The court battle between Apple and the Federal Bureau of Investigation has reignited the debate over privacy and surveillance, going far beyond a one-time request by law enforcement to unlock the iPhone used by the perpetrator the Dec. 2 mass shooting in San Bernardino, Calif., according to security and legal experts.
On Feb. 25, Apple asked the District Court of Central California to withdraw a previous order that would allow the FBI to demand that Apple create a special operating system that would remove key security restrictions from a phone taken from one of the deceased San Bernardino shooters.
At the heart of the court filing are the company's arguments that the FBI is essentially conscripting a private entity to work for the U.S. government. Apple contends and that what FBI Director James Comey described as a "legal issue [that] is actually quite narrow" will become a flood of decryption requests that force Apple to create a de facto backdoor.
Noting that district attorneys in other states have stated that they have dozens of phones that they would like to decrypt, Apple's lawyers argued that any court precedent will quickly be used to open the door to forcing the company to help the local, state and federal law enforcement agencies spy on its customers.
"It will only be a matter of days before some other prosecutor, in some other important case, before some other judge, seeks a similar order using this case as precedent," the company stated in its brief. "Once the floodgates open, they cannot be closed, and the device security that Apple has worked so tirelessly to achieve will be unwound without so much as a congressional vote."
Apple's argument is the latest milestone in a case that is quickly becoming a rallying point for pro-privacy advocates as well as homeland defense advocates who support the government's right to access any individual's data under court order. Security and legal experts dismissed the Department of Justice's arguments that the case is a narrow exception.
"The fear is that it sets a precedent," Bruce Schneier, a well-known cryptography expert and chief technology officer for security firm Resilient Systems, told eWEEK earlier this week. "The fear is the next time it will happen with something that is less clear and less sympathetic. And the fear is that Apple has to do this several times a day."
From the "Crypto War" of the 1990s to the massive intelligence leaks of former National Security Agency analyst Edward Snowden, history offers some key lessons, said security and legal experts.
1. Cost Will Turn 'One-Time' Access Into a Permanent Backdoor
FBI Director Comey and other law-enforcement officials have argued that their request is not a backdoor—a secret way to decrypt data. Comey argued in a column on Lawfare that what the agency is asking for is a limited case of turning off a security feature—the iPhone's automatic delete feature if the passcode is guessed 10 times incorrectly—not a backdoor.
"The relief we seek is limited and its value increasingly obsolete because the technology continues to evolve," he wrote. "We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it."
Yet, the argument is disingenuous at best, say security experts. The request will not be unique. As soon as Apple shows that they can allow access to the data on an iPhone, the FBI will start making requests on a regular basis. And, because Apple is a business, when faced with repeated requests for access to devices, the company will automate the process as much as possible to reduce costs. The technological resistance to requests—which, right now, is quite high—will be lower.