As part of an investigation into the mass shooting last December that left 14 people dead in San Bernardino, California, a federal judge on February 16 ordered Apple to unlock encrypted information on an iPhone 5c used by one of the perpetrators. Then came the firestorm.
Apple and other high-tech companies have been pushing back against jawboning by government — mainly in support of law enforcement and counterterrorism — to limit the privacy and security measures built into their products. Faced with the San Bernardino order, Apple drew a line in the sand. In a “Message to Our Customers,” CEO Tim Cook said the U.S. “asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.”
A backdoor is a method to break, or decrypt, a code. Apple’s latest iPhones employ encryption so strong that police and prosecutors claim to be stymied in attempts to gather evidence for criminal investigations. As Cook asserted, there is no backdoor. Privacy is a selling point. “We have even put that data out of our own reach,” he wrote, “because we believe the contents of your iPhone are none of our business.”
Battle lines are drawn between legitimate public interests — the rights of individuals versus government’s responsibility to maintain order and protect the homeland — while a powerful commercial enterprise defends its business practices with what amounts to a manifesto for digital privacy. But the conflict is now also a legal one, which could take time to be satisfactorily resolved, if that is possible at all.
“It may have to be decided by the Supreme Court,” Cedric Leighton, a Virginia-based consultant who is a retired Air Force intelligence officer and National Security Agency deputy director for training, tells Institutional Investor. “As someone who has been on both the business and intelligence sides, I think Apple makes some valid points” about a precedent that could go against its business interests. “But it is not black-and-white,” he adds, and court outcomes could therefore be murky.
Indeed, authorities invoked the All Writs Act of 1789 — the first year of U.S. Constitutional government — to obtain the court order.
Leighton perceives a seminal data protection issue: “It is different in the sense that we are on the brink of the Internet of things. There will be significant challenges in having to secure data not only on individual devices but also in the cloud, in servers everywhere.”
There may be more history here than meets the eye. Leighton points out that in the mid-19th century Western Union resisted government subpoenas for information transmitted over the telegraph network. On the other hand, just prior to World War II, Western Union assisted U.S. intelligence by handing over communications pointing to Japanese espionage.
Nor is this the first time that data encryption has been a political flash point. Grounded in mathematics and computer science, public key cryptography has grown increasingly central to private- and government-sector information security since the 1970s. Encoded information requires a digital key to unlock; the longer the key, say, 128 bits versus 64 bits, the more difficult it is for an unauthorized party to intercept a message or hack into a database.
In the 1990s, as keys got longer and harder to break through “brute force” testing of all possible combinations, the National Security Agency proposed a standard backdoor, called the Clipper chip, to preserve its ability to gather signals intelligence. Backlash from the technology community and privacy advocates killed the idea. Leaks from disgruntled security contractor Edward Snowden revealed that the NSA and Central Intelligence Agency had compromised iPhones. That led Apple to harden encryption defenses in the iOS 7 and iOS 8 operating systems in 2013 and 2014, respectively.
Cook may be faulted less for privacy absolutism than for timing: His resistance effectively delayed a domestic terrorism investigation. Tech industry critics including Russell Stern, CEO of networking services and security company Solarflare Communications, say Cook read the court order too broadly, the court specified a single phone, and Apple is likely capable of facilitating a backdoor into it. “Save the politics for later,” Stern blogged.
In other words, Cook could have picked a better battle. This is an extraordinary and complicated case, and as the adage goes, hard cases make bad law.
Get more on regulation .
