The iPhone unlock dispute between Apple and the U.S. Department of Justice is escalating rapidly. While trying to publicly defuse the dispute, Apple is privately preparing a legal battle with the Justice Department to defend the iPhone’s encryption system, people familiar with the matter said. Now, Apple is walking a tightrope between customers and the Trump administration, and it’s getting thinner.
Apple CEO Tim Cook has called on a handful of top advisers to discuss policy responses as President Donald Trump and Justice Secretary John Barr blast Apple. The U.S. Department of Justice says Apple did not provide any substantive help in unlocking the iPhone of a suspect in the shooting at Pensacola Naval Base in Florida.
Apple executives were surprised by the rapid escalation of the incident, people familiar with the matter said. Among Apple’s team, which is responsible for addressing the issue, some question and wonder about the Justice Department’s approach, arguing that it has not given up enough time to use third-party tools to crack the iPhone.
Apple is caught in a dilemma.
The escalation turned into a sudden crisis for Apple, leaving Cook in a dilemma. Cook has long promised to protect user privacy, but has faced accusations from the U.S. government that it is putting the public at risk. The incident is similar to Apple’s encryption dispute with the FBI in 2016, when it involved another dead gunman’s iPhone, which dragged on for months.
This time, Apple is facing an unpredictable Trump administration, and the stakes are high. Mr. Cook has built an unusual ally with Mr. Trump, which has helped Apple largely avoid tariff shocks. Now, the relationship is being put to the test, as Cook faces one of Trump’s closest allies.
“We’ve been helping Apple on trade and many other issues, but they’ve refused to unlock the phones used by murderers, drug lords and other violent criminals. Now they must act to help our great nation. Trump just tweeted.
Apple declined to comment on Trump’s tweets Tuesday. Apple issued a statement late Monday, dismissing U.S. Attorney General Barr’s accusation that he failed to provide substantive assistance in the shooting investigation, saying encryption is “critical to protecting our nation and our user data.”
But Apple has also taken a conciliatory tone, suggesting that the company does not want things to escalate. Apple said it was working with the FBI on the shooting at the Pensacola naval base, and its engineers had recently held a conference call to provide technical assistance to the FBI. “We will do everything we can to help them investigate this tragedy that has attacked our country. Apple said.
Cook resigned for privacy
At the heart of this dispute is whether security or privacy is higher than anything else. Apple has said it will not help the government open the iPhone or bypass encryption by setting up a “backdoor” because it would create a “slippery slope” that would harm people’s privacy.
The Administration argues that the provision of assistance does not depend on Apple, as the Fourth Amendment allows the government to violate privacy for the benefit of public safety. In a speech last October, Mr Barr said privacy was never an absolute right in the constitution.
In 2016, cook publicly spoke out about his privacy stance when Apple fought an FBI-winning court order asking him to unlock the iPhone of the San Bernardino, California, shooter. Apple says it may be able to unlock the iPhone within a month with a team of six to 10 engineers. But in a 1,100-word open letter to Apple customers, Mr Cook warned that creating a way for the government to open a user’s iPhone would undermine the freedom the government wants to protect.
Bruce Sewell, Apple’s former general counsel, was in charge of a 2016 dispute with the FBI. In an interview last year, he said Cook had put his reputation on privacy. Mr. Swell said Mr. Cook was prepared to leave if Apple’s board disagreed at the time.
Apple and the U.S. government had a heated argument over the San Bernardino case until a private company found a way to unlock the shooter’s iPhone. Since then, Cook has made privacy one of Apple’s core values. That separates Apple from other giants such as Google and Facebook, which are under scrutiny for selling ads by collecting user data.
“It’s a fantastic marketing,” Scott Galloway, a marketing professor at New York University, said of Apple, who has written a book about tech giants. “
Now, a small team of Apple companies led by Mr. Cook is trying to find an external solution that would not compromise the company’s security of autonomous systems, or even prepare a legal battle for it, people familiar with the matter said.
Old iPhone, third party can’t open it?
Apple’s internal confusion about the Justice Department’s practice is that the police have used a software vulnerability to open the iPhone, so why not seek third-party help again? The two iPhones involved in the shooting at the Pensacola naval base were the iPhone 5 and iPhone 7 Plus, according to people familiar with the matter.
The phones were released in 2012 and 2016, respectively, and do not carry Apple’s most sophisticated encryption system. The iPhone 5 is even older than the iPhone 5C in the San Bernardino case.
Security experts and former Apple executives say at least two companies have long been able to bypass the iPhone’s encryption systems, Cellebrite and Grayshift. Cellebrite said in an email that the company has helped thousands of companies around the world legally access and analyze digital information, but declined to comment on the Pensacola shooting. Grayshift declined to comment.
Cellebrite and Grayshift’s tools took advantage of the iPhone’s software vulnerability to remove the limit on the number of passwords a device can try to enter before erasing data, the researchers said. In general, the iPhone allows 10 password entry attempts, all of which will erase the device data. Cellebrite and Grayshift’s tools use the so-called “violent attack method”, which automatically tries thousands of passwords until one is successful.
“The iPhone 5 is too old, and Cellebrite and Grayshift will certainly be able to crack it as fully as Apple does. Nicholas Weaver, a lecturer at the University of California, says he teaches iPhone security.
Chuck Cohen, who was in charge of Indiana police’s hacking of encryption devices, recently retired. He said he would regularly use Grayshift’s $15,000 device to crack the iPhone, especially the older ones, but the tools don’t always work.
Cellebrite unveiled a new tool Tuesday that could be used to crack the iPhone in the Pensacola shooting. Cellebrite pushed updates to its UFED Physical Analytics client analytics software, which helps law enforcement and other customers extract and analyze some of the information on their iPhones. The tool uses a vulnerability called Checkm8, which is capable of cracking iPhone chips released between 2011 and 2017.
In the San Bernardino case, the U.S. Department of Justice’s Office of the Inspector General later found that the FBI had not tried all possible solutions before trying to force Apple to unlock the iPhone. In the latest Pensacola shooting, Barr and other Justice Department officials said they had tried everything, but declined to elaborate on why third-party attacks prevented the iPhones involved. The FBI wants to know from the iPhone that the suspect acted alone or in partnership with others.
“The FBI’s technical experts and outside consultants played an indispensable role in this investigation,” an FBI spokesman said. After all the failed attempts to open the gunman’s iPhone, the next step is to talk to Apple for help. “
Security researchers speculate that the FBI may have tried to unlock the gunman’s iPhone using a violent attack method, but significant physical damage may have prevented them from using third-party tools to open the phone. FBI photos show the gunman firing a shot at the iPhone 7 Plus and trying to damage the iPhone 5.
The FBI says it has repaired the iPhone in the lab and is able to turn it on but still can’t bypass the encryption system. Any physical damage that prevents third-party tools from working can also hamper Apple’s solutions, according to security researchers and former Apple executives.
“Apple designed these phones and deployed their encryption systems,” a Justice Department spokesman said in an email. It’s a straightforward request: Is Apple willing to help us unlock the gunman’s phone? “
While Apple has fixed a vulnerability that police have exploited to unlock devices and denied law enforcement requests for data, it is also helping police obtain information from their phones in cases where they don’t need to crack encryption. Apple has held seminars for the police department on how to quickly access a suspect’s cell phone. Apple has also set up hotlines and dedicated teams to assist police in cases that require urgent processing.
Over the past seven years, Apple has also met about 127,000 requests from U.S. law enforcement to provide data stored on the company’s computer servers. This data is not encrypted and may be accessible without a password.
In 2016, when Apple’s standoff with the U.S. government reached its most tense point, Cook said Congress should pass legislation to establish a line between public safety and technology security. Apple even found an applicable law: the Legal Enforcement Assistance Act (CALEA), according to court documents.
Barr said Monday that the Trump administration has resumed discussions with Congress about proposing such legislation.