The Department of Justice’s top national security lawyer says Apple is ignoring a simple resolution to its standoff with the FBI over whether it can be legally compelled to help unlock an iPhone used by one of the shooters who killed 14 people in San Bernardino, California, last December.
Apple CEO Tim Cook is defying a court order that requires his company to create software that would allow the FBI to guess the passcode to the iPhone used by shooter Syed Rizwan Farook. Cook says that such software could somehow leak out and be used on other iPhones, and that establishing a legal precedent for the government to coerce tech companies to weaken security is dangerous.
But John Carlin, assistant attorney general for national security, said Tuesday that Apple could give the FBI what it wants without setting any legal precedent.
The iPhone at the heart of the case belonged to Farook’s employer, San Bernardino County. The county has made its own request to Apple for help getting at the data inside, and if Apple fulfilled that customer service request, the question of legal precedent would evaporate, he said.
“If they did it at the request of the customer there would be no test case or legal precedent at all,” said Carlin, who spoke at the RSA Conference on computer security in San Francisco. “If they did it tomorrow we would drop the litigation.”
Carlin dismissed the possibility that helping with this particular case would harm Apple’s reputation with consumers concerned about the privacy of the mounds of personal data collected by and stored on the phones. The company has previously helped the FBI and other U.S. law enforcement agencies unlock mobile devices. The iPhone was introduced in 2007, but Apple started adding features that automatically encrypt data on an iPhone, enforce delays on attempts to guess the code, and can even delete data after 10 incorrect guesses.
“This was quite a recent change,” said Carlin. “They’ve done pretty well on sales and market share to date.”
The FBI has been accused of opportunistically using the San Bernardino case, with its unsympathetic perpetrators, to push an anti-encryption agenda. The agency’s director, James Comey, and other law enforcement leaders have previously used attacks—such as those in Paris last November—as a platform to promote the view that encryption must be regulated, even in the absence of evidence that it aided that in a particular attack.
However Carlin said that there was no intention to use the San Bernardino iPhone as a wedge to force a new legal precedent. Even if it went all the way to the Supreme Court, the question of what investigators can and can’t ask of tech companies will remain open, he said. “This wasn’t designed to be a test case,” he said. “I don’t think it leads to a way to settle the debate,” he said.
That’s something Apple agrees with. Apple’s general counsel Bruce Sewell told a congressional hearing today that Congress should create new legislation to define what law enforcement can ask of tech companies.
Microsoft’s president and chief legal officer, Brad Smith, made a similar argument today. The company is strongly supporting Tim Cook’s stand against the FBI, along with many civil rights groups and security experts.
However, not all security experts think Cook is handling this case well.
“Apple goofed,” cryptographer Adi Shamir, who helped create encryption widely used to protect online information, told an audience at RSA a few hours before Carlin spoke.
Apple should have helped unlock the San Bernardino phone and picked another case as its battleground, after shoring up the iPhone design to make it technically impossible for it to help in such cases, said Shamir. “Apple should close this loophole and roll out an operating system that will really help them make this argument in future.”