The contentious ongoing battle between Apple and the Department of Justice continues, as the company has refused yet another request for an iPhone backdoor.
Apple has refused a request to unlock the phone of the alleged Naval Air Station Pensacola shooter. Mohammed Saeed Alshamrani, an aviation student from Saudi Arabia, is being held in the December 2019 naval base shooting in which three people were killed.
As it has with requests dating back to the 2015 mass shooting in San Bernardino, Apple has refused to create any sort of iPhone backdoor that allows the government to bypass its strong encryption. The company responds to law enforcement requests and in this case claims it has provided investigating authorities with “gigabytes of information,” but remains staunch in its refusal to compromise its encryption system in any way.
The iPhone backdoor debate
If the material leaked by Edward Snowden in 2013 is to be believed, Apple was once a willing partner in turning over user information to the government. That changed in 2014 with the release of iOS 8, with which Apple responded to public criticism of their practices by crafting a stronger encryption scheme that left no loopholes available for government access. Apple essentially removed any ability it had to create its own backdoors into user devices.
Apple and the government came to a head over this policy in early 2016, when the FBI demanded that Apple give them access to the locked iPhones of the suspects in the mass shooting at the Inland Regional Center in San Bernardino. The FBI and NSA had both failed to break the encryption and insisted that Apple add an “iPhone backdoor” to future versions of iOS.
Apple refused. As CEO Tim Cook stated in an open letter to customers, “The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.”
The FBI obtained a court order forcing them to add such a feature. Apple publicly committed to fighting the court order; this caused the FBI to seek the help of third-party security firms. An unnamed party was able to hack into the shooter’s phones about a month later, and the FBI withdrew the case.
Apple has reportedly received a number of similar requests from the government since then, all of which it has pushed back against. This most recent request appears to be a re-run of the early 2016 episode, with an added dispute over whether or not Apple is providing the government with “substantive assistance” that has been initiated by Attorney General William Barr.
Apple responded that the company had provided the government with some six gigabytes of data related to the shooting investigation including iCloud backups, account information and transactional data for multiple accounts.
A New York Times report cited an anonymous insider who claimed that the two Pensacola phones that the government is trying to unlock are an iPhone 5 and iPhone 7+. These are older models that have since had known exploits developed that bypass the hard limit on password attempts, allowing for the use of “brute force” password cracking techniques.
Apple’s refusal of the iPhone backdoor is predicated on two central concepts. One is the “slippery slope” of government demands for surveillance it could cause. Today it’s the iPhone backdoor, tomorrow it could be the ability to remotely turn on microphones at will without notifying the end user.
The other concept is the possibility of any backdoor being discovered by threat actors and used as an exploit. A software backdoor stands a very good chance of being discovered by someone at some point; a hardware backdoor is harder to detect, but once discovered essentially renders that device type useless. As Apple stated in a recent letter reminiscent of the one issued in 2016, “”Backdoors can also be exploited by those who threaten our national security and the data security of our customers … We feel strongly encryption is vital to protecting our country and our users’ data.”
The situation is not the same as it was in early 2016. The government appears to now have numerous third-party options capable of unlocking the encrypted iPhones of suspects on an individual basis, even the more recent models like the iPhone 11 Pro Max. If an iPhone backdoor is not necessary to investigate the Pensacola shooting, then why has the Attorney General’s office gone out of its way to revive this confrontation?
Some believe that the Pensacola case is not about a genuine need to build a backdoor to unlock two iPhones, but instead is an opportune moment for the government to push for a convenient surveillance tool that is likely to be used in exactly the manner that privacy advocates fear.
While Apple continues to resist the iPhone backdoor, the company may find itself eventually compelled by law to comply. So-called “lawful access mandates” that require private companies to weaken end-to-end encryption on demand have either been passed or are being weighed by a number of countries including Australia, the United Kingdom and India. Apple still sells phones with full encryption in countries that have such laws, but they basically exist at the pleasure of the government. Other tech companies such as Facebook have found themselves in the crosshairs of such legislation as well; the passage of enough laws of this nature in enough world powers might provide leverage to force Apple’s hand.