Apple v FBI: The encryption dilemma
On Wednesday 2nd December, 2015, a man and a woman carried out a mass murder in San Bernardino, southern California.
Rizwan Farook and his wife, armed with assault rifles, walked into what was said to be a joint training event and holiday party for a room full of public health employees.
They murdered fourteen people. Twenty-two others were injured.
Farook and his wife fled from the attack, but, some hours later, they were seen by police and both shot dead. Fairly quickly, the world’s media led on the news that Farook and his Saudi Arabian wife were believed to be radical Islamic extremists and that the attack may have been perpetrated as an act of terrorism.
Farook had been employed as a food inspector, working alongside the people that he murdered. He’d illegally obtained the assault rifles, modified them to carry more ammunition and tried to turn them into fully automatic weapons. He had more than 1,600 rounds of ammunition for the weapons in his possession. Seemingly, his intention was to kill as many people as possible.
The couple's house was searched and various items taken for examination. One of these was a work iPhone belonging to Farook and issued to him by his employer - San Bernardino County. It was locked with a pin code. The FBI asked Apple to unlock it. Apple refused saying that they couldn’t. The FBI went to court and the court ordered Apple to devise a way of unlocking the phone, without the data being wiped. Apple refused.
Twitter, Google and various other tech giants leapt to Apple’s defence and said that it was outrageous of the FBI to want to break the iPhone’s encryption, thus giving them a ‘backdoor’ into anyone’s iPhone.
Privacy campaigners and the likes of Edward Snowden have had a field day on social media berating the FBI for trying investigate this crime, this mass murder, this possible act of terrorism. How dare they try to get into this man’s work phone? People seem to have lost sight of the fact that fourteen people were murdered and twenty-two injured. Don’t the families of those victims deserve to know what has gone on? What Farook has in his phone? What if Farook has details of other planned attacks, details of those who helped or enabled him, and who might go on to help others perpetrate similar attacks in the future? Is your encrypted shopping list or encrypted phone book more important than that?
When four men murdered fifty-two people on London's transport system in 2005, we used dozens of phone handsets as a source of information and intelligence.
Call and internet records held by the mobile phone companies or service providers, tell us which handsets have been in contact with each other, when they were communicating and sometimes where those handsets were located when they were communicating with each other. However, all those records don’t give us content. They don’t tell us what was actually being communicated.
We could see that the four bombers from 2005 were sending text messages to other handsets, we knew who they were. But we didn’t know what the content of those messages were. The content is inside the phones. Stored in the memories - even deleted texts can still be recovered.
The text messages held inside those phones were the vital part and one of the single biggest sources of information that we used. They completely altered how we viewed certain things, changed the course of the investigation and undoubtedly saved other lives.
The FBI want to know what is inside Farook’s phone for the same reason that we wanted to know what was inside the 2005 bombers' phones. Is that so wrong? Your encrypted shopping list is more important than that?
Why did Farook murder his workmates? There have been lots of suggestions. These range from mental illness, to a personal dispute with a Jewish colleague through to him being a fully fledged member of a terror group acting under the direct instruction of ISIS. We simply don’t know.
Many privacy campaigners say that Farook’s motive doesn’t matter; he’s dead; it’s over. They say that getting into his iPhone is a cynical ploy by the FBI, who just want access to all of our phones.
Farook wiped out the county's entire food health department. One of the men whom Farook murdered, Harry Bowman, was a statistical analyst in the San Bernardino County Division of Environmental Health Services. He was an expert in data mapping who’d only been in this new role for a couple of months.
Prior to his job with San Bernardino County, Bowman was one of the very first employees of the counter-terrorism center at the University of Southern California (USC).
The Center for Risk Analysis of Terrorism Events, (CREATE), was dedicated to preventing the type of event experienced in San Bernardino. Bowman was a pioneer of the university’s counter-terrorism modelling framework at the first Department of Homeland Security University Center of Excellence, established after the 9/11 attacks.
Bowman was a GIS expert in spatial datasets and maps, and employed his geo-spatial modeling skills on projects including software to look at what might happen in the event of a nationwide terrorist incident.
After moving to the San Bernardino County Division of Environmental Health Services, Bowman worked on the statistical analysis of outbreaks of disease related to food.
The San Bernardino County District Attorney, Michael Ramos, has filed a brief claiming the iPhone may contain evidence of a possible third shooter and a “dormant cyber pathogen” that could have been introduced into the San Bernardino County computer network.
Was this mass killing to cover up something else? And are the secrets locked away in this iPhone?
What if Farook was working with a group of terrorists planning to commit mass murder through sales of compromised food? Food infected with disease. What if that were his motive?
What if locked away in his phone was a plan for terrorists to infect burgers with a deadly virus or disease globally?
What if Bowman’s department was on to a Californian, nationwide or even an impending global public health disaster where terrorists are infecting that burger you are stuffing in your mouth right now with something nasty?
What if inside Farook’s iPhone, in an encrypted message, are the details about how baby formula has been contaminated with a highly infectious disease?
Aside from the families of the dead and injured, who deserve to know what is in that phone, there is also the public safety concern; trying to stop something bigger.
The phones from the 2005 bombers helped us save other lives. Farook's phone will be no different. The FBI are not seeking to unlock the secrets of your encrypted shopping list - they are seeking to unlock the secrets of why Farook murdered 14 of his colleagues in the San Bernardino Public Health Department.
Too many of you think your encryption is more important than your health.
Enjoy your encryption. Enjoy your burger.
David Videcette is a former Scotland Yard Investigator with twenty years' policing experience, including counter-terror operations and organised crime. David was a key investigator on the July 2005 London bombings and has been awarded several police commendations, including one for outstanding detective work and perseverance which led to his discovery of a bomb factory during Operation Theseus.
David is the author of The Theseus Paradox