Decrypting Apple’s Refusal to Unlock iPhones
Recently, Apple has again faced scrutiny by the DOJand even our presidentfor their adamant refusal to unlock their customers’ iPhones upon government request. In response to the Pensacola shooting, where an Air Force cadet killed three sailors and wounded eight, the DOJ again seeks Apple’s assistancein unlocking a shooter’s iPhone. While Apple complied with many requests for assistance by law enforcement, the tech giant seems reluctant to comply fully. In response to Attorney General Barr’s requests to unlock the Pensacola shooter’s iPhone, Apple’s public statementis informative of their intent. Apple echoed its past stances on privacy, claiming that doing so would require the creation of a backdoor into the phone’s encryption. In creating a backdoor, Apple voiced concernof how it would jeopardize its customers’ privacy if that backdoor fell into nefarious hands. Taking those statements into account, it appears that Apple will respond similarly today as they have in the past – and refuse.
In 2016, Apple faced requests from the DOJto unlock San Bernardino shooter Farook’s iPhone. In response, Apple released a public letterto its customers, overtly refusing to comply. In that letter, Apple CEO Tim Cook emphasized a few concerns on their end. First, Cook articulated the need for encryption. Because iPhones are an essential part of many Americans’ lives, they tend to contain enormous amounts of sensitive, personal information. To protect that information, Apple must heavily encrypt that data as to safeguard it from hackers and otherwise unsavory characters seeking access. Second, to unlock the shooter’s iPhone, Apple claimedthat it would be forced to create software that has the potential to unlock anyiPhone. Pre-empting responses to their refusal, Cook explained that building a backdoor for just one iPhone is far from a clean-cut solution. Because iPhones are similarly encrypted, a key to that encryption would function similarly on all phones, amounting to a massive security compromise.
The disagreement between the DOJ and Apple in regard to how our society should handle encryption, and by extension electronic privacy, is an emblematic one. On one hand, the DOJ represents the interests of law enforcement, and the government at large. A backdoor would allow for freer access of information to law enforcement, enabling them to ostensibly conduct more accurate investigations. Further, wider access to information may lead to acquittal of innocent defendants in cases where that data can be used to exonerate them. On the other hand, Apple’s concern is mainly of privacy. Even when encryption is present, massive data leaks from prominent institutions such as Facebookand Equifaxstill occur. If these leaks can occur, encryption notwithstanding, would creating software that could access encrypted iPhones only serve to increase vulnerability?
The questions that arise from the push-pull between consumer privacy and the interests of law enforcement have no easy answers. If left up to the courts, it’s unclear how fruitful a court order requiring Apple to decrypt the Pensacola’s phone would be. In the case of the San Bernardino shooter, Apple outright refused to comply, defying the court’s order. In the end, the government wound up working with a third-party contractor to get into the phone. As high-profile cases involving Apple’s refusal to decrypt its phones stack up, pressure will continue to build upon Congress to act. Mandating that phone manufacturers include backdoors for the United States government is an option, but one that will be met with heavy resistance from Silicon Valley. However, the current state of affairs allows companies such as Apple to openly defy the government’s requests for decryption without any serious consequences – a far from ideal approach.
One potential solution is for Congress to create a system by which technology companies can obtain a criminal’s phone from law enforcement, decrypt that phone at their facilities, then relay pertinent information to relevant parties. This way, any information related to the decryption would remain in-house, and law enforcement would be able to proceed with pressing matters in a more informed way. To ensure that this system isn’t abused, Congress would have to set a threshold of criminal offenses that allows for investigations to pursue decryption in this manner. Ultimately, the resolution of this question will likely involve some level of sacrifice. In reaching a compromise between consumer privacy and the government’s access to information, one of the two values will likely have to give.
Stefan Maletic
January 16, 2020