The December 2015 terrorist attack in San Bernardino, Calif., left devastation and heartbreak behind. It also became the boxing ring for the ongoing debate between privacy and security. On February 16, a federal court ordered Apple to help the FBI unlock one of the attacker’s iPhone.

Almost immediately, Apple challenged the order, which, as The New York Times describes it, “Apple would have to build a new version of its iOS smartphone software that allows the F.B.I. to bypass certain restrictions.”

“In the wrong hands,” Apple claims, “this software—which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession,” and thus put at risk the security and privacy of customer data.

So, in this much-heated debate, who’s right?

​The CISO’s Secret Weapon for Reducing Enterprise Risk

What the FBI Says

In a Lawfare blog post, FBI director James Comey recalls the terrorist attack in San Bernardino, saying that, with regard to unlocking the iPhone in question, “we can't look the survivors in the eye, or ourselves in the mirror, if we don't follow this lead.”

Comey also calls the legal issue at hand “quite narrow.” He adds, “We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land.”

He admits that the San Bernardino terrorist attack emphasizes the fact that new technology “creates a serious tension” between safety and privacy. But, he says, that it is a tension that should not be resolved by corporations or the FBI, but by the American people. “I…hope all Americans will participate in the long conversation we must have about how to both embrace the technology we love and get the safety we need,” he concluded.

What Apple Says

Ironically, as NPR points out, Apple echos a similar sentiment, when it says the government should “form a commission or other panel of experts on intelligence, technology and civil liberties to discuss the implications for law enforcement, national security, privacy and personal freedoms.” Apple CEO Tim Cook says his company “would gladly participate in such an effort.”

And in his customer letter explaining why the company opposed the FBI order, Apple Cook says, “We have great respect for the professionals at the FBI, and we believe their intentions are good.” He said that Apple has obeyed FBI’s requests for any data it had, that it complies with subpoenas and search warrants, and that it has provided technical resources to the agency.

However, in an employee e-mail posted on TechCrunch, Cook writes that, “This case is about much more than a single phone or a single investigation…. At stake is the data security of hundreds of millions of law-abiding people, and setting a dangerous precedent that threatens everyone’s civil liberties.”

The Legal Questions

In his customer letter, Cook says that the FBI wants to make “unprecedented use” of the All Writs Act of 1789 to more easily unlock customers’ iPhones. This, he writes, would give the government “the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”

It’s not just the American government that could access this data. A New York Times article states that, “If Apple is forced to open up an iPhone for an American law enforcement investigation, what’s to prevent it from doing so for a request from the Chinese or the Iranians?”

Not everybody is buying Cook’s declaration that the case is about customers’ data security and civil liberties, however. In a Lawfare blog post interestingly titled, Apple is Selling You a Phone, Not Civil Liberties, two legal experts contend that “Apple is actively—and we think somewhat duplicitously—using its various positions in different fora to map out a zone of immunity for itself, a kind of legal black hole in which nobody can force it to do anything.”

These experts then ask, “Is Apple not adopting the position of gun manufacturers towards Second Amendment rights? Or the strategy of Big Tobacco as it worked to fight regulation while invoking the lack of regulation as a liability shield?”

We the People

No matter the ultimate outcome, all contenders appear to agree the voice of the people is paramount. As the authors of the Lawfare blog post note, “The final decision…belongs to the people—and it's time for Congress to act.”

They are correct. Whatever opinions we hold, it truly is the voice of the people that matter. Let your voice be heard.

​The CISO’s Secret Weapon for Reducing Enterprise Risk