‘Give us the opportunity to hack the phone ourselves without erasing the data that is so desperately needed,’” said JJ Thompson, CEO of the cybersecurity firm Rook Security.  

“That’s the most benign thing they can ask Apple to do,” he added.

But many argue the implications of complying are more insidious.

Although Tuesday’s order is narrowly tailored to a single phone and would be legally binding in only one district, it would likely persuade other judges to reach similar rulings in subsequent cases, critics say.

In other words, a ruling in favor of the government could effectively turn the tide in encryption policy by increasing the FBI’s authority over how the technology is developed.

“If Apple can be compelled to create a digitally-defective product for the government in this case, it can be compelled in any case to engineer a similar defect to allow the government to exploit the device, and so can every other manufacturer of every other device,” said Greg Nojeim, senior counsel at the Center for Democracy and Technology, a digital rights advocate.

Cook warned that complying would let the FBI eventually demand that Apple build surveillance software to “intercept your messages, access your health records or financial data, track your location or even access your phone’s microphone or camera without your knowledge.”

Supporters of the FBI argue that the agency is acting in good faith and Apple’s resistance is motivated by marketing concerns. In the wake of the revelations leaked by former National Security Agency contractor Edward Snowden — which unmasked the breadth of federal spying on U.S. citizens — consumers have increasingly turned toward more secure products.

Other popular tech community figureheads, including Snowden himself, came out in support of Cook.

Snowden bashed the FBI on Twitter for “creating a world where citizens rely on #Apple to defend their rights, rather than the other way around.”

Apple’s stance could also serve as a rallying cry for Congress’s bipartisan privacy and civil libertarian wing, which believes the government should not dictate how companies design digital security tools.

Rep. Ted Lieu (D-Calif.), one of Congress’s more vocal proponents of unbreakable encryption, said that Tuesday’s court order amounted to making Apple “an arm of law-enforcement.”

Lieu is backing a bipartisan bill that would prohibit states from passing encryption-related legislation.

“Where does this kind of coercion stop?” he asked. “Can the government force Facebook to create software that provides analytic data on who is likely to be a criminal?”

Sen. Ron Wyden (D-Ore.), perhaps the digital privacy community’s strongest upper chamber ally, warned that if Apple concedes, the ramifications “could snowball around the world,” he told The Guardian.

“Why in the world would our government want to give repressive regimes in Russia and China a blueprint for forcing American companies to create a backdoor?” he asked.

In order to win its appeal, Apple must demonstrate that the government’s demands are unduly burdensome — a requirement under the 1789 statute the government is using as its legal basis.

“What’s at stake is whether technology will be built around the needs of law enforcement or whether it will be built around the needs of users,” said Nojeim.

Updated 6:33 p.m.