Case Studies
The New Crypto Wars: The Dispute
over Apple’s iPhone
Encryption technology in the United States
has a long and involved history that has
often pitted Silicon Valley against the federal
government in Washington, D.C. In the latest
chapter of this history Apple found itself
entangled in an intense controversy
centered on its very popular iPhone. At issue
was the employment of hyper-strong device
encryption that tightly locked the data stored
on the iPhone. In the aftermath of a terrorist
attack in 2015 in San Bernardino the FBI
and Apple squared off in a public battle over
encryption.
The San Bernardino shooting was another
tragic incident where innocent people were
senselessly killed at the hands of terrorists.
Armed with an assault rifle, Mr. Syed Farook,
a county health inspector, killed 14 people
and wounded 22 others. Farook was
assisted in the lethal attack by his wife. The
couple was killed a short time later in a
shootout with police.
One piece of crucial evidence was one of the
assailant’s iPhones. Since that phone ran
the iOS 9 operating system, it was protected
by unbreakable encryption, and its contents
could not be accessed by the FBI as part of
its investigation into these horrific shootings.
Apple could not comply with the FBI’s
request, backed by a federal warrant, for
access to the phone since the company did
not retain the master key to this data. The
FBI then requested that Apple create new
software that would simply overcome the
phone’s built-in hyper security. The FBI did
not ask Apple to construct a master key.
Rather, it sought an alternative operating
system software for this one phone that
would allow them to break into this locked
device. Among other things, this software
would disable a feature that erases data
stored on the phone after 10 unsuccessful
password attempts. But Apple refused
because it was concerned that such
software, which bluntly overrode the iOS 9,
could be stolen or somehow fall into the
wrong hands.
One year earlier, in the fall of 2014, the
company had announced that this new
encryption architecture would be built into
47
the iOS 8, the iPhone’s operating system,
along with all subsequent versions of that
operating system (OS). The 256-bit AES
algorithm would prevent anyone other than
the iPhone user from accessing the data
stored on that phone. Hence all the
important data on a user’s smartphone—
photos, messages, contacts, reminders, call
history—are now locked up with unbreakable
encryption by default. Decryption is
seamlessly linked to the user’s password.
Only the user would be able to access the
iPhone’s contents, unless his or her
passcode has been compromised. Apple
indicated that it would not retain a master
key to unlock the contents of any user’s
phone or provide any sort of “backdoor
access” to these data. Without the user’s
password and cooperation, law enforcement
officials would have no means of accessing
any information locked on the smartphone.
Similarly, Facebook has introduced a 256-bit
end-to-end encryption technology for its
WhatsApp text messaging service to secure
messages in transit from one smartphone or
mobile device to another. WhatsApp has
adopted the open-source software Text
Secure, which scrambles messages with a
48
cryptographic key that only the user can
access and never leaves his or her device.
The result is unbreakable encryption for
hundreds of millions of phones and tablets
that have WhatsApp installed. Moreover,
Facebook, following the precedent set by
Apple, will not store a master key to
unscramble these data.
Law enforcement officials in the United
States, including the Federal Bureau of
Investigation (FBI), have expressed great
dismay over this further evolution of the
crypto wars. The FBI wants Apple and
Google (the maker of the Android OS for
smartphones) to design a smartphone
system so that police and federal authorities
(with a court order) can access information
stored on that phone without any
compromise in security. Former FBI Director
James Comey insisted that the FBI needs
access to suspects’ iPhones and WhatsApp
messages. Also, according to Comey,
encrypted smartphone apps help terrorist
organizations recruit and allow “bad people. .
.to communicate with impunity.” Full disk
encryption, he argued, materially limits law
enforcement’s capacity to efficiently
investigate crimes and terrorist acts.
49
50
Companies like Apple, however, have
ignored these government warnings, arguing
that the protection of user privacy is of
paramount importance. They are strongly
opposed to building any version of an
encryption backdoor. Apple CEO, Tim Cook,
remains convinced that strong encryption
without backdoor access is the only suitable
way to protect the privacy of Apple’s
customers: “I don’t know a way to protect
people without encryption. . . .[and] you can’t
have a backdoor that’s only for the good
guys.”
Civil libertarians have generally applauded
Apple’s decision. According to Wired, “Apple
has come to the right place. It’s a basic
axiom of information security that ‘data at
rest’ should be encrypted. Apple should be
lauded for reaching that state with the
iPhone.” Google’s decision to follow suit by
incorporating this full device encryption
architecture in the Android operating system
also pleased civil libertarians who have long
called for strong crypto to protect user
privacy. On the other hand, the Washington
Post has argued for a “secure golden key”
that would enable police to decrypt a
smartphone with a warrant. Others citing
51
national security arguments contend that this
“Clipper chip” approach is both suitable and
necessary.
In the midst of this debate, one thing is
certain: the dispute about unbreakable
encryption has been revived with a new fury
and a renewed intensity. A pivotal question
is whether it would be possible to develop
some type of emergency access system for
consumer devices with strong encryption
that did not pose privacy and information
security risks.
Questions
- If you were Apple CEO Tim Cook would
you have cooperated with the FBI after
the San Bernardino shootings? How
might you feel if you were a relative of
someone killed in the San Bernardino
attack? - Outline in as much detail as possible the
costs and benefits of Apple’s decision to
encrypt the data locked on an iPhone
without a backdoor key. - Evaluate Apple’s policy from a moral
point of view. Is the company right to
prioritize privacy over security?
