Apple is embroiled in a battle with the FBI over an iPhone that was used by one of the shooters involved in the December attack that killed 14 and wounded 22 in San Bernardino, California. The two sides are involved in an ongoing court case over Apple's refusal to comply with a Feb. 16 order from a federal judge that demanded that the tech giant build custom software to help the FBI break into an iPhone 5c given to slain attacker Syed Rizwan Farook by his employer.
With both sides refusing to back down in what is turning into a complicated legal skirmish, untangling the realities from the rhetoric has proved difficult.
Here's what you need to know about Apple's fight with the FBI. [6 Incredible Spy Technologies That Are Real]
What is the FBI asking Apple to do?
In 2014, Apple deliberately changed its operating system (OS) to ensure that all iPhones were encrypted by default and that Apple had no access to the encryption keys. Instead, keys are generated by combining a user's password with a unique identifier stored on the phone. Farook's phone runs iOS 9, which includes the new security setup as well as a feature that permanently locks the phone after 10 incorrect entries.
Because Apple can't decrypt the phone, the FBI wants the company to upload a modified OS that disables the 10-attempt limit and permits electronic entry. Farook used a 4-digit passcode to lock the phone, so the new software would allow the FBI to rapidly cycle through the 10,000 possible combinations.
The FBI needs Apple to build the software because any updates require the company's digital signature, according to cybersecurity expert Alan Woodward, a professor in the Department of Computer Science at the University of Surrey in the United Kingdom. "These are the keys to the crown jewels — it's what makes their software legitimate," Woodward told Live Science.
The FBI is willing to let Apple build and upload the software at its own facility, but the agency wants to input the passwords itself.
What are the key legal arguments?
The FBI's legal argument relies heavily on the All Writs Act (AWA) of 1789, which gives judges general authority to demand compliance with court orders as long there are no other legal avenues, the subject of the order is closely connected to the case and it does not impose an undue burden. Apple says it is "far removed" from the case and the resources required to build the modified OS are an undue burden on the company. [Smartphone Encryption: What You Need to Know]
Apple has also invoked the right to freedom of speech under the First Amendment, saying code is a form of speech and the company is being compelled to code for the FBI as part of the court's request. Previous cases have determined that code can sometimes be considered speech, but the circumstances were different in those situations, according to Peter Swire, a privacy law expert at the Georgia Institute of Technology in Atlanta.
"We don't have clear guidance in the courts about whether the First Amendment would apply," he added.
Importantly, though, a federal judge in New York ruled in favor of Apple in a similar case last week regarding an iPhone that was seized in a drug case. While the decision has no direct impact on the San Bernardino case, the ruling from Magistrate Judge James Orenstein, in New York's Eastern District, said the government's interpretation of the AWA was so expansive it "cast doubt on the AWA's constitutionality."
Still, Swire said it's hard to predict the outcome of this legal fight. "Judges sometimes disagree, and if they do, this could quite possibly go up on appeal — maybe all the way to the Supreme Court," he said.
This battle is just the latest attempt by law enforcement to circumvent growing levels of encryption in consumer devices. The White House announced last fall it would not promote legislation compelling tech firms to build "backdoors" into their devices to allow agencies to sidestep encryption, which means the FBI has been forced to explore alternative means.
Court briefs from Apple show that the company has challenged at least a dozen recent FBI requests to unlock iPhones. Woodward said the case appears to be more about the government's right to force companies to unlock phones than it is about evidence on this particular device. And, the FBI has chosen a case where public opinion is likely to be on their side, he added. "Terrorism is a very emotive subject," Woodward said.
FBI Director James Comey admitted as much when he conceded recently that the case could set a precedent. And other law enforcement groups, both at the state and local level, have said they will try the same tactics if the FBI wins, reported The Intercept.
"If Apple is forced to open up the San Bernardino phone, then it's hard for it to avoid opening up others' phones when faced with a similar court order," Swire said. [15 Best Mobile Security and Privacy Apps]
What are the wider implications?
Apple and its supporters claim the FBI is asking it to effectively create a backdoor into its products, with no way of guaranteeing that these workarounds will only be used by the "good guys." The company also argues that a precedent like this would strengthen law enforcers' hand when demanding other workarounds that further erode encryption and privacy. For its part, the FBI says it is only asking Apple to do what was standard practice before the company made changes to its operating system, and the court order only covers a single phone.
If a precedent is set and these requests become routine, the risk of such technology ending up in the wrong hands would certainly increase. But, Woodward said the FBI's solution only deals with the limited situation where devices are in the physical possession of a would-be hacker, so fears spread by privacy lobbyists that the outcome of this case could lead to mass surveillance are most likely wide of the mark.
Rather, Apple's decision to fight the case is as much a battle to protect its reputation for security, Woodward said."Apple is trying to make it look like they are doing this for people's good but I don't think it's entirely altruistic," he said. A more pressing concern is that complying with the federal court's order would make it harder for Apple to resist similar requests from governments with poor human rights records, such as China and Iran.
Ultimately, the point may be moot, according to Woodward, because users have been able to create pass codes of up to 90 characters using both numbers and letters since the release of iOS 7. Even if it were possible to skirt security features and use a computer to automatically generate possible passwords (what's known as brute-force search), it would take years to chance upon the right combination, he said.
"If they did try, it would take longer than anyone at the FBI would be alive," Woodward said.