Is Tim Cook a pure warrior in the fight over encryption, or just trying to make a buck?
This week, the escalating political war over encryption came to a head.
A California federal court ordered Apple on Tuesday to help the Federal Bureau of Investigation break into the iPhone of one of the San Bernardino shooters. Within hours, CEO Tim Cook responded with an unprecedented letter to Apple customers that rejected the court’s order, thus solidifying Cook’s position as the commanding general in the new “crypto wars.”
“They have asked us to build a backdoor to the iPhone,” Cook wrote in an open letter published on Tuesday night.
“While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.”
In the coming weeks, Senate Intelligence Committee Chairman Richard Burr (R-N.C.) is expected to introduce new legislation that may require “backdoors” in encryption technology, according to three people with knowledge of the bill. If included in the bill, legally mandated backdoors would give the government special access to protected user data from companies like Apple, Google, and Facebook.
The new legislation, which already has bipartisan support from Sen. Dianne Feinstein (D-Calif.), has been declared a priority by the Senate’s Republican leadership. Senate Majority Leader Mitch McConnell (R-Ky.) asked President Obama last month to “tell us what legal authorities he needs to defeat encrypted online communications, and what is needed to reestablish our capture, interrogation, and surveillance capabilities.”
As congressional leaders prepare to move forward, Cook has become one of the most visible, powerful, and important voices of dissent in the government’s quest to access Americans’ protected data—a goal critics say would put everyone at greater risk.
In the face of a world increasingly filled with widespread surveillance, cyberattacks, and devastating privacy breaches, Cook argues that encryption is one of the few reliable tools that can protect average people from hackers—criminals and spies alike.
“Our business is not based on having information about you. You’re not our product.”
“I don’t know a way to protect people without encrypting,” Cook argued during a Wall Street Journal event last year. “You can’t have a backdoor that’s only for the good guys.”
On the other side of the debate, figures like FBI Director James Comey have repeatedly pushed for a global regime to force backdoors in encryption in the name of fighting terrorism, child predators, and organized crime. Comey argues that Apple’s push for encryption is simply a marketing ploy. In fact, in both the San Bernardino unlocking case and another case involving a convicted drug dealer, Apple has argued that unlocking the devices would hurt its reputation as a defender of customer privacy and, in turn, impact its bottom line.
“I would ask who they’re marketing this to,” Comey told senators last year, referring to Apple’s default encryption enabled in recent versions of iOS, Apple’s mobile operating system. “I don’t understand the demand for people who would want encryption that couldn’t be decrypted at the order of an American judge.”
Comey’s criticism that Cook is using his support for encryption as a marketing tool may not be as far off as it seems—even if it misses the bigger picture.
“Silicon Valley has two primary businesses,” said Nicholas Weaver, a computer scientist at the University of California, Berkeley. “Sell shiny things or sell people’s souls.”
Apple sells shiny things, like the iPhone. Many other large technology companies give their products away for free and, in exchange, collect user data, which fuels their main business: advertising (what Weaver means by “selling people’s souls”).
“Our business is based on selling these,” Cook said during the 2014 iPhone launch as he reached out to touch an iPhone. “Our business is not based on having information about you. You’re not our product.”
Collecting vast troves of data—whether it’s Google reading your email or Facebook scanning your messages—can mean billions in precision advertising profits. That’s not Apple’s big money maker, a fact Cook has been emphasizing for years like the adroit marketer he is.
Those troves of data are hefty targets for hackers and governments. While Comey insists on a government exception to encryption, Cook and technologists argue that there can be no exception. A backdoor for government will eventually be opened by hackers.
“I don’t know about the public, but politicians certainly do not understand that ‘backdoors, front doors, technical assistance, etc.’ are all the same thing: weaknesses that reduce security both on a technical and a political level,” Weaver argues. “As for now, U.S. companies can export strong products to the rest of the world, but if they are forced to provide access to the U.S., they will have to provide access to everyone else.”
Cook has not simply defended strong encryption: He brought it to the masses. In September 2014, Apple released iOS 8, the operating system powering iPhones, which comes with full disk encryption enabled by default. Locked iOS 8 devices can no longer be accessed by Apple, which means that they’re also locked to law enforcement agents who might demand access.
“I don’t understand the demand for people who would want encryption that couldn’t be decrypted at the order of an American judge.”
The justification Apple offered was increased security for users. The obstacles to government investigations and surveillance, however, has made for a tectonic dispute stretching from Silicon Valley to Washington, D.C.
As the leader of one of the most powerful tech companies in the world, Cook attracts a special spotlight to become a figurehead in the global crypto wars. His refusal to abide by the government’s order to break the iPhone’s security has only elevated his stature this battle.
“I think Tim Cook has demonstrated that encryption and privacy and security are not just features of Apple’s business model, they’re something he personally cares a lot about,” said Nate Cardozo, a staff attorney at the Electronic Frontier Foundation. “The fact that Apple is the biggest, wealthiest company that has ever existed in the history of the world gives him the wherewithal to actually back up his beliefs.”
Bruce Schneier, a leading security researcher, echoed this sentiment. “I think Tim personally believes in this in a way that other executives don’t,” he said.
A few days prior to the 2014 iPhone release, Cook took to television to argue that the privacy debate would become “a very key topic over the next year or so and will reach higher and higher levels of urgency as more and more incidents happen.” As predicted, terrorist attacks in Paris and California have catalyzed the encryption debate around the world, even as it remains highly questionable that encryption played a role in either attack.
While the encryption debate may be important to Cook for both ideological and business reasons, its outcome could have ripple effects for ages. Michael Hayden, former director of the National Security Agency, argued that if the Internet lasts another 500 years, it may be the thing the United States is remembered for “the way the Romans are remembered for their roads.” It could be the infrastructure that helps define America’s place in history.
Encryption—and Cook’s prominent role in the movement supporting it—is one of the most critical technicalities deciding the future of the Internet. If Hayden is right, Cook is reaching his hand out for the steering wheel of history.
Despite the praise for his support for strong encryption, Cook is not being canonized by technologists.
Apple’s outsourced and opaque manufacturing still attracts pointed criticism. The company’s tightly controlled tech-ecosystem has also made it unnecessarily difficult to build anonymous and encrypted Web browsing apps like the Onion Browser. Furthermore, under Cook’s direction and in the name of global expansion, Apple has given into the censorship demands of countries like China.
Cook is also not the only technology executive weighing in on the encryption debate. Through the lobbying group Reform Government Surveillance (RGS) companies like Google, Facebook, Microsoft, AOL, Twitter, and Yahoo have pushed back against the type of pervasive government surveillance revealed in 2013 by former NSA contractor Edward Snowden. Quotes from top executives dot the bottom of the RGS Website, like Google CEO Larry Page’s claim that “we’re invested so much in encryption” to protect users’ data. Facebook CEO Mark Zuckerberg has personally vented his frustrations on government surveillance to President Obama.
More importantly, many of these companies have embraced strong encryption in some of their most popular products. Google, for example, built device encryption into newer versions of its Android mobile operating system, offering users data protection that can potentially be on par with Apple’s iOS, if it’s enabled first. And Facebook owns the popular messaging app WhatsApp, which has strong encryption baked in. Both Google and Facebook also use Web encryption to protect their users privacy online.
With new encryption legislation making its way to Congress, however, there is growing frustration with other Silicon Valley leaders who have so far refused to vocally speak out on this issue in the way that Cook has.
“I would like to see Google match Apple’s strong defense of encryption and security,” the EFF’s Cardozo said. “We haven’t seen [Google co-founders] Sergey and Larry get up in front of a room full of press at Stanford and talk about how they will never backdoor their products.”
In 2015, speaking before an audience at the EPIC Champions of Freedom event in Washington, Cook did exactly that, laying out in no uncertain terms exactly the way he believes backdoors in encryption will fail. He called backdoors an “incredibly dangerous … attack on our civil liberties.”
“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it,” Cook said. “Removing encryption tools from our products altogether, as some in Washington would like us to do, would only hurt law-abiding citizens who rely on us to protect their data. The bad guys will still encrypt; it’s easy to do and readily available.”
When Cook speaks about encryption, he sounds less like the chief executive of the world’s most valuable company and more like an impassioned privacy activist, such as Tor developer Jacob Appelbaum, who in 2014 said, “You will find a bullet in the back of my head” before the Tor anonymity network is intentionally backdoored.
Last year, when asked about Apple allowing backdoors in its products for the benefit of the NSA, Cook said, “They would have to cart us out in a box before we would do that.”
Using the language of life and death on issues of privacy and security is not normal for executives at Cook’s level, but he’s helping force the conversation.
“I would like to see Google match Apple’s strong defense of encryption and security.”
“Outside of the tech world, I think it’s becoming not quite dinner table conversation but damn close to it,” Cardozo said of the encryption debate. “I think the American public does have some conception of what’s at stake here, and that’s different than it was even a couple of years ago and certainly different than it was the last time we had this fight in the late ’90s.”
Despite congressional momentum against encryption, it’s clear a two-sided debate is brewing on Capitol Hill. In the House, figures like Rep. Ted Lieu (D-Calif.) called the idea of backdoors “technologically naive.” In the Senate, Sen. Mike Lee (R-Utah) wrote a Daily Dot op-ed arguing that “asking for this mandate have not shown that the potential benefits outweigh the costs to individual civil liberties.”
It’s precisely Cook’s position outside of Washington that helps make him “exceedingly important” to the intensifying debate over encryption, Cardozo said.
So, is Cook a pure defender of encryption—or is he simply a savvy business man? Some say it doesn’t matter.
Last year, Snowden dismissed a question about whether Cook’s actions were driven by morals or profits.
“Regardless of whether it’s honest or dishonest, for the moment, now, that’s something we should support,” Snowden said. “That’s something we should incentivize, and it’s actually something we should emulate.”
Correction: Apple and Google added full disk encryption to their mobile operating systems.
Illustration by Max Fleishman