It’s Not Over Yet: Apple Inc. and the FBI Continue Fight Over Encrypted Data Access

In what could’ve been the highest-profile case the tech world has ever seen, Apple Inc. (ticker: AAPL) and the Federal Bureau of Investigation (FBI) locked horns for months over gaining access to an iPhone belonging to one of the shooters in the San Bernardino attacks. The world watched as the tech giant held its position seeking not to undermine the security of its products, and the FBI attempted to force Apple’s hand in creating code that would enable them to access information on a locked iPhone.

Normally, the force of the federal government would have this case framed as a David vs. Goliath. But Apple Inc. is the world’s second largest company by market capitalization (Alphabet is the first), and with $215 billion in cash as of year-end 2015, it is better capitalized than the federal government—Apple’s debt to cash ratio is around 30% while the federal government’s debt to GDP ratio is over 100%. This is Goliath vs. Goliath, where both entities seemingly have unlimited resources to fight this case to any end. And there’s sufficient pride on both sides to expect just that.

In a world where tech security is a growing paramount concern, the case was—and still is—poised to set a new precedent governing the complicated relationship between the U.S. government, tech companies, and access to private data. In the case of the San Bernardino shooter’s iPhone, the FBI argued (inaccurately) that they would not be able to access important information contained on the phone without Apple’s help. They obtained a court order from a Federal Magistrate demanding Apple’s assistance after citing the All Writs Act, a 227-year-old law that can be used by the government to compel companies to perform actions by government order, so long as they are legal and for good reason. Many see this as evidence of the FBI’s and broader government’s implicit belief that accessing the phone by any means necessary is a lawful pursuit, when national security circumstances warrant it. In their own words, “the government respectfully submits that [the courts] should be entrusted to strike the balance between each citizen’s right to privacy and all citizens’ right to safety and justice.”

Apple objected to the court order and argued that the FBI and the Court were overstepping their authority by forcing them to write code that would undermine the security of one of their products. A spokesperson for Apple stated, “From the beginning, we objected to the FBI’s demand that Apple build a backdoor in the iPhone because we believed it was wrong and would set a dangerous precedent.” The company argued that by undermining the security features of this one iPhone, intentions aside, they would be creating a roadmap for others to do the same to any number of phones—thereby putting tens of thousands of people at risk from hackers or perhaps even their own governments.

The conflicting arguments sent everyone from politicians to the tech community to civil rights watchdogs into a tizzy of heated debate over what lines to draw and where to draw them. The FBI ultimately dropped the case in late March when an unknown third party in Israel helped them gain access to the iPhone in question. The settling of the case/dispute left the issue unresolved.

More recently, the Justice Department dropped a second case, this one in New York, involving an encrypted Apple device after someone came forward with the passcode to unlock the iPhone. The Justice Department was in the process of appealing a ruling in favor of Apple Inc. when the unnamed person came forward with the passcode. What again could have established a critical precedent in the realm of privacy de-escalated into a one-off resolution.

In the absence of a long-winded, hugely expensive legal battle, it is curious whether to what degree this issue will be put to rest. It seems unlikely to simply go away. With hundreds of locked iPhones in evidence lockers around the country, it is likely just a matter of time before the particulars of another case re-flare this debate—requiring the courts to weigh-in with some finality on the role companies like Apple will play in aiding law enforcement with investigations containing encrypted data evidence.

Why Do We Care?

The relationships between encryption, data privacy, and security—both personal and national—are critical and complicated. Encryptions developed by tech companies allow users to put an incredible amount of personal information online and on devices—with a certain amount of confidence this information will be inaccessible to unintended parties. At issue now is how much confidence users can actually have, and what circumstances warrant the government’s intrusion. These are all conditions that are yet to be specifically defined. This has been of particular concern to U.S. citizens in the wake of revelations made by Edward Snowden, former National Security Agency employee, about the government’s extensive surveillance program.

On the other hand, that same encryption is seen as a threat by some Law Enforcement Officials who believe it makes it more difficult for them to solve crimes and interrupt terror attacks. It’s a web of blurred lines, and it’s interesting to watch as more and more Americans and interest groups weigh-in on their stances. Can governments and tech companies such as Apple somehow work together to protect both our privacy as well as our security? It’s an incredibly important dichotomy that is as yet unresolved.

New Developments and What to Watch

This spring, there have been a number of noteworthy developments that have transpired out of court with potential implications for both sides. For one, tech companies like Google, Snapchat, and Facebook-owned platform WhatsApp are considering plans to expand encryption and security in their messaging applications, according to a recent report. In particular, the report indicates that WhatsApp plans to expand end-to-end encryption to voice calls and group chats. This move would no doubt be seen as an enhanced threat by those in law enforcement already concerned about how encryption effectively creates an online safe house for criminals.

Meanwhile, Congress has conducted a number of hearings in an attempt to get a handle on the issue. On March 1, FBI Director James Comey and Apple Inc. Senior Vice President and General Counsel Bruce Sewell testified in front of the House Judiciary Committee on the encryption issue. Then, in April, the House heard further from law enforcement officials who are adamant that encryption is hindering their investigations. In May, leaders of the Senate Intelligence Committee put forward draft legislation that would give more power to the courts to force companies to help investigators access encrypted data. It appears everyone is looking for higher ground in preparation for the next confrontation, but no one is pushing for immediate resolution. Tech companies are more acutely focused on growth and innovation than costly legal battles, and Congress seems hardly capable of passing legislation so paramount in the run-up to the general. Call it a stalemate, for now.

Quandary Peak Research

Based in Los Angeles, Quandary Peak Research provides software litigation consulting and expert witness services. We rapidly analyze large code bases, design documents, performance and usage statistics, and other data to answer technical questions about the structure and behavior of software systems.