Privacy SOS

The FBI has backed down, for now, from its fight against Apple. What’s next?

Last night, we learned some startling news about the Department of Justice’s battle against Apple: the FBI claims that an outside party recently demonstrated to the FBI a way to break into Syed Rizwan Farook’s iPhone, and so the DOJ has hit the pause button on its legal fight to force the company to build a backdoor to decrypt it. In a motion filed yesterday in federal court, the government asked the court to cancel today’s hearing in the case, put its All Writs Act order on hold, and give the government until April 5 to update the court on the feasibility of this alternate method. The court subsequently issued an order to that effect.

It appears as if the government is backing down from its fight with Apple, at least for now. What does this mean? The sudden turnabout carries with it a few unmistakable messages: First, when the FBI and law enforcement community are forced to debate digital security in the full light of day, they lose the argument. And second, contrary to popular misconception, Americans care about their digital security, and won’t be frightened into giving it up.

It appears as if the FBI made a major political miscalculation in dragging this fight out into the open. Contrary to government talking points that say Apple’s eagerness to fight the All Writs Act order is nothing but a slick marketing scheme, it was the government—not Apple—that fought to make this legal tussle public. Presumably, the FBI thought it had a case with facts bloody and horrifying enough to win in the court of public opinion. They probably thought they could scare the public into accepting this dangerous precedent by yelling “Terrorism!” loudly enough. And it’s not hard to see why the government decided to roll these dice: If the DOJ could convince Americans that our digital security stands in the way of our safety, it could obtain precedent that would enable every local cop and prosecutor’s office to force even the mightiest technology companies to do their investigatory work for them. That would be a coup for the forensics arms of law enforcement and the FBI, no matter how devastating it would be to global cyber security.

But thankfully,  FBI director Jim Comey, the Obama Justice Department, and their advisors miscalculated. The wave of public opposition to the FBI’s demand must have felt like a tsunami at the Hoover building in Washington.

First there was Tim Cook’s public letter to Apple customers, which explained in stark, non-technical terms the exact dangers of the government’s demand. “Compromising the security of our personal information can ultimately put our personal safety at risk,” Cook wrote, setting the tone for the debate.

Then the pro-digital security amicus briefs began rolling in. Law professors, security experts, technology companies throughout Silicon Valley and beyond, civil liberties and human rights groups, consumer privacy organizations, and even telecom giant AT&T informed the court they were #TeamApple. In hiring famous attorney Ted Olsen to join its star-studded legal team, Apple made it clear the company was prepared to litigate the case all the way to the Supreme Court—where it planned to win.

Next came an New York Times editorial that decried any law that would force technology companies to weaken their security protocols because “there’s a very good chance that such a law…would make private citizens, businesses and the government itself far less secure.” The Boston Globe’s editors also chimed in to support Apple’s position, warning that “once Apple is compelled to create new security-weakening software, the genie will be out of the bottle.” The Globe concluded that while the government has legitimate interest in the case, “the power it is demanding to further that interest is unreasonable and dangerous.”

Finally, the core argument underlying the FBI’s legal demand began to unravel in a very public and embarrassing fashion. The FBI claimed it couldn’t get inside the iPhone without Apple’s help, and therefore needed a court to force Apple to hack into its own product for the government. But technology experts questioned that foundational claim.

On March 7, ACLU technologist Daniel Kahn Gillmor published a blog post outlining in detail how the NSA or a similarly well-funded entity with technical expertise would be able to hack the iPhone without Apple’s help. The following week, counterterrorism expert and advisor to four American presidents Richard Clarke told NPR the same thing. The FBI doesn’t need Apple to get inside the phone, he said. The NSA could help. It’s the precedent the FBI is after here, not the data on the phone, Clarke told a stunned NPR journalist.

Only now, weeks later, is the government acknowledging that what these experts say is likely true: It might not need Apple’s help to get into the phone, after all. That’s…awkward—and calls into question the credibility of an FBI that wants the public to trust it with our most sensitive information, and the keys to the cryptographic kingdom.

In short order, a case the FBI must have believed would be a slam-dunk turned into a public relations nightmare. And that’s likely the best explanation for why the Department of Justice has turned heel and backed down, at least temporarily, from this legal fight. After all, the government must be acutely aware that it now is not likely to get the precedent it sought. Worse yet for the government, if the case is allowed to proceed, it may face a ruling establishing that the state cannot use the All Writs Act to compel technology companies to do the FBI’s dirty work.

So what’s next?

The FBI is unlikely to give up on its anti-encryption crusade. We must therefore be vigilant, keeping an eye on the courts to make sure the government isn’t trying to obtain the same precedent behind closed doors. A large technology company like Apple may not back down without a fight, but smaller firms likely don’t have the ability or desire to go up against the Department of Justice. We’ve got to make sure the government doesn’t simply pick on a little guy, having realized it can’t beat a giant like Apple into submission.

Second, we need to watch what happens in Congress, and be prepared to mobilize quickly to fight any efforts there to force tech companies to weaken their security products on behalf of the government. A bipartisan bill set to emerge from of the Senate Intelligence Committee will reportedly “give federal judges clear authority to order technology companies like Apple to help law enforcement officials access encrypted data.” Any such legislation must fail. Instead, Congress should pass legislation that would ban surveillance “backdoors” for government agencies, like Senator Ron Wyden (D-OR) proposed in a failed amendment to last year’s CISA cyber-surveillance bill.

Overall, this latest bit of drama in the ongoing crypto-wars highlights an important shift in the public debate when it comes to matters related to physical and digital security. For fifteen years, since the 9/11 attacks, the security state and its apologists have had great success in forcing unconstitutional and dangerous surveillance policies down the throats of a fearful population. But the debate has begun to shift, despite the near weekly occurrence of horrific terrorist attacks in the West like the one Brussels suffered just this morning.

The conversation about security is becoming more sophisticated, meaning that people are beginning to realize that digital security provides, rather than impedes, physical security. In that way, the FBI’s decision to withdraw, for now, from its legal battle with Apple marks a turning point in American history—away from fear, and towards reason. No matter how this battle eventually shakes out, that alone is cause for celebration.

UPDATE: Take action! Tell your congress members to oppose any measure that would weaken digital security.

© 2018 ACLU of Massachusetts.