SAN FRANCISCO — The tech industry is giving Apple a great show of solidarity as it ramps up its legal battle with the FBI. Over the past week, fellow tech giants Microsoft, Amazon, Google, Facebook, Twitter and Yahoo filed friends-of-the-court briefs in support of the iPhone maker, saying Apple should not be compelled by the U.S. government to create a password workaround that would retrieve the phone’s data.
But behind Silicon Valley’s united front lies significant unease about the case at hand, and the sense that Apple has picked the wrong fight in going to bat over a dead terrorist’s smartphone. No one wants Apple to lose, but some tech leaders privately wonder if they’ve been dragged into a political and public relations battle that it will be difficult to win.
“There are people who believe this was the worst case Apple could have chosen to fight on,” said one policy executive at a competing tech company. “It was a city phone; the guy is dead. There are people who think the facts aren’t great and that Apple should have quietly complied to avoid setting a bad legal precedent.”
In fact, the public legal fight was no accident. Some in the tech industry credit U.S. law enforcement with purposely choosing a difficult case, one in which a defense of encryption would be extremely tough to make. This is, after all, a phone owned by San Bernardino County, California, and used by a now-deceased mass murderer, Syed Rizwan Farook. There is no specific privacy argument here; just abstract ones about broader implications for encryption and privacy.
“It’s not surprising that the FBI would pick an incredibly high-profile and polarizing case and make that a test case,” said Chris Calabrese, vice president for policy at the Center for Democracy and Technology.
In addition to the difficult facts of the case itself, the FBI is asking Apple to do something that is threatening to the entire iPhone ecosystem and would set a dangerous precedent for all tech companies. “The idea of building an entire operating system to defeat the security of your own device is an incredibly troubling one,” Calabrese said. And yet some question Apple’s decision to draw the line in a case that puts the rest of the industry in a difficult position.
The tech industry fears that a loss by Apple in this case would cause prosecutors to line up and demand tech companies build malicious software that defeats their own security. But they simultaneously worry that the optics of it are so bad it will make it difficult to build a case for the value of encryption, which could result in new laws that threaten consumer privacy.
“Governments should not require the weakening of these necessary security standards,” said Michael Beckerman, president and CEO of the Internet Association, which represents the likes of Amazon, Yahoo, Uber and many other companies. “Ultimately, any efforts to weaken or undermine strong encryption harm consumers and undermine our national security.”
But it’s not just new laws: The FBI would very much like to expand the federal wiretapping law known as CALEA from voice calls to cover internet services. “There is privately a feeling that Apple’s handling of the case may precipitate an expansion of wiretap laws that could have been avoided,” the source said.
The encryption question has been brewing for some time, and since the Paris and San Bernardino attacks last fall, the tech lobby has turned up its efforts to educate Washington lawmakers and their staffers on encryption. Last year alone, tech contributed $177.5 million to federal lawmakers, and for the 2016 election, Silicon Valley has been keeping just as busy.
Already, the industry has contributed hundreds of thousands of dollars directly to the campaigns of several congressional and presidential candidates, including Democrats Hillary Clinton ($1.9 million) and Bernie Sanders ($910,762) as well as Republicans Ted Cruz ($272,119) and Marco Rubio ($247,089), according to OpenSecrets.org.
Besides pumping in money, tech companies are making sure to get face time with politicians. Just last week, for example, representatives of Twitter, Facebook, Google and Apple met with top officials from the White House and the Department of Justice. Apple will continue this campaign with testimony by Senior Vice President and General Counsel Bruce Sewell before the House Judiciary Committee.
“We continue to meet with policymakers to discuss the critical role encryption plays in our daily lives, far beyond the current debate,” said Morgan Reed, executive director of ACT | The App Association, which represents thousands of app developers. “It's how we are able to use an ATM, shop online, and store sensitive health data.”
The hope is to head off legislation that would weaken encryption, and the plan is to carry out these lobbying efforts at all levels of government — from state legislative chambers up to the White House — throughout 2016, setting up the foundation for a larger push next year following the election season.
“A proposal today could be legislation tomorrow," an industry source said, explaining the strategy.
The industry is monitoring in-the-works legislation by Sens. Dianne Feinstein, D-Calif., and Richard Burr, R-N.C., leaders of the Intelligence Committee, that could require tech companies to comply with such mandates from law enforcement, but for now, most of the focus has been placed on showing a united front with Apple.
Until last week, the 227-year-old All Writs Act had not been used by law enforcement to mandate that tech companies create code that would introduce vulnerabilities into their own products. That could change if the courts rule in favor of the FBI and set a new precedent, but unless that happens, Silicon Valley would rather have no new legislation than bad legislation.
About the only legislation the tech industry might push for in 2016 would be the Encrypt Act and legislation by Rep. Michael McCaul, R-Texas, and Sen. Mark Warner, D-Virginia, to create a technology commission, both of which are nothing more than stopgap initiatives. The Encrypt Act, for example, simply prevents state legislatures from enacting their own encryption laws.
“Attempts by states to regulate independently in this space would create a patchwork of conflicting laws,” said Reed, whose trade association is working with the authors of the Encrypt Act. “This would be unmanageable and interfere with interstate commerce.”
Meanwhile, the McCaul-Warner commission would bring together 16 panelists with expertise in tech and law enforcement to spend 12 months creating a report to help Congress better understand how the matters of encryption, terrorism and backdoors all intertwine.
“We haven’t seen the text of the bill yet. We don’t know how controversial it’ll be, but if anything moves, it’ll be that bill,” said Ross Schulman, senior policy counsel of New America's Open Technology Institute. “I highly doubt we’ll see anything else move in this year, given the election.”
This strategy of patience could work for the tech sector, but it could also be swiftly derailed. If federal courts rule against Apple, the industry will start to move much quicker in its lobbying efforts.
A greater threat would emerge if the U.S. or one of its allies were to suffer another terrorist attack. In that case, Congress would fall under immense pressure to stand up and take action, potentially passing knee-jerk rejection and force tech companies to give law enforcement the investigative information it so badly wants.
“If there were to be another domestic terrorist incident, it brings the issues of national security and the need for the investigative powers of those agencies to the forefront,” said Justin Shiroff, an attorney with Snell & Wilmer whose practice includes online privacy and cybersecurity.
But already, many tech companies are bracing for this unpredictable future by turning to what they know best: code. Some tech firms are beginning to consider building the security of their products in a way so that not even they will be able to modify it later. Apple is reportedly among these companies.
“Not only will Apple do it, but as a whole, we will all think to ourselves … ‘Hm, maybe I shouldn’t have a key?’” said Justin Olsson, product counsel for AVG, a Silicon Valley online security company. “It’ll be a perverse effect that this case will have.”