Apple, in refusing backdoor access to data, may face fines
This week, The New York Times reported that the Justice Dept. served Apple with a court order in a case "involving guns and drugs," demanding it provide real-time access to iMessage, Apple's proprietary service for sending messages between iPhones.
Apple refused -- not because it necessarily wanted to, but because it couldn't comply. The iPhone and iPad maker reportedly told the feds that the service is encrypted, making it impossible for the company let alone the feds to access the data they demanded, unlike phone companies which, under US wiretap laws, are required to comply.
The criminal case is under seal in an unidentified U.S. federal court.
THIS IS STILL A THING?
Apple's defiance comes at a time when the FBI is pushing for access to user data in the wake of the claims that the U.S. government had access to Silicon Valley systems through its PRISM surveillance program. In response to allegations it was complicit in spying on Americans, Apple quelled fears by revealing its iMessage texting and FaceTime calling services were encrypted and unable to be wiretapped, and said even it "cannot decrypt that data." Around the same time, the company proceeded to offer device encryption, forcing feds to go directly to the suspect in question to get access to some user data.
Those two events, with other companies threatening to follow suit, have caused considerable stress for the Obama administration.
Speaking to The Times, officials from the Justice Dept. and the FBI "advocate taking Apple to court," though their motives are unclear. One possibility is that the government will demand that Apple creates some kind of backdoor, a move which chief executive Tim Cook said he would "never allow" to happen. Cook went on to say -- presumably referring to the government -- that "they have to cart us out in a box before we would do that."
It's a strong enough sentiment, but every person -- and company -- has a breaking point.
Despite Apple's assurance that it it won't -- and can't -- create a backdoor for government access, security experts and researchers have claimed the contrary -- specifically that Apple's system has a weakness that could allow the government a way in.
Security researcher Nicholas Weaver last month outlined on legal blog Lawfare how Apple's "sin-of-omission" allows the feds to wiretap iMessage conversations. The messaging system contains a flaw in how iPhone users verify each other, said Weaver. He refers to a "lurking security landmine" in how Apple allows users to backup messages to its cloud, which not only can be subpoenaed but is also turned on for users by default.
"The obvious flaw in this system is that the government could potentially force Apple to add an additional public key to your account, which would be analogous to registering an extra device," said cryptography expert Matthew Green in an email. "Now everyone who sends you a message will be unknowingly encrypting an additional copy of the message to this new 'ghost device.' If the government runs that device, they can tap your messages."
Simply put: Apple could be forced to allow the FBI to impersonate an iPhone user, which would in effect allow the agency to siphon off a suspect's messages as they come in.
Green added that services like WhatsApp and Signal are "also vulnerable to similar attacks."
"The real question is: could the government force Apple to do this against its will?" said Green. "Could a court force them to modify their technology in order to make eavesdropping possible?"
That's a question which has been, to a degree, answered before.
Even if Apple says there is no way for it to create a backdoor, there's always one other option the government has up its sleeve: the threat of heavy financial sanctions.
By sheer coincidence, it was exactly a year ago on September 11, 2014 that Yahoo was able -- for the first time -- to shed light on its secret FISA Court battle with the US government almost a decade earlier. The Bush administration was pushing the Web giant into "joining" the PRISM program, a move that Yahoo "refused to comply with what we viewed as unconstitutional and overbroad surveillance."
The administration pushed for contempt, at which point Yahoo buckled. The company was faced with daily fines of $250,000 per day, which would double each month. By month five, Yahoo would have faced fines upwards of the entire U.S. national debt, and then some.
Could that happen to Apple, or any other company?
"The courts can effectuate their own orders and hold companies in contempt or impose sanctions," said EFF staff attorney Andrew Crocker. "If you look at the litigation from 2007 that Yahoo was fighting in the [FISA Court]... that was an example of a fairly extreme attempt of a court trying to enforce its own order."
A company like Apple with that much money -- said to be more than $200 billion in cash -- wouldn't go down without a fight, and could potentially have a considerably negative effect on U.S. stock markets.
The Justice Dept.'s ongoing, sealed case against against Apple could escalate from the federal court it's at now -- if it hasn't already -- to the same secretive Washington DC-based surveillance court to which Yahoo was summoned. Security expert Bruce Schneier said in a recent blog post that there is "a persistent rumor going around that Apple is in the secret FISA Court, fighting a government order to make its platform more surveillance-friendly -- and they're losing."
Apple declined to comment on the record.
Because of the secretive nature of the FISA Court, we may never know if Apple has been, or will be in the future, forced to comply with a seemingly immoral or technologically impossible task.
Apple may have power and might, and more of the public on its side than any party in politics ever will, but the government has the power to bring that all crashing down by levying unreasonable and far-reaching financial sanctions.