Privacy vs National Security: Apple Strikes Back
The battle between privacy -more specifically, encryption- and national security has been playing out at least since Edward Snowden drew attention to the issue with his leaks back in 2013. Apple has drawn a line-in-the-sand on the San Bernardino shooting case, which is puzzling at first considering that the device in question was supplied by the county government and also considering Apple's track record of cooperation in other criminal investigations.
Walter Isaacson's 2011 authorized biography of Apple founder Steve Jobs sets a detailed stage for the privacy vs security debate that the December California terrorist shooting has brought onto center stage within the national security context. By now, it is a matter of technological and intellectual history that Jobs and co-founder Steve Wozniak had fundamental differences on the critical issue of the software architecture to be designed and implemented for their wonderful computing machines.
Jobs favored, and prevailed, on the use of closed-source software for Apple devices, shunning Wozniak's preferred open-source approach; the approach utilized by Microsoft's Bill Gates. Now, as a result of these 1980s macro-planning decisions, Apple products are rarely afflicted with computer viruses like Microsoft products and hardware.
In addition, it turns out that the closed source approach is far superior from a privacy and data integrity standpoint. For example, if someone other than the owner attempts to infiltrate the data -to hack into the data- then the data stored on an Apple device will be destroyed.
This is the problem currently facing the FBI in the California shooting case. They have sought and have been granted injunctive relief from the United States District Court for California's Central District, Eastern Division.
In the introduction to Apple's motion to set aside the injunction, the tech giant's heavy-weight lawyers from Gibson, Dunn & Crutcher state their client's position on the matter:
Apple is committed to data security. Encryption provides Apple with the strongest means available to ensure the safety and privacy of its customers against threats known and unknown. For several years iPhones have featured hardware and software based encryption of their password-protected contents.These protections safeguard the encryption keys contained on the device with a passcode designated by the user during setup. This passcode immediately becomes entangled with the iPhone's Unique ID ["UID"] which is permanently assigned to that one device during the manufacturing process. The iPhone's UID is neither accessible to other parts of the operating system nor known to Apple. These protections are designed to prevent anyone without the passcode from accessing encrypted data on iPhones.
Cyber-attackers intent upon gaining unauthorized access to a device could break a user-created passcode, if given enough chances to guess and the ability to test passwords rapidly by automated means. To prevent such "brute-force" attempts to determine the passcode, iPhones running the iOS 8 or higher include a variety of safeguards. For one, Apple uses a "large iteration count" to slow attempts to access an iPhone, ensuring that it would take years to try all combinations of a six-character alphanumeric passcode. Finally, Apple includes a setting that -if activated- automatically deletes encrypted data after ten consecutive incorrect attempts to enter the passcode. This combination of security features features protects users from attackers or if, for example, the user loses the device.Apple does not believe the federal government's assurances that it is just this one device; just this one time. Apple knows there will be another time with another one of its devices.
Also, the world's most valuable company is concerned about the precedent this case would set if it is forced by the feds to create software to access a user's private data, even when that user is a murderous terrorist. Apple asserts such an injunction would fundamentally compromise the privacy of its users; an unacceptable scenario for the corporation.
For its part, the USDOJ advanced a traditional and fundamental point: companies -and for that matter, citizens- cannot select which laws it will honor and which it will violate. In addition, they characterize this case as a particularly dangerous one which could lead to more deaths if not aggressively pursued.
A hearing on Apple's motion is currently scheduled for March 22, 2016, in Riverside, CA. Stay tuned for further developments in this important privacy rights case.