On Tuesday night, President Donald Trump abruptly dived into a long-running battle between Apple and the FBI over iPhone encryption:
Trump’s demand that Apple “step up to the plate” is in reference to the FBI’s current attempts to break into two iPhones. They belonged to a second lieutenant in the Saudi Air Force who investigators believe killed three people in a shooting at a Pensacola, Florida, naval base in December. (He was killed by police when they arrived to respond to the shooting.) Attorney General William Barr publicly admonished the company on Monday, stating: “So far, Apple has not given any substantive assistance. This situation perfectly illustrates why it is critical that the public be able to get access to digital evidence once it has obtained a court order based on probable cause.” Apple claims that it has already assisted the FBI in retrieving “gigabytes of information” for the investigation, including iCloud backups, transaction data, and account info. The bureau, however, is pressing the company to weaken the iPhones’ encryption in order to gain full access to the devices.
Apple’s iPhones take advantage of a security measure known as encryption, which scrambles the info held in the device and makes it unintelligible unless you have a string of code known as a key to decipher the data. By entering a PIN code, or scanning a fingerprint or face, a user enables the key to unlock what’s held in the phone. Apple radically improved data encryption with the release of iOS 8 in 2014, making the iPhone 5S and subsequent models much harder to crack.
That same year, the company announced that it would not undermine security protections to grant the government access to iPhones. Since then, Apple has perpetually sparred with the FBI over encryption. While the FBI has argued that gathering all available information from suspects’ phones is crucial to high-stakes investigations, Apple maintains that creating a back door for its encryption would weaken the security of all of its customers’ devices. The first prominent clash over the issue came in 2016, when the bureau brought Apple to court in an abortive attempt to force the company to unlock an iPhone 5C used by a shooter responsible for the deaths of 14 people in San Bernardino, California, in 2015. The same fight erupted after the shooting of a Texas church in 2017.
Trump and Barr—and Barr’s predecessor, Jeff Sessions—have taken a more aggressive stance on Apple than the previous administration did. Former President Barack Obama and former Attorney General Eric Holder had both generally called for a better balance between privacy and physical safety in the debate—implicitly calling on tech companies to soften their encryption stances—but didn’t wade in directly.
During the investigation into the San Bernardino shooting, which coincided with the 2016 election, then-candidate Trump called for a boycott on Apple products. Yet his very public attempt to leverage U.S. trade policy in his Tuesday tweet also adds another wrinkle to the dispute. Apple CEO Tim Cook has had a particularly friendly relationship with the president, whose 2017 tax cuts have saved the company tens of billions of dollars and whose tariffs have spared Apple products in the trade war with China. The encryption affair may test Cook’s attempts to remain on Trump’s good side.
Apple’s response to the pressure has also been somewhat surprising. According to the New York Times, people within the company are frustrated that “the Justice Department hasn’t spent enough time trying to get into the iPhones with third-party tools.” (Apple did not respond to an inquiry about this reporting.) Companies like Cellebrite and Grayshift have long offered iPhone hacking services to governments around the world. The FBI reportedly used Cellebrite’s technology to access the San Bernardino shooter’s phone, and, according to Bloomberg, the bureau should be able to use the same methods with the phones in the Pensacola case. Indeed, the Pensacola suspect had an iPhone 5 and an iPhone 7, older models with weaker security; researchers recently discovered a security flaw in the chips of iPhones released between 2011 and 2017, which includes both those devices.
While it may seem strange for Apple to prefer that the FBI consult a service that exploits weaknesses in its devices’ security features, this may actually be the least harmful solution to the current predicament. “It is a worse problem for the government to pressure and demand that Apple stop innovating on security,” says Jennifer Granick, who serves as surveillance and cybersecurity counsel for the ACLU. “Attack and defense are always in relationship to each other in cybersecurity. There’s always going to be advances in defense and advances in attack. The offense usually has the upper hand.” Forcing Apple to purposefully build a back door to its encryption would hobble the defense side of this equation.
Also, if it becomes clear that the company is not actually making its product as secure as possible, users may lose trust in features that actually do safeguard their privacy. “For fundamental cybersecurity practices, we trust the integrity of what developers tell us about how they work,” says Jake Laperruque, senior counsel at the Project on Government Oversight’s Constitution Project. If developers are purposefully weakening security measures, users have a harder time trusting patches and software updates, which may in fact have a legitimate purpose.
To be sure, phone hacking tools like those from Cellebrite and Grayshift are dangerous and can be easily abused; authoritarian governments have used them to crack down on journalists and political dissidents. Yet, if law enforcement really won’t relent on accessing the contents of the Pensacola shooter’s phones, hacking in this case is the lesser of two evils. As Sharon Bradford Franklin, the policy director for New America’s Open Technology Institute, notes, “Whereas government hacking involves the exploitation of unintentional vulnerabilities in particular products, a backdoor mandate would require building known vulnerabilities into every product, so the impact is much greater and more problematic.” (New America is a partner with Slate and Arizona State University in Future Tense.) Finding and figuring out how to take advantage of these vulnerabilities is much more expensive and time-intensive than just waltzing through a back door put in by the manufacturer, but tech advocates say the privacy threat is not worth the convenience. This likely explains, though, why Barr and law enforcement officials are pressing Apple to weaken the iPhone encryption when they could most likely just go to a third party to get the job done.