Tales from Apple encryption
Tech giant, government facing another battle over opening iPhones
SAN FRANCISCO — Apple is privately preparing for a legal fight with the Justice Department to defend encryption on its iPhones while publicly trying to defuse the dispute, as the technology giant navigates an increasingly tricky line between its customers and the Trump administration.
Timothy Cook, Apple’s chief executive, has marshaled a handful of top advisers, while Attorney General William Barr has taken aim at the company and asked it to help penetrate two phones used by a gunman in a deadly shooting last month at a naval air station in Pensacola, Florida.
Executives at Apple have been surprised by the case’s quick escalation, said people familiar with the company who were not authorized to speak publicly. And there is frustration and skepticism among some on the Apple team working on the issue that the Justice Department hasn’t spent enough time trying to get into the iPhones with third-party tools, said one person with knowledge of the matter.
Apple declined to comment on the issue Tuesday. Late Monday, after Barr had complained that the company had provided no “substantive assistance” in gaining access to the phones used in the Pensacola shooting, Apple said it rejected that characterization. It added that “encryption is vital to protecting our country and our users’ data.”
At the heart of the tussle is a debate between Apple and the government over whether security or privacy trumps the other. Apple has said it chooses not to build a “backdoor” way for governments to get into iPhones and to bypass encryption because that would create a slippery slope that could damage people’s privacy.
Cook publicly took a stand on privacy in 2016 when Apple fought a court order from the FBI to open the iPhone of a gunman involved in a San Bernardino, California, mass shooting. The company said it could open the phone in a month, using a team of six to 10 engineers. But in a blistering, 1,100-word letter to Apple customers at the time, Cook warned that creating a way for the authorities to gain access to someone’s iPhone “would undermine the very freedoms and liberty our government is meant to protect.”
The San Bernardino case was bitterly contested by the government and Apple until a private company came forward with a way to break into the phone. Since then, Cook has made privacy one of Apple’s core values. That has set Apple apart from tech giants like Facebook and Google, which have faced scrutiny for vacuuming up people’s data to sell ads.
The Pensacola gunman’s phones were an iPhone 5 and an iPhone 7 Plus, according to a person familiar with the investigation. Those phones lack Apple’s most sophisticated encryption.
Security researchers said tools from at least two companies, Cellebrite and Grayshift, have long been able to bypass the encryption on those iPhone models.
Cellebrite’s and Grayshift’s tools exploit flaws in iPhone software that let them remove limits on how many passwords can be tried before the device erases its data, the researchers said. Typically, iPhones allow 10 password attempts. The tools then use a so-called brute-force attack, or repeated automated attempts of thousands of pass codes, until one works.
Security researchers speculated that in the Pensacola case, the FBI might still be trying a brute-force attack to get into the phones. They said major physical damage may have impeded any third-party tools from opening the devices. The Pensacola gunman had shot the iPhone 7 Plus once and tried destroying the iPhone 5, according to FBI photos.