It may take an act of Congress to sort out the increasingly tangled mess between Apple Inc. and the Federal Bureau of Investigation -- even though Apple just tried. It asked a federal court to throw out a judicial order compelling the Cupertino, Calif.-based technology juggernaut to help federal law enforcement unlock an iPhone used by a shooter in the San Bernardino terror attacks.
“We don’t want to break anyone’s encryption or set a master key loose on the land,” FBI Director James Comey stated.
“This is not a case about one isolated iPhone,” as The Wall Street Journal quoted the filing Thursday. “No court has ever authorized what the government now seeks, no law supports such unlimited and sweeping use of the judicial process, and the Constitution forbids it.”
It’s tempting to frame this simply as a debate between data privacy and security. “Apple should unlock the iPhone to assist the ongoing FBI investigation,” according to 51 percent of people responding to a Pew Research Center survey -- while only 38 percent said that “Apple should not unlock the phone to ensure the security of its other users’ information.”
But there may be more ways to slice it.
Seeking Justice with the Master Key
At the heart of the matter is encryption, a means of securing data by encoding it. That way only authorized users can read it via specific keys, passwords, etc. -- with the express purpose of keeping the data safe from hackers. Apple has spent decades perfecting its encryption, according to a letter to customers from CEO Tim Cook, and the company has cooperated with all of the FBI’s lawful requests until last week.
“But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create,” Cook stated. “They have asked us to build a backdoor to the iPhone.”
A backdoor, trapdoor or master key circumvents encryption, allowing a user to bypass the data’s security -- even if that individual is an unauthorized hacker. And that’s quite a big problem, even if the legal question here is “quite narrow,” as FBI Director James Comey wrote on the Lawfare Blog last weekend.
“We don’t want to break anyone’s encryption or set a master key loose on the land,” Comey stated. “But we can’t look the survivors in the eye, or ourselves in the mirror, if we don’t follow this lead.”
But there would be a high price to pay for seeking justice in this way for the 14 people slain on Dec. 2, 2015 in San Bernardino.
It’s tempting to frame Apple v. FBI as a debate between data privacy and security, but the reality may not be so simple.
No Straddling The Fence
The time after such an attack can be an emotional one for everyone involved. So everyone must take care not to overreact, as Microsoft co-founder Bill Gates noted on Bloomberg this week.
“You don’t want to just take the minute after a terrorist event and swing that direction, nor do you want to swing away from government access when you get some abuse being revealed,” Gates said, trying to clear up his earlier quotes in Financial Times. “You want to strike that balance.”
But what if there’s no balance to strike?
“Math doesn’t work like that -- computer security doesn’t work like that,” attorney Nate Cardozo of the Electronic Frontier Foundation said in WIRED on Wednesday. “There are entrenched political interests on one side of [the] debate, and on the other side is the unanimous scientific and technical community.”
As things stand, Apple would triumph in any public relations battle with a repressive regime such as China, according to Cardozo, especially if Beijing were to demand the company provide a backdoor to its encryption. But a U.S. court ruling in favor of the FBI would set a precedent for government compelling companies to soften security around the globe.
“If the FBI can compel Apple to do it, and it’s publicly known that Apple has given the FBI this key, then China has a very different calculus,” Cardozo said. “The PR around a Chinese demand gets a lot better for China, and a whole hell of a lot worse for Apple.”
A federal court decision on this case could have lasting repercussions far beyond the U.S.
Resolving Tension and Troubling Precedent
FBI director Comey acknowledged the “serious tension” that this case creates between personal privacy and public safety.
“That tension should not be resolved by corporations that sell stuff for a living,” Comey stated in his Lawfare blog post. “It also should not be resolved by the FBI, which investigates for a living.”
Another option is federal court, which isn’t exactly resolving any tension at the moment. And some find the judicial option just as troubling as the other two options.
“We build secure products to keep your information safe, and we give law enforcement access to data based on valid legal orders ... but that’s wholly different than requiring companies to enable hacking of customer devices and data,” Google CEO Sundar Pichai said as part of a five-part tweet last week. “[This] could be a troubling precedent ... [I’m] looking forward to a thoughtful and open discussion on this important issue.”
That discussion should take place in Congress, according to tech entrepreneur Mark Cuban, one of the tech leaders siding with Apple on this issue. “We [must] have a law that will truly limit the circumstances where companies like Apple can be compelled to help a government agency crack a device,” Cuban wrote last week.
More legislation may not seem like the best answer, but consider that legal precedent for the FBI’s case stands on the All Writs Act of 1789 and a U.S. Supreme Court case from 1977. That’s a 39-year-old interpretation of 227-year-old legislation -- which President George Washington signed into law.
And that’s a serious case for a more relevant act of Congress.