Attorney General William Barr, Sept. 9, 2019. Photo by Shealah Craighead, courtesy The White House.
Call it the tyranny of low expectations: The FBI’s reputation is so trashed by its misadventures in politics that when it managed to crack an honest-to-goodness terrorism case on its own, Attorney General William Barr still insisted that it needed investigative help.
Then again, Barr is playing politics too by bashing Apple. In Barr’s view, Apple should create keys to its encrypted devices and hand them over to law enforcement, which quite obviously does not need them.
Ordinarily, a press conference like the one Barr and FBI Director Christopher Wray held Monday would be an occasion for crowing about the bureau’s prowess. FBI investigators determined that the gunman, who killed three people and wounded eight at the naval air station in Pensacola, Florida, last December, had links to al-Qaida. But in this case, the crowing sounded a lot more like whining.
Wray complained that the FBI had to develop its own tools to access encrypted data on the assailant’s two iPhones, one of which was a relatively ancient iPhone 5. Hacking such an old model is a relatively trivial exercise to those equipped for such tasks, as Wired observed in its coverage. And Barr renewed the rhetorical assault he launched against Apple in January, where he first griped that the company had not “given any substantive assistance” in unlocking the shooter’s devices.
Apple promptly challenged this claim. The company pointed out that it had turned over relevant iCloud backups, transaction data and account information at the Justice Department’s request. The attorney general didn’t dispute this. The source of Barr’s annoyance, both in January and this week, was the company’s consistent position that it would not help law enforcement break its smartphones’ encryption. Having all but abandoned hope of using courts or public pressure to force Apple to change its stance, Barr apparently hopes to build congressional support for legislation that will give law enforcement what it wants.
It is a curious blind spot for an attorney general who is taking considerable heat for resisting investigative and prosecutorial abuses in other contexts, including his efforts to drop the prosecution of former presidential advisor Michael Flynn. Does Barr think those who targeted Flynn and unmasked his identity in surveilled conversations with a Russian diplomat also should have had backdoor access to private information Flynn kept on his personal devices?
The Pensacola case is not the first clash between Apple and the FBI over Apple’s refusal to build a skeleton key to access its devices. The 2015 mass shooting and attempted bombing in San Bernardino, California also left law enforcement holding an encrypted iPhone with no clear way in. In that case, the disagreement escalated beyond public statements. The Obama-era FBI tried, and failed, to use court orders to force Apple’s hand. This likely influenced Barr’s decision to restrict his pressure to snide public comments.
The outcome of that case echoes this week’s events. In the San Bernardino case, the FBI also broke into an encrypted phone without Apple’s help. Then, as now, law enforcement was able to get into a device on its own. Despite claims from the FBI and the attorney general, Apple’s help turned out not to be essential after all.
The announcement that the Pensacola shooter had been in touch with a suspected al-Qaida operative – information that the FBI retrieved from the encrypted smartphones – should have been a triumphant moment for the bureau. Yet Barr seemingly couldn’t help taking another shot at Apple. At yesterday’s press conference, Barr again emphasized that the Justice Department and the president asked for the company’s help breaking the encryption, but Apple refused. The very subject of the press conference proved such help was not necessary.
The FBI breaking into an iPhone by whatever means it developed is an example of playing the game according to the rules. Whatever vulnerability the FBI exploited, the agency was entitled to make the most of it. This presumes such a vulnerability even existed; maybe the terrorist’s password was his mother’s cat’s name and they just guessed. It isn’t as if weak passwords are rare, after all.
Whenever the FBI or other law enforcement agencies pinpoint an encryption vulnerability, the rest of us would hope they will share that information with device makers and software providers. Otherwise, bad actors could be taking advantage of the same back doors. But for the most part, sharing or not sharing this information is up to the agencies – just as safeguarding customers’ privacy is up to Apple and its peers. As Apple noted in January in response to Barr’s criticism, “We have always maintained there is no such thing as a backdoor just for the good guys. Backdoors can also be exploited by those who threaten our national security and the data security of our customers.”
Apple and its customers are entitled to keep the keys to their private data private. CEO Tim Cook and other company leaders will need to keep fighting for that right – even as this case provides one more counterexample to Justice Department’s long-standing claims that Apple’s help is essential. The FBI found its own way through Apple’s locked door, as it has done in the past, and as it will again.