What If It Weren't An iPhone? What The Apple/FBI Case Means For The Industry
In a few days, Apple will formulate its formal response to the federal judge's order seeking the company's help for the FBI to get inside a phone used by Syed Farook, one of the attackers in the San Bernardino, Calif., shootings.
(Click here for our comprehensive explainer on what's going on. A quick recap: The FBI is asking Apple to lift security restrictions that prevent investigators from trying unlimited PIN codes to crack into the phone. Apple says that would mean writing a whole new operating system that would then be in danger of being tweaked to crack into other phones, via other government requests or by hackers.)
Apple's position is unique for this fight. On the PR front, it's a massive and popular consumer brand. But it's also one of few companies that design their own software and hardware, including chips, which has paved the way for the extra-strength encryption that the investigators are facing in this case. For instance, Apple built the iPhone in such a way that it only accepts software signed with Apple's own encryption key.
Apple's main competitors, Google and Microsoft, both have different levels of encryption implemented on mobile devices.
With the exception of the Nexus phone, Google's Android operating system is run on other companies' devices, like Samsung's or Motorola's. That has created a very fractured universe of Android devices, some of which receive regular security updates and others that don't. And Google's rollout of encryption by default in recent years has been impaired by the partners' resistance to installing special chips to handle encryption without slowing down the phone, says Chris Soghoian, principal technologist at the American Civil Liberties Union.
Microsoft, too, has started to adopt encryption by default in recent years, but it has faced heat from the tech community for potentially keeping backups of encryption keys that could unlock your encrypted device.
Soghoian suggests, in fact, that had this investigation involved a mobile device that wasn't an iPhone, getting inside it would be a far easier task and might not require the involvement of the software-maker itself. Though he also doesn't discount the possibility that the National Security Agency probably could crack into the iPhone, too. But that's not what this case is about.
(As a note, there's a lot we don't know about how exactly security technology works inside the iPhones, especially when comparing new ones with older ones like the 5C in this case. So experts disagree about the government's true technical capacity.)
"This is in many ways more about legal strategy than what's actually on the phone," Soghoian says.
And that's a sentiment shared across the industry.
"We must not allow this dangerous precedent to be set. Today our freedom and our liberty is at stake," Jan Koum, CEO of encrypted messaging app WhatsApp, has written in a Facebook post. (Facebook owns WhatsApp.)
1/5 Important post by @tim_cook. Forcing companies to enable hacking could compromise users’ privacy— Sundar Pichai (@sundarpichai) February 17, 2016
Google CEO Sundar Pichai, too, posted on Twitter that he was aware of the challenges that law enforcement agencies face in protecting the public and said that companies cooperate based on valid legal orders, but "that's wholly different than requiring companies to enable hacking of customer devices & data. Could be a troubling precedent."
Microsoft's executives haven't issued statements of their own but shared a comment posted by the Reform Government Surveillance coalition (AOL, Apple, Dropbox, Evernote, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo):
"Reform Government Surveillance companies believe it is extremely important to deter terrorists and criminals and to help law enforcement by processing legal orders for information in order to keep us all safe. But technology companies should not be required to build in backdoors to the technologies that keep their users' information secure. RGS companies remain committed to providing law enforcement with the help it needs while protecting the security of their customers and their customers' information."
"The real linchpin here is not the details of differences between iOS and Android, but they're being forced to produce a new version of software," says Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology.
In that sense, the case is being watched by any company whose customers' data privacy depends on their security software updates, which is a unique universe of encrypted messaging services like WhatsApp and Signal but also software-makers like Apple and Google.
"Everyone is carefully watching this because if the government gets what they want here, they'll have the power to conscript tech companies to covertly deliver surveillance software," Soghoian says.
Copyright 2021 NPR. To see more, visit https://www.npr.org.