The fierce debate over whether the FBI can and should compel Apple to create a special version of its operating system to allow the FBI to bypass security and encryption features to unlock the San Bernardino shooter’s iPhone touches on many legal, policy and technical issues.
We at the Online News Association are specifically concerned with the ramifications such an action has for journalists. We don’t question the FBI’s motives for wanting to learn more about Syed Rizwan Farook and his contacts, but we do question the wisdom and the legality of demanding Apple create what amounts to a master key making it possible to unlock any of its devices. That should strike fear into every journalist with a smartphone in her pocket or a computer on his desk.
Whatever its motives, Apple touts the iPhone as having strong encryption by default to protect users’ privacy. Without a user’s iPhone passcode or fingerprint, data — including photos, messages, contacts, reminders, call history and health information — are inaccessible from the phone itself, even by Apple. And attempts to bypass that security can cause the phone’s data to be destroyed. Even so, Apple has tried to help the FBI recover data via iCloud backups and other means.
Apple prioritized device security after the infamous celebrity photo leak in 2014, when hackers were able to gain access to iPhone backups. It was a black eye for the company, which has since redoubled efforts to keep user data secure, and a striking reminder that there are those who can and will actively work to gain unauthorized access to our personal information.
Law enforcement’s concerns that encryption hampers its ability to monitor the activities of terrorists, or even — in the case of San Bernardino — gain information after a tragedy has occurred, are understandable. But creating special software doesn’t just give the FBI access to a single device; it creates what amounts to a master key that undermines the security of every device. As soon as the new software is made, the temptation to use it in future cases will be undeniable, and the desire for criminals to get their hands on it will be unquenchable.
This isn’t idle speculation; the threats to journalists are real. Under former Attorney General Eric Holder, the Justice Department seized the records of 20 Associated Press phone lines, as well as the phone records and emails of a Fox News reporter. Imagine what it would mean to the security of journalists, and more importantly, their sources, if the government had demanded reporters’ phones and could pry them open.
The Director of National Intelligence signed a directive in 2014 forbidding intelligence officials from communicating with the news media. Imagine if the National Security Agency had a way to peek into its employees’ phones, just to make sure that directive was met.
In 2013, the Associated Press was the target of a successful coordinated effort to gain access to its social media accounts, resulting in a bogus tweet about a bombing at the White House, which caused the stock market to temporarily plunge. Imagine if the perpetrators had gotten access to Apple’s special software and an AP reporter’s device.
Not only is requiring Apple to create new software a dangerous policy, there are considerable legal and constitutional concerns. Perhaps most concerning to us are the First Amendment implications. While there are instances where the government can compel speech, such as disclosing factual information — food labeling is a good example — this case is different.
The court order the FBI obtained requires Apple to both write new code, which already has been deemed a First Amendment expression, and to digitally sign it. The digital signature is key, because without it, the code can’t be installed on the phone. And since the signature is there to ensure code integrity, compelling Apple to give its approval to code specifically designed to undermine security is, we believe, unconstitutional.
This is especially relevant to us, not only because of our fierce defense of the First Amendment, but also because it is easy to predict where this could go: News websites being compelled to include bad code on their pages and apps designed to monitor activity on behalf of the government, all while representing to users that the sites are safe.
And if this precedent is set in the United States, where does that leave Apple — not to mention journalists and the public — when more repressive countries demand the same access?
For these reasons, ONA supports Apple as it pushes back against this unreasonable demand by the FBI, especially as there may be other ways to gain the information the FBI seeks. Creating what amounts to a master key for one iPhone is neither wise nor legal. It harms the security — personal and national — for us all.