The FBI claims it wants Apple to unlock only one iPhone, but the battle over cell-phone encryption could go far beyond than that: The Justice Department is attempting to force Apple to unlock and extract data from about a dozen other iPhones.
While the specifics of each case are yet to be made public, they aren’t related to terrorism, people familiar with the matter told The Wall Street Journal . Prosecutors are supposedly using the same 18th century All Writs Act to compel Apple to unlock the iPhones in question.
This news is quite significant, validating privacy advocates who argue that the government wants to break encryption in many cases, not just this one terrorist threat. On the other hand, many government leaders could use this information to show why encryption of personal devices must be stopped.
According to sources, the iPhones from these other cases are even older than Farook’s iPhone 5C, so the security standards aren’t as stringent.
Another unrelated case gives further credence to the fears of privacy advocates. Federal prosecutors in New York are battling Apple over an iPhone that was seized during a drug investigation. A letter filed with U.S. Magistrate Judge James Orenstein on Feb 22 implies the existence of around a dozen other cases without getting into specifics.
“In most of the cases, rather than challenge the orders in court, Apple simply deferred complying with them, without seeking appropriate judicial relief,’’ the prosecutors wrote.
In another filing related to the same case, Apple listed twelve other cases since October 18, 2015, in which the FBI has compelled the company to unlock eleven iPhones and one iPad. Apple objected to ten of them and is awaiting further information on the remaining two. The table below was obtained by Mashable.
The judge is now asking whether it was legal for the government to force Apple to pull data from a locked phone, which could be an indication that he is leaning towards the privacy side of the fence.
The story so far
Days after Apple refused to create a “backdoor” for the FBI to access encrypted data in an iPhone used by the shooter in December’s San Bernardino attacks, the U.S. Department of Justice joined the FBI against one the country’s biggest tech companies. On Friday, the Justice Department filed a motion with a federal district court seeking to compel Apple to cooperate with the FBI in decrypting Syed Rizwan Farook’s iPhone. On Monday, Feb. 22, Apple CEO Tim Cook made plain his displeasure with the government in a public email to employees requesting “the government to withdraw its demands.”
Good luck there.
Cook was responding to U.S. Attorney Eileen Decker, who wrote in Friday’s motion that “the order does not, as Apple’s public statement alleges, require Apple to create a ‘backdoor’ to every iPhone, it does not provide ‘hackers and criminals’ access to iPhones, it does not require Apple to ‘hack [its] own users’ or to ‘decrypt its own phones’; it does not give the government ‘the power to reach into anyone’s device’ without a warrant or court authorization, and it does not compromise the security of personal information.”
FBI Director James Comey reiterated Decker’s points Sunday in an op-ed in Lawfare titled, “We Could Not Look the Survivors in the Eye if We Did Not Follow this Lead.”
“We simply want the chance, with a search warrant, to try to guess the terrorist’s passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That’s it,” noted Comey. He went on to say candidly that the FBI is not interested in back doors, breaking encryption, or anything outside trying to guess Farook’s password. He also pointedly remarked that as the tension continues to grow between the dialogue over privacy and safety, “that tension should not be resolved by corporations that sell stuff for a living.”
Meanwhile, Apple CEO Tim Cook clarified his feelings in a company-wide email titled, “Thank you for your support” sent early Monday. Cook noted that he sincerely believes the best solution is a proactive one, and that the U.S. government should create a commission to further discuss and reckon with the issue between law enforcement’s access to technology and American civil liberties:
“Our country has always been strongest when we come together. We feel the best way forward would be for the government to withdraw its demands under the All Writs Act and, as some in Congress have proposed, form a commission or other panel of experts on intelligence, technology and civil liberties to discuss the implications for law enforcement, national security, privacy and personal freedoms. Apple would gladly participate in such an effort.”
Apple also launched a new webpage explaining its current feelings about the entire issue, including an FAQ. In that FAQ, Apple clarifies that it will not willingly create anything for the FBI akin to a “master key” that can be used to access any iPhone, even if it’s only used on a single device, as it will likely never remain safe.
“The only way to guarantee that such a powerful tool isn’t abused and doesn’t fall into the wrong hands is to never create it.”
Apple’s FAQ site also goes on to express that “we’ve handed over all the data we have, including a backup of the iPhone in question. But now they have asked us for information we simply do not have.” This is just the beginning. The FBI and Justice Department continue to press Apple to enable the FBI direct access of some kind to Farook’s iPhone.
To fully understand Apple’s ongoing battle with the United States government, it’s necessary to rewind to the beginning of the story.
The battle begins
On Tuesday, Feb. 16, U.S. Magistrate Judge Sheri Pym for the Central District of California ordered Apple to disable the iPhone’s auto-erase function, a feature that deletes a smartphone’s data after 10 failed passcode attempts. This would help the FBI gain access into San Bernardino shooter Syed Rizwan Farook’s phone to see who he and his wife were in contact with, and to confirm any ties to ISIS. The news exploded across mainstream media outlets, stirring up over a million tweets and ultimately drawing a response from CEO Tim Cook.
Related: Tim Cook denounces ‘chilling’ FBI demands
Apple doesn’t have the means to disable the auto-erase function, which introduced tougher security measures in iOS 8 following the NSA-leak by Snowden, and Cook immediately responded to the judge’s order on Feb. 17 via a letter to Apple customers denying the court order and urging consumers to take a stand for encryption and privacy. While Apple cannot disable the function, Cook says the U.S. government asking Apple to create a backdoor to the iPhone is something the company considers “too dangerous.”
“The FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation,” Cook said in the letter. “In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.”
Court records state that Apple needs to write to code to create a Software Image File the FBI can use on subject devices it requires access to. The worry is that this new method would be duplicated in some way, or get into the wrong hands, risking user privacy. “The SIF will be coded by Apple with a unique identifier of the phone, so that the SIF would only load and execute on the subject device,” the court order states.
It appears the reason for this battle is the fact that the Apple ID password on the iPhone in question was changed less than 24 hours after the government took possession of it. A senior Apple executive told reporters during a conference call on Friday, Feb 19 that if that hadn’t happened, the company wouldn’t need to create a backdoor into the device, as the information would have been easily accessible via iCloud.
According to the unnamed executive, Apple was in discussions with the FBI since early January and proposed four different ways to recover the information. Apple even sent engineers to try these methods. One method involved connecting the iPhone to a known Wi-Fi network while plugged in. This could be at Farook’s home or office. The idea is that it would trigger an automatic backup to iCloud, which Apple would gladly turn over to the FBI. When this failed, Apple investigated the situation further and found out the ID password was changed online by someone from the county health department. Unfortunately there is no way to enter the new password on the locked iPhone, which would allow it to be backed up to iCloud.
The FBI was able to recover some of the device’s data since Farook’s iPhone was backed up to iCloud six weeks prior to the attack. While Apple did turn over that data to authorities, the FBI still needs the data between the last backup and the attack. Unfortunately Farook didn’t initiate a backup during those six weeks, and it’s unclear whether the phone was set to auto-backup or not.
It’s uncertain why the password changed, but it’s clear Apple is now placing blame on the FBI. However is it the FBI or the county health department that’s at fault?
The San Bernardino County’s official Twitter account chimed in with “The County was working cooperatively with the FBI when it reset the iCloud password at the FBI’s request.”
The County was working cooperatively with the FBI when it reset the iCloud password at the FBI's request.
— CountyWire (@CountyWire) February 20, 2016
The next day, the FBI confirmed this to be true by stating, “The FBI worked with San Bernardino County to reset the iCloud password on December 6th, as the county owned the account and was able to reset the password in order to provide immediate access to the iCloud backup data.”
However, the FBI doesn’t believe this has any affect on the fact that it wants the data on the phone, stating the reset “[does] not impact Apple’s ability to assist with the the court order under the All Writs Act,” and adding that “the government’s objective was, and still is, to extract as much evidence as possible from the phone.”
Apple isn’t buying this argument as a senior engineer reiterated that changing the password prevented the auto backup and closed the door on being able to obtain the information.
The court order was made through the use of a 227-year-old law — the All Writs Act of 1789, which lets federal courts issue court orders that force third-parties to cooperate and be helpful to other court orders. Apple’s argument is that what the FBI is offering is “burdensome,” as it would tarnish its reputation and would cause its customers to lose trust in the company.
Apple originally had five business days to officially respond to the FBI’s court order, but in light of the DOJ’s recent request, it now has until February 26.
Biometrics? The technology of encryption
In this case, the FBI has to rely on cracking the phone’s encryption, because Farook’s iPhone 5C doesn’t have a fingerprint scanner. If the device were an iPhone 5S, 6/6Plus, or 6S/6S Plus, however, the FBI may have considered using the dead suspect’s fingerprint to unlock the device, legal experts told Forbes.
“Fingerprint evidence –- unlike a password –- is physical evidence that can be compelled with a court order, overriding the objections of an accused or the next of kin of an accused,” Andrea Matwyshyn, Northeastern University professor of law and a visiting research collaborator at the Center for Information Technology Policy at Princeton University told Forbes.
Matwyshyn added that since fingerprint data is often available to the government through various databases, it wouldn’t be hard to find and forensic examiners may even be able to lift fingerprints from the phone itself to unlock the device.
Marina Medvin, owner of Medvin Law, told Forbes that although forcing a living suspect to give up their fingerprint may violate 4th Amendment privacy protections, the amendment doesn’t apply to the dead.
What of encryption itself? Understanding how it works in detail requires mathematical knowledge that most people simply don’t have; we won’t try to cover every step (but read more juicy info here). To put it as simply as possible, the original data goes through an “exclusive or” function alongside the value of the encryption key. The function registers false if the inputs are the same, and true if they are not. If you’re familiar with computers, you’ll immediately recognize that this false/true function is binary, and so it generates a new set of binary data from the input of the original data and the key.
Then, to make it even harder to crack, AES encryption (Advanced Encryption Standard, the sort on the iPhone) uses a number of additional steps to further secure data. Decryption reverses them to find the original message — but only if the key is known, since it was used to complete the encryption functions.
You’ve probably at some point heard that encryption keys come in different types, like 64-bit, 128-bit, and 256-bit. The more bits in the key, the harder it becomes to decrypt, because the original data is more thoroughly muddled through the “exclusive or” and successive steps.
And when I say difficult, I mean difficult. The iPhone in question in this case is protected by 256-bit AES encryption. No computer currently in existence can break 256-bit AES through brute-force even if it started working on the problem at the beginning of the universe. In fact, it would take hundreds of billions of years for a modern supercomputer to crack 256-bit AES just by guessing.
San Bernardino victims want Apple to comply, but one Mom sides with privacy
Families who lost loved ones in San Bernardino are finally speaking out regarding the battle of encryption between Apple and the FBI. Reuters has learned that some of the victims will file a legal brief by early March in support of the FBI’s effort to force Apple to unlock Farook’s iPhone.
The group’s attorney, Stephen Larson, said the victims “were targeted by terrorists, and they need to know why, how this could happen.”
It’s very possible this support could prove to be a strong ally for the federal government, who is likely to push this fight to the Supreme Court if it has to.
Larson, who used to be a federal judge, is representing the case for free.
However, not all victims of the San Bernardino terrorist attack are in support of the FBI. Carole Adams, who tragically lost her son, Robert Adams, at the hands of Syed Rizwan Farook and his wife is in full support of Apple.
“This is what separates us from communism, isn’t it? The fact we have the right to privacy,” Adams said in an interview with the New York Post on Feb 18. “I think Apple is definitely within their rights to protect the privacy of all Americans.”
She continued, “This is what makes America great to begin with, that we abide by a constitution that gives us the right of privacy, the right to bear arms, and the right to vote.”
Adams made it clear that getting into Farook’s iPhone is important, but she thinks it needs to be done without putting others at risk.
Tech titans weigh in
The case has been dubbed as the most important in a decade by Edward Snowden, who also questioned Google’s silence on the issue.
This is the most important tech case in a decade. Silence means @google picked a side, but it's not the public's. https://t.co/mi5irJcr25
— Edward Snowden (@Snowden) February 17, 2016
But Google’s CEO, Sundar Pichai, came through — in defense of Apple. Pichai cited the importance of Cook’s letter in a tweet, and said that “forcing companies to enable hacking could compromise users’ privacy.”
3/5 We build secure products to keep your information safe and we give law enforcement access to data based on valid legal orders
— sundarpichai (@sundarpichai) February 17, 2016
4/5 But that’s wholly different than requiring companies to enable hacking of customer devices & data. Could be a troubling precedent
— sundarpichai (@sundarpichai) February 17, 2016
Pichai’s statement’s aren’t as forceful as Cook’s, but they’re hardly unsurprising, as Google has been at the forefront of the privacy and encryption conversation, along with Apple and various other leading tech companies.
Related: Developer pulls Twitter trading app from App Store over privacy fears
Apple co-founder Steve Wozniak told CNBC he agrees with Apple’s position, but more importantly, he felt former Apple CEO Steve Jobs would have done the same. “I think Steve would have gone for the privacy,” Wozniak said during a phone call to CNBC’s Power Lunch.
When asked if Apple should be more willing to comply with the FBI because the San Bernardino case involved terrorism, Wozniak seemed to say that he didn’t believe it was terrorism and that it’s a phony word being used for a shooting crime. When host Tyler Mathisen pointed out that the killers were connected to terror groups, Wozniak said “You can’t generalize that and say that’s the only way embarrassing information would ever be used. Ask anybody on Facebook.” In other words, the FBI could say this is why it wants the info today and come up with a different reason tomorrow.
Wozniak noted one time the FBI visited Apple to talk about the possibility of spies getting into the company’s information network. Jobs asked the FBI if it did the same thing, and the answer was no. Wozniak believed the FBI was lying that day and further implied that you can’t trust an organization that isn’t truthful.
Wozniak did say that he felt Apple could create a backdoor without handing it over to the FBI, but he warns that Apple as we know it today might not be the same company tomorrow. Insiders could decide to leak the backdoor at a later date.
With all of this said, Wozniak’s hunch is that Apple will eventually be forced to comply with the FBI after a vigilant fight. If that does happen, and a backdoor is created, Wozniak claims he will continue to use his iPhone — he’s fighting for everyone else, not himself.
In a strange and unexpected effort to stay relevant, John McAfee, who is still running for president, has called it a “black day” and the beginning of the end of the U.S. as a world power. To prevent Apple from giving the FBI a tool to hack into the iPhone, McAfee has offered himself and his team to hack into the San Bernardino terrorist’s smartphone.
“So here is my offer to the FBI,” McAfee said in an editorial on the International Business Times. “I will, for free, decrypt the information on the San Bernardino phone, with my team. We will primarily use social engineering and it will take us three weeks. If you accept my offer, then you will not need to ask Apple to place a backdoor in their product, which will be the beginning of the end of America.”
Related: John McAfee: As the dark Web bubbles up to the mainstream, hacking just got easier
Numerous organizations, including the Electronic Frontier Foundation, the Tor Project, Mozilla, DuckDuckGo, and more have come out in support of Apple. And a few of the big players have stayed mum on the issue, or are at least slow to weigh in.
Reform Government Survelliance (RGS) has issued a statement throwing its support, unsurprisingly, with Apple. The group has sent letters to the Senate and to The White House before, defending the use of encryption. It’s a coalition of leading tech companies such as Facebook, Microsoft, Google, Apple, Yahoo, Twitter, AOL, and Dropbox.
“Reform Government Surveillance companies believe it is extremely important to deter terrorists and criminals and to help law enforcement by processing legal orders for information in order to keep us all safe,” according to the statement. “But technology companies should not be required to build in backdoors to the technologies that keep their users’ information secure. RGS companies remain committed to providing law enforcement with the help it needs while protecting the security of their customers and their customers’ information.”
Not all tech titans agree with Apple, however. Microsoft co-founder Bill Gates told the Financial Times on Feb 22 that granting the FBI access to Farook’s iPhone wouldn’t set a meaningful legal precedent because the FBI is “not asking for some general thing, [it is] asking for a particular case.”
He went on to say, “It is no different than [the question of] should anybody ever have been able to tell the phone company to get information, should anybody be able to get at bank records. Let’s say the bank had tied a ribbon round the disk drive and said ‘don’t make me cut this ribbon, because you’ll make me cut it many times.’”
Gates further clarified his comments in a Feb 23 appearance on Bloomberg TV.
“I do believe that with the right safeguards, there are cases where the government, on our behalf — like stopping terrorism, which could get worse in the future — that that is valuable. But striking that balance — clearly the government [has] taken information, historically, and used it in ways that we didn’t expect, going all the way back, say, to the FBI under J. Edgar Hoover. So I’m hoping now we can have the discussion. I do believe there are sets of safeguards where the government shouldn’t have to be completely blind.”
Here come the politicians
According to Reuters, White House spokesman Josh Earnest says that the government is not asking Apple to create a new backdoor, but is simply referring to one device in one case. He told a pool of reporters that “the president certainly believes this is an important national priority.”
Meanwhile, Republican presidential candidate Donald Trump hasn’t wasted time in offering his sentiments on the controversial issue. During an interview on the Fox News program Fox and Friends, Trump backed the courts and said that “we should be able to get into the phone” to find out why it happened and if others were involved in the December shooting.
“To think that Apple won’t allow us to get into [the shooter’s] cell phone?” Trump said. “Who do they think they are? No, we have to open it up.”
Trump also called people to boycott Apple while campaigning in South Carolina, until the Cupertino company cooperates with the FBI. He then tweeted about the boycott via an Android device, according to his post on TweetDeck.
The sentiment is shared by the shooting victims’ families and friends. CBS Local reports the family of victim Yvette Velasco criticized the Cupertino company, and finds it “difficult to understand why Apple would not jump at the opportunity to help uncover whatever information the phone may contain.”
Related: Apple CEO Tim Cook pushes back against FBI, court order to hack iPhone
But there’s a great deal of support on the other side as well.
AppleInsider is reporting that advocacy group Fight for the Future held a rally outside San Francisco’s Apple Store on Wednesday, drumming up support for Apple’s defense for privacy. The organization will stage nationwide protests outside Apple stores in more than 30 cities on Tuesday, Feb. 23 at 5:30pm local time. These include Boston, New York, San Francisco, Chicago, Los Angeles, and Palo Alto in the U.S., as well as Hong Kong and Munich internationally.
A rally is also planned for FBI’s headquarters in Washington, DC on the same day.
Click here, for a detailed map of all the cities. You can even host your own rally if your city isn’t included. You can find the guidelines here.
Popular conservative commentator, Glenn Beck, also supports Apple. “This is insanity. Tim Cook is right,” Beck said in a Facebook post. “Apple is on the right side of history on this issue.” It’s a strong endorsement, considering that Beck said he isn’t a fan of the company, only its product.
Beck, a proponent for smaller government, also said, “The government CANNOT bully private companies.”
In closing, he said, “I stand with Apple and I encourage you to do the same. Do your own homework and spread the word.”
There’s no mention of Apple or the San Bernardino case, but the statement has been retweeted by Microsoft’s Chief Legal Officer, Brad Smith, and in turn was retweeted by Microsoft CEO Satya Nadella.
While that so far has been the extent of Microsoft’s acknowledgment surrounding the issue, other tech companies like Amazon have not commented at all. Facebook and Twitter haven’t outright said anything, not including what the RGS said in its statement. Jan Koum, CEO of Whatsapp which is owned by Facebook, backed Apple and said in a Facebook post, “We must not allow this dangerous precedent to be set. Today our freedom and our liberty is at stake.”
Apple Attorney, President Obama weigh in
The Obama administration also chimed in and told the U.S. magistrate judge, who issued the court order, that it is willing to let Apple keep possession and destroy the software created to hack into the San Bernardino shooter’s phone, according to the Associated Press.
“Apple may maintain custody of the software, destroy it after its purpose under the order has been served, refuse to disseminate it outside of Apple and make clear to the world that it does not apply to other devices or users without lawful court orders,” the Justice Department told Judge Sheri Pym, according to the Associated Press. “No one outside Apple would have access to the software required by the order unless Apple itself chose to share it.”
Furthermore, prosecutors aren’t buying Tim Cook’s argument that Apple is protecting the privacy of all its customers. The filing argues that Apple seems more concerned for its “business model and public brand marketing strategy.” Decker also noted that the original order allows Apple to retain custody of the software that would be developed to decrypt the iPhone. The company even has a right to determine how it helps the government in its investigation.
According to Tom Mrozek, a spokesman for the U.S. Attorney’s Office for the Central District of California, a federal court hearing is scheduled for March 22 in California. The Justice Department’s motion to compel did not offer any penalties if Apple doesn’t comply, according to Reuters. The Justice Department also declined to comment on what recourse its seeking if any. Interestingly enough, the prosecutors acknowledged that the filing “is not legally necessary.”
Complying with the FBI’s request could “destroy the iPhone as it exists,” said Ted Olson, Apple’s lead attorney, during an appearance on ABC’s “This Week” on February 21. He then doubled down on Tim Cook’s previous comments that a backdoor opens security holes, which would affect every iPhone and could spur abuse from foreign governments.
Olson reiterated the company’s assistance in the past, and that Apple and Tim Cook have the “the greatest respect” for the FBI. However, the company “has to draw the line at recreating code, changing its iPhone, putting its engineers and creative talents to destroy the iPhone as it exists. Apple has a responsibility to maintain the trust and faith of millions of people who have depended upon Apple to produce a product that protects their privacy, their intimate personal life. This is a Pandora’s Box.”
We’ll keep you updated here as the story develops.
Updated on 02/23/2016 by Robert Nazarian: Added in news of the Justice Department seeking to unlock about a dozen other iPhones and comments from Bill Gates.
Updated on 02/22/2016 by Joshua Sherman and Robert Nazarian: Added in comments from FBI Director James Comey and Apple CEO Tim Cook. Also added comments from a Mom who lost her son during the San Bernardino attack and information regarding a planned filing from victims of San Bernardino.
Updated on 02/21/2016 by Robert Nazarian: Added in further comments from the county health department, the FBI, Apple’s lead attorney, and an Apple exec. Also added additional information regarding Feb 23 rallies in support of Apple.
Updated on 02/20/2016 by Robert Nazarian: Added in additional information regarding changed Apple ID password.
Updated on 02/20/2016 by Julian Chokkattu: Added in a statement from the Justice department, backed by the Obama administration, that Apple would be allowed to keep possession, and later destroy, the software used to hack into the San Bernardino shooter’s iPhone. Also added Trump’s call to boycott Apple.
Updated on 02/19/2016 by Robert Nazarian: Added in news that the Apple ID password was changed less than 24 hours after the FBI obtained the iPhone, information regarding the DOJ’s motion to compel, and comments from Apple co-founder Steve Wozniak.
Updated on 02/19/2016 by Robert Nazarian: Added comments from popular conservative commentator, Glenn Beck.
Updated on 02/18/2016 by Malarie Gokey: Added statements from legal experts who told Forbes that the FBI may consider using dead suspect’s fingerprints in future cases. Noted that it doesn’t apply in the case, as it’s an iPhone 5C with no fingerprint sensor.
Updated on 02/18/2016 by Julian Chokkattu: Added statements from the Reform Government Surveillance group, of which Microsoft is a founding member, and John McAfee offering his support to the FBI. Also added in more information about the All Writs Act of 1789.