Apple versus the State: the end of the beginning
7 Apr 2016|

Image courtesy of Flickr user Eric Fidler

With a war of words akin to the build-up to a heavyweight boxing match, the highly anticipated courtroom battle between Apple and the FBI was called off, leaving fight fans without a clear cut understanding of who had won or lost. Just hours before the court case was to commence, the US Department of Justice announced that they postponed due to a ‘third party’ demonstrating a viable technique for accessing the iPhone that belonged to one of the San Bernardino shooters.

Despite some headlines stating that the ‘encryption battle’ was now over, the opposite is true. We’re only at the beginning of what is shaping up to be a second crypto war. The fall out of this incident will be drawn out and messy, with clear cut winners hard to identify.

The first and most obvious outcome is that relations between the US law enforcement community and the US tech industry are going to be fragile at best, insurmountably riven at worst. Post-Snowden, it’s taken a great deal of effort to re-establish trust and rebuild productive relationships. Clearly relationships between the private sector and US government have been tarnished by the case. With so many companies strongly supporting Apple’s stance, it’s difficult to imagine that they will be less wary of future US government requests for assistance.

What did Apple’s relationship with the State look like before the court case? While Apple haven’t highlighted their previous cooperation with the FBI and the White House, they have at times enjoyed strong collaboration, especially—and ironically—when working together to persuade China against adopting strong new anti-encryption policies. The FBI has agents assigned to work with Apple. Tim Cook had contributed money to both of Obama’s presidential campaigns, and has met with White House officials at least 14 times since 2010. It’s hard to envisage such a degree of cooperation returning for some time.

Second, it’s likely that the quality and standard of encryption will be raised by the tech industry. The public’s increased awareness of what encryption is and its benefits for their privacy will further complicate the government’s access to encrypted data. Having found a way into the iPhone, the FBI have shown that they can circumvent Apple’s much-lauded security. You can guarantee that Apple’s finest minds are attempting to decipher how the FBI hacked the phone in order to ‘plug’ that hole quickly. And now that we know that a security vulnerability exists, it’s certain that the world’s white and black hat hacker communities and private sector entities are also focused on finding it.

While FBI officials have outlined their thinking on when they decide to disclose a flaw, they are clearly in no hurry to share their discovery with Apple, demonstrated by the fact that they have already offered to unlock another iPhone belonging to two teenagers accused of murder.

All of this points towards a competition between the private sector and the FBI in relation to encryption, which surely can’t be a healthy platform from which to reach any sort of consensus and cooperation in the future.

Third, the second crypto war is now coming squarely to the attention of the US Congress who are now taking their first steps towards providing a legal framework around the issue. Since December 2015, Senators have been drafting an encryption bill that would apparently authorise federal judges to order tech companies to provide encrypted data to law enforcement. But with the way that encryption is heading, there are questions around whether compliance will even be possible. Other efforts in the House of Representatives have been made to study the intricacies of encryption in order to understand the unintended consequences of legislative responses. That of all points towards an energised political debate and a Congress that’s looking to act.

As Obama so sagely advised in a recent talk, now’s the time to be thinking about appropriate legislative changes. He rightly stated that in the wake of major terrorist attacks or major acts of crime, the public’s positon sways in favour of strong law enforcement agencies and could result in ‘sloppy’ and poorly crafted legislation on encryption being pushed through the political cycle. We can be absolutely certain that this is unlikely to be the last time a law enforcement agency tries to compel a tech company to help bypass security measures.

So what’s happening in Australia in relation to this issue? Both of Australia’s major political parties explicitly rejected a Senate motion calling on the Government to support public use of strong encryption technologies, in a move that coincided with the Apple case in March. The Attorney-General George Brandis also spoke on the issue, stating that he would ‘expect that all order of courts should be obeyed by any party which is the subject of a lawful order by a court.’ Yet he acknowledged that encryption’s ability to make certain evidence inaccessible is a serious problem for law enforcement. We know that Prime Minister Turnbull himself is a fan of encrypted communications, however he’s also fully cognisant of the challenges that face the national security community. So it’s hard to know exactly where he might fall on the issue.

What’s certain is that we need to have a focused debate on what will be a key security issue over the coming years, between public and private sectors: a conversation that ASPI’s ICPC will support and facilitate.