Apple’s battle against government over iPhone encryption ‘back door’ not a US issue only

17 February 2016. By Mike Swift and Amy Miller.

Apple has worked hard to establish privacy and security as key differentiators between its products and those of its competitors. And the company made a significant bet on that differentiator Wednesday when it reached over the US government to speak directly to its customers through a letter from CEO Tim Cook saying that Apple will oppose a court's order that it create software to break its iPhone encryption.

In doing so, Apple made a strategic decision to lever its popularity with consumers against the potential cost of opposing the government's efforts to battle terrorists, in this case by breaking the encryption on the iPhone used by one of the terrorists who shot and killed 14 people in a December rampage in San Bernardino, California.

US Magistrate Judge Sheri Pym said in an order Tuesday that the encryption key "will be coded by Apple with a unique identifier for the phone so that the SIF [Software Image File] would only load and execute on the SUBJECT DEVICE." But Cook strongly disputed that premise, saying the software Pym has ordered Apple to create, if it fell into the wrong hands, "would be the equivalent of a master key" that could unlock any iPhone.

"This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake," Cook said in the letter. "Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data. Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us."

Apple posted its letter to customers at midnight Wednesday, California time, and as Silicon Valley woke up to Cook's statement, Apple's position drew support almost immediately from Internet advocacy and civil rights groups such as the Electronic Frontier Foundation and the American Civil Liberties Union. The ACLU called the government's move to create an encryption back door "unprecedented, unwise, and unlawful".

A digital rights advocacy group, Fight for the Future, called for protests outside Apple stores throughout the country on Feb. 23 "to demand that the US government drop its dangerous request."

Whether that groundswell will continue to build behind Apple will become clearer only in the next few days. Government surveillance is a matter of public debate, with 52 percent of US adults describing themselves as "very concerned" or "somewhat concerned" about government surveillance compared with 46 percent who described themselves as "not very concerned" or "not at all concerned," according to a nationwide Pew Research Center poll released last month.

Although Google, Twitter and Microsoft have all pushed back against government access to data held on their servers, they were conspicuously quiet Wednesday, declining to comment on their competitor's letter, perhaps as they weighed how to respond.

Many Silicon Valley companies are no doubt acutely aware of another finding in that Pew report: that US consumers appear to be more worried about the commercial use of their personal data than about government surveillance. Pew found that more than 90 percent of adults agree or strongly agree that consumers have lost control of how personal information is collected and used by companies.

The nine of out 10 US adults who told Pew that feel they have "lost control" of their personal data represent an opportunity for Apple, whose business is predominantly built on selling devices rather than collecting data about people in order to more effectively target advertising to them — the business models for advertising companies such as Google, Facebook and Yahoo.

In standing up to the US government, Apple is also sure to be thinking about how its privacy and security promises play to its customers beyond US borders, particularly in Europe and China, where privacy may be a deeper concern than in the US, and where unfettered government access to personal data has more disturbing historical echoes. Only 38.6 percent of Apple's first-quarter 2016 revenue came from the Americas, and its revenue — iPhone sales accounted for just over two-thirds of Apple's $75.9 billion first-quarter revenue — is growing much more quickly in Europe and China than in North America.

If Apple were to write software to allow the FBI to break into its iPhone, it arguably would have a much more difficult time resisting similar requests from the governments of other countries, such as China or Russia, to open an equivalent backdoor to its devices.

McSweeny's concerns

Apple's argument that writing software to defeat its own encryption, even if targeted at a single iPhone, would create a backdoor into all of its devices has been widely supported by technology experts and even by privacy regulators such as the US Federal Trade Commission's Terrell McSweeney.

McSweeny, who has emerged as a strong privacy advocate, told MLex in November that the creation of a digital "key" or "backdoor" for encrypted devices to aid law enforcement in cracking encryption could also give foreign agents and criminals access to consumers' private communications.

"The net effect [of a backdoor or key] is consumers are more likely to have privacy and security vulnerabilities," she told MLex. No technology voice has emerged that has credibly disputed that view.

Apple is hardly the first Silicon Valley company to appeal directly to customers to make its case against the government. The strategy has worked for companies such as Uber Technologies, which in rule-making disputes with state regulators, such as the Colorado Public Utilities Commission, has broadcast appeals to its riders through its mobile app, asking that they lobby regulators to accept its services.

Nevertheless, when terrorism is involved, the stakes are far higher for Apple, particularly in a US presidential election year.

The effort to get access to access terrorist data "is an incredibly sympathetic case for the government," said Deirdre K. Mulligan, a co-Director of the Berkeley Center for Law & Technology at the University of California-Berkeley. "This a live policy conversation that goes to the heart of balancing between important constitutional rights, freedom of expression and privacy, and the extent to which we intrude on those rights and freedoms."

Apple's next step is almost certainly to file its opposition to the court order with the Central District of California. Pym's order allows Apple five business days "to make an application to this Court for relief" if the company "believes that compliance with this Order would be unreasonably burdensome." If Pym rejects Apple's application for relief, Apple would have the option of appealing to the more liberal US Court of Appeals for the Ninth Circuit.

"At this point Apple has to argue it's an undue burden on them, and it's possible getting their side out to the public and media could help their case," said Susan Freiwald, a former software developer who is a professor at University of San Francisco School of Law. "For them it's about whether they get these orders in the future, whether their technology is secure and the public's perception of the security of their devices."

Pym's order also offers Apple a potential work-around, offering the company the choice of "an alternate technological means from that recommended by the government" if it accomplishes the same function.

It seems unlikely that Apple will take that option, however. Even last year, as he spoke at the White House Summit on Cybersecurity and Consumer Protection at Stanford University in Silicon Valley, Cook seemed to be singing from a different, more idealistic, sheet of music than President Barack Obama.

While Cook took time to tout the security benefits of his company's Apple Pay service, the Apple CEO said privacy and security are human rights issues.

"If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money," Cook said that day. "We risk our way of life."

But for Cook and Apple, reneging on those promises may be an even bigger business risk, both in the US and around the world.