We reported yesterday that there’s a new FBI iPhone case — the bureau again asking Apple to unlock two iPhones belonging to a suspected shooter.
There are obvious similarities between the San Bernardino and Pensacola cases. Not just that both relate to shootings and involve two iPhones, but also the fact that the FBI has decided to go public with its request for Apple to help…
The intention was likely to apply public pressure on Apple to cooperate, but it seems to me more likely to achieve the opposite effect: Draw attention to the iPhone maker’s strong stance on privacy.
Indeed, the request coincided with Apple’s rare presence at CES to discuss… privacy. The timing couldn’t have been better if it had been planned by Apple PR. It afforded the company an opportunity to underline its commitment to privacy by being able to say, “Look, once again we are refusing to compromise iPhone security even when the FBI asks us to help.”
True, there is a risk that Apple’s stance might be distorted. Indeed, some news reports claim that Apple “refused to help the FBI.” That’s not the case. When served with legal authority, Apple has always cooperated to the best of its abilities.
And those abilities are significant. If an iPhone uses iCloud backup, Apple can and does provide a complete copy of that backup, which is almost all the data stored on the phone. It can do this because, while iCloud backups are encrypted, they don’t use end-to-end encryption. That means Apple holds the key and can decrypt them for the FBI and other law enforcement agencies.
That’s a compromise on Apple’s part. It’s been suggested that Apple might move to end-to-end encryption for iCloud backups, and personally I expected the company to have done so before now. But I think this is possibly a conscious decision: to be in a position to assist law enforcement where required, while also offering consumers a very high level of protection.
Anyone who isn’t happy that Apple can access their iCloud backup is free not to use it, and rely instead on local backups.
We don’t know whether iCloud backups exist in this case; all Apple has said is that it has given the FBI all the data it has. That could be anything from almost nothing through to complete and up-to-date backups of almost everything on the phones.
The point, though, is that Apple has done everything it can bar one single thing: creating a compromised version of iOS that would allow backdoor access. As both Apple and we have repeatedly pointed out, it’s impossible to create a vulnerability that only the good guys can use.
I know from last time that there are those within Apple who are unhappy about what it feels to be the distortion of its stance, and that the number of cases where iPhone encryption was an issue have been exaggerated. They’re unhappy that the FBI went public with its demand to Apple before exhausting all its own options.
Indeed, the Office of the Inspector General’s inquiry into the FBI’s handling of the San Bernardino iPhones was critical in a number of areas. It found, for example, that the agency failed to approach a company the FBI knew was close to solving the problem until literally the day before the court hearing against Apple, and that certain individuals within the FBI appeared unhappy when the vendor offered its help because it appeared they wanted the legal ruling.
Apple could perhaps help its own case by being a little clearer about what it does and doesn’t do to help law enforcement — but I suspect it is being responsible in not getting too explicit. Most criminals will not be aware that Apple can access their iCloud backups, and it’s probably in everyone’s interest that this information is known only to the tech community.
As far as the general public is concerned, Apple is known for standing up to the FBI — and a second FBI iPhone case only serves to reinforce that awareness.