Holding: EU may spoil FBI bid to hack Apple phones

One big shift is the European Union’s implementation of strict limits on the flow of personal data across its borders

  
Apple iPhone 11 is pictured inside of the Apple Store on Fifth Ave in the Manhattan borough of New York, New York, U.S., September 20, 2019.

Apple iPhone 11 is pictured inside of the Apple Store on Fifth Ave in the Manhattan borough of New York, New York, U.S., September 20, 2019.

REUTERS/Carlo Allegri

NEW YORK  - The FBI may be cruising for another Apple bruising. For at least the second time in five years, America’s top law-enforcement agency is pressuring the tech giant to unlock a mass shooter’s iPhones, with rhetorical backing this week from America’s top law-enforcement official and even President Donald Trump. A lot has changed in the interim, but Apple is still championing privacy.

One big shift is the European Union’s implementation of strict limits on the flow of personal data across its borders. A deal allowing Facebook, Google parent Alphabet and other U.S. firms access to such information in exchange for promises to protect it is already under fire in Europe. Permitting U.S. law enforcement to hack into personal devices could jeopardize the agreement – not to mention privacy in general amid the global flow of information.

It was inevitable that Apple and the FBI, which is part of the U.S. Department of Justice, would clash again on the matter. In 2015, after a mass shooting left 14 dead in San Bernardino, California, the government asked the company to unlock one of the gunman’s iPhones. Like all such devices, it was encrypted to prevent access without the user’s passcode. Apple Chief Executive Tim Cook refused, arguing that creating a so-called backdoor would compromise the privacy of all iPhone users. The rancorous legal battle ended when, according to news reports, an Israeli firm helped the government hack in.

Last month, a Saudi airman training at a naval station in Pensacola, Florida, shot three U.S. sailors dead and injured eight others. The FBI has demanded that Apple unlock the shooter’s two iPhones, which may contain information helpful to investigators. Again, Apple has refused. Attorney General William Barr lambasted the company on Monday, accusing it of giving him “no substantive assistance.” The tech giant retorted that it had already given the government “gigabytes of information” and stressed that “there is no such thing as a backdoor just for the good guys.” Trump weighed in with his own criticism of Apple on Tuesday.

The whole issue trips alarm bells in the European Union, where privacy and data protection are considered fundamental rights. In 2016, the EU and the United States entered into an agreement – known as Privacy Shield – to replace a pact that the European top court had struck down as inadequate to safeguard credit-card transactions, search material and other digital information that might come into the possession of firms in the United States. Companies elsewhere could also get that data by signing so-called Standard Contractual Clauses, or SCCs, whose terms are somewhat less onerous because they focus on specific transactions. Alphabet and other corporations that gobble up data all over the world typically comply with Privacy Shield and SCCs.

Yet critics are now attacking both arrangements as too weak – largely because of the U.S. government’s voracious appetite for digital data in bulk and a Senate hearing in December on banning, or at least limiting, encryption. Two lawsuits argue essentially that the extent of U.S. surveillance can make it impossible for American companies to comply with Privacy Shield or SCCs. Decisions are expected early this year from the Court of Justice of the European Union. As for encryption, the European Commission said late last year that, although law enforcement might sometimes need access to protected data, a U.S. law curbing encryption could violate Privacy Shield.

Barr may not have considered these points before lashing out at Apple, but he should have done so. Risking a rift with the EU over data protection could further damage a relationship already wobbly from fights over tariffs, military funding and other matters. If the risk is tolerable because the issues at stake really are “critical,” Barr has not made that case.

Barr says getting into the phones is the only way to see whether the Pensacola shooter acted alone, but it seems unlikely there aren’t other avenues of investigation. Apple, meanwhile, says it has turned over all the information it has, though it has promised to help the government as much as it can.

It also seems implausible that the FBI can’t break into the iPhones on its own or with the help of an outside firm, as it did after the San Bernardino incident. Though iPhone security has grown in sophistication since then, the two devices found in Pensacola were older models, according to the Wall Street Journal. Cellebrite, the firm that news reports suggest broke into the San Bernardino phone, recently acquired BlackBag Technologies, known for its skill in hacking Apple products.

A simplistic battle of words between the government and Apple seems a depressing way to tackle a complex issue that would be best resolved through cooperation. The concerns of law enforcement are real. But as the EU reminds us, the risks of granting governments ever more intrusive powers are not easily overcome.

CONTEXT NEWS

- President Donald Trump on Jan. 14 criticized Apple for refusing to unlock iPhones used by criminals while benefiting from government help on trade.

- The U.S. president’s tweet came as law enforcement officials continued to investigate the fatal shooting of three Americans by a Saudi Air Force officer at the U.S. Naval Station in Pensacola, Florida, last month. Attorney General William Barr has called the incident “an act of terrorism.” It is the latest flare-up in a privacy debate between the government and technology companies like Apple and Facebook.

- The tech companies argue that strong encryption protects the privacy and security of their users. Law enforcement officials counter that criminals have used the technology to evade justice and call on tech firms to provide ways to bypass it. The officials cite as examples high-profile cases like Pensacola and a 2015 mass shooting in San Bernardino, California.

(Editing by Richard Beales and Amanda Gomez)

More From Commercial