How an iPhone became the FBI's public enemy No. 1 (FAQ)

Apple won't change its mobile software to help the feds unlock a terrorist's phone, saying that would set a dangerous precedent and undermine security and privacy. The FBI says all Apple cares about is protecting its brand. We spell out what's at stake.

James Martin/CNET

Editors' note: The FBI dropped its request for Apple to help it unlock the iPhone owned by a San Bernardino, California, terrorist after a third party helped it find an alternate method. While that particular case is over, the broader battle over privacy and security will keep playing out publicly and in courtrooms across the country. Tune back to CNET for ongoing coverage of the issue.

The battle is about more than an iPhone.

Apple says the fight is about security and privacy for everyone, about the US government trying to compel a public company, using a 227-year-old law, to compromise its most important products. It's about not setting a "dangerous precedent" that would give the US the authority to ask it and other businesses to change their products in the future.

The FBI and the Department of Justice say it's about making sure Americans aren't in jeopardy, about fighting terrorists who are using increasingly sophisticated communications tools, and about a reasonable request to gain evidence from a single iPhone.

Apple CEO Tim Cook says the FBI wants a "master key" that could be used to unlock hundreds of millions of iPhones. The FBI says it's fighting terrorism and that Apple just wants to protect its brand.

CBS Interactive

Unless Apple CEO Tim Cook gives in or the government backs down, a February 16 court order requiring that Apple build a custom version of its iOS software for the iPhone may turn into one of the most important legal battles over the future of both digital and US national security. Apple and the Justice Department will face off in court on March 22, and the iPhone maker says it will fight the order all the way to the Supreme Court if necessary.

Cook argues the "very freedoms and liberty our government is meant to protect" are at stake. The FBI and Justice Department counter that all Apple cares about is protecting its business model and brand.

The fight has raised a lot of questions about what's at stake, which technologies are involved and why complying with the government's request is harder than you might think. We've put this FAQ together to help you get up to speed, and we'll keep updating it with new questions and answers. Feel free to add your questions to the comments section below.

Why the FBI needs Apple's help

Can you recap how we got here?
On February 16, US Magistrate Sheri Pym ordered Apple to unlock an iPhone 5C used by Syed Farook, one of two terrorists who gunned down 14 people at a party in San Bernardino, California, in December. Apple, which was cooperating with the FBI to help the agency access data on Farook's work phone, refused. Cook argues that the order goes too far and that bypassing the password means creating a "back door" in its iOS mobile operating system that could be used to access every other iPhone.

Why is this particular iPhone so important to the FBI?
The FBI wants to know who Farook was communicating with and which websites he might have visited in the days leading up to the December 2 massacre. Access to computers and personal phones owned by Farook and his wife would help, but the couple smashed their personal phones and removed the hard drive from their computer. Farook's iPhone 5C, given to him by his employers at San Bernardino County in Southern California, may be one of their last options.

What's the iPhone 5C?
Introduced in 2013, it was Apple's lowest-priced iPhone, starting at $99 on contract. Farook had the least expensive model: an 8GB version that was often given away for free with a paid, two-year wireless contract.

Unlike the higher-end iPhone 5S announced the same year, the iPhone 5C doesn't include a fingerprint sensor that you can use instead of typing in a passcode.


Apple already gave the FBI data that was backed up from Farook's phone to the company's iCloud online storage service. What's the FBI hoping to find now?
Apple was able to give the FBI backups only through October 19, when Farook apparently stopped backing up the phone. That leaves a one-and-a-half month gap in the data between October 19 and December 2, when the massacre occurred. The FBI believes Farook might have intentionally stopped the automatic backups to hide something.

What's stopping the FBI from just browsing through the phone?
It's locked with a passcode. The FBI doesn't have the code, and neither does Apple. The passcode is stored only on the device itself. Because of Apple's built-in security, you have up to 10 tries to enter a passcode. After that, the iPhone wipes itself -- that is, removes all the data stored on the device.

San Bernardino owns the phone used by Farook, but it failed to install mobile device management software on the device. The technology, which is commonly used by organizations issuing device to employees, would have let the FBI easily unlock the phone. The service costs $4 per month per phone, according to CNET sister publication CBS News.

Why can't the FBI just pop out the memory card or hard drive, or use the fingerprint scanner to unlock the phone?
The iPhone 5C doesn't have any of those things. Data is stored on a memory chip that's soldered to the phone's motherboard. And the iPhone 5C doesn't have a fingerprint sensor.

Can't the FBI use a supercomputer to crack the password or get data off the memory chip?
It's not that simple. iPhones running 2014's iOS 8 software or the newer iOS 9 protect their data using 256-bit AES encryption. That's the same standard that protects US government computers against brute-force attacks intended to crack into a device. It could take years to recover data by attacking the iPhone's memory chip, Stratechery's Ben Thompson explains.

It's important to note, adds Thompson, that "Apple is not being asked to break the encryption on the iPhone in question...but rather to disable the functionality that wipes the memory when multiple wrong passcodes are entered in a row."

What is encryption? Did Apple create 256-bit AES encryption?
Encryption simply means that information isn't stored in a way that people or computer programs can easily read. It's in code, and to decode it, you need a decryption key. AES, short for Advanced Encryption Standard, is a particularly robust form of encryption that the US government recommends companies use, and one that's been broadly adopted worldwide since it was introduced by the National Institute of Standards and Technology (NIST) in 2002.

Why can't the FBI crack the passcode on the iPhone?
Farook's iPhone was set to automatically erase itself after 10 wrong passcodes were entered in a row. That's a commonly enabled feature on work-issued phones.

Even if the FBI could disable the auto-wipe function, breaking the passcode could take a long time -- a very long time. The iPhone requires a minimum delay of 80 milliseconds between each passcode entry, and multiple wrong entries can extend the delay by minutes at a time. Assuming Farook used a six-digit passcode, Apple estimates it could take 5.5 years to guess. But he might have used a custom combination of letters and numbers. We could die of old age waiting for that.

Besides, there's also the issue of connecting the supercomputer to the iPhone. A unique key built into the iPhone means you can enter passcodes only on the phone itself.

That said, the FBI on March 21 said it may have learned a new way to hack Farook's iPhone, effectively making its case with the court moot. Apple said it doesn't know how the FBI might do this. But, if the hack is unsuccessful, Apple believes it may end up back before the court again.

What exactly does the FBI want Apple to do?
The court order asks Apple to create a new, custom version of iOS that runs only on this specific iPhone and that makes three changes to the software. The first two changes would bypass or disable the auto-wipe function and the delay that limits how quickly new passcodes can be entered. The court also asks Apple to add a way to attach a cable or wirelessly connect to the iPhone so the FBI can automatically enter passcodes. That way, the FBI can use a supercomputer to bombard the phone with passcode guesses until it finds the right one.

Is it even possible for Apple to comply with the order?
Apple said in a February 22 FAQ that it's "certainly possible to create an entirely new operating system to undermine our features as the government wants."

And in a motion on Feb. 25, Apple's user privacy manager Erik Neuenschwander estimated that to create a "back door" into the iPhone would take six to 10 engineers and employees putting in "a very substantial portion of their time" over two to four weeks. "These individuals would otherwise be performing engineering tasks related to Apple's products," he said. The FBI says the government will compensate Apple for their time.

But that's not the point, says Apple's CEO. Cook argues that Apple can't just bypass those protections for a single phone and expect other phones to stay safe and secure. "Once created, the technique could be used over and over again, on any number of devices," Cook wrote in an open letter to customers in February. "In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks."

Even if Apple did produce a version of iOS that could be used only with Farook's phone, it might be easy for bad actors, like malicious hackers and governments, to use or rewrite that code for other phones, senior Apple executives told us.


Broad implications

If only the FBI and Apple have access to the custom version of iOS, how can bad actors get it? This isn't as easy a question to answer as you'd think.

In a February 19 filing (page 15), the government says "Apple may maintain custody of the software, destroy it after its purpose under the order has been served, refuse to disseminate it outside of Apple, and make clear to the world that it does not apply to other devices or users without lawful court orders."

But Apple executives believe if the company made a "master key" for the iPhone, it would be an irresistible prize for hackers, and that its own servers would inevitably be hacked. They referenced a joke often attributed to former Cisco CEO John Chambers: "There are two types of companies: those that have been hacked, and those who don't know they have been hacked."

Apple also worries that employees inside law enforcement, or inside Apple itself, could steal the technology. "The digital world is very different from the physical world. In the physical world you can destroy something and it's gone," Apple wrote in its FAQ. "But in the digital world, the technique, once created, could be used over and over again, on any number of devices."

FBI Director James Comey reiterated the government's position, saying in an op-ed column that they're not asking for a universal back door and just want access to this one iPhone. "We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it," Comey wrote. "We don't want to break anyone's encryption or set a master key loose on the land...Maybe the phone holds the clue to finding more terrorists. Maybe it doesn't. But we can't look the survivors in the eye, or ourselves in the mirror, if we don't follow this lead."

What's the "dangerous precedent" Apple's worried about?
Apple's concerned that if it complies with the FBI's request, the government might ask it in the future to defeat any security feature that keeps law enforcement from accessing a newer model of iPhone. Privacy groups, including the including Electronic Frontier Foundation, side with Apple on this one. "We simply don't know where that would lead us," Apple says. "Should the government be allowed to order us to create other capabilities for surveillance purposes, such as recording conversations or location tracking?"

Apple also said "law enforcement agents around the country have already said they have hundreds of iPhones they want Apple to unlock if the FBI wins this case."

According to a letter by an Apple lawyer that was unsealed on Feb. 23, Apple says the DOJ is asking for its help in unlocking nine other iPhones in addition to the iPhone 5C at the center of the court order. The newly disclosed cases are in New York, Chicago, Los Angeles, San Francisco and Boston, according to The New York Times.

Could the software be used on newer iPhones, which have added security features?
According to Apple, yes. Though all iPhones newer than the iPhone 5C (and the iPhone 5S) have a protection called the Secure Enclave, senior Apple executives told us the Secure Enclave could be disabled or bypassed using a custom version of iOS.

Who else is on Apple's side?
Amazon, Facebook, Google and Microsoft are among the dozens of companies, trade organizations and digital-rights groups that have declared their support in court briefs for Apple. Other big names include Twitter, Airbnb, LinkedIn, Intel and AT&T. Also, the Electronic Frontier Foundation was joined by 46 cryptographers, researchers and technologists in its pro-Apple filing. The American Civil Liberties Union was the first to file its support for Apple in a brief.

Hasn't Apple complied with requests to unlock phones before?
Apple says it's never unlocked iPhones for law enforcement, but it has helped them by allowing them to bypass the lockscreen -- as long as there was a valid subpoena or a search warrant. It had data extraction technology that let the company's engineers bypass a user's passcode and pull information like contacts, calls and messages. And it did so without having to unlock the phone.

But the release of iOS 8 in 2014 changed that. The new software came encrypted by default, which means Apple no longer had the ability to extract data "because the files to be extracted are protected by an encryption key that is tied to the user's passcode, which Apple does not possess," the company wrote in a privacy statement on its website.

The bottom line is that to decrypt the data from Farook's iPhone 5C, you'd need his passcode.

Does the court order let Apple look for another way to get the info the FBI wants?
Yes, it specifically lets Apple find "an alternate technological means" to help the FBI break into the phone. But that alternative doesn't have much wiggle room. It still requires that Apple disable the auto-wipe and passcode delay and create the ability for the FBI to remotely enter passcodes into the phone. Apple believes introducing those security weaknesses could jeopardize other iPhones as well.

Apple had another possible solution: If the FBI placed Farook's phone near a known Wi-Fi network (like the one at his home or his workplace), it might automatically create a new iCloud backup with the missing information. That idea was foiled when the county, acting at the direction of the FBI, reset Farook's iCloud password. Senior Apple executives said that was their best idea for helping the FBI get what it wanted. But now we'll never know if it could have worked.

The FBI released a statement saying that having access to Farook's iCloud account isn't enough. "We know that direct data extraction from an iOS device often provides more data than an iCloud backup contains," the FBI said. "Even if the password had not been changed and Apple could have turned on the auto-backup and loaded it to the cloud, there might be information on the phone that would not be accessible without Apple's assistance."

Apple and the FBI also discussed checking to see if the iPhone was backed up to any other computers, and looking over Verizon call records to see who else Farook might have called. But the government determined Farook's phone hadn't been synced with other computers, and the FBI wanted more data than the carrier's call logs could provide. (This is detailed in footnote 7, page 18, of the DOJ's filing in February, which we've posted here.)

What kind of data could the FBI get from Farook's iPhone if it defeats the passcode?
The FBI should be able to access Farook's text messages, iMessages, photos, videos, contact list and call history, plus any audio recordings he might have made. That's the type of data that Apple has agreed to help law enforcement recover ( PDF).

Separately, the FBI may be able to see if Farook had any additional email accounts or social-networking accounts. Then the government would have to subpoena the relevant companies for that data.

Why did Apple turn on encryption in the first place?
There are several theories. The New York Times suggests that Cook personally believes it's part of his civic duty to do the right thing by customers where privacy is involved.

The same Times report says Apple was growing tired of complying with law enforcement requests to hack into its own phones, and decided encryption would "put the keys squarely in the hands of the customer, not the company."

There's also money at stake. After Edward Snowden revealed the extent of government surveillance in 2013, many tech companies were under pressure to show customers that they hadn't been selling their data to the government. As sociology professor Kieran Healy notes, Apple is in a strong position to do that, because the primary thing Apple sells is hardware -- not information. That might get people to buy phones from Apple instead of the competition.

Apple says it added encryption because "people carry so much personal information on our phones today, and there are new data breaches every week affecting individuals, companies and governments."

Legal wrangling

What did the government say when it argued Apple should comply with a court order?
The US Department of Justice on March 10 fired back at Apple's motion to vacate the court order. In its court filing, the government said complying with the FBI's request wouldn't be an "undue burden" for the company.

The DOJ, in its 43-page court filing, said Apple "deliberately raised technological barriers that now stand between a lawful warrant and an iPhone containing evidence related to the terrorist mass murder of 14 Americans."

"Apple alone can remove those barriers so that the FBI can search the phone, and it can do so without undue burden," the government said.

The DOJ also noted that the Constitution, the All Writs Act (the 227-year-old law used to compel Apple to assist the FBI), and the three branches of government should be trusted to "strike the balance between each citizen's right to privacy and all citizens' right to safety and justice. The rule of law does not repose that power in a single corporation, no matter how successful it has been in selling its products."

What's the 227-year-old law the government is relying on in its case?
It's using the All Writs Act, which was signed into law by President George Washington in 1789, to get Apple to change its software. The act helped establish the judiciary system in the US, giving federal courts the power to issue orders, which were known as "writs" at the time.

Though the law was drafted with quill pens, it's been used in recent times. In analyzing the current standoff, lawyers and commentators often cite a 1977 case in which law enforcement asked for the help of the New York Telephone Company to monitor phone calls made by suspected gamblers. The Supreme Court ruled for law enforcement in that case.

Over time, use of the All Writs Act has been more or less limited to situations where no other law, statute or provision can be applied, usually because it's extraordinary.

Some also believe the government has been waiting for the right opportunity to force Apple to give it access to iPhone data. "The law operates on precedent, so the fundamental question here isn't whether the FBI gets access to this particular phone," Julian Sanchez, a surveillance law expert at the libertarian-leaning Cato Institute in Washington, DC, told The Guardian in February. "It's whether a catch-all law from 1789 can be used to effectively conscript technology companies into producing hacking tools and spyware for the government."

How does Apple plan to challenge use of the writ?
Theodore Boutrous, one of the attorneys on Apple's team, told the Los Angeles Times that one of the strategies will be to argue that using the All Writs Act violates Apple's right to free speech. That's because, the argument goes, computer code like that underlying the iOS software is protected under the First Amendment.

"The government here is trying to use this statute from 1789 in a way that it has never been used before," Boutrous said. "They are seeking a court order to compel Apple to write new software, to compel speech."

On Feb. 25, Apple filed a motion asking the court to vacate the February 16 order, arguing the order violates the company's constitutional rights. In addition to the First Amendment, Apple also said the order violates its Fifth Amendment right to Due Process.

"This is not about one isolated iPhone," Apple said in the 65-page document. "Rather, this case is about the Department of Justice and the FBI seeking through the courts a dangerous power that Congress and the American people have withheld: the ability to force companies like Apple to undermine the basic security and privacy interests of hundreds of millions of individuals around the globe."

On Feb. 29, Apple won an important victory in a case in New York, in which the government was also calling on the All Writs Act to help gain access to the iPhone of a drug dealer. US Magistrate Judge James Orenstein denied the government's request. "Ultimately, the question to be answered in this matter, and in others like it across the country, is not whether the government should be able to force Apple to help it unlock a specific device; it is instead whether the All Writs Act resolves that issue and many others like it yet to come...I conclude that it does not."

Apple executives said Judge Orenstein's bolsters their argument against the FBI. You can read his ruling here.

What else is Apple doing?
According to reports by The New York Times and Financial Times, Apple engineers may be working on ways to add even more encryption to the iPhone and, for the first time, to its iCloud backup service so that it couldn't even comply with government requests to access iPhone users' data even if it wanted to.

Where can I read the court order, the DOJ's 40-page request, Apple's motion and the DOJ's response?
We've posted those documents in our stories. You can find the three-page court order here and the DOJ's February 16 request here. Apple's 65-page motion, filed Feb. 25, can be found here. The DOJ's response can be read here.

Battling in the court of public opinion

What does Apple's top lawyer say about the government's claims?
Bruce Sewell, Apple's general counsel, on March 10 accused the government of taking a "cheap shot" with its court filing from earlier that day. Sewell disputed the government's claims that Apple was lying, and he said the filing tries to "cheapen the debate."

"In 30 years of practice I don't think I've ever seen a legal brief that was more intended to smear the other side with false accusations and innuendo, and less intended to focus on the real merits of the case," he said. "I can only conclude the DOJ is so desperate at this point it's thrown all decorum to the winds."

"We are going to court to exercise our legal rights," Sewell said. "It seems like disagreeing with the Department of Justice means you must be evil and un-American. Nothing could be further from the truth."

What other public comments have Apple executives made about the DOJ's request?
Eddy Cue, Apple's head of Internet software and services, has predicted an Orwellian future if the FBI succeeds. "Someday they will want [Apple] to turn on [a user's] camera or microphone," Cue said in an interview with Spanish-language TV channel Univision broadcast on March 9. "Where does this stop? ... Some day, someone will be able to turn on a phone's microphone. This should not happen in this country."

In a March 6 Washington Post op-ed, Apple exec Craig Federighi said he's disappointed law enforcement is pressuring the company "to turn back the clock to a less-secure time and less-secure technologies."

What does President Barack Obama think about all of this?
"I can't comment on this specific case," the president said March 11 during an appearance at the South by Southwest festival in Austin, Texas. He did speak more generally about security, privacy and encryption, however. "This notion that somehow our data is different, and can be walled off from those other trade-offs we make, I believe is incorrect." He added, "You cannot take an absolutist view on this. The dangers are real."

What about Congress?
Two lawmakers aim to start a 16-member commission to examine digital security that would bring together experts to make recommendations to Congress about how to balance security and privacy issues between authorities and private companies. "We think this goes well beyond a one-phone case," Rep. Michael McCaul, a Republican from Texas, told reporters March 12 at SXSW. Sen. Mark Warner, a Democrat from Virginia, says the intended result would be to come up with "a process of continuing collaboration."

What's next?
Magistrate Pym has scheduled a hearing for March 22 in US District Court for the Central District of California in Riverside.

As you'd expect, there will be a lot of legal back and forth, and the case could go through the federal court system all the way up to the US Supreme Court. It's up to Apple and the government to decide how far to take things, but Apple said it's not backing down.

With reporting by CNET's Shara Tibken, Terry Collins and Andrew Morse.

Update, February 29 at 4:12 p.m. PT: Adds ruling in New York case, in which government was unsuccessful in using the All Writs Act to force Apple's help in accessing a drug dealer's iPhone.

Update, March 10 at 5 p.m. PT and March 14 at 3 p.m.: Adds information about the latest public statements made in the case.

Featured Video