Roosevelt Institute | Cornell University

Apple Battles FBI over Smartphone Security

By Chad StephensonPublished March 2, 2016

Apple has publicly expressed its intention to fight a mandate requiring the creation of software that would allow the FBI to access encrypted iPhone data. Is encryption a valuable tool in protecting privacy, or a technological obstacle exposing us to future terrorist attacks?
By Chad Stephenson, 3/03/16

Last week, Apple made waves by publishing an open letter detailing its refusal to comply with an FBI request to provide a "backdoor" through which it could access protected information from the San Bernadino shooters' iPhones. Apple CEO Tim Cook argues that creating such an exploit would expose all iOS users to greater risk of identity theft and create a dangerous precedent for the government's ability to access citizens' personal data.
The response to the letter has been swift and polarizing. Google, Twitter, Facebook, Microsoft, and prominent civil liberties advocates have applauded Apple's stance. The Justice Department has dismissed Apple's response as a marketing strategy. President Obama has publicly stated that he supports the FBI in conducting its investigation, while presidential candidate Donald Trump has called for a boycott of Apple products until it complies with the order. Apple has since vowed to appeal the case to the Supreme Court if necessary.

Apple's primary arguments against complying with the order are that doing so would nullify the use of encryption to protect data, and there is no way to ensure that its usage would be limited to legitimate investigations. Currently, iPhones require that passcodes be entered through the actual devices, and prevent additional unlock attempts after entering several incorrect passcodes. The FBI is requesting that Apple create modified software that would permit rapid, unlimited passcode entry, allowing the agency to eventually guess the correct passcode. While the FBI has obtained a warrant to search the shooter's smartphone, it is questionable whether such a powerful tool could be limited to this particular instance. Were Apple to create the software, it would be difficult to prevent the FBI from retaining the code indefinitely.

Apple has complied with similar intelligence gathering requests in the past. However, it is no longer possible to do so without undermining major security features introduced in iOS 8. Even if the FBI did not retain the code created by Apple and usage of the exploit was limited to this case, compliance would create dangerous precedents. Regardless of the intentions and actions of the US government, submitting to the request would erode Apple's ability to resist similar requests from other governments. The Chinese government has indicated its desire for greater control over encryption on smartphones sold in China, and would likely renew pressure on Apple to assist in its surveillance operations. Further, Apple's compliance would grant legitimacy to future FBI requests to bypass other software vendors' security features.

This begs the question: is encryption really obstructing legitimate intelligence efforts? Johns Hopkins Information Security Institute professor Matthew Green claims that it is impossible to prevent terrorists from communicating secretly via encryption. If Apple were to allow access to encrypted data, extremists could simply switch to a new messaging platform. The US government does not have the power to prevent this. Leading up to the November 2015 Paris attacks that left 89 dead, the perpetrators communicated, at least partially, using unencrypted smartphones and SMS. Even when communications and data are left unencrypted, current intelligence efforts cannot reliably prevent terrorist attacks. While the benefits to weakening encryption are unclear, the costs would likely be significant. Top security experts warn that allowing the government to bypass security features would "pose grave security risks, imperil innovation, and raise thorny issues for human rights and international relations."

Apple is right to fight the FBI's request. There is little evidence to show that it would be worthwhile to undermine security in this way. The current situation is reminiscent of the passage of the USA PATRIOT Act, which dramatically increased the ability of the government to surveil American citizens, regardless of wrongdoing. After 9/11, the American public was hungry for action and the act purported to protect against terrorist attacks by increasing intelligence gathering capabilities. In reality, it allows for warrantless surveillance of suspected criminals, and is responsible for the creation of the NSA's mass surveillance programs. While the FBI itself does not have the ability to collect the type of data recorded by the NSA, the Obama administration is proposing expanded intelligence sharing between the NSA, CIA, and FBI. We may be witnessing another attempt to increase surveillance abilities under the guise of ensuring national security. Apple has done an enormous service to the public by taking a stance against the FBI's request and drawing attention to this critical, often opaque issue. We can only hope that the courts will see the true costs of undermining privacy for largely imagined benefits.