Acton Institute Powerblog

Explainer: Apple’s Fight with the FBI Over iPhone Encryption

Share this article:
Join the Discussion:

iphone-passcodeWhat is the issue about?

In December, 14 people were killed and 22 were seriously injured in a terrorist attack in San Bernardino, California. The two terrorists, Syed Rizwan Farook and Tashfeen Malik, were later killed in a shootout with police. Law enforcement recovered Farook’s iPhone 5c, which they believe may contain information relevant to the terror investigation.

Farook’s iPhone is protected by a passcode set to wipe the contents of the smartphone after 10 attempts to log in with the wrong code. A federal court in California has ordered Apple to “provide reasonable technical assistance” by either creating a special version of the operating system that’s currently on Farook’s phone, in order to disable the 10-try maximum and allow a computer to connect to the phone and guess every possible passcode, or to provide an alternative means of accessing the phone.

The Obama administration defended the Justice Department’s request Wednesday, vowing that the government would solely use the new program on Farook’s phone.

Apple is currently refusing to comply with the request. Apple CEO Tim Cook issued a statement, “A Message To Our Customers”, in which he says, “The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.”

What is the case against complying with the order?

Opponents of the order fear that it gives the government power over the smartphone’s encryption technology by building a “backdoor” to the iPhone. As Tim Cook claims,

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.

In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

Google CEO Sundar Pichai agreed with Cook, saying on Twitter that forcing tech companies to hack users’ devices “could be a troubling precedent.”

Many privacy rights groups have also weighed in, claiming that, once created, this “backdoor” could be exploited by criminals or abused by the government.

What is the case for complying with the order?

Advocates of complying with the order claim that the fears of critics are overblown and that Apple is merely grandstanding to ingratiate themselves with privacy-rights advocates.

As Gabriel Malor explains, until this week, no one claimed that removing the auto-erase and delay features of passcodes constituted a “backdoor.” “Uses of the term to refer to the order in this case are thus misleading,” says Malor. “This order does not require Apple to hand over a key to its encryption that could be used on other devices.”

Malor also says this case would not set a new precedent since it already relies on an old precedent:

The All Writs Act derives from the Founders’ acknowledgment that sometimes courts require aid from third parties to administer justice. To the extent that Apple and other phone manufactures worry they may be asked to help law enforcement in the future, the Supreme Court set that precedent in a 1977 case called United States v. New York Telephone Co.

Gus Hurwitz says that Apple’s refusal actually does more harm than good for the privacy-rights cause:

Cook’s concerns at best overstate the threat, and by doing so make it harder rather than easier to get some consensus around legitimately difficult but very important issues: the ongoing technological disruption of the delicate relationship between individuals and the state — between privacy and liberty on the one hand, and security on the other.

Hurwitz also explains why we should not be concerned about this issue:

Contrary to Tim Cook’s concerns, courts do not have plenary authority to “intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.” And, where they may have some authority to authorize such conduct, it is limited at least by the 4th Amendment and usually limited even further by statute. The All Writs Act doesn’t expand a court’s authority — it only allows them to exercise what authority they clearly do have, including by commandeering the assistance of those who would otherwise deliberately obstruct a lawful court order.

Charles Krauthammer adds, “The grandstanding that Apple is doing I think is deplorable.” He says the solution is simple: “What you do is, you go to Apple and you say, ‘Look, you take this, you take this one phone, you open it wherever you want, in some secret lab, underwater, off the Pacific Isles, all we want is the information. If you like, you can incinerate the phone after all this is done — give us the information.”

Is there a way to resolve the issue?

Apple will appeal the case, but will likely lose the legal battle and may be forced to comply with the order.

However, an alternative solution has been offered by John McAfee, the controversial cybersecurity expert who is running for president as a member of the Libertarian Party. McAfee says,

So here is my offer to the FBI. I will, free of charge, decrypt the information on the San Bernardino phone, with my team. We will primarily use social engineering, and it will take us three weeks. If you accept my offer, then you will not need to ask Apple to place a back door in its product, which will be the beginning of the end of America.

If you doubt my credentials, Google “cybersecurity legend” and see whose name is the only name that appears in the first 10 results out of more than a quarter of a million.

Joe Carter Joe Carter is a Senior Editor at the Acton Institute. Joe also serves as an editor at the The Gospel Coalition, a communications specialist for the Ethics and Religious Liberty Commission of the Southern Baptist Convention, and as an adjunct professor of journalism at Patrick Henry College. He is the editor of the NIV Lifehacks Bible and co-author of How to Argue like Jesus: Learning Persuasion from History's Greatest Communicator (Crossway).


  • I”m with Apple 100% on this. It seems to me that Krauthammer’s solution is the most reasonable one. So why didn’t the FBI suggest it? Probably because they want the code more than they want the info on the phone.

    • Joe Carter

      ***So why didn’t the FBI suggest it?***

      The court left that as an option. The court order basically says, just give the FBI a way to unlock this particular phone — we don’t care how.

      ***Probably because they want the code more than they want the info on the phone.***

      But the court order states that the code should “only load and execute on the subject device.” That’s why Apple’s claims about a general-use “backdoor” don’t seem to make much sense. The order even explicitly states that Apple doesn’t have to keep the code used to unlock the phone. They can just throw it away.

      • Did the FBI accept the court’s option to have Apple take the phone in house, unlock the phone and give the FBI just the data? I don’t see why Apple would have any objections to that. Apple doesn’t seem to have addressed it which makes me think they didn’t see that as an option. Their objections don’t seem to apply to that scenario.

        “the code should ‘only load and execute on the subject device…” sounds like the FBI wants the code.

        It would be nice if the news media would be a tiny bit more responsible than they usually are and get the fact straight for once. I honestly can’t tell from the news report what the FBI wants and what Apple objects to.

      • > That’s why Apple’s claims about a general-use “backdoor” don’t seem to make much sense.

        The “key” needed to get into this phone is the same one you’d need to get into _every_ iPhone. This is why the FBI’s claims that it would only need to be for the SUBJECT DEVICE do not make sense. The FBI knows this. There is _no_ technical way of limiting the usage to that device alone. The code that works on it will work on everything.

        > The order even explicitly states that Apple doesn’t have to keep the code used to unlock the phone. They can just throw it away.

        If the FBI can compel Apple to do it once, then can compel Apple and everyone else to do it over and over. “Throwing it away” (questionable, in the digital world) is useless if the law can force it’s creation under All Writs anyway.

        Another thought, which might be appreciated here at Acton: We have to remember that “code” is written by people. What rights do those developers and engineers have as regards this governmental order? What happens if the court forces “Apple” to build this tool? Presumably that means Tim Cook sends the order down the chain. What happens if those people refuse?

  • Reading more about Apple’s position, it seems Apple is not so concerned about code, but about the precedent the order sets that forces Apple to break its own product. Apple had told customers that the encryption would be so good that even it couldn’t break it.