After the San Bernardino shootings, the FBI tried to compel Apple to build a cracking tool to extract information from an encrypted iPhone used by one of the terrorists. Apple refused on the grounds that such a tool could jeopardize the privacy of all iPhone users, but the FBI was eventually able to hire private hackers to get into that particular iPhone 5c running iOS 9. This was the most prominent case of governments trying to force technology companies to install backdoors into their products.
Declan McCullagh at CNET is reporting that the FBI is looking to expand CALEA — the Communications Assistance for Law Enforcement Act — to apply to Web sites and services like iCloud, iChat, FaceTime, Twitter, Facebook, Skype, Gmail, and Hotmail. Passed in 1994, CALEA currently requires telecommunications companies to make their systems wiretap-friendly; CALEA was extended to broadband networks in 2004. Technology companies are generally unhappy about such expansions, and Apple is lobbying on the topic now. Mandated backdoors, apart from being generally creepy even when used only with court orders, also pose serious security risks.
By both dramatically enhancing phone encryption and marketing it as a defense against government snooping, Apple and Google are accelerating an important debate on civil rights and the role of government in our lives.
The FBI continues to pressure tech companies to provide backdoors to their end-to-end encryption schemes. In a recent Senate hearing, FBI Director James Comey said, “We see encryption is getting in the way of our ability to have court orders to gather information we need.” Unfortunately, as all security experts pointed out, it would be impossible for Apple to offer the FBI a backdoor to its iMessage encryption without it also being exploitable by individual hackers and foreign governments. In a stance that boggles the mind for its unholy mixture of ignorance and insanity, Comey now insists that allowing backdoors is not a technical problem, but a business model issue, and he hinted that such companies should change their business models.
End-to-end encryption has gained an unexpected ally: General Michael Hayden, whose has served as Director of the National Security Agency, Director of National Intelligence, and Director of the Central Intelligence Agency. In a speech, Hayden said that he disagrees with FBI Director James Comey, who has led the charge against encryption, adding “I actually think end-to-end encryption is good for America.” Hayden went on to say, “When was the last time you saw the success of legislation designed to prevent technological progress? It’s just not gonna happen.” Hayden’s support for encryption is an interesting twist that undermines the Obama administration’s argument, since Hayden isn’t exactly a champion of civil liberties: he once told reporters that the Fourth Amendment to the U.S. Constitution does not contain the phrase “probable cause” (it does).
While FBI Director James Comey and Attorney General Loretta Lynch continue to rail against encryption, information security has gained another surprising ally: NSA Director Admiral Mike Rogers. During an address to the Atlantic Council think tank, Rogers said, “encryption is foundational to the future,” and cited the recent hack of the Office of Personnel Management as a reason to encourage encryption. “So spending time arguing about ‘hey, encryption is bad and we ought to do away with it’ … that’s a waste of time to me,” Rogers said. Rogers’s predecessor at the NSA, General Michael Hayden, also recently spoke out in favor of encryption.
The FBI has asked Apple to create a backdoor-enabled version of iOS to aid in the investigation of the San Bernardino terrorist attack. Although the company has complied with all legal subpoenas and warrants to this point, Apple CEO Tim Cook has published an open letter to customers explaining why the company is fighting the FBI’s request for a backdoor. Adam Engst explains what’s at stake, and why Apple is taking its case to the public.
As Apple and the FBI butt heads over encryption in the iPhone, Amazon quietly removed local data encryption from its consumer Fire devices, initially explaining that customers weren’t using it. After backlash from security-conscious Fire users, Amazon quickly reversed course, promising to bring local data encryption back in an update due “this spring.” Since Amazon has filed an amicus brief supporting Apple in its battle with the FBI, it seems most likely that different departments within Amazon weren’t communicating. Until Fire OS is updated, avoid storing confidential information on a Fire device.
Apple has yet another ally in its battle with the FBI over iPhone encryption: Zeid Ra’ad Al Hussein, the UN High Commissioner for Human Rights. Zeid has advised U.S. authorities to proceed with caution in attacking encryption, warning that the case could have serious global ramifications for human rights. “In order to address a security-related issue related to encryption in one case, the authorities risk unlocking a Pandora’s Box that could have extremely damaging implications for the human rights of many millions of people, including their physical and financial security,” Zeid said. “I recognize this case is far from reaching a conclusion in the U.S. courts, and urge all concerned to look not just at the merits of the case itself but also at its potential wider impact.”
Are you struggling to understand the battle between Apple and the FBI over iPhone encryption? Or perhaps you’re having trouble explaining it to a non-technical friend? In this 18-minute video, HBO’s John Oliver lays out the entire case, explaining the details and what’s at stake. Impressively, the piece gets everything right at a technical level and even captures the nuance in the positions of both sides. It’s also pretty funny, but be aware that Oliver uses some strong language (this is HBO, after all). Don’t miss the fake Apple commercial at the end!
Apple may have support in its fight with the FBI from an unexpected source — a federal statute designed to give law enforcement certain access to telecommunications infrastructure. Susan Crawford, who is a professor at Harvard Law School and served as President Barack Obama’s Special Assistant for Science, Technology, and Innovation Policy in 2009, suggests in this Backchannel article that Section 1002 of the Communications Assistance for Law Enforcement Act (CALEA) explicitly withholds from the government the authority “to require any specific design of equipment, facilities, services, features or system configurations” from any phone manufacturer. Since specific statutes, like CALEA, trump general ones, like the All Writs Act, Crawford believes the FBI will have to go back to Congress if it wants reinterpret what’s allowed by CALEA.
The conflict between Apple and the FBI has been building since the release of iOS 8, and Bloomberg has now published a behind-the-scenes look at the lead-up to the FBI taking the fight public. Based on interviews with more than a dozen government officials, technology executives, and attorneys, the article provides insight into the thinking that drives each side. It’s well worth a read for anyone tracking the case.
In breaking news, the U.S. Department of Justice is seeking to “vacate” a hearing set for 22 March 2016, saying that an “outside party” has demonstrated a possible method for unlocking the iPhone involved in the San Bernardino terrorist attack, which, if successful, would eliminate the need for assistance from Apple. This postponement feels more like legal maneuvering than some technical breakthrough. While it may not mean the end of the case, it might be an indication that the FBI feels that its chances of compelling Apple to create the equivalent of a backdoor are dropping, and is looking for a face-saving way out.
When the Department of Justice suddenly backed out of its court hearing with Apple, it claimed that the FBI had found another way to unlock the iPhone connected with the San Bernardino terrorist attack. But Adam Engst may have been right when he said, “…it might be an indication that the FBI feels that its chances of compelling Apple to create the equivalent of a backdoor are dropping, and is looking for a face-saving way out.” Sarah Jeong, writing for Motherboard, reveals that the judge repeatedly told the attorneys in a pre-hearing conference that the original court order demanding an iPhone backdoor was “unenforceable,” and always had been. We aren’t calling the case over just yet, but signs are good that Apple will prevail in the end.
Science fiction writer Charles Stross, whose novels often turn on issues of economics and trade, looks at Apple’s current legal conflict with the FBI through an economic lens. He notes that Apple’s enormous pile of cash puts it into a position similar to that experienced by General Motors last century, when its enormous pension fund led the auto maker to become “an insurance company with a car-manufacturing subsidiary.” Stross suggests that Apple’s push for greater customer security is tied to Apple Pay and the company’s possible long-term strategy to use its cash hoard to create “a retail banking subsidiary to provide financial services directly.” Whether or not you can take that speculation to the bank, it is worth investing some time in reading Stross’s analysis.
The New York Times is reporting that the outside party engaged to unlock the San Bernardino terrorist’s iPhone has been successful, and the Department of Justice is withdrawing from its legal action against Apple. It’s unclear what, if any, useful data was found, or if the FBI will publicize the contents of the iPhone or share with Apple how the information was accessed. We wonder how much money the misguided case cost Apple, but there’s no question that the company’s principled defense also generated some significant loyalty.