A long-running dispute between Apple and the U.S. government regarding the company’s cooperation with law enforcement officials deepened today, as the two sides exchanged accusations regarding their respective roles in the 2019 Pensacola, Florida naval air station terror attack investigation. Following an announcement by Attorney General William Barr suggesting that Apple had not cooperated with efforts to access iPhones possessed by deceased gunman Mohammed Saeed Alshamrani, Apple today accused the government of making “false claims” in a manner that would ultimately hurt national security.
The specifics of the Pensacola dispute are similar to ones that have previously raised issues between Apple and the U.S. government: Investigators sought Apple’s help in determining whether a lone gunman was acting on behalf of a larger criminal organization, and while Apple provided assistance, it didn’t go far enough to satisfy investigators. Having received court authorization to search the phones in early December 2019, the FBI says it asked Apple for help in early January 2020. After the FBI spent months working to unlock the phones “under difficult conditions,” Barr said that it succeeded in linking Alshamrani to al-Qaida, with “no thanks to Apple,” calling out “end-to-end encrypted apps” and “warrant-proof encryption” as barriers to sussing out communications between al-Qaida operatives.
Apple contested that suggestion, saying that it began to cooperate with the FBI “just hours after the attack on December 6, 2019,” continued offering support during the investigation, and “provided every piece of information available to us” over the subsequent months. But then it went further, suggesting that Barr was falsely attacking the company as an “excuse to weaken encryption and other security measures that protect millions of users and our national security.”
Reconciling the two sides’ claims pivots on a single major point: Apple’s refusal to provide a “backdoor” into its operating systems that would enable law enforcement officials — and Apple says, “bad actors” — to gain access to the encrypted contents of its devices. In reiterating its defense of the iPhone’s security, the company noted that it sells “the same iPhone everywhere,” doesn’t “store customers’ passcodes,” and doesn’t “have the capacity to unlock passcode-protected devices.” Another way of reading those points is that it has turned down government requests to sell less protected iPhones in some countries, log passcodes, or create backdoors to unlock its devices.
After the 2015 San Bernardino shooting, Apple said that the U.S. government had asked it to “create a unique version of iOS that would bypass security protections on the iPhone Lock screen,” and enable passcode guesses to be entered electronically. In an open letter to Apple’s customers, CEO Tim Cook declined the demand, saying that uncompromised encryption and security were critical to users’ personal safety, points Cook and the company have since reiterated numerous times.
In today’s statement, Apple says that it uses “strong encryption across our devices and servers,” the accuracy of which may hinge on the word “our” and is subject to some exceptions. While Apple says that its datacenters have “strong hardware and software security practices” to “ensure there are no backdoors into our systems” and “keep information safe” — practices that “apply equally to our operations in every country in the world” — the company publicly turned over some user data and server keys to a Chinese government-owned organization in 2018. Russia reportedly required Apple to submit to certain local data storage protocols in 2019.
Apple noted that it provided iCloud backups and other account information to the FBI in this case, which is to say that the company continues to make exceptions to its “strong” server-level protections for government requests, but draws the line at compromising individual devices. A report in January suggested that the company opted not to encrypt iCloud backups in an effort to compromise with U.S. law enforcement officials, permitting a less conspicuous means to access information without building backdoors directly into iPhones and iPads.
You can't solo security COVID-19 game security report: Learn the latest attack trends in gaming. Access here