Apple v. FBI

From SI410
Jump to: navigation, search

Following a terrorist attack that occurred in San Bernardino, CA, in December of 2015, police investigations recovered the work-issued mobile device of one of the perpetrators, an iPhone 5C. The Federal Bureau of Investigation (FBI) requested the makers of the iPhone 5C, multinational technology company Apple Inc., to implement and verify new software that would allow the FBI to unlock the recovered device. Apple, however, refused this request, stating that the creation of this software would undermine the security of its products, which was against their company policy. The FBI, believing that there could be important evidence stored within the iPhone, successfully applied to issue a court order to direct Apple to create the software. Apple announced its intent to oppose the order, again due to the security risks it would pose to its customers[1]. A hearing was set for late March of 2016, with the case being popularly referred to as “Apple v. FBI.”

Background

On December 2, 2015, a mass shooting and attempted bombing occurred at the Inland Regional Center in San Bernardino, CA, killing 14 people and seriously injuring 22 more. The perpetrators were a married couple, Syed Rizwan Farook and Tashfeen Malik, who investigations revealed were heavily influenced by extreme terrorists and terrorist organizations. The couple had reportedly been preparing for the attack for at least one full year, including taking target practice as well as planning for the future of their child and Farook’s mother after the attack. While the investigation on the couple indicated that the couple was radicalized and possibly inspired by foreign terrorist groups, there was no proof that they were actively a part of, or instructed by, a broader organization[2].

The attack occurred at a San Bernardino County Department of Public Health training event and Christmas party of about 80 employees. The perpetrators were armed with semi-automatic pistols and rifles and were wearing ski masks and black tactical gear. The whole shooting occurred in roughly two to three minutes. The couple also left three explosive devices connected to one another at the Inland Regional Center. The bombs were poorly built and failed to detonate[3].

Following the attack, Farook and Malik fled the scene as emergency responders and police arrived. Police swept throughout the building searching for the shooters and aided the injured. Four hours after the attack, police identified Farook and Malik as the shooters, and approached their residence, where they were witnessed driving away.

An iPhone 5c used by one of the perpetrators, Syed Rizwan Farook, was discovered in his home during investigations following the shooting

Police pursued the couple onto the freeway, before entering a neighborhood where the couple began exchanging gunfire with the officers. The ensuing shootout lasted around five minutes, leaving both Farook and Malik dead, and one officer injured[4].

Following the events of the attack and car chase, a search warrant was issued for the perpetrators’ home, which the police promptly executed. Farook and Malik’s residence was investigated, where several weapons and tools for bomb construction were found. Personal electronics belonging to the couple were also discovered, including the work-issued iPhone 5C belonging to Farook. The following day, on December 3rd, the FBI officially took over as the leading federal law enforcement agency on the case, treating it as a counter-terrorism investigation. Authorities also searched a townhouse in Corona, California twice, as it was the residence of Farook’s brother and father. The FBI reported that the family was cooperative and that no arrests were made. Due to some witnesses’ claims of having seen a third gunman present during the attack at the Inland Regional Center, the FBI’s continued investigation centered around uncovering more information about the motives and plans of Farook and Malik, leading to their attempt to unlock and decrypt the iPhone obtained from the couple’s home[5].


The FBI's Request

On February 9, 2016, the FBI announced that attempts to unlock the recovered iPhone 5C were unsuccessful due to the security features of the device[6]. It was later revealed Apple had been very cooperative in aiding the FBI extract data prior to the FBI’s request to create a new operating system. One of the more promising methods of data extraction was mistakenly ruled out when the FBI requested San Bernardino County, the owner of the phone, to reset the password to Farook’s iCloud account to obtain data from the iCloud backup. This request backfired, however, as the phone was rendered unable to back up its most recent data to iCloud until the newly reset password iCloud password was entered, which required the phone to be unlocked[7]. The phone was protected by a four-digit PIN code, which only allowed for ten incorrect tries to unlock the device before the AES encryption key, which protected the phone’s stored data, would be erased, leaving the phone’s data inaccessible[8]. The FBI first contacted the National Security Agency (NSA) to unlock the device, but they too were unsuccessful in breaking into the locked phone[9]. The FBI then turned to Apple, the manufacturer of the device, to design a brand new version of the phone’s operating system that could be installed and run in the device’s random access memory (RAM), allowing for specific security components of the iPhone to be disabled and allow the FBI to access the phone’s data, coined the title “GovtOS” by Apple[10].

Multinational technology company Apple ordered to create software to backdoor their devices

Apple declined the request due to its policy to never undermine the security and privacy of its own products. The FBI, without further means of unlocking the iPhone, continued to pressure Apple, applying to California district-court magistrate judge Sheri Pym to issue a court order to compel Apple to provide the software on February 16, 2016. The court order was called In the Matter of the Search of an Apple iPhone Seized During the Search Warrant on a Black Lexus IS300, California Licence Plate 35KGD203, as the vehicle driven by the attackers was a black Lexus SUV[11]. The techical details of the order specified that that Apple was to aid in accomplishing: “(1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to teh SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE; and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware[12].”

The order was issued under the All Writs Act of 1789, which states that federal courts can issue “all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.” The government cited the Supreme Court case United States v. New York Telephone Co. from 1977 as a precedent to utilize the All Writs Act, as that case the Supreme Court ruled that the All Writs Act gave courts the authority to request reasonable technical assistance from the New York Telephone Co. to access phone calling records. Apple argued that New York Telephone had already been in the process of collecting this caller data as part of their business practices, differing from the FBI’s current request to create a software that was completely new[13].

This raised questions about how the government was interpreting the All Writs Act, as Apple had not been accused of any wrongdoing and was thus not breaking any laws. The order gave Apple five days to apply for relief if they felt the order was “unreasonably burdensome”[14].

Apple's Response

Apple declared its intention to oppose the order, with chief executive officer Tim Cook releasing a statement to all Apple customers detailing their stance. Cook states that the demands of the government were “chilling”, and that complying with the court order would set a legal precedent that they would need to unlock any device for any future warrant they faced, giving the government “the power to reach into anyone’s device to capture their data” and that they “can find no precedent for an American company being forced to expose its customers to a greater risk of attack.” The creation of this backdoor for their product introduced a huge security risk for Apple’s customers, as the backdoor could then be used over and over again on any device, thus undermining all of Apple’s security advancements over the years[15].

Apple further cited the First and Fifth Amendments in their brief to have the order dismissed. Apple asserted that being compelled to write this new software “amounts to compelled speech and viewpoint discrimination in violation of the First Amendment.” Previous court cases had established that computer code as legally protected speech, and thus protected by the First Amendment. Apple claimed its Fifth Amendment right by being ordered to compel by the FBI despite not being directly involved in the crime. In their brief, Apple also demonstrated an example of the ramifications the FBI’s order: “If Apple can be forced to write code in this case to bypass security features and create new accessibility, what is to stop the government from demanding that Apple write code to turn on the microphone in aid of government surveillance, activate the video camera, surreptitiously record conversations, or turn on location services to track the phone’s user? Nothing."[16] Ultimately, Apple believed that while the intentions of the FBI were good, it was wrong of the government to request the creation of a backdoor to their products. A hearing for the case was set for March 22, 2016.

One day before the hearing, on March 21, the government announced that they had hired a third party to unlock the iPhone, and that they had demonstrated a potential method that required more time to determine its success. The court granted the FBI a delay on the hearing, and one week later on March 28, the FBI revealed that the device had been successfully unlocked. The court order for Apple to create the backdoor was withdrawn[17]. It was revealed on April 7, 2016 by FBI Director James Comey that the tool used to unlock the device is only suitable to be used on models of the iPhone that do not have the Touch ID sensor. Comey would not reveal the source of the tool used since the rights to the technical details of tool’s functions were not bought, but confirmed that the FBI purchased it from a third party for more than 1.3 million dollars. Some sources claimed the third party to be the Israeli company Cellebrite. However, The Washington Post reported in 2021 that the FBI paid the white hat hacking firm, Austratlian company Azimuth Security, to take advantage of a vulnerability in the iPhone’s software that was unknown to Apple to bypass its ten-try limit on the passcode.[18]


Ethical Considerations

The circumstances of this case were unique and unprecedented, and as a result, raised a lot of questions regarding the ethics of security and privacy. There also arose debates of the roles of technology companies when it comes to the issue of national security, as well as the power that the federal government has over these companies in an age where technology is so prominent in the daily lives of Americans. The balance between individual rights and government authority was called into question, with two influential entities spearheading opposing sides of the dispute.

The FBI argued that Apple’s noncompliance would hinder an investigation regarding the safety of Americans, as well as interfere with the prevention of future terrorist attacks. Former FBI director James Comey believed that backdoor access to devices were essential to many investigations, and that without it, many criminals would not be convicted as a result.[19] There were those who felt Apple’s reluctance to comply was purely a business decision. The National Sheriff’s Association suggested that Apple’s stance was “putting profit over safety” and “has nothing to do with privacy.” Several organizations, including the National Sheriffs’ Association and the Federal Law Enforcement Officers Assocation, filed a brief in support of the FBI . There also exists the point of view that while Apple should have it’s right to protect itself and its customers data and privacy, they should be able to be directed by a court order to unlock its devices if it is proved and demonstrated that there is relevant evidence on the device.[20]

Apple’s argument centered around how their compliance would result in a dangerous precedent that exposed technology companies to not be able to protect their customer’s data if the government were to request it. A major point of contention was that the requested software did not already exist, and thus the creation of this software introduced future avenues of vulnerability that more malicious parties could exploit. There are those who argue that a backdoor cannot be limited only for the use of law enforcement, that law enforcement access also entails potential hostile party access. Apple had strong support from other prominent tech companies, with several amicus curaie briefs being filed with the court for the case, including major names such as Amazon, Google, Facebook, Microsoft, and many more[21]. Former director the NSA and the Central Intelligence Agency (CIA) General Michael Hayden also supported Apple’s position, stating that the CIA considered cyber attacks to be the most prominent threat to the security of the United States. Hayden’s support of Apple detailed his perspective that to preserve the cybersecurity of the United States, this aspect of law enforcement and counter terrorism should be given up.[22]

There were skeptics about the FBI’s real intentions, especially with the FBI’s ability to break into the phone with the help of a third party. Hanni Fakhoury of the Electronic Frontier Foundation, a privacy rights group based in San Francisco, feels that the FBI is not telling the full story, pointing out that Comey and the FBI have not been able to indicate any crimes that were not able to be solved due to the existence of encryption software.[23] This raised questions of the validity of the FBI’s request, with skeptics viewing the order as a way for the government to possess a method for decrypting devices in the future.

The debate about the balance between national security and individual privacy was brought into the spotlight, with strong arguments on both sides leaving the issue at a stalemate. The tension between the limits of government power and the rights of private corporations were also explored. While the case ultimately did not result in a definite legal precedent, it did leave a lasting impact on the ongoing controversy between security and privacy in our digital world.


References

  1. Nakashima, E. (2016, February 17). Apple vows to resist FBI demand to crack iPhone linked to San Bernardino attacks. The Washington Post. https://www.washingtonpost.com/world/national-security/us-wants-apple-to-help-unlock-iphone-used-by-san-bernardino-shooter/2016/02/16/69b903ee-d4d9-11e5-9823-02b905009f99_story.html
  2. CNN, B. G. B. and R. E. (2015, December 4). San Bernardino shooting investigated as “act of terrorism.” CNN. https://www.cnn.com/2015/12/04/us/san-bernardino-shooting/index.html
  3. Chan, M. (2015, December 3). The San Bernardino Shooting Could Have Been Deadlier. Time. https://time.com/4135215/san-bernardino-remote-bomb/
  4. AM, Myers, A. L., & Press, J. P. A. (2015, December 2). 14 dead, 17 wounded in California shooting; 2 suspects dead. San Diego Union-Tribune. https://www.sandiegouniontribune.com/sdut-california-police-respond-to-report-of-active-2015dec02-story.html
  5. Domonske, C. (2015, December 3). San Bernardino Shootings: What We Know, One Day After. Npr.org. https://www.npr.org/sections/thetwo-way/2015/12/03/458277103/san-bernardino-shootings-what-we-know-one-day-after
  6. Volz, D., & Hosenball, M. (2016, February 9). FBI director says investigators unable to unlock San Bernardino shooter’s phone content. Reuters. https://www.reuters.com/article/us-california-shooting-encryption-idUSKCN0VI22A
  7. Dave, P. (2016, February 20). Apple and feds reveal San Bernardino shooter’s iCloud password was reset hours after attack. Los Angeles Times. https://www.latimes.com/business/la-fi-tn-apple-fbi-call-20160219-story.html
  8. "iOS Security—Version 9 or later" (PDF). Apple Inc. September 2015. Archived (PDF) from the original on February 27, 2016. Retrieved February 25, 2016.
  9. Whittaker, Z. (2016, June 10). NSA finally admits why it couldn’t hack San Bernardino shooter’s iPhone. ZDNET. https://www.zdnet.com/article/nsa-comes-clean-on-why-it-couldnt-hack-san-bernardino-shooters-iphone/
  10. Blankstein, A. (2016, February 16). Judge Forces Apple to Help Unlock Terror Shooter’s iPhone. NBC News. https://www.nbcnews.com/storyline/san-bernardino-shooting/judge-forces-apple-help-unlock-san-bernardino-shooter-iphone-n519701
  11. Inc, D. A. (2016, February 16). USA v. In the Matter of the Search of an Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus IS300, California License Plate 35KGD203, 5:16-cm-00010 (C.D.Cal.) via Docket Alarm. Docket Alarm. https://www.docketalarm.com/cases/California_Central_District_Court/5--16-cm-00010/USA_v._In_the_Matter_of_the_Search_of_an_Apple_iPhone_Seized_During_the_Execution_of_a_Search_Warrant_on_a_Black_Lexus_IS300_California_License_Plate_35KGD203/
  12. Pym, Sheri (February 16, 2016). "Order Compelling Apple, Inc. to Assist Agents in Search" (PDF). United States District Court for the Central District of California. Archived (PDF) from the original on February 10, 2021. Retrieved February 10, 2023.
  13. Zetter, K., & Barret, B. (2016, February 25). Apple to FBI: You Can’t Force Us to Hack the San Bernardino iPhone. Wired. https://www.wired.com/2016/02/apple-brief-fbi-response-iphone/
  14. Sorkin, A. D. (2016, February 19). The Dangerous All Writs Act Precedent in the Apple Encryption Case. The New Yorker. https://www.newyorker.com/news/amy-davidson/a-dangerous-all-writ-precedent-in-the-apple-case
  15. Cook, T. (2016, February 16). Customer Letter - Apple. Apple. https://www.apple.com/customer-letter/
  16. Zetter, K., & Barret, B. (2016, February 25). Apple to FBI: You Can’t Force Us to Hack the San Bernardino iPhone. Wired. https://www.wired.com/2016/02/apple-brief-fbi-response-iphone/
  17. Wattles, L. S., Jose Pagliery and Jackie. (2016, March 28). FBI says it has cracked terrorist’s iPhone without Apple’s help. CNNMoney. https://money.cnn.com/2016/03/28/news/companies/fbi-apple-iphone-case-cracked/index.html
  18. Nakashima, E., & Albergotti, R. (2021, April 14). The FBI wanted to unlock the San Bernardino shooter’s iPhone. It turned to a little-known Australian firm. Washington Post. https://www.washingtonpost.com/technology/2021/04/14/azimuth-san-bernardino-apple-iphone-fbi/
  19. Dujardin, P. (2015, April 15). Law enforcement worries over beefed-up phone encryption. Dailypress.com. https://www.dailypress.com/news/crime/dp-nws-phone-encryption-20150412-story.html
  20. NPR. (2016, February 21). It’s Not Just The iPhone Law Enforcement Wants To Unlock. NPR; NPR. https://www.npr.org/2016/02/21/467547180/it-s-not-just-the-iphone-law-enforcement-wants-to-unlock
  21. Brandom, R. (2016, March 3). Google, Microsoft, and other tech giants file legal briefs in support of Apple. The Verge. https://www.theverge.com/2016/3/3/11156704/apple-fbi-amicus-briefs-iphone-encryption-fight
  22. Limitone, J. (2016, March 7). Fmr. NSA, CIA Chief Hayden Sides with Apple Over Feds. FOXBusiness. https://www.foxbusiness.com/features/fmr-nsa-cia-chief-hayden-sides-with-apple-over-feds
  23. Dujardin, P. (2015, April 12). Law enforcement worries over beefed-up phone encryption. Dailypress.com. https://www.dailypress.com/news/crime/dp-nws-phone-encryption-20150412-story.html
Retrieved from "http://si410wiki.sites.uofmhosting.net/index.php?title=Apple_v._FBI&oldid=116667"