Last updated: 16 May 2016
As I recently covered on this blog, the privacy vs. security debate heated up last week as a result of Apple CEO Tim Cook opposing a U.S. court order to create software that would enable the FBI to access data on the iPhone of San Bernadino shooter Syed Rizwan Farook.
Here are some of the latest developments in the story:
FBI and Apple Exchange New Jabs
FBI Director James Comey released his own letter on Sunday, February 21, refuting the claims made by Cook in his letter to Apple customers.
In Comey’s letter, he takes issue with claims that abiding by the court order would set a new precedent or that what is being requested is, as Cook claimed, a backdoor to Apple’s encryption.
“The particular legal issue is actually quite narrow. The relief we seek is limited and its value increasingly obsolete because the technology continues to evolve. We simply want the chance, with a search warrant, to try to guess the terrorist’s passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That’s it. We don’t want to break anyone’s encryption or set a master key loose on the land. I hope thoughtful people will take the time to understand that. Maybe the phone holds the clue to finding more terrorists. Maybe it doesn’t. But we can’t look the survivors in the eye, or ourselves in the mirror, if we don’t follow this lead.”
Comey goes on to address the zealousness being displayed by Americans arguing for each side in this privacy vs. security debate.
“Although this case is about the innocents attacked in San Bernardino, it does highlight that we have awesome new technology that creates a serious tension between two values we all treasure—privacy and safety. That tension should not be resolved by corporations that sell stuff for a living. It also should not be resolved by the FBI, which investigates for a living. It should be resolved by the American people deciding how we want to govern ourselves in a world we have never seen before.”
Apple, meanwhile, has launched a Q&A page on its website that further clarified why it was taking its stance on this issue and what they hope will happen next.
“We feel the best way forward would be for the government to withdraw its demands under the All Writs Act and, as some in Congress have proposed, form a commission or other panel of experts on intelligence, technology, and civil liberties to discuss the implications for law enforcement, national security, privacy, and personal freedoms. Apple would gladly participate in such an effort.”
It appears that the majority of Americans favor forcing Apple to comply with the court order by developing the software requested. Here are the results from a USA Today poll on the subject:
Should Apple fight a court order to break into the San Bernardino shooter’s iPhone? https://t.co/ZYyhqO10uH
— USA TODAY Tech (@usatodaytech) February 17, 2016
Despite the majority’s opinion, those supporting Apple’s position rallied for the data privacy cause outside of an Apple store last week in San Francisco. Digital rights group Fight for the Future, the organizers of that rally, has organized similar events for tomorrow, February 23rd, in more than 30 cities.
On February 19, the government filed a motion to compel Apple to comply with the original court order. That motion as well as Apple’s application for relief and opposition to the motion — now due by February 26 — will be heard by the court on March 22, 2016.
Apple ID Password Reset Hampered Investigation
Speaking with reporters on Friday, Apple executives revealed that someone with the San Bernardino Health Department, while cooperating with the FBI, reset the Apple ID password associated with Syed Rizwan Farook’s iPhone less than 24 hours after the San Bernardino terrorist attack.
The County was working cooperatively with the FBI when it reset the iCloud password at the FBI’s request.
— CountyWire (@CountyWire) February 20, 2016
The need for a backdoor may have been avoidable had the password not been reset. If the original password were in palce, someone could have triggered an iCloud data backup simply by allowing the phone to connect to a known Wi-Fi network, at which point the FBI could have obtained the desired data without needing the iPhone’s passcode.
Following in the footsteps of Google, Microsoft, Facebook, and Twitter, Bob Lord, CISO at Yahoo, was the latest technology company leader to publicly support Apple’s position in this debate, taking to Twitter to write:
Ordering a company to hack one targeted system is clearly the first step to ordering them to backdoor them all. #slipperySlope #usersfirst — Bob Lord ¬_¬ (@boblord) February 19, 2016
Trump Calls for Apple Boycott
During a rally in South Carolina on February 19, Republican presidential candidate Donald Trump called for a boycott of Apple products until they comply with the court order.
“First of all, Apple ought to give the security for that phone,” Trump said. “What I think you ought to do is boycott Apple until such time as they give that security number. How do you like that? I just thought of that.” The presidential hopeful took to Twitter on the subject, writing:
I use both iPhone & Samsung. If Apple doesn’t give info to authorities on the terrorists I’ll only be using Samsung until they give info.
— Donald J. Trump (@realDonaldTrump) February 19, 2016
According to an article in The New York Times, Apple attempted to avoid fighting this privacy vs. security battle in the spotlight.
“Apple had asked the F.B.I. to issue its application for the tool under seal,” the New York Times reported.
The FBI declined to request Apple’s assistance privately, however, leading to the battle we are witnessing today.
Share your thoughts on this story with us on Twitter via @GemaltoSecurity.