After months of trying, the FBI successfully broke into iPhones belonging to the gunman responsible for a deadly shooting at Pensacola Naval Air Station in December 2019, and it now claims he had associations with terrorist organization al-Qaeda. Investigators managed to do so without Apple’s help, but Attorney General William Barr and FBI director Christopher Wray both voiced strong frustration with the iPhone maker at a press conference on Monday morning.
Both officials say that encryption on the gunman’s devices severely hampered the investigation. “Thanks to the great work of the FBI — and no thanks to Apple — we were able to unlock Alshamrani’s phones,” said Barr, who lamented the months and “large sums of tax-payer dollars” it took to get into devices of Mohammed Saeed Alshamrani, who killed three US sailors and injured eight other people on December 6th.
Apple has said it provided investigators with iCloud data it had available for Alshamrani’s account and other technical assistance, though it wasn’t enough to bypass the encryption of Alshamrani’s iPhones. So authorities spent many weeks trying to break in on their own.
Wray chastised Apple for wasting the agency’s time and resources to unlock the devices. “Public servants, already swamped with important things to do to protect the American people — and toiling through a pandemic, with all the risk and hardship that entails — had to spend all that time just to access evidence we got court-authorized search warrants for months ago,” he said. Wray also claimed the delay would’ve given any potential co-conspirators months to delete evidence and prevent the FBI from piecing together the whole trail.
“Apple’s decision has dangerous consequences for the public safety and the national security and is, in my judgement, unacceptable,” Barr said. “Apple’s desire to provide privacy for its customers is understandable, but not at all costs. There is no reason why companies like Apple cannot design their consumer products and apps to allow for court-authorized access by law enforcement, while maintaining very high standards of data security. Striking this balance should not be left to corporate board rooms.”
Throughout the recent debates on encryption policy, Apple has insisted that it’s impossible to create a “backdoor” in the way that Barr describes since any such tool could fall into the wrong hands and dismantle the security of iPhones globally. The company has regularly handed over iCloud backup data where available, and according to a Reuters report from earlier this year, Apple abandoned plans to fully encrypt those backups due to FBI complaints. But it has steadfastly refused to compromise the local storage of iPhones. “Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data,” CEO Tim Cook said in 2016.
Attorney General Barr hasn’t been swayed by Apple’s arguments. “We are confident that technology companies are capable of building secure products that protect user information,” he said today, “and at the same time, allow for law enforcement access when permitted by a judge — as Apple had done willingly for many years and others are still doing today.”
Apple and the FBI have been at odds over encryption policy since 2016 when the FBI sought data from an iPhone connected to the San Bernardino terrorist shootings. The bureau asked Apple to create an alternate version of iOS that would make breaking into the device easier, but the company refused over the security implications this would have for all iPhone owners. “We believed it was wrong and would set a dangerous precedent,” a spokesperson told The Verge at the time.
After a number of filings, the FBI withdrew its legal case after it found a way into the iPhone without Apple’s assistance. Still, officials have continued raising concerns with encryption in the years since.
According to Wray, the FBI’s method for getting into Alshamrani’s devices won’t be of much help for other investigations. “The technique that we developed is not a fix for our broader Apple problem; it’s of pretty limited application,” he said.
Apple responded to Barr and Wray on Monday afternoon. The company reiterated that there’s “no such thing as a backdoor only for the good guys” and said “the American people do not have to choose between weakening encryption and effective investigations.”
Apple’s full statement:
The terrorist attack on members of the US armed services at the Naval Air Station in Pensacola, Florida was a devastating and heinous act. Apple responded to the FBI’s first requests for information just hours after the attack on December 6, 2019 and continued to support law enforcement during their investigation. We provided every piece of information available to us, including iCloud backups, account information and transactional data for multiple accounts, and we lent continuous and ongoing technical and investigative support to FBI offices in Jacksonville, Pensacola, and New York over the months since.
On this and many thousands of other cases, we continue to work around-the-clock with the FBI and other investigators who keep Americans safe and bring criminals to justice. As a proud American company, we consider supporting law enforcement’s important work our responsibility. The false claims made about our company are an excuse to weaken encryption and other security measures that protect millions of users and our national security.
It is because we take our responsibility to national security so seriously that we do not believe in the creation of a backdoor — one which will make every device vulnerable to bad actors who threaten our national security and the data security of our customers. There is no such thing as a backdoor just for the good guys, and the American people do not have to choose between weakening encryption and effective investigations.
Customers count on Apple to keep their information secure and one of the ways in which we do so is by using strong encryption across our devices and servers. We sell the same iPhone everywhere, we don’t store customers’ passcodes and we don’t have the capacity to unlock passcode-protected devices. In data centers, we deploy strong hardware and software security protections to keep information safe and to ensure there are no backdoors into our systems. All of these practices apply equally to our operations in every country in the world.