The FBI, trying to force Apple to break into its own protected software, wants the public to ignore its own failings and misstatements.
There’s much more than anti-terrorism involved in the attempt to crack a cellphone.
After the December 2015 attack in San Bernardino, California, the two terrorists were quickly found and killed. One of them had an Apple iPhone in his possession.
Though it did not need access to the phone’s data to pursue the terrorists, who were already dead, the FBI wanted to see if they were part of a terrorist network. The FBI asked for and received Apple’s help in accessing the phone’s data.
The FBI gained some information, but agents thought more might exist. The phone had been automatically backed up in October, making data until then available, but the FBI also wanted the data between the backup and the attack.
Ignoring Apple’s offer to help, the FBI fumbled in its attempt to back up the remaining data. Apple says that, with its available help, the FBI could have accessed the data. The FBI reluctantly confirmed that was true.
The FBI could not otherwise access the data, because it was password protected, and agents did not know the terrorist’s password. The phone’s lock allowed only ten tries with the delay between each try growing longer.
When asked, Apple said it had designed the software to provide complete customer security and even it could not access the data. The FBI then asked the company to develop new software to break its own security. Apple refused.
It said that it had promised customer security as part of its product. Even more important, it said that, once the new software existed, it could be reused, even by America’s enemies, to view secret data.
The FBI then went to a California federal court and asked it to order Apple to develop the new software without waiting to hear Apple’s side of the argument. After the judge said she would give Apple time to reply, the FBI filed a request that she should compel it to comply immediately. It argued the new program could be controlled by Apple and destroyed by it after just this one use.
As the basis for its demand, the FBI relied on the All Writs Act, a law passed in 1789 allowing federal courts to issue orders on all matters unless Congress had addressed the issue.
Apple replied that the federal government could not force a company to produce software and that the program would end up being used more than once. The California case remains in court.
Meanwhile, in New York, the FBI was seeking the same password access program in a drug trafficking, criminal case, not related to national security. The judge there found that the AWA did not give courts the authority to order the company to prepare new software, which would be overly burdensome on Apple. He said that Congress had “considered [such] legislation but not adopted it.”
In short, the AWA could not give courts authority that Congress had intentionally declined to give them. The federal judge decided in favor of Apple and turned down the FBI, which has appealed his ruling.
The California case revealed that the FBI could have accessed the data without the court order. The New York case revealed that, despite the FBI’s claim, it would not limit its access to a single case.
The FBI seemed to be trying to stir up public sentiment for its position by raising the threat of losing terrorists’ secrets. In this effort, it was willing to undermine the principles of real security protection and user privacy and to mislead both courts and the public.
That the FBI was on its own crusade became clear when both the Secretary of Defense and the chief of the U.S. Cyber Command said maintaining strong password protection is more important than opening the access the FBI seeks.
The U.S. uses passwords and other protections for its data and has its own software for breaking into the secret files of other countries. Key agencies want no legislative or court action that could compromise or expose their efforts. U.S. adversaries should continue using software they may mistakenly believe is impenetrable.
While virtually all Americans support tough action against terrorism, the FBI-Apple case demonstrates the dangers of total software access that overrides privacy rights, supposedly being protected by the government. The situation is even worse when, in its zeal, the government agency itself departs from the truth.