iPhone encryption

Apple’s officially denied a request it received Monday from the US Attorney General William Barr to “unlock” a pair of iPhones owned by the Pensacola naval air station shooter, rejecting the characterization that it’s failed to provide “substantive assistance” in the investigation.

As we reported yesterday, Justice Department officials said they need access to the shooter’s phones in order to view messages from encrypted apps such as Signal or WhatsApp. Investigators on the case want to determine whether the gunman had discussed his plans with others at the base and whether he was acting alone or with help.

“Our responses to their many requests since the attack have been timely, thorough and are ongoing,” according to a statement from the Cupertino tech giant given to Input late yesterday following an article in The New York Times. Apple also shared relevant data from the Pensacola shooter’s iCloud account with FBI agents on the Pensacola case.

Here’s Apple’s response to the request in full:

We were devastated to learn of the tragic terrorist attack on members of the US armed services at the Naval Air Station in Pensacola, Florida on December 6. We have the greatest respect for law enforcement and routinely work with police across the country on their investigations. When law enforcement requests our assistance, our teams work around the clock to provide them with the information we have.

We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation. Our responses to their many requests since the attack have been timely, thorough and are ongoing.

Within hours of the FBI’s first request on December 6, we produced a wide variety of information associated with the investigation. From December 7 through the 14th, we received six additional legal requests and in response provided information including iCloud backups, account information and transactional data for multiple accounts.

We responded to each request promptly, often within hours, sharing information with FBI offices in Jacksonville, Pensacola and New York. The queries resulted in many gigabytes of information that we turned over to investigators. In every instance, we responded with all of the information that we had.

The FBI only notified us on January 6 that they needed additional assistance — a month after the attack occurred. Only then did we learn about the existence of a second iPhone associated with the investigation and the FBI’s inability to access either iPhone. It was not until January 8 that we received a subpoena for information related to the second iPhone, which we responded to within hours. Early outreach is critical to accessing information and finding additional options.

We are continuing to work with the FBI and our engineering teams recently had a call to provide additional technical assistance. Apple has great respect for the Bureau’s work and we will work tirelessly to help them investigate this tragic attack on our nation.

We have always maintained there is no such thing as a backdoor just for the good guys. Backdoors can also be exploited by those who threaten our national security and the data security of our customers. Today, law enforcement has access to more data than ever before in history so Americans do not have to choose between weakening encryption and solving investigations. We feel strongly encryption is vital to protecting our country and our users’ data.

Apple and other technology companies have maintained a tough stance on encryption, saying encryption on smartphones is an important safeguard that protects millions of consumers against hackers and other criminals. While Apple regularly agrees to legitimate law enforcement requests, it’s unable to break the iPhone’s hardware and software encryption without writing a customized version of the iOS operating system that would lack security protections because doing that would put everyone at risk of privacy violations.

Even though the Saudi military student who killed three people last month at the Pensacola naval base in Florida is dead, the FBI has secured court authorization to search the contents of his phones “in order to exhaust all leads in this high priority national security investigation,” the FBI’s general counsel Dana Boente wrote in a letter to Apple’s top lawyer, Katherine Adams.

“Unfortunately, the FBI has been unable to access the contents of the phones,” continues the letter seeking the tech giant’s assistance. The FBI even asked private technology experts if they could help agents crack the phones, but “none of those reachouts has shown us a path forward,” according to the Bureau’s general counsel Dana Boente.

Daring Fireball’s John Gruber has commented:

Most people don’t understand anything at all about encryption (which is to be expected), and reasonably assume that surely Apple can ‘get into’ any device that it makes. It used to be that way, in fact, in the early years of iPhones  — and it was a disaster for security — a thief who had your iPhone also had access to whatever data was on your iPhone.

It’s fine that most people don’t understand anything about encryption, but experts at the FBI surely do, and my suspicion all along with the San Bernardino case was that the FBI was trying to turn the public’s ignorance of encryption — both how it works and how owning truly encrypted devices benefits them, even if they don’t know it — against Apple.

In December 2019, the Senate Judiciary Committee held a hearing that was basically supposed to scare people into supporting software backdoors, with New York District Attorney Cyrus Vance saying, “In fact, we were never able to view the contents of his phone because of this gift to sex traffickers that came, not from God, but from Apple.”

Ouch!

Following Apple’s fight in 2015 with the FBI, which was pressuring the company into providing an iOS backdoor so that investigators could break into the iPhone of the San Bernardino shooter, I’ve felt the government would try to turn public sentiment against strong encryption all over again, and this time around the boogeyman of choice seems to be “terrorism”.

Could this latest case revive the fight between the federal government and Big Tech over encryption? Grab your popcorn as the next round of FBI vs. iPhone encryption unfolds.

Thoughts?