While the FBI battles Apple over encryption, pushback from the tech industry persists
Here’s everything you need to know about the fight between Apple and the FBI in two minutes.
The FBI hasn’t made any headway in its standoff with Apple Inc., and the bitter feud isn’t changing minds at competitors either.
Several tech executives have voiced their support for Apple and are forging ahead with their plans for greater privacy, arguing that what consumers want is more control over their devices and no backdoors for governments.
That’s bad news for the FBI, and signals that even as it battles Apple, pushback will persist from other tech companies, including social media giants, hardware makers and online storage providers.
The government has shown no signs of backing down, though. Over the last week, FBI Director James Comey, Sen. Dianne Feinstein (D-Calif.), former Los Angeles Police Chief Bill Bratton and victims’ families have issued emotional pleas for Apple’s cooperation, arguing that investigators need access to an iPhone belonging to one of the San Bernardino terrorists to aid in its investigation.
To some, the FBI has made a compelling case for government intrusion into personal devices in extreme cases.
But where the government wants reasonable paths into phones and databases for criminal investigations, it is instead being met with stiffer barriers.
“As much as they try to play up terrorism and child pornography and make an emotional play, we are going to see more encryption,” said John Adams, director of security at San Francisco payments processing start-up Bolt and a former head of security at Twitter Inc.
“They try to use the horrors of the world to erode civil liberties and privacy, but the greater good — having encryption, more privacy for more people — is always going to trump small isolated incidents.”
Gaps still remain. More and more data is being put in the cloud, which means that companies still have access to it. But the end goal for many companies is to give users the only key, so that only they can decide who sees the trips they’ve taken on Uber, the videos they’ve shared on Snapchat and the documents they’ve stashed on Dropbox. The FBI’s appeal hasn’t deterred that mission.
Executives at Microsoft Corp., Facebook Inc. and Google have sided with Apple Chief Executive Tim Cook and said that government access to their consumers’ data needs to be closely vetted.
“We will continue to fight aggressively against requirements for companies to weaken the security of their systems,” a Facebook spokeswoman said Tuesday.
The impasse has led to heated debate on both sides.
On Tuesday evening, Apple supporters organized by technology advocacy group Fight for the Future gathered at the company’s stores and other locations across the country.
At the Grove mall in Los Angeles, where about a dozen people gathered, Tiffiniy Cheng, 36, stood in front of the Apple store holding a sign that said: “Don’t break our phones.”
Allowing the government to hack into the iPhone once, Cheng said, would leave sensitive information vulnerable in other situations. “We’re talking about a skeleton key,” she said. “You wouldn’t let the government have a skeleton key to every home.”
Not every prominent technologist is staunchly on Apple’s side. Microsoft co-founder Bill Gates cited a need for more balance Tuesday during a Bloomberg interview.
“You don’t just want to take the minute after a terrorist event and swing that direction, nor do you, in general, want to completely swing away from government access when you get some abuse being revealed,” Gates said.
Besides the San Bernardino case, court documents show Apple faces federal court orders in states including California, Illinois and Massachusetts to access data on at least 13 other devices, mostly iPhones running older iOS versions that are easier to hack into.
Experts recognize that creating impregnable systems is impossible. Hackers and authorities can usually find loopholes.
Law enforcement, for instance, has deployed fake cellphone towers and unauthorized software to catch suspected thieves and child pornography viewers. In other words, they can trick people into giving up information that’s otherwise protected.
Technology providers just don’t want to be the ones handing data over, and they’re extricating themselves by essentially not having a key to unlock users’ data.
Google, Amazon.com Inc., Apple and other online services typically “have the ability, if compelled, to look at the data” they store, said Nick Doty, director of UC Berkeley’s Center for Technology, Society and Policy. It allowed them to provide functionality like password resets and speedy customer service.
But in newer systems, the companies don’t have a master key. Some features are lost, but the downsides will be fewer over time, experts say.
“The only strategy that makes long-term sense for vendors is to make sure their products are as secure as possible so that no one — neither hackers, nor the government, nor themselves — can access encrypted data,” said David Cowan, a partner at Bessemer Venture Partners who has invested in LinkedIn, Twitch and several cybersecurity companies.
While Apple and larger companies are leading the way, start-ups are also looking for ways to improve security, investors and consultants said. Some are even partnering with the likes of Google.
For instance, hundreds of thousands of people are spending $60 a year for a browser plug-in from Washington, D.C., start-up Virtru that encrypts Gmail messages so that neither Google nor Virtru can see their contents. It works with other email providers as well.
Virtru-like services will only become more commonplace as people realize that they should do more to safeguard their online lives, especially people abroad, Cowan said.
“There are many individuals and companies in Europe who will not trust their data to Amazon or Google or Apple,” Cowan said. “If those companies don’t find ways to satisfy them, then they won’t be successful selling outside the U.S.”
In addition, the companies want to be freed from legal debates. University of Maryland law professor James Grimmelmann said technology companies do not want to be constantly responding to subpoenas, including those issued in civil disputes.
But when companies do have a way to potentially access users’ data — as Apple does in the San Bernardino case — they should have to cough it up in the face of court orders, Cowan said.
Apple created a door for it to be able to reset iPhones when someone forgot a passcode, but the entry was left probably more ajar than it wanted and now the government wants to exploit the hole to possibly read what’s on the device.
“Once they know it’s a vulnerability, they lose any argument that they shouldn’t help the FBI,” he said.
Times staff writers Brian Bennett, Maura Dolan, Samantha Masunaga and Sarah Parvini contributed to this report.