Apple and the FBI are fighting over an iPhone recovered during the investigation of the San Bernardino massacre last December, and it may have serious implications for your own privacy.

The tech firm has been asked to help break into that phone, and they have refused to comply; the FBI has gotten a court order compelling them to do so. Apple has said it will fight the order and the Feds have accused the firm of prioritising its “public brand marketing strategy” over a terrorism investigation.

The fight has stretched from the Riverside, California offices of magistrate judge Sheri Pym (who ordered Apple to open the phone) all the way to the US House of Representatives in Washington, DC.

Apple and the Federal Bureau of Investigation are digging in for what promises to be an extended legal battle over the nature and extent of user privacy. Guardian

How did all this start?

Last December Syed Farook and his wife Tashfeen Malik killed 14 people and died in a shootout with police after a car chase. Police seized all their electronics in order to find out more about the pair, only to discover that the killers had smashed their cellphones and removed the hard drive from their laptop. An iPhone 5c belonging to Farook – his work phone – was found in the car where they died.



Why can’t the police get into the smartphone?

Apple has spent the past few years positioning itself as The Privacy Company. The tech giant has increased its security against everyone, including themselves, with the biggest change coming in an update to its operating system pushed out in September 2014, iOS 8.

There’s no way to get into your iPhone without the password, so an intruder has to guess it. With one particular setting turned on – which was enabled by default by Farook’s employer, who issued the phone – if you guess wrong 10 times, the phone destroys itself.

With the self-destruct mode off, the phone makes you wait a longer and longer time between guesses, up to an hour. So if someone is trying to “brute-force” the password – to just strategically guess until you get lucky and log all your guesses so you don’t repeat any – with the delay on, it would take years.

With the delay off? About half an hour.

What does the FBI expect to find on the phone?

That’s not clear. Though the FBI considers the San Bernardino killings a terrorist attack, there is no evidence as yet that Farook and Malik acted under the direction of a broader organization, and the iPhone in possession of the FBI is the only one of Farook and Malik’s three phones that the pair didn’t destroy. Both of the killers died in a shootout with police immediately following the murders.

One point in the FBI’s favor is that the owner of the phone is not Farook, but his employer, the San Bernardino Health Department, which has given the FBI permission to open it. The FBI has said it wants to look at communications between Farook and the people he killed in an effort to establish motive, though if the spree killing was indeed a terrorist attack the motive seems established.

Why does the FBI believe Apple should be compelled to open the phone?

Initially, the Department of Justice said that it wanted the company to help out in an emergency, just this once, but the organization has mostly abandoned that rationale.

Indeed, the DoJ’s supporters include many in law enforcement frustrated at their own inability to break into phones used by drug dealers and child molesters – Manhattan district attorney Cyrus Vance said he has 205 iPhones in his own office alone that ought to be cracked to aid various investigations, though it’s not clear how many of the people from whom those phones were confiscated are already in prison.



Who’s taking sides?



Secretary of defense Ashton Carter told the audience at the high-profile RSA encryption conference that he was “not a believer in backdoors or a single technical approach.

“I don’t think that’s realistic,” Carter said. The head of the defense department, himself a theoretical physicist, was enthusiastic about encryption generally in his speech, and he and others have a vested interest in not further alienating technology companies in Silicon Valley. That relationship is already tense in the wake of the Snowden revelations.

Silicon Valley has cast its lot with Apple. On 3 March, industry trade groups, rival corporations and civil liberties organizations filed amici with the company, saying the powers sought by the FBI were “unbound by any legal limits” in just one brief.

And there’s a similar, separate case in which Eastern District of New York judge James Orenstein’s ruled that the FBI’s request for a nearly identical order was unconstitutional. The authority the FBI sought under the 227-year-old All Writs Act could be used, Orenstein wrote, “to force private citizens to commit what they believe to be the moral equivalent of murder at the government’s behest.”

What about Congress?

The House made clear on 1 March it was unhappy with the way the FBI had pursued the order. Comey said several times that he wasn’t seeking to set precedent, notably in an op-ed on beltway legal blog Lawfare; by the time he went before the House of Representatives judiciary committee on Tuesday, he had more or less abandoned that argument and much of the committee was hopping mad about it. It’s their job to make the law, they told Comey, not his.

Isn’t that right?

Many perfectly good species have gone extinct waiting on Congress to find common ground. Comey essentially told the legislature it was too slow. “People keep asking ‘Why didn’t you come to Congress?’” he said. “Well, because we’re in the middle of a terrorism investigation. I think the courts will resolve this faster than any legislative body could.”

Comey wasn’t allowed to land many rhetorical points by the frustrated House committee, but he did get at least one good one in: “It’s not [Apple’s] job to watch out for public safety,” he said. “That’s our job.”

What kind of hi-tech law allows the FBI to tell a company to make a new piece of software to break into my phone?

That would be the All Writs Act of 1789, which the DoJ has used at least twice before to try to compel Apple to open a smartphone. Both cases are still open. The law itself is brief and broad: “The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”

The act is one of last resort. All other avenues have to be exhausted before the All Writs Act can be invoked.

What about my phone backups on iCloud?

Those are much easier for the FBI to obtain; Apple can’t make the case that it doesn’t have immediate access to them because they’re stored on Apple’s own computers.

What are the implications for me of a ruling against Apple?

The FBI has not merely told Apple to break into an iPhone, to which the company’s standard answer since the debut of iOS 8 in September 2014 has been “can’t, sorry”. They’ve essentially forcibly commissioned a new operating system from Apple – one that the company must digitally sign so that the iPhone “trusts” it, and then use to take customers’ information. Technologist Dan Guido at the Trail of Bits blog christened the software “FBiOS”.

There’s no reason they wouldn’t be able to do it again and again, for every operating system, for every software company in the country, if it’s established that the government has the authority to compel a company to manufacture a product that undermines its own security. Even if you’re not an iPhone user, the company that makes your phone or computer would have trouble defending itself if the FBI decided to sue it for a password bypasser.

Why is Apple willing to fight this battle?

Apple (and others) have said that the court order is not merely shortsighted but dangerous. Apple operates internationally on the guarantee of user privacy; the terms of the FBI’s demands will look downright generous compared to what Russia and China would probably ask Apple to do if it capitulates.

Who’s going to win?

It’s a toss-up. Tech companies, technologists and liberal politicians are largely on Apple’s side; conservative politicians and law enforcement professionals who have seen horrific cybercrimes have taken the opposite view.