(Kena Betancura/AFP/Getty Images)

Apple is fighting a federal court order to “unlock” an iPhone used by one of the suspected shooters involved in the San Bernardino mass shooting that occurred in December. The FBI has asked for Apple’s help in breaking into the phone, which is protected by a password. In a letter to its customers, Apple CEO Tim Cook called the government’s demands “chilling” and says they threaten customer security. Forum discusses the case and its implications for national security and personal privacy.

Guests:
Laura Sydell, digital culture correspondent, NPR
Nate Cardozo, attorney, Electronic Frontier Foundation
Benjamin Wittes, senior fellow in Governance Studies and co-director of the Harvard Law School-Brookings Project on Law and Security

  • jakeleone

    Apparently the New York police have around 180 iPhones they can’t read. Apple is refusing to unlock them.

    Some of the owners of those phones were involved with child prostitution and child pornography.

    What If, unlocking one of those phones, right now, could save the life of a child who is enslaved in a sex trafficking gang?

    Further, an iPhone hacking expert has recently put up a blog post that getting the information should be a fairly easy task, since Apple has access to the production keys.

    If it is easy, why is Apple allowing the possibility of missing children going unrescued, sex predators going unprosecuted, when apparently its an easy task for them to unlock these phones, with the production key.

    Oh, and the hacker stated that the unlock, will only work with one particular phone at a time, given the key/lock nature of the Apple production key.

    Apple didn’t say it was hard to unlock these phones, only that it sets a precedent. Basically Apple sees a huge market in China, and if the U.S. can enforce its laws, well unfortunately China can to. I guess that’s the price you pay for condoning communism and paying taxes to a totalitarian government.

    Well, in the U.S., that precedent was set more than 200 years ago, writs act, for the protection of the people of this country, from terrorists like the couple in San Bernardino.

    Further, isn’t this just a stunt on the part of Apple, which is aiming to create its own social network, so it can reap more billions of dollars?

    Your privacy begins and ends with court-ordered warranted search. That’s just the way it works, in the United States. It works that way to protect the weakest most vulnerable people, for example children being marketed by sex traffickers using their cell phones.

    • c_woof

      But not the way it works in other countries, like China, for one example.
      In such other countries it works to protect the govt @ the expense of citizens’ rights.

  • Beth Grant DeRoos

    ‘We are from the government and here to help’ is something we ALL should be afraid of. Remember the Apple 1984 ad? As Thomas Jefferson said ‘Those who sacrifice freedom for safety deserve neither’ Here is the 1984 Apple ad:

  • EIDALM

    That is exactly what I have been saying for the last 20 years ,setting aside this terrible incident in San Bernardino ,the so called war on terror is bogus .it is rather war against the American people by the ruling elites to use fear to rob them out of their assets and civil liberties,,,,I believe that the government has the technical ability to get the information they need from that particular phone ,but their real intention is to be able to spy on all of the American people for all other causes that may involve taxes ,voting ,etc.

  • EIDALM

    Why now ,the timing of these bloody incidents in San Bernardino ,Paris France and elsewhere ,that is happening at the same time of the rise of extreme right wing groups in the U S and in Europe including near all the Republican candidates in the U S ,and who benefit from these terrorists bloody acts ,near all of their victims are people of the middle east whose numbers is in the millions ,those who benefits are the ruling class in the U S and in Europe who created and financed all of these terrible bloody barbarians groups.

  • geraldfnord

    It sounds like a great opportunity for someone to resign from Apple to work for the government. If they take some data with them they shouldn’t, well, Apple could ask the government to prosecute that someone, and maybe they’d get around to it someday….

  • Mikronos

    The government can’t crack the password on a Vc? What, is the unit rigged to self destruct?

    This is probably part of a marketing scam to prepare a re-rig of security on the i6. the NSA already knows what is on that phone, they got the real-time transmissions from Apple as Snowden indicated.

    • Robert Thomas

      If the previous user set it to do so, the operating system will flash erase user memory if too many incorrect passwords are submitted to it in a row.

      • Mikronos

        OOOOh! A Dr. Strangelove ‘destructo’ device. Was that included with the unit or was it an app?

        Isn’t the problem that the unit ‘locks’? And a system restore (to factory standard) would wipe everything?

      • Mikronos

        Apparently local law enforcement put a new password on it and did exactly that. This is about getting back what has been written over.

  • Robert Thomas

    How may government compel an individual to create an engine for a specific purpose?

    Answer: government cannot do this.

  • Cal M

    It’s not up to Apple to solve cold cases. Nor is it up to the rest of us to give up our liberties to solve said cases. The world is a nasty brutish place: cold cases have occurred throughout history. They are each horrific, but they are not reasons to relinquish liberty. Let’s not be manipulated by individual one-off anecdotes.

  • Bob

    Don’t trust the government OR the big corporations. The bottom line with Apple’s “indignation” and “fight for your digital rights” is that they are using this as both a marketing tool and a way to fight higher compliance standards which will hit their bottom line. Oh and BTW the indignation is BS because Apple and all the other big tech and telecom companies currently work VERY closely with the government, they just want you to think otherwise!

  • Sean Dennehy

    Please ask Mr Wittes: The government has been spying on us and collecting our metadata. Now that companies are making our technology more secure, the government wants the companies to stop making technology the government can’t get into. Why does he think the government has a right to ask that?

  • jim

    It’s one thing for the government to get a warrant to force a person to turn over something that exists and is in that person’s possession. It’s quite another, however, for the government to demand that that person perform a task that the government wants performed (creating new software, in this case). How does the right to search and seize an existing item pursuant to a warrant extend to compelling the creation of a brand new non-existent item? Could the government compel Picasso to make a painting that it wanted to see?

  • Robert Thomas

    Mr Wittes’s insulting, ignorant and flatulent comment about the demeanor of “Silicon Valley” renders his opinions and comments appropriate perhaps to be uttered on TMZ or at such other venues but inappropriate and uninteresting in serious discussion.

  • Livegreen

    Last I checked China & Russia don’t follow precedent in the U.S. Court system or defer to the U.S. Government. It is simply silly (or worse) to imply they do. If they did they would have fair courts and be much freer countries. The fact is that China & Russia will TELL Apple to do the same or worse no matter what the U.S. Government and courts say.

    Whatever happens here, if Apple acquiesces to China or Russia and, say, a human rights or democracy activist is imprisoned or put to death, Apple will have a world of answering to do.

    My guess is Apple is preparing for exactly that eventuality and trying to inoculate itself when it turns in Russian and Chinese activits to preserve market share and will attempt to shift the blame to the U.S. Government.

    Even though U.S. Courts & Government rulings are irrelevant to those totalitarian regimes.

  • Robert Thomas

    It’s worth noting what the court has actually ordered and noting that the order has nothing whatever to do with encryption.

    Whether the order is still overly burdensome or not is a separate matter. Techdirt(dot)com reports the order states

    “Apple’s reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.
    “Apple’s reasonable technical assistance may include, but is not limited to: providing the FBI with a signed iPhone Software file, recovery bundle, or other Software Image File (“SIF”) that can be loaded onto the SUBJECT DEVICE. The SIF will load and run from Random Access Memory and will not modify the iOS on the actual phone, the user data partition or system partition on the device’s flash memory. The SIF will be coded by Apple with a unique identifier of the phone so that the SIF would only load and execute on the SUBJECT DEVICE. The SIF will be loaded via Device Firmware Upgrade (“DFU”) mode, recovery mode, or other applicable mode available to the FBI. Once active on the SUBJECT DEVICE, the SIF will accomplish the three functions specified in paragraph 2. The SIF will be loaded on the SUBJECT DEVICE at either a government facility, or alternatively, at an Apple facility; if the latter, Apple shall provide the government with remote access to the SUBJECT DEVICE through a computer allowing the government to conduct passcode recovery analysis.
    “If Apple determines that it can achieve the three functions stated above in paragraph 2, as well as the functionality set forth in paragraph 3, using an alternate technological means from that recommended by the government, and the government concurs, Apple may comply with this Order in that way.”

    “No, A Judge Did Not Just Order Apple To Break Encryption On San Bernardino Shooter’s iPhone, But To Create A New Backdoor”
    Techdirt Feb 16, 2016
    https://www.techdirt.com/articles/20160216/17393733617/no-judge-did-not-just-order-apple-to-break-encryption-san-bernardino-shooters-iphone-to-create-new-backdoor.shtml

    • Another Mike

      So the FBI plans to open the phone by submitting every possible password.

      • Robert Thomas

        Apparently, they’re prepared to rapidly submit passcode trials to the device in a so-called “brute force” manner. I have read that the A6 could theoretically admit one trial every 80ms.

  • Ben Rawner

    The FBI has more than enough information from the phone. Your guest’s argument that this work can be done in a sealed room is nonsense. Once the Fed’s have the special key they will use it until they too get hacked, and then hackers will have it too. So many time back doors built for the government have been exploited by hackers.

  • Harvey Alcabes

    If Apple does what the US government is requesting, what happens if China or another government orders Apple to decrypt a phone?

    –Harvey, Palo Alto

    • Robert Thomas

      Once information is strongly encrypted it can’t be decrypted without the proper key. If Apple engineers its application to not require the key be rendered to Apple, Apple could not decrypt such information.

      • c_woof

        But what is to prevent China or Russia or some other large market pressuring Apple to comply w/a similar request? (Which would allow such places to pursue their citizens.)
        Isn’t once such an event happens, the thumb’s been pulled from the dike?

        • utera

          Exactly, the best system removes apple from having any ability to help the authorities.

  • Dan Segedin

    Isn’t it a given that Apple already knows how to decrypt the phone or at least how to go about decrypting it? Therefore, the knowledge is already out there, they just have to do it in this case – for valid reasons with potentially huge benefit. The bigger issue is Apple making a phone that not even Apple can get into by design.

  • Another Mike

    What is the point of extracting information from a dead man’s phone? It cannot be used to convict him — he’s dead.

    • Bill_Woods

      Notionally, to get information about other criminals.

      • Another Mike

        What about the fabulous envelope information (“metadata”) that the NSA has been storing from everyone to everyone for years? Wouldn’t that provide sufficient leads to other criminals?

        • Bill_Woods

          Alice might have sent Bob instructions to pick up Chuck at LAX on Thursday. The metadata would connect Alice to Bob, but not Chuck.

  • Robert Thomas

    “A woman’s death in Louisiana” could be very well investigated long before such telephones existed – even in Louisiana.

    Wittes’s example argument is ridiculous.

  • Bob Jones

    If Apple does create a backdoor does this mean that Government employees will not be able to Use the IPhone because it isn’t secure enough? 8 years ago Government employees used Blackberry phones because the IPhone was not secure enough.

  • NK

    If its about the data, then more than the device makers such as Apple, why arent the data provider companies being asked for meta data (if that is readily available) as your guest had mentioned earlier

    • Another Mike

      Obviously, the FBI wants to see the terrorists’ vacation snaps, favorite tunes, whether they played Tetris or Hangman, etc.

      • NK

        LOL!

  • Another Mike

    And the FBI can still require the wireless phone companies to do the equivalent of wiretapping. But they couldn’t force landline phone manufacturers to include tape recorders in the phones.

  • jim

    The guests say it wouldn’t be an “undue burden” for Apple to do this, since the cost of doing it wouldn’t bankrupt them. But, if they do it, the value of their encryption from that point forward effectively goes to zero. That’s pretty serious.

  • Dan

    This isn’t an issue of search and seizure. This is the government asking for a private company to create a new product to help them do their jobs. What next? How about compelling security companies to turn over all home video feeds to the government? Anyone remember the telescreen from 1984?

    • Robert Thomas

      As I asked here elsewhere, can government compel an individual to conceive some sort of engine?

      Obviously, it cannot.

  • Todd Stiers

    Apple should make the backdoor available for everyone – I miss being able to install my own software of my choosing on my iPhone like I could do up until IOS 7. Waiting around for the next exploit…

  • disqus_63X8zNMKNl

    Wow. What a stream of invective this has provoked! The one listener comment that seemed calm and reasoned was the one that observed that everyone was so strongly on one side or the other rather than considering compromise. Indeed, what strikes me in these comments is that people seem to immediately take a “government is too big, too intrusive, they’re lying,” etc. stance–and feel so angry about it. It’s hard to believe that any of us outside of Apple and/or law enforcement has all the information necessary to make a good decision.
    This seems to have devolved with great speed to a 100% political issue, with people taking a strong stand on one side or the other. We probably have enough evidence already that refusal to compromise leads to the mess that calls itself Congress now.

    • Robert Thomas

      Severe opposition to this court order need have no particular political attitude.

      The question boils down to whether an individual (a corporate entity; or if you prefer, individual engineers employed by same) may be compelled by government – under peril of some penalty – to conceive of and create a device or engine or method that doesn’t presently exist.

      The answer to this question has very wide ranging implications that the present discussion has obscured.

      • disqus_63X8zNMKNl

        You make a good point. It does seem to me that popular opinion is divided into either pro-corporation/anti-government or anti-corporation/pro-government (as if that’s really such an easily divisible issue). But I do admit that I am not an expert in technology, crime detection, law, and whereas I care what happens in this country, coming down on either side of this issue is really not something I’m qualified to do. I suspect we’ll hear a great deal more about the ramifications of this issue as time goes on.

        • Another Mike

          I am pro-freedom, pro-civil rights.

  • JohnTArmstrong

    From the working definitions of encryption – used by the NSA – breaking an encryption takes ‘the entire computing power of the world 10 years’ – in what sense is that practical for Apple?

    • Robert Thomas

      The court order in the me present matter has nothing to do with encryption.

      Law enforcement wants to be allowed to throw a large number of four-digit passcodes at the iPhone in order to unlock it, without the iPhone getting nervous and refusing to allow so many attempts – or the phone getting VERY nervous and erasing all local user data after too many failed attempts. If the iPhone’s software were to be modified to allow many attempts at unlocking it, the police would quickly succeed in finding the correct passcode. This is astronomically simpler than breaking strong encryption.

      • JohnTArmstrong

        I see — thanks for posting the Techdirt text of the order!

        • Robert Thomas

          I think I understand now how the concept of encryption does indeed have a connection to these events.

          The sort of encrypted message that has been discussed for some years – that law enforcement would like to decrypt after collecting such messages through eavesdropping – generally employs “asymmetric public key”-dependent systems like Pretty Good Privacy (“PGP”). That sort of encryption isn’t incorporated in the mechanism in question here.

          In the present case, investigators want Apple to render the “symmetric” signature cryptological key known only to Apple and each of its phones, that will allow a firmware update of the phone’s operating system using a wired connection and the phone’s “Device Firmware Update” mode. This sort of key is not “public” and must be known to both parties before communication can occur.

          It’s good to consider BOTH the Trail of Bits Blog entry

          “Apple can comply with the FBI court order”
          By Dan Guido
          Trail Of Bits Blog, Feb 17, 2016
          http://blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order/

          article AND this one, from arstechnica:

          “Encryption isn’t at stake, the FBI knows Apple already has the desired key – The FBI knows it can’t bypass the encryption; it just wants to try more than 10 PINs.”
          By Peter Bright
          arstechnica, Feb 18, 2016
          http://arstechnica.com/apple/2016/02/encryption-isnt-at-stake-the-fbi-knows-apple-already-has-the-desired-key/

  • JohnTArmstrong

    Just a question – referring back to the ‘safe’ analogy (inappropriate if talking about decryption – but not if talking brute force attacks on a passphrase, where the attacks are being ‘slowed down’ by or ‘frozen’ if too many attacks are created) – I have had firmware recovered from locked microprocessors by a company that ‘destroys the bit’ that essentially ‘pins the lock’ – which then allows them to download the firmware and create a file that allows me to program other microprocessors. (for the techy’s the recovered code is an image – not decompiles source). Maybe the government should be requesting the location of the circuit trace, or memory location, in the processor or memory that would enable the flash erase – and just blow that trace. (Drill the safe).
    Now – I don’t for a minute think I am the first to think of this – which means to me, that it has been considered and ruled out, or … this is just a case to get a new law passed.

    • Robert Thomas

      This also occurred to me (and as you say, to lots of people): depending on the phone’s design, the user-space memory element may yield by being removed to a test fixture and stimulated to dump its contents with no interference from any software.

      Alternately, pop (decapsulate) the A6 or the discrete flash device, FIB the die (use the Focused Ion Beam method to blast through the passivation and alter appropriate metalizations) and cross your fingers. This isn’t always successful and can destroy the device.

      In order for these techniques to enjoy high probability of success, however,

      1) the device would have to be surrendered to a non-governmental entity, compromising its value in a number of ways;
      2) investigators would still need intensive, enthusiastic collaboration with an even larger number of design team participants;
      3) the path of investigation would not be transferable to other manufacturers’ devices or even to very slight variations among products of the same maker and model without a complete repetition of many complex actions – investigations which, despite protestations to the contrary, one can imagine that the investigators may wish to pursue;
      4) what all else. Bozhe moi.

  • Robert Thomas

    Another good discussion of the particular facts of this issue may be found at

    “Encryption isn’t at stake, the FBI knows Apple already has the desired key –
    The FBI knows it can’t bypass the encryption; it just wants to try more than 10 PINs.”
    By Peter Bright
    arstechnica, Feb 18, 2016
    http://arstechnica.com/apple/2016/02/encryption-isnt-at-stake-the-fbi-knows-apple-already-has-the-desired-key/

    This describes how the “signature” symmetric cryptographic key – a symbol shared by Apple and each of its phones – that allows activation of the iPhone’s “Device Firmware Update” mode (with microprocessors such as the model 5c’s A6 ARM device not incorporating the so-called “Secure Enclave” circuitry of the ARM A7 or later) – is what’s finally being sought from Apple.

    This is completely distinct from the sort of asymmetric public key encryption that an application like PGP would use to communicate encrypted data between two phones – and that would frustrate an eavesdropper.

Sponsored by

Become a KQED sponsor