What started as a straightforward request for assistance in a criminal investigation has turned into a major standoff in the conflict between national security and personal privacy concerns, as well as an issue in the 2016 presidential campaigns. The FBI wants Apple to help it unlock an iPhone that was in the possession of one of the shooters from December 2015’s San Bernardino mass shooting. Apple contends that the FBI is actually asking the company to create a “backdoor” into the iOS that could be used by any law enforcement agency, or hacker, to bypass the security controls of all iPhones and iPads.
The iPhone’s Security Features
On Dec. 2, 2015, Syed Rizwan Farook and Tashfeen Malik shot and killed 14 people and wounded 22 others in San Bernardino, Calif. Evidence quickly came to light that the shooting was an act of terrorism, and the FBI became actively involved in the investigation. During the course of the investigation, agents seized an Apple iPhone 5C that was in Farook’s possession. (The phone was actually owned by Farook’s employer and assigned to Farook and was seized pursuant to a lawfully issued search warrant. The employer gave its consent to all subsequent attempts to access the phone’s information.)
As with all iPhones running iOS 7 or higher, Farook’s iPhone has several user-control security settings, starting with a user-selected passcode. If the wrong passcode is entered six times, the phone is disabled for 1 minute before the user can try again. With a user-selectable setting called the auto-erase function, if the wrong passcode is entered 10 times, the iPhone will permanently erase all of its data. The only way to restore the data is through the user’s iTunes or iCloud backup; any information not backed up is permanently lost.
The FBI’s investigation established that Farook regularly used the phone to communicate with Malik as well as with people who were ultimately victims of the shooting. It also revealed that Farook regularly backed up the iPhone to his iCloud account, but stopped about 6 weeks before the shooting. The FBI believes that Farook made a deliberate choice to discontinue backing up the phone in anticipation of committing the attack and likely activated the phone’s auto-erase function. (The FBI has no way of knowing whether Farook’s phone has this auto-erase function activated—it would need the passcode in order to review the phone’s settings.) The end result is that any attempt, manually or through software, to try multiple combinations of passwords could trigger the auto-erase function and result in the permanent loss of the iPhone’s information from the month-and-a-half leading up to the shooting.
The FBI’s Court Filing
On Feb. 19, 2016, the FBI filed a request in federal court for an order requiring Apple to assist it in unlocking the phone so it could access its data. To accomplish this task, the FBI asked Apple to write a “custom signed iPhone Software file” or similar technology that would be loaded into the phone and would bypass or disable the auto-erase function and allow the FBI to electronically submit password combinations without the risk of data loss.
While the FBI’s request makes it clear that the software would (or could; those are two different things) be used only on Farook’s iPhone, Apple objected to the request and initially published its reasons in an online letter from CEO Tim Cook. The letter asserts that the FBI wants Apple to make “a new version of the iPhone operating system, circumventing several important security features. …” Apple also notes that this “new version … which does not exist today … would have the potential to unlock any iPhone in someone’s physical possession.” In response to the FBI’s claim that this “backdoor” (Apple’s term) would be used only on Farook’s phone, Apple says that “once created, the technique could be used over and over again. … [I]t would be the equivalent of a master key, capable of opening hundreds of millions of locks.”
In a court of law, both sides have compelling positions. Farook has no privacy rights over the information contained on the phone. First, the iPhone is owned by Farook’s employer, which has already given consent to both Apple and the FBI for the phone to be searched. Second, the iPhone was seized pursuant to a lawfully issued search warrant. The Fourth Amendment’s search and seizure provision, despite sometimes being characterized otherwise, protects privacy by requiring a warrant to be issued by a neutral judge before the government can seize property. Third, there is virtually no right of privacy afforded to engaging in criminal activity, including conspiracy, although methods of investigation may be subject to Fourth Amendment and other restrictions. Finally, Farook is dead, and any personal privacy rights he may have had do not continue after his death.