News broke yesterday that a United States magistrate judge in California ordered Apple to comply with the FBI’s request for assistance in bypassing the passcode lock of the San Bernardino gunman’s iPhone. Hours later Apple published an open letter by Tim Cook explaining that creating a tool to bypass this specific iPhone would jeopardize the security of all iPhones.
The battle between personal privacy and information gathering as it relates to Apple and security has been building up for years now, and the government narrowing it down to one specific iPhone used by a terrorist in the U.S. has caused the debate to reach new levels. This may be Apple’s battle to lose, but it will be a very public one nonetheless.
Since Apple’s response to the FBI and court order, the White House has stood by the Department of Justice and argued that it’s not about a backdoor for all devices but just a single device, which Tim Cook’s argument already addressed.
Tim Cook’s open letter is on Apple’s homepage and headlines about the government’s demands are all over the news. From my view, Apple customers seem to be overwhelmingly in favor of Tim Cook’s position, while presidential candidates are unsurprisingly siding with the FBI. Where do you weigh in? Here’s what we know so far.
In Cook’s words, this is how he describes the government’s request:
The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.
Cook’s letter seems to acknowledge that it’s technically possible for Apple to comply, but that it has zero interest in doing something that it considers dangerous for all customers. One security firm has also shown that it appears possible.
In practice, what this would look like is Apple creating a new version of iOS without limitations on how many times you can guess a passcode before it locks up for a period of time. That limitation alone is currently preventing the FBI from just trying every possible passcode as quickly as possible.
iPhones with passcode locks are currently disabled after multiple failed attempts to guess passwords. Try too many incorrect passcodes on an iPhone and you’re temporarily only allowed to place emergency calls for 1 minute. Try again after that and it extends to 5 minutes, then 15 minutes, and so on.
Optionally, iPhones can be set to erase all data after just 10 failed attempts.
Because the FBI wants access to text messages, notes, photos, emails, and anything else saved on the iPhone in question, preserving the data is critical for the investigation. The FBI argues that data protected behind the iPhone passcode could offer critical evidence as to how the attack in San Bernardino was planned, who else was involved, and if any future attacks can be prevented.
The court order in this case only applies to this specific iPhone, too, but Tim Cook is right to argue it would set a precedent that would be used in future cases. The FBI has been deploring iPhone encryption publicly long before the shooting in December.
One key takeaway for me is that wow, who knew our passcodes on our iPhones were actually so secure?
Apple under Tim Cook’s leadership has been pitching privacy as a product for years now, starting largely in 2013 with the iPhone 5s and Touch ID. If iPhones were going to be storing fingerprints, Apple needed to promise customers it was safe. Same thing with Health and HealthKit, Apple Pay, and many other new features and services. And the NSA/PRISM surveillance episode only strengthened Apple’s need to take its current position.
Now we find ourselves in the midst of an ongoing national debate over what’s more important: personal privacy or national security? The San Bernardino iPhone is being used to make the argument very specific, but make no mistake that it’s about a much larger divide that’s been developing for years now. Should Apple maintain it’s rock solid position on encryption, or should it comply with the court order and FBI’s request?
In our previous poll last November, 93% of responders favorably viewed Apple’s firm stance on encryption two weeks before the San Bernardino attack and three months before the court order to unlock the terrorist’s iPhone.
My suspicion is that most readers haven’t changed their position, but I am curious how many believe Apple should comply with the FBI in this specific instance.
And from a broader standpoint, how important to you is privacy through encryption as a factor when buying Apple technology? Consider it this way: If Apple technology suddenly wasn’t encrypted and only Google technology was, would that be a big enough factor to switch platforms?
As Ben Lovejoy wrote this morning, Apple may very well try to hold its position as long as it can, but it’s possible it will be forced to comply at some point.