One of the biggest stories in tech these days has its beginning in tragedy: the mass shooting in San Bernardino late last year. The FBI’s investigation includes the iPhone 5C one of the shooters used, but they can’t access all the data on it because of the phone’s built-in encryption. Two months in to the investigation, the feds have ordered Apple to alter the phone so that law enforcement can crack it with brute force password attacks. However, in an unusually bold move for business, Apple’s answer to the FBI is a big fat “no.”
Apple’s response is big, unambiguous and very, very public: CEO Tim Cook shared the statement as an open letter to their customers on Apple’s website.
The letter, from CEO Tim Cook, first makes it clear that Apple cooperates with law enforcement investigations as needed. “We were shocked and outraged by the deadly act of terrorism in San Bernardino last December,” Cook writes, which goes for pretty much everyone.
“The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. … When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.”
But that, Cook makes clear, is as far as Apple is willing to go.
The problem, he writes, is not about this case or even about the FBI in general. “We have great respect for the professionals at the FBI, and we believe their intentions are good,” the letter says. “But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.”
Specifically, the issue surrounds the iPhone security feature that wipes a phone after ten incorrect tries to unlock it. That feature, which the phone’s late owner had enabled, is very helpful for users whose phones are stolen, because it protects their sensitive personal and financial data (which we collectively have LOTS of on our mobile devices) from crooks. But for law enforcement officials who want access to personal data for purposes of detective work, the feature is hugely frustrating.
Apple and the FBI have been going back and forth on the matter for some time. A week ago, the director of the FBI testified before Congress that his agency was as yet unable to access the phone in question. Yesterday, a judge in California signed an order requiring Apple to create the backdoor.
If Apple creates this software to permit the cracking of this one phone, Cook explains, all iPhone users will be at risk. “The FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession,” he writes.
Cook likens the code — which, again, Apple refuses to write — to a master key that would be impossible to keep safe. If the backdoor is made to exist, it will be used again. “The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals,” Cook writes. “The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.”
“No reasonable person would find that acceptable,” the letter adds.
Cook also writes that Apple practices what it preaches when it comes to encryption and protecting iOS users’ data. “We have even put that data out of our own reach,” he says, “because we believe the contents of your iPhone are none of our business.”
You can read the full statement from Apple on their website.