Image 01 Image 03

Apple’s Fight With the FBI Highlights Privacy vs. Security Debate

Apple’s Fight With the FBI Highlights Privacy vs. Security Debate

The FBI wants evidence from a terrorist’s phone, but will that make your personal data less secure?

https://twitter.com/ABCInvestigates/status/673845589315067904

A legal fight between Apple and the FBI is highlighting some critically important issues in the debate between privacy and security.

After the San Bernardino attacks, an iPhone 5C belonging to one of the two shooters, Syed Rizwan Farook, was among the evidence gathered by the FBI. The FBI obtained a warrant to search the contents of the iPhone, but Farook’s iPhone, like most people’s, is protected by a passcode that encrypts the data on the phone and prevents anyone without the code from accessing it.

Apple’s security systems are designed to prevent hacking attempts like “brute-force attacks” by requiring delays after wrong passcode guesses and an auto-delete function that is activated after ten incorrect attempts. The FBI went to court to obtain an order to get Apple to help them get around these security features and access the data on Farook’s phone.

Court orders Apple to help the FBI; Apple refuses to comply

On Tuesday, Magistrate Judge Sheri Pym of the Federal District Court for the District of Central California issued an order requiring Apple to provide “reasonable technical assistance” to help the FBI unlock Farook’s iPhone, including specifically instructing Apple to allow them to “bypass or erase the auto-erase function” and the required delay between passcode attempts.

Judge Pym’s order included instructions for Apple to object to the order within five business days if they believed that “compliance with this Order would be unreasonably burdensome,” and that’s exactly what Apple did.

Apple CEO Tim Cook posted a statement on Apple’s website stating their objection to what he described as the government’s “unprecedented step which threatens the security of our customers.”

Calling smartphones like the Apple iPhone an “essential part of our lives” that “store an incredible amount of personal information,” Cook wrote that Apple was “deeply committed” to safeguarding customer data:

Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.

For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.

Describing what the FBI wants as a “backdoor” to the iPhone, Cook argues that they intentionally created the iPhone with safeguards to protect customers’ data, and that this backdoor would be “too dangerous to create.”

Should we really trust the government with this power?

That’s the question posed by National Review’s Kevin Williamson. “You know what would be better than prosecuting those who helped the San Bernardino jihadists?” wrote Williamson. The painfully obvious answer: “Stopping them.”

An arranged marriage to a Pakistani woman who spent years doing . . . something . . . in Saudi Arabia? Those two murderous misfits had more red flags on them than Bernie Sanders’s front yard on May Day, and the best minds in American law enforcement and intelligence did precisely squat to stop their rampage. Having failed to do its job, the federal government now seeks even more power — the power to compel Apple to write code rendering the security measures in its products useless — as a reward for its failure…

From the IRS to the ATF to the DEA to Hillary Rodham Clinton’s super-secret toilet e-mail server, the federal government has shown, time and again, that it cannot be trusted with any combination of power and sensitive information. Its usual range of official motion traces an arc from indifference through incompetence to malice.

Where the federal government imagines that it gets the power to order a private firm to write software to do its incompetent minions’ jobs for them is anybody’s guess. Tim Cook and Apple are right to raise the corporate middle finger to this nonsense.

What do you think? Should Apple fight the court order or should they help the FBI access the data on Farook’s iPhone? In this fight between privacy and national security, where should the limits be?

Follow Sarah Rumpf on Twitter @rumpfshaker.

DONATE

Donations tax deductible
to the full extent allowed by law.

Comments

Apple should fight it.

In grad school we were always told the NSA was soooo far ahead that John Q Public had no chance of hiding his data with encryption. That proved to be soooo wrong.

Granted this is the FBI, but they are being lazy and inept. They were lazy in not having a red dot on this guy in the first place and they are being lazy now by asking Apple to just “hand it over”

What happens when the device is owned by an entity that can’t be bullied by the US courts?

    legacyrepublican in reply to Andy. | February 18, 2016 at 3:13 pm

    They didn’t ask Apple to unlock a phone like before without surrendering the key.

    This time, the government asked Apple for a master key that opens up everyone’s phone saying they will use it on this phone but leaving the key in the governments hands.

    It is important to understand that difference.

      For details on exactly what the FBI is asking for, read the brief:
      https://www.scribd.com/doc/299653780/Department-of-Justice-San-Bernadino-Brief-Against-Apple

      The FBI is asking Apple to make a firmware update that is targeted directly at this handset and cannot be run on any other handset (even other iPhone 5Cs). They have offered to let Apple have exclusive control over the software, and to let it be attached and run in Apple’s labs, so that all the FBI ever gets in the actual passcode that will unlock the phone.

      There is no “master key” involved here, and nothing the FBI has asked for can be used against any other iPhone user, much less anyone without an Apple phone.
      Tim Cook is being deceptive when he tries to pretend this case has anything to do with “master keys” or “backdoors” on everyone’s phones.

        Ragspierre in reply to Toranth. | February 18, 2016 at 3:44 pm

        You’re crediting what the FEEBs CLAIM they want, and want to do.

        You should post the OPPOSITION brief, as well.

        Again, competing valid interests (giving everyone the benefit of the proverbial doubt) that need to be reconciled.

        In COURT. Not in the press or popular opinion.

          Toranth in reply to Ragspierre. | February 18, 2016 at 4:32 pm

          I’d love to read Apple’s response.
          Unfortunately, they have not filed one yet.

          Tim Cook gave a PR presentation, which had very little to do with this case. We know he doesn’t like unlocking iPhones anymore, and he’s talking up the most freedom and privacy loving line Apple has ever had, but we don’t know what his company’s response to the FBI is.

        tiger66 in reply to Toranth. | February 18, 2016 at 4:51 pm

        With all due respect, what are you smoking? You cannot conceivably trust anyone in the Federal government. The President—the head dude—has demonstrably lied to the American people. The Secretary of State lied. The IRS lied. The Attorney General lied. The head of the VA lied. The Secret Service lied. Ash Carter just lied about the sailors who were captured by the Iranians. The FBI—the very agency who wants to unlock the phone—can’t seem to indict Hillary even in the face of overwhelming evidence. And they want MORE power?

        You can’t possibly trust these guys. They operate in a totalitarian world—us vs. the citizens. They think that they are the only honest guys in town, yet time and time again they have shown to be even more corrupt than John Q. Public. And, remember, there is no accountability for them.

        How about this: Let Apple unlock the phone per the schema you describe. And then—if there is nothing on the phone that points to a wider conspiracy or leads to any other indictments—every Fed involved with this case (from the FBI all the way up through the court system that forced Apple to break the encryption) has to QUIT THEIR JOBS and GIVE UP THEIR GOVERNMENT PENSIONS. If the guys had PERSONAL skin in the game, they would be a little more reasonable.

        I’m the first guy to give the government the power to do its job, but only when it shows that it deserves it. No one got fired from 9-11, no one got fired from the Boston thing; no one got fired from the San Bernadino massacre; no one gets fired from the TSA.

        They don’t deserve more power; they abuse the power they already have.

        And if they did, tomorrow there would be fifty government agencies and police departments on Apple’s doorstep with court orders demanding exactly the same treatment. And then five hundred. And five thousand…

          DaveGinOly in reply to georgfelis. | February 18, 2016 at 10:24 pm

          Exactly. If Apple caves, they will 1.) set a precedent – government can force private industry to build/make tools it desires to do “X”; and 2.) once Apple makes that tool, the government will force it to apply it again and again.

          There is a form of government that can command performance from businesses that are nominally privately-owned. It’s called “national socialism.”

My gut says yes, they should fight the order. It’s not a matter of handing over a key that exists. They have to create the key (using some expensive labor) the result of which diminishes their core product’s value. Sorry, Feds. Maybe you should get better at hacking phones and not make Apple hold the door open for you.

I say…as usual…let due process PROCESS.

There are competing, valid interests here, and they need to be fully vetted and reconciled, if possible.

I think Limbaugh knows about as much about Apple as any layman non-expert. He says the FEEBS are not asking for the combination of A safe, but the ability to crack ALL safes.

Until someone comes along with a more compelling argument, I’ll be happy to live with that one.

    DaveGinOly in reply to Ragspierre. | February 18, 2016 at 10:41 pm

    Apple has no evidence in its possession that could be searched for and seized via a warrant or demanded via a subpoena. All of the evidence in this situation is already in the possession of the government. The only thing the government could possibly subpoena is the password that would unlock the data, but the two people who had the password are dead and Apple doesn’t have it.

    It seems in our system of government there is no process or mechanism by which the government can compel performance of a private business when a court has not been properly moved by a claimant who has a legitimate suit against the business. And that is a good thing to not have.

    Freedom does not guarantee safety, and guaranteed safety inevitably extinguishes freedom.

They need to get McGee of NCIS to do a few key strokes and then they will be in. I thought that the Govt already had this sort of stuff covered.

Honestly in this particular case I do not see a problem, or that Apple has a legal leg to stand.

The FBI has gone through appropriate channels and gotten a court order for it.

Functionally, I frankly don’t see the difference between this and ordering a landlord to unlock an apartment or storage unit for the police.

Now if the FBI were demanding Apple give them the program so they could snoop into anybody’s phone any time they wanted, that’s a completely different situation.

    It’s very, very different “functionally” than a landlord unlocking an apartment in response to a court order.

    The encryption system on iPhones is actually amazingly sophisticated, and has numerous safeguards against workarounds, even against high-powered adversaries like governments and… Apple itself.

    This is not like asking a landlord to open an apartment with his spare key, this is like asking a maker of uncrackable vaults to expend major time and technology to develop a technique that can be used to crack one of their vaults, which by its nature is going to be able to crack *all* of the vaults they’ve ever sold.

    By the way, this is at least possible, albeit very difficult, with the older iPhone the Farooks had — newer iPhones use encryption technology that might be for all practical purposes impossible to engineer a workaround for, without developing new technologies that make it possible to do atomic-level scanning of the interior of a shielded tamper-proof chipset.

    The FBI has gone through appropriate channels and gotten a court order for it.

    So also did the DoD go through “appropriate channels”, when they interned all Americans of Japanese descent during WWII, under Executive Order 9066.

    So did the State of Louisiana, when “separate but equal” race-based segregation was upheld in Plessy v. Ferguson.

    We quite appropriately see these abuses of civil rights as wrong now. I submit they were wrong back then, too — else they wouldn’t have been overturned at all — but the important thing is, all the proper legal procedures were followed. That doesn’t make them right.

    DaveGinOly in reply to Olinser. | February 18, 2016 at 10:49 pm

    It’s not like the “landlord” situation at all.

    When cops get a warrant to search a property, the warrant is supposed to name the things to be searched for and where that search will be conducted. The landlord must open the property to be searched for things that are reasonably believed to both exist and to be at the location being searched.

    The current situation is like the cops bringing a warrant to a landlord demanding the the landlord build or make something that isn’t located at a particular place to be searched (which must be named in the warrant) because it doesn’t even exist (something that doesn’t exist can’t possibly be “somewhere,” because it is nowhere).

Apple should fight this order. I would have less of an issue if they asked apple to pull the data from the phone and give them the data unencrypted. On this fight I have to stand with Apple and Tim Cook. Still won’t buy Apple products as long as Cook is CEO, but I can’t fault this stand of theirs.

Apple didn’t think it was a breach of customers’ private phones to push a U2 album down onto every one of them, whether the owner wanted it to or not. It seems Apple has a convenient set of rules about when someone’s phone is sacrosanct and when it isn’t.

    DaveGinOly in reply to Ann in L.A.. | February 18, 2016 at 10:51 pm

    That did nothing to threaten users’ privacy. Apple learned nothing personal and confidential about any user by pushing music files to its users.

Before commenting, I would prefer to read both briefs. After reading the comments here, I will limit my opinion to the following:

If Apple can unlock the phone, then hand the phone over to the FBI just as if Farook unlocked it, then I would go with the government on this one particular set of facts.

Otherwise, Tim Cook is no better than an ISIS sympathizer.

    American Human in reply to Redneck Law. | February 18, 2016 at 4:21 pm

    But, Apple specifically did not give even themselves the capability to open Skyhook’s phone. Apple would need to actually develop this capability and then the OS would need to be re-written and downloaded to his phone.
    I believe 100% of Apple phone capabilities are available and more on the average Droid for 1/3 the price and I have no intention of learning another OS but I am on Tim Cook/Apple’s side on this and I believe it is an enormous and crooked stretch to equate him with an ISIS sympathizer.

      Newer iPhones have been designed to be unrecoverable if all security features are enabled, but this specific one was not.
      Since Apple wrote the original firmware source code, and possesses all the software signing keys, creating a version that comments out the “Destroy_Data()” and “Delay_after_input()” lines of code should be easy.

      If it turns out not to be easy, then Apple would have a good objection (undue burden).

      But under any circumstance, I think calling Cook an ISIS sympathizer is wrong. He’s just catering to the current anti-government crowd on privacy issues. He may even agree with them. But I don’t see anything to believe he supports a mass murdering terrorist organization.

      Android and Microsh*t phones are already tracked by the Feeebs and other federal agencies. That is another reason that most people buy the iPhone instead of the more cheaper ones

      “I believe it is an enormous and crooked stretch to equate him with an ISIS sympathizer.”

      I know. It was tongue in cheek.

Does it make any difference if the phone was not owned by Farook? My understanding is that the phone is owned by San Bernardino County and that they have given permission to the FBI to view the contents on the phone.

American Human | February 18, 2016 at 4:17 pm

Even Apple does not have this capability. They are asking for Apple to develop this capability as part of their operating system, download this to the bad guys IPhone and then give the key to the government. There may well be a workaround to this entire thing but Apple would need to expend large amounts of time and money to do this without any remuneration from the government.
How long would it be before a court requires Apple or Google to do the next thing…as a favor to them?

The phone is owned by the terrorist’s employer, that employer is fully cooperating and is essentially asking Apple for help to i) patch the OS so the 10 login failure counter is blocked/reset, and ii) to unlock the phone. A key to Apple’s marketing is seemingly hack-free security. Theoretically, Apple could be hired on a consulting basis to hack its own phone — but isn’t that like hiring Coca Cola employees to show you the recipe to their core beverage? Technically, the feds aren’t asking for a key to unlock every phone, but they are asking Apple to set the precedent of unlocking every phone that a magistrate orders unlocked. Either way, Apple’s reputation becomes that of a sellout — Apple has to fight that result.

    Mark30339 in reply to Mark30339. | February 18, 2016 at 5:00 pm

    The question of forcing Apple to hack its own phone would be more compelling if say a kidnapped child was involved and the phone of the child or the kidnapper was involved. Apple might find a way to volunteer its help (and manage a public relations dilemma). But that act would still set a precedent for magistrates who want access to I-phones for law enforcement.

      Toranth in reply to Mark30339. | February 18, 2016 at 9:05 pm

      A good point has been raised in places: Technically, Apple still “owns” the software – they used the traditional software industry EULA, which only “licenses” the software to the customer. So, since they technically own it, and it is their software prevent access, this isn’t any different than requiring a landlord to open a rented apartment, or a bank to open a rented safety deposit box.

I support Apple’s stance.

I’m usually pretty good with techie stuff, but I’ve got to throw this out there.

Does the FBI need the contents of the phone? Why?

The phone was evidently owned by San Bernadino County, who issued it to an employee. SBC is reportedly cooperating in the investigation.

Here’s the thing: If SBC owned the phone, then they owned the data plan for the phone. The cellular carrier (Verizon, AT&T, Sprint, or whoever) should be able to tell the FBI what websites the phone accessed and what types of files/data were passed. Any backed-up contact lists or favorited websites should be available from the carrier’s end. Has the carrier been subpoenaed or the data usage been requested with the consent of the data plan owner (SBC)? Have the owners of those favorited sites been subpoenaed?

Or is this a witch-hunt intended to get Apple — the only major supplier of smartphones into which the government doesn’t currently have a back-door — to cave and compromise their operating system?

(Or both: they’re not mutually exclusive.)

    There is totally a library of other targets on there, but the FBI should just be better at cracking.

    Maybe a little more emphasis on the hard skills and a little less attention to whether they’ve hired enough non-white male transgender lesbian atheists.

iPhones are made in China with Chinese parts. Just ask Chinese intelligence for their key.

Why isn’t this a 1st Amendment issue as well possibly 13th? Court is not seeking something that exists, but seeks to draft/conscript entire company of people outside of any law I know of (All Writs ios broad, but this broad?) to force hundreds of people to work for thousands of man-hours on a project without a negotiated contract, using IP and other private property to create something that goes against the beliefs of the company and the people?

How is this any different than the government forcing either Taylor Swift to make a propaganda music video or Samuel Jackson to make a propaganda commercial against their beliefs/desires?

The phone is built on an assembly line i.e. mass produced. Any back-doors will apply to all phones. Better 10 criminals walk than 1 innocent be convicted.

Why can’t the FBI subpoena whatever information it needs from Apple and then have the NSA or other government programmers program the backdoor?

buckeyeminuteman | February 19, 2016 at 12:51 pm

If I owned a safe like Liberty makes and had all kinds of cash, drugs and undocumented guns in it and it was locked tight with no way to open it but the combo; should the FBI be able to take the safe to Liberty and make them open it? It’s my safe, I paid cash for it, Liberty has no purview over it anymore. It’s private property. What if because someone may one day hide illegal things in a Liberty safe, the FBI made Liberty make a master key for every safe that only the government had???

http://patterico.com/2016/02/19/the-apple-iphone-and-the-san-bernardino-shooters-its-not-what-youve-been-told/

There’s a lot of good stuff here, though I think it does come from a prosecutor’s POV. Patterico IS a conservative, however.

Read it, and raise whatever arguments you can.

As I have said, there are valid interests here on both sides, and the COURTS are where they’ll be balanced and reconciled.

What am I missing? Can’t a judge issue a warrant for the data off the phone and Apple deliver all the data without giving them an ‘NSA’ backdoor key?

Since most companies simply comply with these types of orders there must be a procedure where they can get the data without knowing code or operating systems. And why do they need to know operating system data anyway?

Sounds like using a crisis to get some good ‘over reach’.

Guy’s this isn’t a lock or just a case of asking for information. Apple would end up complying if it was just that. The government is saying create something and give it to us, not give us a piece of information you already have. That is a big difference. If Apple had already created the program the FBI wants, it would be a subpoena. Here it is some weird kind of unlimited you are conscripted and now work for us order that tells Apple to spend the creativity and man-hours to write a new program to do what the FBI wants, regardless of if you want to. make a set of safe-breaking tools and to give it to them. First amendment– can the government force speech?

The one key fact missed by most …

The killers had THREE phones.

They physically destroyed two of them. Hammered them into pieces.

Why destroy TWO and leave the THIRD?

Logic indicates it has nothing on it !!!

Think about it.

Would you have destroyed it, if it could be used against ( you / allies / contacts / funding groups ) ? They had the time to do it. They had the hammer in hand. So why didn’t they do it?

This is nothing more than a by-pass of the encryption debate and public opinion.

I think this might force the use of ( EEPROMs / ROMs ) in the CPU’s themselves. No ability to modify them.

    Often in an investigation a criminal doesn’t know what will be significant info. There’s a war on even if we’re not fighting it like one.

    Still this is overreach by the government. They could and should just subpoena the data off the phone and leave it at that.