Illustration: Chrystal Zhang
In early December last year, two terrorists carried out a horrific mass shooting in San Bernardino, California, leaving 14 dead and another 22 seriously injured. In the aftermath of the attack, the FBI announced it had the iPhone 5C of one of the perpetrators, Syed Farook.The FBI took Apple to court, stating that Apple must grant the FBI a backdoor software that would allow them to access the phone. Apple refused. This sparked a new debate on security versus privacy.
Since then, the case has been dropped by the FBI, who stated that they have found a third-party that could unlock the iPhone. The FBI has not yet released the details on the third-party organization or the method used to unlock the phone, stating that the patch-ups done by Apple would complicate government access of phones in the future. In the end, the FBI secured the contents located within the phone, and they didn’t even need Apple to do it.
So has Apple lost the battle?
It’s interesting to note that the company suspected of aiding the FBI has been a regular contact in the past. Cellebrite, an Israeli company that specializes in data extraction, has received over $2 million on more than 1000 purchase orders from the FBI in the past 7 years [1] [2]. They also signed a contract with the FBI in 2013, specifically to help with mobile forensics and data extraction [3]. Cellebrite is known to be able to access most major smartphone operating systems and more than 95% of all cell phone models [3]. The company has also received orders from the US Immigration and Customs Enforcement, the US Drug Enforcement Agency, NASA, and various other Federal department. Evidently, the company has already been working with the American government for some period of time.
Cellebrite is by no means a new emergence, but if the FBI had this tool at their disposal, why would they even attempt to take Apple to court? If they were after the information, they could’ve easily just asked Cellebrite to extract the contents of the phone, without the knowledge of the manufacturer.
The FBI’s requests to Apple differ from their work orders to Cellebrite in that their requests seem to have applications to multiple iPhones rather than just one specific phone. The FBI has requested a backdoor software from Tim Cook, the CEO of Apple, and later, the software’s source code and private key. Both items would allow the FBI to access multiple phones without having to ask Apple for further assistance. Owning Apple’s private key means that the FBI could legitimize their own versions of iOS, allowing them to build backdoor software for any future iPhone. Even if Apple just unlocked the phone and secured the backdoor software, it would set a precedent that would allow the FBI to continuously ask Apple to open all iPhones that are related to crimes. Furthermore, the FBI would just use the result in this case as leverage in future cases. This would practically force all tech companies like Samsung, Microsoft, and Blackberry to weaken their encryption so that the government can always gain access when needed.
Apple notes that Congress actually failed to pass the expansion of the Communications Assistance for Law Enforcement Act (CALEA) meant for situations like this [4]. The company has also pointed out that the CALEA specifically has limitations that include the following clause: “A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer….” Under the CALEA, Apple is by no means responsible for unlocking the iPhone, and cannot be forced to do so. If this case was won by the FBI, however, it would be extremely likely that the current CALEA would be modified to fit the court ruling, possibly allowing the FBI to legally obtain access into a phone.
A few weeks after the original case ended, the FBI returned to present two new iPhone-related cases dealing with high-profile drug dealers [5]. The phone in question is now an iPhone 6, containing new security features, which the FBI claimed could not be unlocked by their third-party source. Even though Cellebrite is reportedly “close” to finding an extraction method [6], the process is slow, and Apple security can just evolve with the extraction methods.
While the FBI did end up accessing the iPhone, the case was a huge win for Apple because it successfully isolated the backdoor to this singular case. Through their legal battle, they have made it clear that a corporation is by no means responsible for data extraction and have drawn a line to how far national security has the right to go. In that regard, Apple has not only taken a huge step for itself, but also for the right of privacy.
[3] http://www.theverge.com/2016/3/23/11290374/apple-iphone-fbi-encryption-crack-cellebrite
[4] https://www.eff.org/issues/calea
[5] http://time.com/4242709/apple-fbi-encryption-new-york-san-bernardino/
[6] http://www.reuters.com/article/us-apple-encryption-cellebrite-idUSKCN0WP17J
