In case you’ve been living on an island, there is a case with enormous repercussions brewing in the courts right now… it’s a showdown between the Department of Justice vs. Apple on iPhone privacy.
The Story – FBI vs Apple
For those with an interest in privacy/encryption as well as the role of private industry in supporting law enforcement, there is a potentially precedent-setting case being fought right now in federal court and in the court of public opinion. The issue? Whether the United States Government can compel Apple to "hack" its own iPhones. Well, specifically one iPhone: the iPhone 5c in question was used by Syed Rizwan Farook, one of two shooters in the Dec. 2 San Bernadino attacks that killed 14 people and wounded 22.
You may remember one Edward Snowden, who in 2013 revealed the extent of the US Government’s spying on technology users. Pursuant to the consumer/industry reaction to this, in 2014, Apple released iOS 9 for its mobile devices (iPhones, iPads), which is arguably their most secure and was designed from the ground up to provide unparalleled security and privacy to the owner. This version of the iOS "marries" the user’s chosen password with a hardware key built into the device, creating a key that is stored only on the iOS device. There is no known way, even for Apple, to obtain that key without guessing.
But guessing has its limitations. Apple is fighting a recent federal court order compelling it to design software that would disable a feature on the phone that wipes all the data after 10 incorrect tries at guessing the password. The court order further orders that Apple modify the phone’s software to allow passwords to be attempted through an electronic connection, rather than through the keypad, so that the FBI can more easily "brute-force" the process of guessing the password (there are potentially 1 million combinations of letters and numbers).
For you nostalgia fans, the DOJ actually used the All Writs Act, a law relating to law enforcement searches passed in 1789, to compel Apple.
A Very Public Fight
The fight has gone "public," with Apple claiming in an open letter that they should not be required to weaken their own device security and that, although this request is for one phone only, that this potentially opens a "backdoor" for other spying activities. The FBI responded that they have no interest in "breaking anyone’s encryption" and that Apple is putting its marketing in front of law enforcement concerns. There was another volley when it was revealed that the Government changed Farook’s iCloud password in order to access the data in it, which may have inadvertently prevented Farook’s iPhone from syncing its data to the cloud (something iPhones can be configured to do). Apple took the Government to task on this, and the Government responded by saying that there is even more data on the iPhone than is ever backed up to iCloud.
One to Watch
The case could set enormous precedents and is evolving day-by-day, minute-by-minute. It’s possible that Congress could pass emergency legislation to further compel Apple. Battle lines have been drawn, with privacy advocates taking Apple’s side and law enforcement/antiterrorism personnel supporting the Government’s side. Of course, politicians and aspiring presidential candidates are weighing in as well. What side are you on? An informal survey taken by InfoStructures among industry colleagues and clients indicates that this issue elicits strong responses on both sides. Keep an eye out for this as it evolves.