Fred Kaplan’s new book, Dark Territory: The Secret History of Cyber War, is out now.
As Apple and the FBI take their fight to Congress this week, it’s worth noting that the government finds itself fiercely pushing an argument it’s never had to make at all before. In matters of installing wiretaps, intercepting email, and, these days, unlocking cellphones, it has always relied on the complicity of the telecoms.
Apple Chairman Tim Cook’s all-out resistance to letting the FBI look inside San Bernardino terrorist Syed Farook’s iPhone threatens to rupture an arrangement dating back to the 1920s—nearly a century ago—when the Code Compilation Company, the cover name for a military-intelligence agency with roots in World War I, persuaded Western Union to provide access to all the telegrams coming in on its wires. By the time of the Cold War, the government—mainly the FBI and, with its founding in 1952, the National Security Agency—were regularly tapping the phones of suspected foreign agents.
In the decades since, corporate restructurings and technological changes have complicated things. When anti-trust rulings forced the breakup of AT&T in 1982, some in the FBI and the NSA worried that their relationship with Ma Bell might not transfer to the scattered new carriers, but the heads of MCI, Sprint, and the regional “Baby Bells” proved happy to accommodate.
As the world shifted from analog to digital—with communications shifting from phone circuits, radio signals, and microwave emissions to digital packets, fiber-optic cable, and the World Wide Web—the NSA suffered its deepest crisis yet; a top-secret congressional oversight panel produced a paper titled “Are We Going Deaf?” Within a few years, though, the agency’s engineers and high-tech contractors devised new methods of interception.
Not only did the new telecom companies have no problem with this, but in fact a new form of mutual cooperation ensued. The Defense Department started buying a lot of these companies’ computers, cellphones, and software, but, before doing so, the wares had to pass inspection by a branch of the NSA called the Information Security Division (later changed to Information Assurance Directorate). When Microsoft submitted its first Windows program, the IAD testers found 1,500 points of vulnerability—1,500 points where hackers could break in. IAD then helped Microsoft patch the flaws—or most of them, anyway: Some “back doors” were left unlocked so the NSA could get in to the computers of foreign powers that had bought the software.
Many years later, in 2008, after the U.S. Air Force rejected Microsoft’s XP operating system on the grounds that it was riddled with security flaws, IAD helped the firm design XP Service Pack 3, which the Air Force deemed secure straight out of the box and which became one of Microsoft’s most successful systems. Similarly, when China launched a major cyberattack against Google, stealing the firm’s source-code software, the IAD helped repair the damage.
So when the NSA set up a program known as PRISM, in which the agency or the FBI tapped into the central servers of nine American software and telecom companies—in order to extract email, documents, photo, audio, and video files, and connection logs of suspected foreign agents and terrorists—those companies went along, either willingly or under the compulsion of a FISA, or Federal Intelligence Surveillance Act, court order. (The companies were Microsoft, Google, Yahoo, Facebook, AOL, Skype, YouTube, Apple, and Paltalk.)
All this was done under the cloak of extreme secrecy. The programs, as well as the FISA court proceedings, were classified beyond top secret. But in June 2013, Edward Snowden leaked thousands of documents about PRISM and many other surveillance practices. Suddenly, with their complicity laid bare for all to see, the executives of these corporations backed away, some howling in protest, like Captain Renault, the Vichy official in Casablanca, who pronounced himself “shocked, shocked to find that gambling is going on in here,” just as the croupier delivered his winnings for the night.
Their fear was that customers in the global marketplace would stop buying using their software or applications, suspecting that it was riddled with “back doors” for NSA intrusion. Howard Charney, senior vice president of Cisco, a company that had done frequent business with the NSA, told one journalist that the agency was “besmirching the reputation of companies of U.S. origin around the world.”
Which leads us to the present battle with Apple in the courts of law and public opinion—and, starting with the House Judiciary Committee’s hearings on Tuesday, in the chambers of Congress as well.
In one sense, Apple is a bit distinct from the other Silicon Valley firms, at least since 2011, when Tim Cook succeeded Steve Jobs as chairman. While most of these executives bear a libertarian streak, Cook is soaked and sautéed in the creed. One former NSA official told me that IAD has tried to arrange meetings with Cook to talk about security issues of mutual interest, but he always declined. He has abided by court orders to unlock devices but with increasing resentment.
In 2014, one year after Snowden’s revelations, Apple introduced the iOS 8 operating system. The explicit intent was to shield future iPhones not only from hackers but also from the U.S. government. With iOS 8, users set the passcode to open the phone; Apple would not have access. The next time the FBI or NSA presented a court order to open a phone, Apple’s lawyers could honestly say that they couldn’t.
When it came to Syed Farook’s phone, the FBI (or, perhaps, the NSA working through the FBI) devised a workaround solution: The bureau asked Apple simply to bypass or alter a security feature within iOS 8 that automatically erases the phone’s data after someone tries to guess the passcode incorrectly 10 times. At that point, the FBI would apply “brute force”—activating password-sniffing programs that try thousands of random letters and numbers per second—so that the code would be broken, in a matter of hours, days, weeks, or months (depending on its complexity).
A magistrate judge ordered Apple to comply. Apple resisted, arguing—first in an open letter to customers signed by Tim Cook, then in a countermotion to the court—that code-writing is constitutionally protected speech, that the government has no right to order a company to write a new operating system to undermine its own security, and that complying with the order would endanger the security not just of this particular phone (which is owned by San Bernardino County, whose leaders have consented to the request) but all phones. The FBI disputes all three contentions.
No court case has ever set up this confrontation quite so starkly or deliberately. Some have drawn a parallel in the story of the Clipper Chip, the NSA’s attempt in the mid-1990s to maneuver around the looming technology of commercial voice encryption, which officials feared would prevent the FBI and NSA from listening to phone conversations. The idea was to install the chip—which the NSA manufactured—in every telecommunications device. Safeguards were promised: The government could tap in and listen only if it followed an elaborate, court-approved two-key procedure.
Privacy groups challenged the chip’s legality, but the program died before the suit was heard in court. For a year or so, President Bill Clinton was intrigued with the Clipper Chip; Vice President Al Gore was his supportive point man on the project. But in the end, the chip proved too expensive; the two-key safeguard was unreliable; and many suspected the NSA could enter through some secret back door, even without the keys.
Finally, two broad factors settled the controversy. First, Ron Brown, Clinton’s commerce secretary, argued persuasively that encryption technology could be a boon for American exports. (Until this realization, encryption was classified as a “munition.”) Second, NSA scientists figured out a way to break or work around the encryption—just as they’d always figured out a way to deal with new obstructions in technology.
But some officials fear, perhaps ahistorically, that this time is different: that Apple’s real aim is to prevent the government from finding a workaround. Each side in this case is nervous about a perceived long-term threat if the other side wins in court. Apple fears that the government will use victory as a precedent to order all telecom and software companies to write changes in their operating systems. The FBI and NSA fear that Apple might have found a way, finally, to shut off government access to their wares for good and thus end an era of private-public cooperation in the name (whether genuine, feigned or both) of law enforcement and national security.
The scope and stakes of this case didn’t have to be so grand; they could have been settled on very narrow issues and may still be. But both sides are aiming for the politico-legal cosmos, and their front men—Cook and FBI Director James Comey—have taken public stands from which they’ll find it hard to backpedal; certainly they’ve signaled they have no desire to compromise. If they get their way, the struggle, despite its technical obscurity, may be one of the most consequential court cases of our time.
Read more in Slate about the Apple-FBI battle.