On Monday, the government withdrew its order compelling Apple to help the FBI hack into an iPhone used by one of the San Bernardino shooters. The development ended a seven-week legal standoff between the Justice Department and the most valuable company in the world.
Let’s not mince words: Monday’s development was a clear victory for Apple. It didn’t want to help the FBI break into Syed Farook’s iPhone, and as it turns out, it didn’t have to.
But Apple’s battle to protect user data on its devices has only begun. Because of the way the government withdrew its case, the victory won’t impact the way the government handles similar cases in the future, and Apple might have to fight the same battle over and over again.
“From the beginning, we objected to the FBI’s demand that Apple build a backdoor into the iPhone because we believed it was wrong and would set a dangerous precedent. As a result of the government’s dismissal, neither of these occurred,” an Apple spokesperson said in a statement.
Although the FBI claimed the San Bernardino case was “only about one phone,” Apple has repeatedly positioned this case as merely the tip of an iceberg.
Now, the fight moves to three new fronts:
Apple has work to do at home
The most pressing issue facing Apple is the chance that the FBI has discovered a security flaw in the iPhone that it won’t reveal to Apple or the public.
The government said the reason it withdrew is that it had found an alternative workaround that allowed it to access the data on Syed Farook’s iPhone — but it didn’t detail what that security hole was, nor the contractor that provided it. The FBI’s silence on the exploit means that there’s always going to be a lingering question over whether Apple’s devices are truly secure.
An Apple lawyer said last week that it would insist on learning the vulnerability that the government used, but it may have no ability to gain that information if the case was dropped, as happened on Monday.
The result? An immense amount of speculation over who exactly has successfully hacked the iPhone, with some of the best leads being suspicious invoices between the FBI and Apple partners.
Apple needs to put this lingering fire out, and the FBI isn’t likely to help.
On Capitol Hill
Apple has been very clear in repeated statements that it believes that the question of whether law enforcement officials should have a workaround to access encrypted data is an issue for Congress to decide.
Apple can lock down the security flaw that might have opened a way for it to help the FBI hack Farook’s iPhone. In fact, several Apple representatives and executives have signalled that they intend to make Apple’s device security basically unbreakable in the future. Then the company will move onto Apple’s online services, like iCloud.
But even if Apple had the best security in the world — the company says it’s in a constant “arms race” against hackers — it wouldn’t matter if Congress passed a law requiring Apple to place a “backdoor” into its software.
It might take years for Congress to pass that law, though. Members of the House Homeland Security Committee have introduced legislation to form a commission to recommend a new encryption policy for the government. Hearings have not been scheduled yet.
To recap: the bill to create a committee to write a potential law has not been scheduled for debate yet. It looks as if it’s going to be a while, possibly years, before any actual laws are passed.
Apple has historically spent less on DC lobbying than its peers like Microsoft and Google, but given the importance of this congressional battle, that might be changing soon.
In the courts
Apple’s not even done fighting in federal courts. The first time Apple fought back against this type of government request for technical assistance was in a drug dealer’s case in New York City that became public last fall.
The most recent volley in that case was a searing opinion issued by the magistrate judge overseeing the case ruling in Apple’s favour calling the FBI’s argument “unjustified.” The government appealed that order. Reuters reported on Tuesday that the government will need another two weeks to decide whether to pursue the Brooklyn case.
And that’s not even the only pending case — according to court filings, there are at least 12 other cases in which the government is trying to access a password-protected Apple device. The only catch is that those cases are currently under seal, meaning that the vast majority of them will remain mostly secret until the issues are resolved.
And then there’s the very real possibility that Apple faces orders for technical assistance in the secret United States Foreign Intelligence Surveillance Court. Court orders from the FISA court remain classified even for years after the trials have ended. In the past, it’s been revealed that the government has gone after tech giants like Yahoo for not providing technical assistance with its controversial Prism surveillance program revealed by whistleblower Edward Snowden.
As it turns out, Yahoo’s lawyer in that case, Marc Zwillinger, is now Apple’s lawyer for the San Bernardino case and other encryption cases.
In 2014, Apple’s “warrant canary” — a pre-existing disclosure in transparency reports that states the company hasn’t received a FISA court order — went missing, suggesting that Apple had received an order from the FISA court that it couldn’t talk about publicly.
But it may be years before a possible Apple FISA case, if it even exists, will hit the light of the day. If Apple proved anything during the San Bernardino saga, it’s that it will fight for its users’ data, and that stance should still apply to court battles that are not public.