The battle for the right to privacy with your encrypted personal communications is once again being played out in the US media, and the US courts this week. In a massively high profile case, Apple has been ordered by a US Court to enable the FBI to unlock the iPhone of one of the two attackers who killed 14 people in a terrorist attack in San Bernardino, California in December of last year.
The phone in question belonged to Syed Rizwan Farook, who along with his wife massacred 14 of his co-workers at their Christmas Party. The FBI has been in possession of the phone since the attack, but they have been unable to access it.
There have been ongoing discussion between the FBI and the Obama administration and Apple since the attack in an effort to enable law enforcement agencies to access the device. The iPhone in question is equipped with the latest Apple security software which means that if Federal Agents attempt to enter the password incorrectly ten consecutive times all the data on the device will be erased.
The FBI want Apple to amend the software on the device to enable them to make multiple attempts at the passcode without the risk of losing data. It is thought that the device in question is an older model with a four-digit pin code, meaning there are around 10,000 possible combinations for them to try.
Now Federal Judge Sheri Pym has ordered Apple to remove the auto-delete functions on the phone and also stop any other security measures that might delay or impede officers in their investigation. She stopped short of ordering Apple to crack the phone and hand data over to the FBI, but what she has essentially ordered them to do is create a backdoor into their encryption.
This means the case goes to the very heart of ongoing debate about encryption in the USA, which we have reported here at Fried.com before. The FBI and other law enforcement agencies are pushing hard for legislation to require tech companies that offer encrypted communications, such as Apple, and indeed many VPN providers, to create a back door into their security settings to enable them to read communications in cases of national security such as this.
Overlooking the fact, that the NSA and the FBI have a long track record of looking at communications of US citizens in far more cases than just those relating to National Security, the tech companies have long refused to comply with these demands, because it would effectively mean them introducing a weakness into their security settings which would compromise the privacy of their users and the security of their services.
Indeed, it was precisely because of the mounting pressure and the revelations by Edward Snowdon of widespread US Government snooping into their citizens’ communications, that Apple introduced their new security measures back in 2014. They said at the time that even they did not have the means to break into their encryption, and that remains the case.
In a withering critique of the judgement in an open letter published on their website, Apple CEO Tim Cook blasted the “chilling” breach of privacy the order entails. He said “The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.”
Apple have vowed to fight the order and have maintained that the software the Coirt is ordering them to provide does not exist. This may offer them a viable window to get round the order as it did allow them to provide a cost estimate and rebuttal if it “believes that compliance with the Order would be unreasonably burdensome”.
Such an argument is unlikely to carry much weight with the US Security agencies and indeed politicians from all sides who have been swift in condemning Apple’s refusal to comply with the order, and mysteriously quiet on the privacy implications the order has for ordinary Americans.
Others have praised the company for their stance, with Alex Abdo, staff lawyer for the American Civil Liberty Union’s privacy and technology section, saying “Apple deserves praise for standing up for its right to offer secure devices to all of its customers.”
It is likely that this case will see the encryption debate in the USA coming to a head, and while Apple have the resources to dig in and fight to the bitter end, the simple fact that this case revolves around a terrorist attack on US soil may well see emotions get in the way of a reasoned debate on the issue.
Either way, US citizens must once again be wary of their privacy when using any device online. If Apple do not ultimately prevail in this case, it is likely to see the Government using the ruling to force other companies to allow them access to encrypted data. It has been advised before that Americans take steps now to ensure their online privacy and one simple first step would be to sign up for a VPN. Connecting to the internet through a VPN gives users complete online anonymity and leaves no data trail that the US authorities can track.
It is a simple step to take that can provide great peace of mind at a time when freedom is coming under a sustained attack in the land of the free.