Apple can and should maintain the privacy of the information their customers have on Apple devices. But what if the owner is a criminal or terrorist, and the relevant law enforcement agency has a court-ordered warrant? Apple should bend over backwards to help the agency fight crime and terrorism. It can do this without "back doors" or any of the awful things that some people talk about.

The government

The government scares me. I don’t want them anywhere near my private information. They have way too much power. If any little thing goes wrong, someone in government can trample all over me. My fear is equal opportunity. If Republicans are in charge, some of them will be corrupt and will decide to use my private information to trample on my rights. If Democrats are in charge, same thing. And bureaucrats of whatever stripe … I shudder. I want to be able to have my private information encrypted and secure, so that no one – including the institutions who are supposed to be keeping us safe – has access to it. PERIOD.

Sadly, the government already has whole huge piles of my private information all over the place in their files and computers. Moreover, the government appears to be incompetent at keeping private information private. The IRS has been hacked. The White House itself has been hacked. Even that biggest and baddest of security agencies, the NSA, had a massive insider breach. This is not the sort of thing that’s going to be fixed, because they don’t even have the theory of information security right, much less the practice. Details here.

On the other hand…

There are bad guys out there!

Bad guys are bad. They want to steal things. Some of them want to hurt me. They have all sorts of reasons. Some are crazy, some are sociopaths, some are evil, some are driven by a religious and/or political ideology that leads them to commit acts of violence; sometimes we call them terrorists. People in various institutions have the job of keeping law-biding people safe from the depredations of criminals, crazies and terrorists, and/or tracking them down after they’ve done one of the heinous things they are wont to do. These protectors including various branches of the military and other branches of the government, including the CIA, FBI, NSA and others. Like any normal, sane person, I want to be safe. I want someone to keep me safe from the bad guys, and when bad things happen, I want someone to track down the bad guys to prevent them from doing more bad, and to send a message to other bad guys that they probably won’t get away with whatever bad thing they have in mind.

This means…

The government needs to keep out of the private business of the citizens. We are part of a country ruled by a Constitution. There is a Bill of Rights, the fourth amendment in particular. HOWEVER: The government's job includes keeping us citizens safe while protecting our rights. Part of the job.

The people who keep us safe and dig into crimes when prevention hasn’t prevented need to be able to do their jobs. If the courts agree to issue a subpoena, they need to be able to search for evidence. Under the fourth amendment and codified in long-standing procedure, there is a process for ensuring that the privacy of law-abiding citizens is maintained, while at the same time ensuring that, with proper judicial approval, searches and seizures can be performed to maintain the safety of citizens.

Under the right circumstances and controls, sane people want government law enforcement agents to do their jobs, protect us and catch wrong-doers.

What about Apple?

Prior to iOS 8 and the current brouhaha, Apple responded as it should have to requests of this kind, thousands per year of normal requests and hundreds per year involving national security. See here for details. Suddenly they changed. Here is the choice they made.

Currently Apple has a well-deserved reputation as a criminal’s friend and supporter of terrorists. Do you think the bad guys don't pay attention? They do.

What Apple should do

Apple should become:

• the best friend of law-biding citizens who want to maintain the privacy that is their right under the Fourth Amendment, while at the same time becoming
• the scourge of criminals and terrorists.

Specifically, Apple should strengthen and grow the facility they already operate on their Cupertino campus to receive and crack the devices of criminals and others, under strict subpoena and court order control. As they do today. They can and should extend this valuable, safety-maintaining service to iOS 8 and all future hardware and software.

Would this be expensive? What if it cost, say, $20 million a year? That amounts to less than 0.01% of the CASH that Apple has on hand. It would be a rounding error at ten times the cost.

Apple could brand the center as the scourge of criminals and terrorists, and make their phones something that bad guys actively avoid using. That way, anyone who uses an iPhone is proclaiming that they’re a good guy – and they’re also proclaiming that Apple keeps their private information safe and secure, unlike (I’m sad to say) most government agencies.

Is this possible? Yes. Apple has wisely avoided denying that they are incapable of cracking a phone that is in their physical possession. Which are the only phones they should be cracking anyway. Should they give their tools to anyone else? NO WAY!

What about phones that are in the field? Could Apple remotely hack them? Of course they could! Strictly under court order, strictly from the Cupertino Bat-cave, and solely the identified phone under Warrant.

Apple's ability to crack phones under these strictly limited circumstances has NOTHING to do with creating dangerous "back doors" or somehow defeating amazing encryption. It's about hardware and the software that runs on it, both of which are entirely of Apple's design and under their control.

Apple has the opportunity to protect the privacy of its customers much more effectively than the government does, while at the same time helping law enforcement protect us against criminals and terrorists. I hope they'll step up and do the right thing.

The CEO of Apple declared that he has joined the ranks of the nation's oncologists, and is working to prevent the government from forcing Apple to create a new form of cancer and "expose hundreds of millions of people to issues."

The CEO of Apple is anxious to prevent future "issues."

Let's look at the case of Brittney Mills,

This is an example of an "issue" that took place in April of 2015 in Baton Rouge, LA, long before the Apple CEO got worried about cancer. Here's the "issue" that Ms. Mills experienced:

Investigators still haven't been able to find who killed her and her unborn child. They've tried hard.

They went to Apple for help. Apple refused to help the police get the evidence that might lead them to the person who killed Brittney Mills and her unborn child. The local district attorney wrote to the US Senate Judiciary committee about the case:

His pleas and those of Brittney Mills' family were ignored. The case of Brittney Mills isn't the only one:

Law enforcement getting information from a dead person's cell phone is similar to getting information from their wallet: not something anyone would normally do — but when the person is dead, the only way to proceed.

Apple's refusal to help Baton Rouge law enforcement catch the person who murdered Brittany Mills is taking place in thousands of cases all over the US:

Apple's response? An escalating war of words. A half hour's worth in ABC's "exclusive" interview with the CEO.

While declaring how important safety is, "doing this," i.e., helping get information from the cell phones of murdered pregnant women, "could expose people to incredible vulnerabilities." Does this mean the Apple CEO is concerned about future "incredible vulnerabilities" that are worse than being murdered?

And then we have the old slippery slope argument:

OOOhhhh: law enforcement might turn on the camera!! I guess the Apple CEO thinks that's worse than being a pregnant woman living alone, opening your door at night for someone you know, getting shot and dying. And not being able to find out who did it.

Now we get to what Apple is being asked by the courts to do, which is the equivalent of creating cancer:

I demonstrated in my prior post that Apple has cooperated with law enforcement in the past, and given out private information on literally tens of thousands of cases, including at least a thousand cases a year involving national security. Apple was able to provide this information because they had written for earlier releases of iOS a much stronger version of what is needed for iOS 8. Apple has written it. It wasn't cancerous before. How would it be cancerous now?

Similarly, when he claims that helping the court would "expose hundreds of millions of people to issues," he assumes this software would somehow escape from Apple's control, when the prior versions did not.

Apple does know a way to avoid the problem. And it's had years of experience over tens of thousands of cases that the method is safe and effective.

The issue is simple. Apple refused to provide the help needed to identify the murderer of Brittany Mills and her unborn child. Apple says providing that help is like unleashing a plague of cancer. I say to Apple: please unleash that cancer.

Apple is locked in a public battle with the prosecutors of the San Bernardino terrorist case about helping the FBI. Tim Cook has been in full public-relations mode asserting how this "unprecedented" request is like distributing a "master key" that will make everything on iPhones public. 

The government's request (as opposed to how it's described in the media) is reasonable; it is a simple extension to iOS 8 of part of a service that Apple already provides to government agencies for tens of thousands of Apple devices. By refusing to continue providing the service, Apple prevents local police from returning stolen iPhones to their rightful owners. Apple prevents law enforcement from solving crimes of murder, sex abuse of children, sex trafficking, robbery and other crimes. And Apple prevents the FBI from keeping us safe from terrorists.

The awful things Cook claims will happen if he complies are already enabled by horribly buggy and security-hole-ridden Apple software. Nothing the government has requested will make things worse.

Apple’s official privacy policy

What was Apple’s privacy policy before the recent war of words on the subject? The policy is clearly stated on the Apple website. There are lots of words about how Apple loves and respects it customers, and Apple is wonderful. The words lead to this conclusion:

That sounds pretty stark! No back door and no server access. Ever! That sure sounds like my information is secure, no matter what!

Apple’s actions on privacy

As it turns out, those are weasel words. Which you can find out by a little digging. All you have to do is go to their “government information requests” page. There they admit that they respond to subpoenas and search warrants. But they “limit our response to only the data law enforcement is legally entitled to for the specific investigation.” Well, maybe it’s not so bad…

Scanning down the page, in HUGE type, is this assurance that practically no one is affected by all this:

An amazingly tiny fraction of “customers” have been affected by this grudging acceptance of government coercion.

How much does that tiny, tiny fraction amount to? Being super-conservative about doing the calculation, I took the quarterly sales just of iPhones only for the last 3 years (2013 to 2015) as reported publicly by Apple. Truncating each reported result to the lower million, the total is 546 million iPhones. The real number, including iPads and going back further in time, is probably more than twice that. But the arithmetic even for that number is interesting. Using Apple’s own 0.00673% number, the total is 36,745 customers. 

That number does not include “national security” requests, which according to the same page, is more than 750 requests for the first half of 2015:

To summarize rhetoric and reality about Apple and privacy:

Rhetoric: We don’t create backdoors and “have never allowed any government to access our servers. And we never will.”

Reality: We dish out customer data as required, and do so by the tens of thousands. But we pout while we’re doing it.

What Apple really, really does

Dig a bit further, and you can download the details of what and how customer information is handled at Apple, in this document:

Here’s a bit of the table of contents:

You can see that the range and scope of information available goes way beyond anything you might imagine from scanning Apple's website pages.

The document also declares that Apple can provide an incredible amount of information from any iOS device prior to 8.0, but “will not” perform data extractions from 8.0 or later. The extraction “…can only be performed at Apple’s Cupertino, California headquarters…”

What the government wants

The government’s request is short and to the point.

They want help defeating iOS 8’s PIN brute-force avoidance mechanisms:

Here’s what they suggest an acceptable means of providing the help would be, a piece of loadable software:

They specifically request software that works for only that phone:

They don’t demand possessing the software; it’s OK if Apple physically has the device and keeps the developed software on site, without even requiring that government agents be present:

And if Apple can think of a different way to accomplish the same results, it’s OK with the court:

In summary, the court will provide Apple with the terrorist’s government-issued iPhone, and wants Apple to create software that will enable the government to do the hard work of figuring out the iPhone’s PIN code so that the government can access the data on the phone. The government is willing to let Apple do this work with the phone at Apple’s offices, with no government agents present, wants the software to work only for the iPhone in question, and does not request a copy of the software.

Tim Cook’s response

Apple hacks and gives the government the private data of tens of thousands of customers. Probably a thousand times a year for national security issues. It does this in its facilities, using software it developed for the purpose.

The feds are investigating a terrorist attack on US soil in which 14 innocent people were murdered. The phone in question wasn’t personally owned by Syed Farook; it was owned by the government agency for which he worked, and whose employees he murdered. Breaking years of Apple practice, Tim Cook refuses to help. He explains himself on the Apple website:

He declares the request “unprecedented.” Sure, if you ignore the tens of thousands of other requests Apple had no trouble satisfying.

He says the order “threatens the security of our customers.” And the possibility of future terrorist attacks doesn’t?

He says the order “has implications far beyond the legal case at hand.” Yes it does. But not the way he means it.

A little further down, he gets to the crux of the matter:

He claims he doesn’t have what the government wants. Everyone knows that, and it’s implied in the court order. But he had the equivalent for earlier versions of iOS.

He claims it’s “too dangerous to create.” While he blathers about encryption and about how Apple can’t get at your data, here he makes no claim that the software is impossible to write – and it’s not! He’s just saying he won’t create it, because he’s too moral or something, and the software would be too "dangerous." Although more powerful versions of the requested software were built by Apple for prior versions of iOS, and they somehow weren't dangerous.

He claims the request is for a “backdoor to the iPhone.” Wow. You can review the actual request above. It’s no such thing. It’s a piece of software that circumvents the iOS 8 defense against brute-force PIN-breaking. Apple gets to create the software and use it at their offices on the provided phone.

Cook goes on:

“The FBI wants us to make a new version of the iPhone operating system.” Maybe that sounds technical and accurate to someone who didn’t read the documents, but it simply isn’t true.

“In the wrong hands, this software…” How exactly is it going to get in the wrong hands, Mr. Cook? Apple employees have full and unfettered access to the source code of Apple software, including iOS. Any time one of them felt like it, they could make an unauthorized version and spirit it to some off-site server, and do all sorts of evil with it. That was true yesterday, is true today, and will remain true regardless of what happens here. The current situation doesn’t change the chances of malicious software being used for bad purposes one iota.

“…would have the potential to unlock any iPhone in someone’s physical possession.” BZZZTTT! What this software would do would be exactly and only what the government is asking for: make it possible to brute-force hack the PIN code, which has one million possible combinations for the default 6-digit PIN. For normal humans, this means you would have to:

• Acquire someone’s iPhone
• Get and load the hacking software onto it, assuming it has somehow wafted out of Apple
• Then, by hand, try 6 digit PIN codes until you got to the one that worked
• On average, this would occur after entering half the possible codes, a total of 3 million digits. This would take more than 34 days of continuous one digit per second attempts.
• Or, if you really are a super-hacker, you could automate the process. Which I won’t go into here.

Cook then gets wilder:

Yes, the software, once created, could, would and should be used on "any number of devices." Devices that were provided to Apple at their offices with proper documentation and court orders. Most of these devices, as today, would have been lost by their owners, and Apple is helping the owners identify them so they can be recovered. Many of these devices, as today, would be evidence in criminal proceedings. And hundreds of these devices per year will be related to national security issues, as they are today.

I am very concerned about the FBI being blocked from tracking and stopping terrorists before they kill. But I'm equally concerned about the "merely" criminal aspects of this. For example:

Cook has more:

Because Apple built software used by Apple on specific phones delivered with court orders to Apple facilities, the government will now be able to listen to your microphone or camera. How exactly does this leap happen?

The fact is, Apple software was, is and will be chock full of security holes and other problems. Here is Apple's own list of the dozens of security problems that were fixed in iOS 7. After fixing all those problems, iOS should be secure, right? Apple then found more bugs, refused to fix them in user's devices, and instead released iOS 8 with no less than 53 additional fixes to security flaws. So how did iOS 8 go, with all those fixes? Not so well, according to Wired:

Finally, Tim Cook once more:

Apple products have been buggy and filled with security holes in every release. It's riddled with back doors, side doors and bottom doors, all because of Apple's ineptness. It's not getting better. Mr. Cook wants us to fear that the mean government will force us to walk around without privacy. Well, we already are! And it's Apple software that's responsible! Extending Apple's existing practice to iOS 8 will not create a new situation — it will maintain Apple's historic cooperation with the legitimate law enforcement operations of government, protecting us from terrorists and criminals.

What is this really about?

I wish I knew. But it's hard not to think of money and market positioning. There is a large portion of the public that thinks that Wall Street and Big Corporations are evil. Meanwhile, Apple makes products that are used by millions of people who think this way. Apple wants to market itself as being for the 99% of people.

But it has a problem. It's one of the richest, most valuable corporations in the world. It charges top dollar for its products, which are entirely made in cheap-labor countries. It plays games to avoid paying taxes. It's bigger and richer than Wall Street! It's even richer than the US Treasury:

It's quite reasonable to imagine that Tim Cook is following in the Steve Jobs tradition of marketing magic to divert its customers from looking at the numbers. Numbers that show that Apple is a corporate behemoth whose sales are slowing, whose new product initiatives have failed, and is desperate to bolster its brand and hold onto customer trust (and revenue) it does not deserve.