Federal law enforcement officials said Monday they had unlocked the iPhones of the perpetrator of a December terrorist attack at a U.S. Naval base — and sharply criticized Apple for not granting them access to those encrypted communications.
FBI technicians cracked the phones of a Saudi aviation student who killed three U.S. sailors at the Naval Air Station Pensacola, uncovering evidence linking him to an Al Qaeda affiliate, Attorney General William Barr said. Barr and FBI Director Christopher Wray urged Silicon Valley companies to write software that allows investigators to access encrypted communications with a warrant, a move that technology firms and security experts have criticized for years.
Authorities took their usual claims a step further, though, by criticizing Apple for what they described as effectively standing in the way of their investigation.
“We received, effectively, no help from Apple,” Wray asserted at the press conference. He did not detail the technique used by FBI officials to unlock the phones, but said it was “not a fix for our broader Apple problem” of accessing other suspects’ encrypted communications.
Designing phones so that only users can unlock them is a “business and marketing decision” by Apple that has “dangerous consequences for the public safety and the national security,” Barr charged.
In a statement, Apple said it had provided investigators in the Pensacola case “every piece of information available to us, including iCloud backups, account information and transactional data for multiple accounts.”
“As a proud American company, we consider supporting law enforcement’s important work our responsibility,” Apple said. “The false claims made about our company are an excuse to weaken encryption and other security measures that protect millions of users and our national security.”
Apple pledged to continue building devices with strong encryption, adding that creating a “backdoor” for law enforcement access “will make every device vulnerable to bad actors who threaten our national security and the data security of our customers.”
It is the latest twist in a years-long struggle between law enforcement officials and civil liberties advocates over end-to-end encryption. Police and prosecutors have long lamented that such encryption undercuts criminal and terrorism cases by preventing investigators from seeing suspects’ communications. But technologists say any software designed for law enforcement access risks weakening security for many other internet users.
“Barr’s and Wray’s speeches make it clear that, even if the government has the capability to get into locked phones, it’s far from giving up on its quest for a law requiring Apple to build an access mechanism for law enforcement,” said Riana Pfefferkorn, a scholar at Stanford Law School’s Center for Internet and Society.
While continuing to spend money on hacking tools to break into devices, law enforcement officials have grown more vocal in calling for legislation that grants them access to encrypted communications with a warrant. As in previous legislative fights, they’ve found allies on Capitol Hill. A Senate bill put forth in March would force tech companies to do more to fight child exploitation or risk losing liability protections. Critics say there would be no way for companies to comply with the bill without undermining strong encryption.
The robust market for iPhone hacking exploits and the ability of vendors like GrayKey to unlock phones give the Department of Justice options to access data that don’t involve broadly undermining encryption, argued Matthew Green, an associate professor of computer science at Johns Hopkins University.
“What does this mean for the encryption debate?” Green said. “Well, if law enforcement has ways in, then maybe they don’t need special capabilities to break encryption from phone manufacturers.”
It took over four months for an FBI forensics team to unlock the Pensacola shooter’s phones, Wray said. That consumed resources that could have been spent on other investigations had Apple designed its software for law enforcement access, he added.
The breakthrough in the Pensacola case comes four years after the FBI demanded Apple unlock the iPhone of the perpetrator of the San Bernardino, California, terrorist attack. The FBI’s public pressure was complemented by a behind-the-scenes effort to crack the phone that culminated in paying a contractor to access the device.
UPDATE, 3:37 p.m. EDT: This story has been updated with a statement from Apple.