Encryption Software at the Heart of Apple’s Battle with Government

A San Bernardino couple launched a deadly attack at a government rehabilitation center on December 2, 2015 that resulted in 14 deaths and more than 21 injuries. Aside from the firearms used, the cell phones of the suspects were the subject of intense law enforcement scrutiny. In order to determine a motive, investigators sifted through shipping records; interviewed co-workers, neighbors, and family; and even combed the suspects’ social media posts.

To date, federal investigators have been unable to get their hands on any information contained in the smartphone of suspect Syed Rizwan Farook due to Apple’s refusal to allow access to the server. The FBI issued a warrant for the data contained in Farook’s phone, but received a flat-out refusal from Apple. Apple cites privacy concerns that go beyond individual users and asserts that accessing data cannot be accomplished without potentially compromising the data security of millions of iPhone users.

How Apple Approaches User Privacy

In addition to the built-in encryption software, Apple has gone to great lengths to increase privacy from the user’s end. There is a two-step verification process that requires users to enter their Apple ID credentials for functions like making purchases, making account changes, or setting up a new device. In the event that an iPhone is lost or stolen, a user can access their iCloud account from another device and remotely lock the device to prevent information from being accessed. Remote Wipe allows users to completely erase data from the iPhone should it end up in the wrong hands.

Apple uses what are called tokens to transmit and store encrypted data on its iPhones. Tokens store information on the phone itself and on Apple’s servers, as well as in the cloud (Apple’s proprietary cloud software is called iCloud). The data is subject to high-level encryption that obscures credit cards stored in Apple Pay and passwords stored in Apple’s Keychain and emails, just to name a few.

These privacy features are so secure that Apple asserts that it cannot directly access the information stored on a user’s iPhone. While this eases fears of prying eyes accessing sensitive information, it presents a huge problem when law enforcement has a legitimate need to access phone data during an investigation.

Apple’s Encryption Software

Apple devices have been praised for their high level of security and the encryption in its devices. Although no device is 100% safe from unauthorized data access, Apple has gone to great lengths to protect user information. In fact, Apple’s encryption software is at the heart of the conflict with the FBI.

As details began to emerge about the San Bernardino shooters, officials attempted to access the data in Farook’s iPhone but thanks to encryption software it proved impossible. Apple’s software ensured that the phone’s data would be permanently erased after several unsuccessful password attempts. Once the FBI was made aware of how the data encryption software functions, it was compelled to request the data from Apple directly.

Apple CEO Tim Cook insists that the encryption software is so secure that the company itself cannot even access the information. Cook stated that in order to access data from any user’s phone, the code for the company’s encryption software would have to be completely rewritten. This would not only be a major undertaking for Apple, but it would essentially open the door to every iPhone owner’s personal information.

While this is certainly not the first time that Apple has been ordered by a court to unlock an iPhone, it is one of the first instances since the company rolled out the iOS 8 update in 2014. The update included encryption software that cannot be accessed by a third party or Apple. Previous iOS versions could be accessed in certain circumstances, especially when law enforcement requested the information. The update came on the heels of widely publicized iPhone data leaks – some of which involved celebrity photos – so Apple had a lot at stake and sought to quell criticism of its privacy protection efforts.

Current Issues

Although the company has cooperated with law enforcement in the past, Apple does not make it easy to access information, and each request is reviewed on a case-by-case basis, even if a search warrant is issued. According to the Apple website, “National security-related requests are not considered Device Requests or Account Requests and are reported in a separate category,” which may change the way that Apple handles requests similar to the ones related to the San Bernardino case.

Going forward, it’s uncertain if Apple will find a way to comply with the federal government’s request for information. The FBI is losing patience with Apple and has accused it of sympathizing with terrorists. In 2014, Cook said "[We] have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will."

It appears Apple’s stance has not changed since then. Just last week, Los Angeles Court Magistrate Sheri Pym ordered Apple to allow the federal government access to Farook’s iPhone data. The order asks Apple to supply the federal government with software that would enable it to access data, but so far Apple is holding firm in its stance and has refused.