This all might sound familiar: After a mass shooting, the Federal Bureau of Investigation wants Apple to build a tool that can unlock the attacker's iPhones. But don't expect round 2 of Apple versus the FBI to necessarily play out like the first. The broad outlines are the same, but the details have shifted precariously.
For all the FBI's posturing, its attempt to force Apple to unlock the phone of one of the San Bernardino terrorists ultimately ended in a draw in 2016. The FBI dropped its lawsuit after the agency found a third-party firm to crack it for them. Now, the FBI claims that only Apple can circumvent the encryption protections on the two recovered iPhones of Mohammed Saeed Alshamrani, who killed three people and wounded eight in December at a Naval air station in Pensacola, Florida. As it did four years ago, Apple has declined.
Apple's central argument against helping the FBI in this way remains the same: Creating a backdoor for the government also creates one for hackers and bad actors. It makes all iPhones less safe, full stop. Since the last Apple-FBI showdown, though, technological capabilities on both sides, the US political landscape, and global pressures have all substantially evolved.
First there are the phones themselves. In the San Bernardino case, the FBI contracted with the digital forensics firm Cellebrite to unlock one of the shooters' iPhone 5Cs, which ran iOS 9. Apple's iOS defenses have evolved significantly since then, particularly to stymie early generations of unlocking tools. For example, multiple rounds of updates in iOS 11—Apple's mobile operating system from September 2017 to September 2018—were specifically designed to plug holes that hackers and third-party cracking services had used to bypass data protections.
But every time Apple closes a door, enterprising forensics firms open a window. Just last summer, Cellebrite publicly claimed that its tools could unlock any iOS device up to those running iOS 12.3, the current version at the time. A few months later, researchers discovered additional hardware flaws that provide even more options for cracking any iOS device released between 2011 and 2017.
That applies to both of the Pensacola shooter's phones, an iPhone 5 and an iPhone 7 Plus. Alshamrani did attempt to physically destroy both by shooting and smashing them, but attorney general William Barr has said that the FBI's Crime Lab was able to "fix both damaged phones so that they are operational." Given this restoration and the legacy phone models in question, it's unclear why the FBI wouldn't be able to use third-party cracking tools developed by companies like Cellebrite or Grayshift to access data on the phones.
"If they can boot up the phone, then existing tools will work," says Dan Guido, CEO of Trail of Bits, a company that consults on iOS security. "I’m not sure how the state of the hardware may complicate matters, because there’s no detailed information about that. Even then, I’m sure forensics firms receive broken phones all the time."
Despite Barr's claims Monday that the phones are "virtually impossible to unlock without the password," and that Apple has "not given any substantive assistance," existing methods appear readily available to the FBI. And while Apple understandably refuses to undermine the encryption of these devices, the company says it has turned over "many gigabytes" of iCloud and other data to investigators.
"As far as we know, law enforcement has a number of workable options for unlocking phones, particularly older phones like these," says Johns Hopkins cryptographer Matthew Green. "It’s not clear to me why those tools wouldn’t work against these phones, but it’s possible that it's related to the deliberately inflicted physical damage. If that’s the case, then it seems that the FBI doesn’t have an Apple problem, it has a bullet problem."
When asked why it can't find a third-party solution and must turn to Apple in this case, the FBI shared a statement: "The FBI’s technical experts—as well as those consulted outside of the organization—have played an integral role in this investigation. The consensus was reached, after all efforts to access the shooter’s phones had been unsuccessful, that the next step was to reach out to start a conversation with Apple."
Then there's the political aspect, which again has rough parallels.
"In both cases it seems clear that the Department of Justice is trying to identity the most politically advantageous case in which to press a longstanding desire, which is that companies reengineer their products to allow easy surveillance," says Ben Wizner, director of the American Civil Liberties Union's Speech, Privacy, and Technology Project. "In both cases we’re dealing with terrorists who are already dead, so it seems clear they are more interested in the authority than they are in the data on the phone."
The backdrop against which law enforcement seeks that authority, though, has changed. The Department of Justice under the Obama administration was also determined to establish backdoors. But the Trump administration and President Donald Trump himself are much more willing to air grievances and stoke public backlash than the old guard. "We are helping Apple all of the time on TRADE and so many other issues, and yet they refuse to unlock phones used by killers, drug dealers and other violent criminal elements. They will have to step up to the plate and help our great Country," Trump tweeted on Tuesday.
Trump's former deputy attorney general Rod Rosenstein called for backdoors in 2018 to deal with what's known as "the going dark problem" in digital technologies. And this fall, attorney general Barr added pressure on tech companies by calling out Facebook's plans to fully encrypt all of its messaging platforms. In a summit on child sexual abuse, the Department of Justice argued that such a move would severely limit its ability to investigate exploitation of minors. Apple is just the latest target in an ongoing campaign.
During a Senate Judiciary Committee hearing about encryption and lawful access in early December, lawmakers from both parties said they thought tech companies needed to cooperate with law enforcement to make data available. But they also expressed bipartisan concern about the risks of creating backdoors, given the potential that they could be abused. And no draft legislation currently exists that proposes any type of mandate on the topic.
Apple itself had acknowledged the encryption debate just prior to Barr's request. "I manage the law enforcement compliance team at Apple, and I have a team that works 24 hours a day, seven days a week, responding to exigent requests from law enforcement," Jane Horvath, Apple's senior director for global privacy, said in a panel discussion at last week's CES trade show in Las Vegas. "We have helped in solving many cases, preventing suicides, et cetera. So we are very dedicated, and none of us want that kind of material on our platforms. But building a backdoor to encryption is not the way that we're going to solve those other issues."
The company also now faces pressure not only from the Department of Justice but increasingly from foreign governments as well. Australia passed a law at the end of 2018 that can be used to compel tech companies to undermine their data security measures for law enforcement. The United Kingdom has considered similar measures and signed an open letter in October, along with the US and Australia, asking Facebook not to encrypt its Messenger services. India, too, is mulling so-called lawful access mandates after clashing with tech companies like Facebook and its WhatsApp service over access to user data during investigations. For big US tech companies, complying with backdoor requirements in any one country would mean a backdoor for all users around the world. The only alternative would be to pull out of those countries entirely.
Those changing tides don't mean that Apple will lose its fight this time, or that it will end in another draw. "Is the political climate in which they are pressing this fight significantly different now? I think it's too soon to tell," the ACLU's Wizner says. "Before the Snowden revelations of 2013, I don’t know that we would have seen the tech companies being as forceful in their defense of strong encryption as they are. And I don’t think there’s any sign now that the public will view this differently than they did a few years ago."
But the Justice Department actively chose this moment in time to reignite the debate. Regardless of whether it genuinely needs a tool to access the Pensacola shooter's iPhone, it clearly sees its best opportunity in years to get what it wants.
Updated January 16, 2020, 5:45pm ET, with an FBI statement about why it must seek Apple's assistance.