Appleâ€™s standoff with theÂ FBI unfolded over the course of several weeks, but ended in a matter of days. Thatâ€™s how long it took the FBI to find a way into a San Bernardino shooterâ€™s iPhone and successfully exploit it without Appleâ€™s help. So while that particular case appears to be over, the encryption war is not. If anything, it is more urgent than ever.
The standoff over Syed Rizwan Farookâ€™s iPhone 5C didnâ€™t set any legal precedents, but it reminded anyone with the slightest interest in the encryption debate that the stakes are real, and immediate. More importantly, it pushed the issue into the mainstream, making it abundantly clear to everyone that their phones and other devices can provide tremendous privacy.
Almost everyone knows about encryption now. And everyoneâ€™s moving quickly to shape its future.
Last month a federal court ordered Apple to create a software tool that would bypass security mechanisms in Appleâ€™s software so that the government could perform whatâ€™s known as a bruteforce password attack to guessÂ Farookâ€™s password. Apple vehemently opposed, arguing it amounted to creating a backdoor for the government.Â That pointâ€™s been rendered moot, for now; on Monday, the Justice Department asked the court to vacate its order that Apple create such a too.
ToÂ say this fight will encourage Apple toÂ continue improving the security of its phones isnâ€™t wholly accurate. In truth, the company has been making its phones ever more difficult to crack since introducing the iPhoneâ€™s in 2007. Itâ€™s as reliable a march forward as faster processors and higher resolution screens.
But the rhetoric is different this time, and the stakes are higher. In February, The New York Times reported that Apple isÂ developing security measures that will make it â€œimpossibleâ€ for the government to break into a locked phone. In practice, this means making a phone so secure that even Apple canâ€™t get into it. And there are other ways the companyÂ could head off law enforcement, like makingÂ iCloud encryption as secure as iPhone encryption.
The bigger implication of Appleâ€™s fight with the FBI is that itâ€™s created a fundamental and perhaps insurmountable rift between law enforcement and the tech industry, two entities that havenâ€™t always gotten along but had, for a time, found a way to work together.
â€œThe DOJ filing against Apple was another massive blow to the trust and cooperation between companies and the government,â€ says Nathan White, a digital rights advocate with Access Now. â€œCompanies are not going to want to work with the government anymore.â€
The great irony of the FBI’s quest to access encrypted data on an iPhone is that the resulting publicity tipped off many iPhone owners not just to what encryption is, but that their devices can do it.
The strained relationship had only started to recover from Edward Snowdenâ€™s stunning reveleationÂ that the NSA had penetrated the internal systems of Facebook, Google, and others. Any warming in the relationship has surely cooled again, and tech companiesÂ may be more inclined to see the FBI and other agencies as adversaries.
At the least, it will make it far harder for the FBI and others to solve the types of cases in which it has relied upon Apple and others for help. Remember that in the San Bernardino case, Apple did provide the feds with a significant chunk of information; its main objection was over being compelled to write code that would circumvent its productsâ€™ security.
Meanwhile, other companies now see that itâ€™s possible to stand up to the FBIâ€”in a terrorism case, no lessâ€”and still enjoy public support. â€œI think youâ€™ll see companies announcing changes to their security practices going forward, some very soon,â€ says Andrew Crocker, staff attorney for the Electronic Frontier Foundation. â€œItâ€™s demonstrated that thereâ€™s fight in the industry.â€
Thereâ€™s also a fight in Washington.
After feinting at the encryption issue for at least five years, Congress is taking its first steps toward a legal framework for it.
Senators Richard Burr and Dianne Feinstein have been drafting anÂ encryption billÂ since December, but according to Reuters didnâ€™t begin sharing a draft of the legislation until last weekâ€”right before Appleâ€™s date in court with the feds. The bill, which apparently would letÂ federal judges order tech companies to provideÂ encrypted data to law enforcement, has a long wayÂ to go before becoming law.Â But it speaks to lawmakersâ€™ eagerness to see Congress, not courts, settle the issue.
The bill also highlightsÂ the risks of being hasty. Accessing encrypted data isnâ€™t always possible, especially without a so-called backdoor that offers privileged access. Beyond requiring something that may be impossible, the bill reportedly does not offer any specifics on the methods or circumstances under which companies would comply with a court order.
Meanwhile, Representative Mike McCaul and Senator Mark Warner are taking a different approach. Rather than jumping directly into legislating, theyâ€™ve spent months trying to form a commission of experts that will study the intricacies of encryption. â€œThis is going to require a lot of deep thinking,â€ says Rep. Ted Lieu, a former computer scientist and co-sponsor of the Warner-McCaul bill. â€œIt is an issue that is fraught with potential unintended consequences if itâ€™s not done right.â€
That sounds reasonable, but the approach is in jeopardy because the Apple-FBI standoff created a spotlight that several lawmakers are eager to step into. The House Judiciary Committee and the House Energy and Commerce Committee created a bipartisan â€œworking groupâ€Â a week ago, claiming â€œprimary jurisdictionâ€ over encryption.
White doubts a law will take shape this year, because itâ€™s still too early in the debate and the proposals are too broad. But the fact thereâ€™s so much activity suggests Congress is ready to act. Thatâ€™s especially significant, given that just as recently as October the Obama administration publicly expressed no interest in encryption legislation. At the time, lawmakers seemed to think an ongoing conversation with tech companies offered the best approach. The FBI, by bringing the courts into the debate, may have prompted Congress to defend its turf. Perhaps it also helped lawmakers understand what exactly theyâ€™re legislating.
â€œIâ€™m not sure that the FBI versus Apple case affected the legislation that members of Congress had been working on prior to the case, but it certainly did put the encryption issue much more at the forefront of membersâ€™ minds,â€ says Lieu. â€œThe case did have a lot of points being made by both supporters and opponents, and I think thatâ€™s helpful in terms of educating not just Congress, but the American people.â€
Itâ€™s the American people, after all, whose awareness and use of encryption is at stake.
The great irony of the FBIâ€™s quest to access the data encrypted on an iPhone is that it made many iPhone owners realize that their devices can encrypt their data.Â â€œWhen the FBI decided to make this a public case, itâ€™s safe to say they were not thinking about the awareness of this issue,â€ says Crocker. â€œOne side effect of that is that average people who use smartphones are thinking about encryption on their devices in a way that they werenâ€™t a month and a half ago.â€
Thatâ€™s not to say that everyoneâ€™s going to buy an iPhone expressly for its security. But public awareness of the importance of encryption has grown tangibly. As White points out, Amazonâ€™s decision to nix onboard encryption as an optional feature on its Fire products caused enough public outcry that the company quickly backtracked. Whatâ€™s most telling is Fire OS hadnâ€™t offered encryption since last fall, but no one noticedâ€”or at least caredâ€”until Appleâ€™s legal battle.
In some ways, Appleâ€™s fight couldnâ€™t have come at a better time. Yes, Snowdenâ€™s bombsell revelations heightened everyoneâ€™s concerns about privacy and security and government intrusion in our lives. But that was more than two years ago. Memories are short. People move on. Complacency is easy.
â€œPeople were starting to forget about it, thinking maybe this had been solved,â€ says White. The DOJâ€™s legal actions against Apple brought those issues back in stark relief, all the more so because they dealt not with intangible concepts like metadata, or wonkish policy declarations, but with a physical object millions of Americans carry with them every day.
Crocker agrees. â€œPeople are more aware of how device security works, and encryption on phones,â€ he says. â€œMaybe they arenâ€™t connecting that to security or chat, so the next step is a more holistic understanding of the importance of encryption for lots of different kinds of data and different scenarios.â€ The Apple case, Crocker says, has given people a context in which these principles are easier to grok.
Itâ€™s not that this renewed awareness wouldnâ€™t have happened without the Apple-FBI showdown. But the widening rift between tech and law enforcement, the newfound vigor with which legislation is being pursued, and the simple fact that more Americans are now aware of their phonesâ€™ encryption will have a lasting imprint on not just security, but society.
As evidenced by their choice to drop its case, the feds shouldnâ€™t have taken Apple to court in the first place. But in doing so, they started a conversation America has been putting off for years.