The Behind-the-Scenes Fight Between Apple and the FBI
On June 2, 2014, Apple Inc. Chief Executive Officer Tim Cook took the stage at the company's Worldwide Developers Conference in San Francisco to tout the iPhone's latest mobile-operating system, iOS 8. With more than 6,000 developers and technology enthusiasts cheering them on, Cook and other executives showed off new text messaging features, a health-tracking tool and an updated photo app.
Not once during the two-hour presentation did Cook & Co. mention what would prove to be the most consequential software development of all. Tucked inside the new OS was a dramatic change to how Apple encrypts data on iPhones. The new system made it impossible for government investigators—and even Apple itself—to pull information from a device without a passcode.
Following the event, Apple gave the Federal Bureau of Investigation early access to iOS 8 so it could study how the new system would change evidence-gathering techniques, according to people familiar with the software's development. The agency quickly realized Apple had closed an important access point used for years by agents to collect information about criminal suspects. Many in the FBI were stunned. Suddenly, photos, text messages, notes and dozens of other sources of information stored on phones were off-limits.
The new encryption protections set off a behind-the-scenes battle that ultimately spilled into the open last month, when a California judge granted the Justice Department an order requiring Apple to help the FBI unlock an iPhone used by one of the shooters who killed 14 people in San Bernardino, California. Federal prosecutors and Apple will argue their cases before a magistrate judge on March 22.
This story, based on interviews with more than a dozen government officials, technology executives and attorneys tracking the case, charts the 18-month period between the iOS 8 release and San Bernardino attacks—revealing the complicated, up-and-down nature of Washington's relationship with Silicon Valley. At times, Apple and the White House enjoyed good ties, even working together to persuade China not to force phone makers to give authorities a key to unlock a handset's encryption. The administration also didn't give in to FBI lobbying for new legislation that would make it easier to unlock data on mobile devices with warrants.
But the San Bernardino attack changed the dynamic, ratcheting up tensions that had simmered ever since Edward Snowden's 2013 revelations that the U.S. was collecting Americans' personal data. Law enforcement officials had long warned that stronger encryption would eventually shut out criminal investigators. Now they had a case with national security implications they could use to press their argument that Apple had gone too far with iOS 8.
"The reason the relationship went south is the government was expecting some degree of accommodation on the part of the technology companies," said Timothy Edgar, the former director of privacy and civil liberties for the White House National Security Staff from 2009 to 2010. "They were expecting the companies to essentially back down and not go forward with new security measures that would make it impossible for you to access devices or communications. They were caught off guard by basically being told to get lost."
The outcome of the debate, which may ultimately be decided by Congress or the Supreme Court, could set a legal precedent requiring Apple and other technology companies to provide federal investigators with tools to bypass security features. Other countries such as China could follow suit. The U.S. government, meanwhile, risks alienating technology companies who may make their products even more impenetrable. Google Inc., Facebook Inc., Microsoft Corp. and others have leaped to Apple's defense.
"The stakes couldn't be higher," said Alex Abdo, an attorney for the American Civil Liberties Union's speech privacy and technology project, which has filed a brief supporting Apple. "This is an unprecedented legal question with extremely significant policy and technological implications."
Apple, the White House, Department of Justice and the FBI declined to make any officials available for interviews and instead pointed to previous public comments on encryption.
Shortly after Apple previewed iOS 8 in 2014, the company's top lawyer, Bruce Sewell, traveled to Washington to discuss the changes with then-Attorney General Eric Holder and other administration officials. An unflappable intellectual property attorney hired by Steve Jobs in 2009, Sewell explained that the new protections were needed to protect customers' privacy. Hackers were becoming increasingly sophisticated at a time when people were sharing more financial, health and personal data on their mobile devices.
Yes, Apple would still provide investigators with vast amounts of information, such as e-mail and pictures stored on its iCloud servers. But with iOS 8 the company would no longer have access to information stored on the actual device.
Apple has been deluged with government requests for data. The FBI has agents assigned to work with Apple, and the company has a growing team of lawyers around the world whose only job is to respond to law enforcement orders. Apple received more than 5,000 requests from the government in the first six months of 2015, the most recent figures made public by the company.
Within the Obama administration, Apple found some receptive to its arguments for strong encryption. "As a general matter, they laid out a reasonable basis for what they were doing," said James Cole, who served as deputy attorney general from 2011 to 2015 and was involved in discussions between Apple and the government. "In many respects, they had a legitimate interest for what they were trying to protect."
Yet long before iOS 8 was launched, U.S. law enforcement and intelligence agencies had fretted about Apple's encryption, according to a person familiar with the matter. In 2010, the company introduced the video-calling app FaceTime. It encrypted conversations between users. The following year, the iMessage texting application arrived; it, too, featured encryption. While neither of these developments caused a public stir, the U.S. government was now aware how much of a premium Apple put on privacy. The encryption technology made it impossible for investigators or Apple to peek at the contents of FaceTime and iMessage communications, the person said. It's unclear what steps, if any, the government took directly with Apple to address the concerns.
For several years, the FBI pushed the White House to propose new laws that would ensure investigators could access data on phones and other devices with court orders. Officials were close to an agreement on legislation to update communications and privacy laws in 2013, but the Snowden revelations blew up the deal, according to a former U.S. official. After that, there was never again a serious effort to pass the legislation, the official said.
In fact, the bureau's efforts were never universally supported inside the administration, according to Edgar, now a senior fellow at Brown University, who attended some of those early meetings. Officials from the Commerce Department raised concerns about the proposed legislation's impact on U.S. companies, while the State Department worried about issues such as exposing foreign dissidents. The Defense Department didn't want to create new vulnerabilities for its operations, he said. "There was a real split, and there still is," Edgar said.
Added Cole, who is now a partner with the law firm Sidley Austin LLP, which filed an amicus brief in support of Apple: "The United States government is not uniform on this. It's a highly charged issue."
Soon after the iOS 8 launch, FBI Director James Comey blasted Apple's position. "Encryption isn’t just a technical feature; it’s a marketing pitch," he said in an Oct. 16, 2014 speech at the Brookings Institution in Washington. "But it will have very serious consequences for law enforcement and national security agencies at all levels."
"Sophisticated criminals will come to count on these means of evading detection," Comey said. "It’s the equivalent of a closet that can’t be opened, a safe that can’t be cracked. And my question is, at what cost?"
Even as the FBI publicly criticized Apple, the company believed it was approaching common ground with the White House. It didn't hurt that Cook had maintained a constructive relationship with the Obama team. He contributed money to both of Obama's presidential campaigns and has attended major events, including state dinners held for the leaders of China and Canada. In 2013, Obama invited Cook to sit near First Lady Michelle Obama during the State of the Union address. According to government records, Cook has met at least 14 times with White House officials since 2010, including a meeting with Obama on Dec. 2, 2014.
In late 2014, Apple began working closely with administration officials to lobby China against adopting new anti-encryption policies, according to two people familiar with the effort. Under the proposed rules, any company selling smartphones in the country would have to provide the Chinese government with a key to unlock the handset's encryption.
The lobbying worked and China backed off. But Apple took away the wrong impression. The White House hadn't reached any conclusion when it came to what encryption meant for the needs of U.S. law enforcement agencies, one former official said.
The encryption debate festered inside the White House in the following months, consuming meetings and leading the National Security Council staff to draft a memo in the summer of 2015 laying out possible options, including seeking more voluntary cooperation from companies. The administration ultimately decided not to pursue or advocate for any of the proposals, according to a senior U.S. official. A formal decision not to seek legislation was officially made on Oct. 1.
When it became clear that the administration wouldn't support a new law that would help investigators gain access to iPhones and other devices, many FBI agents became frustrated and disappointed. Some recalled that the bureau was pilloried for not connecting the dots to prevent the Sept. 11, 2001, terrorist attacks, according to Leo Taddeo, the former special agent in charge of the New York FBI special operations and cyber division.
If the White House wasn't going to push for new legislation, Comey and other FBI officials decided to become more outspoken about their concerns with encryption, said Taddeo, who is now the chief security officer for cybersecurity company Cryptzone. He said FBI officials were determined to air a "deliberate and open understanding of the risks."
In October, Apple also signaled that it was digging in its heels. The company filed an objection to provide data from an iPhone used by a New York drug dealer. The little-noticed disagreement in a New York courtroom foreshadowed what would come a few months later in California.
Even as the behind-the-scenes debate simmered, Apple continued to work with FBI agents when issued a warrant for evidence that could be accessed on its servers. After the San Bernardino attacks in December, Apple pulled data backed up to its iCloud service from the iPhone used by the shooter, Syed Farook. The company also sent engineers to San Bernardino to help with the data-recovery effort. But when the FBI wanted to override the encryption on Farook's iPhone, the company said it didn't have a special key to unlock the device.
With the investigation underway, Cook attended a meeting in January between Silicon Valley executives and members of the White House national security team to discuss ways the industry and Washington could work more closely to combat terrorism. With Comey, Attorney General Loretta Lynch and White House Chief of Staff Denis McDonough on hand, Cook urged the administration to come out in favor of strong encryption because it would set an example for other countries. The message echoed Cook's statements in earlier months linking privacy to civil rights.
Lynch focused on the detrimental effects of encryption on national security and emphasized the importance of a continuing dialogue to find solutions, according to a Justice Department official. She said that was a priority for law enforcement and intelligence agencies charged with protecting public safety and national security, the official said.
In early February, Sewell, Apple's top attorney, got a call from FBI general counsel James Baker to let Sewell know the agency might file a subpoena seeking Apple's help unlocking Farook's phone. Baker said a final decision hadn't been made, but a few days later Comey testified before a Senate subcommittee that the iPhone carried by Farook might contain evidence that couldn't be accessed because the device was encrypted. The FBI couldn't confirm what was said during the phone call.
On Feb. 16, a magistrate judge in Riverside, California, ordered Apple to help the FBI unlock the phone. Apple executives were shocked the agency had gone public. For years, they had worked closely with the agency in private. In at least two previous instances, including a case in Baltimore, the government had decided against seeking a court order forcing Apple to unlock a phone running iOS 8. Over the next several hours, Apple crafted a response that was posted on the Apple website late at night.
A battle that had been simmering beneath the surface for almost two years was now very public.
The fight shows no signs of ending soon. Obama, a former constitutional law professor, has come out in support of the FBI, calling Apple's view "absolutist." Meanwhile, technology companies including Apple are taking steps to make it even harder to penetrate digital communication. According to Edgar, the former White House official, there isn't much common ground between those points of view.
"Lawyers think privacy is you can't listen to my conversation without a warrant; technologists think privacy is you can't listen to my conversation, period," Edgar said. "It's hard to reconcile those two points of view."
-- With Jordan Robertson in Washington