The FBI versus Apple: A Catch-22
We knew this would probably happen sometime – a court fight
over smartphone security issues. Sure
enough, the FBI is hard at it with Apple.
The terrorists in San Bernardino, California, back in December were
using an iPhone. The FBI wants Apple to
hack the phone and Apple is saying no.
That would compromise one of the main features of those phones and set a
most unfortunate precedent. However, law
enforcement officials of all kinds are anxious for resolution because all kinds
of criminals use smartphones, which at present can be “tapped” only with great
legal and technical difficulty.
We do think this issue is worthy of discussion. It’s obviously controversial for Apple to
even have objected at this point in time, since the immediate cause is a
domestic terrorist attack in which 14 people were killed. And it’s easy to say, “but of course Apple
should provide the mechanism for opening the phone’s contents.” But Tim Cook, the CEO of Apple, does have a
point that this is precedent-setting and the way to deal with it should be
discussed openly.
6 Weeks' Worth of Data Locked in the Phone
This San Bernardino event is a great test-case. iPhones are secure to the owner/user. They can be backed up to a storage area on a
“cloud”. Data that are transferred to
the cloud can be obtained by investigators, and indeed, the FBI has already
obtained those data from terrorist Syed Rizwan Farook’s account. However, the attack took place on December 2,
and Farook had not backed up the phone since October 19. So plenty of fresh and helpful information
was likely recorded on the phone during the last six weeks just before the
attack: who Farook’s associates and ISIS connections might be, whether other
projects similar to his are being planned, and so on. The phone itself is owned by San Bernardino
County, which employed Farook; those officials, the owners, think it’s fine for
the FBI to inspect the phone’s contents.
But Apple Worries about Construction of a "Backdoor"
Apple, through a public statement by its Chairman Tim Cook
and also in an official court filing, is objecting to unlocking the phone. The company argues that the work it would do
to enable decryption of the contents of an iPhone could be applied to any
iPhone, thereby potentially eroding the extraordinary security provisions on
all iPhones. As it stands, the data on
any given iPhone are associated with the owner’s “Unique ID”. The FBI is wanting Apple to devise a
workaround to get to the data without the ID.
This is known in the jargon as a “backdoor”. Apple is, quite logically, very concerned
about creating such a backdoor technology.
Conceivably, then, any iPhone a thief or other criminal got hold of
could be hacked.
We were watching a Fox News program late last week in which
a retired Army colonel was being interviewed on this issue. The colonel said something like, “this is a
national security issue and of course Apple needs to develop this decryption
software!” The news anchor conducting
the interview instantly blurted out, “but that’s why I have an iPhone –
precisely because it can’t be
decrypted by anyone else.”
FBI Does See the Importance of the Phone's Security
FBI Director James Comey initially sounded impatient with Apple,
claiming that Apple’s defense, spontaneously described by the anchor in that
newscast, is based on marketing and reputation, not on the technology. Apple and many of its customers would not
agree; the security of the phone is a basic characteristic of the product. Given that there are in fact some 825 million iPhones around the world, their interests would seem a worthy consideration. And evidently, Mr. Comey himself
has come to a deeper understanding of what he was asking of Apple. Later, on February 25, he testified before
the House Intelligence Committee that this encryption issue is “the hardest
question I’ve seen in government.”[1]
Addressing the Law Enforcement Need Now
There is legal precedent, of course, for telecommunications
companies to provide call data to law enforcement agencies. In 1994, Congress passed the Communications
Assistance for Law Enforcement Act which requires carriers to build
surveillance capability into their networks.[2]
So AT&T and Verizon automatically provide whatever such “wiretap”
access is called for in court orders; in the last half of 2015, there were more
than a quarter million such requests from all kinds of law enforcement agencies
in both criminal and civil proceedings.
In the first half of last year, 998 requests came specifically for
national security purposes. Sprint also
has had many thousands of such data requests.
Apple in fact does address these requests too. It reports that it had 971 law enforcement
requests for “account data” stored on iCloud or iTunes accounts in the first
half of last year, and it responded to 81% of them. In addition, it had 499 requests based on
national security needs.
The difference is evidently that the information the
carriers provide is only phone numbers and text message connections. According to The Wall Street Journal, it
“can’t provide access to . . . message content or calls made over mobile apps
such as WhatsApp, Skype or the blue iMessages sent between two iPhones.[3]
Formal Legislation Likely Needed
Regardless of the specific outcome of the San Bernardino
case itself, it is likely to add to already building momentum for formal
legislation on this situation; that is, there should be some general rules so
people who own phones can know what to expect, and representatives of the
people should make those rules. Indeed,
the Chairman of AT&T Randall Stephenson this week noted, “The rapid pace of
technological innovation is challenging laws crafted in a very different era
for totally different, and much less complex situations. Recent developments, in particular, bring
home the need for legal clarity.” And
the Chair of the Senate Intelligence Committee is working on a bill that would
create criminal penalties for companies that don’t comply with court orders to
decipher encrypted communications. It
remains to be seen what the specific language of such a law might require.[4]
So, most immediately, the dilemma remains. More, in the San Bernardino situation, there
is considerable irony. We noted that the
county government owns the phone; Farook was only the user of that phone. That government is in possession of software called
“mobile device management” that would have enabled the county to make provision
for the FBI to open the phone. But Farook’s
department did not sign up for it to be installed on their inspectors’ phones.[5] Another irony is that, even as the federal
government is fighting for the right to get Farook’s phone decrypted, the
federal government provides grants to tech developers to create more encryption
software.[6]
A clear summation of this Catch-22 was given last spring by
a former CEO of Sprint at a cybersecurity conference: “Which CEO is more
patriotic, the one who provides all the information the government requests to
help catch a criminal or prevent a terrorist attack? Or the CEO whose company creates tools that
make it difficult for law enforcement . . .
to acquire a customer’s information, believing that protecting civil
liberties is a higher calling?”[7]
+ + + + + +
We don’t cite all the general
sources about this story, which are plentiful; most of our material is from
various articles in The Wall Street Journal, beginning right after the federal
court order to Apple was made public on February 16. We also sourced The Economist magazine and www.foxnews.com, as well as Apple CEO Chairman Tim Cook's "A Message to Our Customers", a letter dated February 16 and found on Apple's homepage at www.apple.com.
The footnotes cover specific
aspects and quotes.
[1] Devlin Barrett. “FBI Chief Says Finding Right Balance on
Encryption Is ‘Hardest Question’. The
Wall Street Journal. February 25, 2016.
http://www.wsj.com/articles/fbi-chief-says-finding-right-balance-on-encryption-is-hardest-question-1456418466.
[2] Ryan Knutson. “Why Encryption Fight Divides AT&T and
Apple”. The Wall Street Journal. February 18, 2016. http://www.wsj.com/articles/at-t-verizon-have-different-obligations-than-apple-1455838171.
[3] Ibid.
[4] Ibid.
[5] Associated Press. “Common software would have allowed FBI to
unlock San Bernardino shooter’s phone.” Fox News. February 22, 2016. http://www.foxnews.com/tech/2016/02/22/common-software-would-have-allowed-fbi-to-unlock-san-bernardino-shooters-phone.html.
[6] Damian Paletta. “How the U.S. Fights Encryption – and Also
Helps Develop It”. The Wall Street
Journal. February 22, 2016. http://www.wsj.com/articles/how-the-u-s-fights-encryptionand-also-helps-develop-it-1456109096.
[7] Ryan Knutson. Op. cit.
Labels: American Society, Government Policies, Science and Evolution