Law enforcement agencies across the globe make requests for data from Apple and other tech companies all the time. So "all the time", there are processes in place to handle them. They are… routine.
But, every once in awhile, specific cases still show up in the papers. They're the most sensational, horrible, heart-breaking, flag-waving cases, and the papers lap them up, few questions asked, and the people who then read the stories get all riled up.
Which is, I think, is the entire point of getting those stories into the papers to begin with.
The biggest and most public fight over encryption in the U.S., so far, was the San Bernardino case.
This channel didn't exist back then but I covered the story extensively online, including sitting in on innumerable calls and reading endless reams of legal statements and filings, and the TL;DR is that the United States Federal Bureau of Investigation (FBI) wanted Apple to not just hand over whatever data they might have on the suspects. No, the FBI wanted Apple to create a version of iOS that would allow authorities to circumvent the hardware encryption on any iPhone, at any time.
Which showed, even back then, either a staggering ignorance about how encryption works or a staggering willingness to manipulate the public in an attempt to stop encryption from working.
Apple believed the request itself was extra-legal, in conflict with existing laws, and in violation of the First and Fifth Amendment of the United States Constitution.
The FBI tried to justify the request by using the All Writs Act — an arcane, two-hundred-year-old piece of legislation that, and I'm just guessing here, probably never had digital encryption in mind when it as codified.
But Apple said "no".
More specifically, Apple's CEO, Tim Cook, said — and I'm going to read it verbatim because it's so on point:
Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.
In today's digital world, the "key" to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.
The government suggests this tool could only be used once, on one phone. But that's simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.
In the San Bernardino case, the FBI and Justice Department eventually gave up and, reportedly, paid a third-party vendor to hack the iPhone for them.
It removed the immediate pressure from Apple but it also removed the danger of the FBI action being ruled undue or illegal by the courts and that precedent being set.
Flash forward to this week, and now the papers are being fed a similar story, this time about the FBI's need to get into the phones in the recent attack in Pensacola.
From The Washington Post, reporting on a letter sent to Apple by FBI General Counsel:
"The FBI, out of an abundance of caution, has secured court authorization to search the contents of the phones in order to exhaust all leads in this high priority national security investigation.
NBC, reporting on the same letter:
officials have sought help from other federal agencies, as well as from experts in foreign countries and "familiar contacts in the third-party vendor community."
Investigators are actively engaging in efforts to 'guess' the relevant passcodes but so far have been unsuccessful.
In response to the letter, Apple said:
We have the greatest respect for law enforcement and have always worked cooperatively to help in their investigations. When the FBI requested information from us relating to this case a month ago, we gave them all of the data in our possession and we will continue to support them with the data we have available."
Which, of course.
The Justice Department, not content with an answer based on how the technology of encryption actually works, escalated. Via the New York Times:
Attorney General William P. Barr declared on Monday that a deadly shooting last month at a naval air station in Pensacola, Fla., was an act of terrorism, and he asked Apple in an unusually high-profile request to provide access to two phones used by the gunman.
"This situation perfectly illustrates why it is critical that the public be able to get access to digital evidence," Mr. Barr said. He called on technology companies to find a solution and complained that Apple had provided no "substantive assistance," a charge that the company strongly denied on Monday night, saying it had been working with the F.B.I. since the day of the shooting.
Apple has since followed up with a complete statement:
We were devastated to learn of the tragic terrorist attack on members of the US armed services at the Naval Air Station in Pensacola, Florida on December 6th. We have the greatest respect for law enforcement and routinely work with police across the country on their investigations. When law enforcement requests our assistance, our teams work around the clock to provide them with the information we have.
We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation. Our responses to their many requests since the attack have been timely, thorough and are ongoing.
Within hours of the FBI's first request on December 6th, we produced a wide variety of information associated with the investigation. From December 7th through the 14th, we received six additional legal requests and in response provided information including iCloud backups, account information and transactional data for multiple accounts.
We responded to each request promptly, often within hours, sharing information with FBI offices in Jacksonville, Pensacola and New York. The queries resulted in many gigabytes of information that we turned over to investigators. In every instance, we responded with all of the information that we had.
The FBI only notified us on January 6th that they needed additional assistance — a month after the attack occurred. Only then did we learn about the existence of a second iPhone associated with the investigation and the FBI's inability to access either iPhone. It was not until January 8th that we received a subpoena for information related to the second iPhone, which we responded to within hours. Early outreach is critical to accessing information and finding additional options.
We are continuing to work with the FBI, and our engineering teams recently had a call to provide additional technical assistance. Apple has great respect for the Bureau's work, and we will work tirelessly to help them investigate this tragic attack on our nation.
We have always maintained there is no such thing as a backdoor just for the good guys. Backdoors can also be exploited by those who threaten our national security and the data security of our customers. Today, law enforcement has access to more data than ever before in history, so Americans do not have to choose between weakening encryption and solving investigations. We feel strongly encryption is vital to protecting our country and our users' data.
The politics of encryption
Take out the politics. Take out the attempts to manipulate the press and the people, and the simple truth remains: Apple has no way to break into modern iPhones. They're not like nation-states and gray market vendors. They don't stockpile 0day exploits to use on their own customers. Any time they find any, they push out patches for them as fast as possible, because any of them could be used or discovered or disclosed by other people at any time, and then — yeah — there are the worst kinds of headlines.
And the FBI knows this. They know it. Which is where the papers come in. Because, again, they don't want to get into one phone. They want the ability to get into any phone, the courts of public opinion can be a much better vehicle than the courts of law.
Because the papers can be used to make it look like Apple is standing up for the rights of criminals, rather than standing up for our rights. "What would you want them to do if it was your family?" Is the question that inevitably gets asked, each and every time. As though the answer would ever be anything other than everything, even things that would absolutely be crimes in their own right.
So, what's critical is to step back and really look at what's being asked for here. No more secrets. The ability to get into not just a single criminal's phone, but everybody's phone. Yours and mine. And the ability for not just the FBI to get into it, but everybody. Foreign agencies and criminals.
Substitute the FBI for, say, Russian or Chinese Intelligence, or one of the myriads of countries where dissidents, journalists, everyday citizens have nowhere nearly the rights, freedoms, or protections under the law.
Hell, any border crossing or even traffic stop, any place in the world, where suddenly the contents of every private photo and message, medial and financial record are suddenly at risk.
Right to remain private
Tim Cook said in a recent interview that China had never asked Apple to compromise iOS security but the U.S. had. Luckily, the U.S., a system still exists to push back against those types of requests. But what happens when China does? Especially if they're emboldened by America and the FBI? Based on recent history, it'll be nowhere nearly as easy for Apple to push back.
Worse, what happens when the backdoor falls into the hands of organized crime and terrorists and lone hackers and criminals?
Government agencies have proven woefully incapable of containing dangerous technologies. Information abhors a vacuum and from the NSA spy programs to the worms created to wage cyber warfare on other countries, we're all still dealing with the devastating consequences of the government's repeated failure to keep exactly these kinds of secrets.
A skeleton key into every one of the billions of iOS devices in the world? Who'd ever pick one up again?
It's the nature of law enforcement to overreach. To want our every fingerprint on file, all our DNA on record, from conception, and one day to want trackers and monitors implanted into all of our bodies. And they have a clear and understandable point-of-view for doing so — their goal isn't your privacy; it's prosecution and safety.
But we have to be able and willing to push back against that overreach. It's the duty of all of us to say, clearly and with unyielding certainty: "No."
Because the precedents we set now will echo throughout the next few decades.
I've already done a column on the right to remain private, but I'll TL;DR it now: Our phones enhance our most timely memories, they store our most private data, they sense everything about us and our surroundings.
Not all countries and laws are the same, of course, but many have the concept of a right to remain silent, of a right against self-incrimination. Even spousal privilege.
I've argued before and I'll keep arguing the same should be extended to our phones because they are becoming closer to us than even spouses. They're becoming part of us.
They've already become external cybernetics. And the way we treat them will, in part, determine the way we will treat internal cybernetics and neural connections one day.
If the thought of a backdoor into your phone doesn't creep you out, the idea of a backdoor into your mind and thoughts surely should.
And if it sounds like that's a bunch of crazy talk, again, I point you back to the coverage. Asking Apple or any tech company for assistance is routine. The only time it shows up in the papers is when they want to make it a spectacle. And because the papers want a spectacle as well, they seldom if ever stop to consider why they're being handed one. But it is absolutely to keep stirring up sentiment against the right to privacy, to chip away at it from oblique angles in the courts of public opinion and then the courts of law.
And it's much better and easier to be hyperbolic about it now than it will be when we lose it, and every agency and attacker is swimming in our personal data.