As part of its iOS 8 software upgrade in October 2014, Apple announced it enhanced data encryption on its products to provide stronger security and privacy protections for customers. [1] Part of the upgrade included a feature that would erase all encrypted data on the iPhone after ten consecutive incorrect passcode attempts. [2]
In the wake of the San Bernardino mass shooting, the FBI sought a court order to compel Apple to access the iPhone of one of the shooters, Syed Rizwan Farook. [3] The Bureau argued the encrypted data on Farook’s phone would provide the investigation with vital clues about the shooting. [4] Apple resisted the Order, claiming it was no longer technologically feasible for the company to comply with government search warrants with its more advanced software. [5] Instead, Apple would be forced to create a “back-door” for law enforcement to access consumers encrypted data and bypass the iPhone’s password protection by writing completely new code. [6]
The privacy and security concerns presented have much more sweeping implications beyond this dispute. First, courts have held that computer code is a form of speech within the meaning of the First Amendment, so forcing Apple to write a new form of software for the FBI to access encrypted data is arguably a constitutional violation. [7] “When the government seeks to compel speech, such action triggers First Amendment protections.” [8]
Another concern arises from the FBI’s desire for a bypass or “back-door” for access. If companies such as Apple are routinely forced to grant law enforcement access to encrypted data, it would be difficult to create a limit to that authority. The iOS 8 system was created with the intent to provide stronger security and data privacy for users and the government is asking those same engineers to effectively weaken that protection. [9] More broadly, weakening the encryption system exposes Apple’s technologies to vulnerabilities that could be exploited by hackers and other foreign entities. [10] The implications for consumers and national security are apparent.
From the government and law enforcement’s perspective, accessing encrypted data holds the potential to thwart possible terror attacks and safeguard our nation’s intellectual property. [11] In this case specifically, “Mr. Farook’s phone… may hold vital clues about where he and his wife traveled in the 18 minutes after the shootings, and about whom they might have contacted beforehand.” [12]
The FBI eventually found a way into the phone using assistance from an unnamed third party, averting the need to set a dangerous precedent with respect to the tension between privacy and protection. [13] Although this case centered on the inaccessibility of encrypted data, “there is no debate that, when armed with a court order, the government can get text messages and other data stored in plain text.” [14]