In 2016, Tim Cook fought the law—and won.
Late in the afternoon of Tuesday, February 16, 2016, Cook and several lieutenants gathered in the “junior boardroom” on the executive floor at One Infinite Loop, Apple’s old headquarters. The company had just received a writ from a US magistrate ordering it to make specialized software that would allow the FBI to unlock an iPhone used by Syed Farook, a suspect in the San Bernardino shooting in December 2015 that left 14 people dead.
The iPhone was locked with a four-digit passcode that the FBI had been unable to crack. The FBI wanted Apple to create a special version of iOS that would accept an unlimited combination of passwords electronically, until the right one was found. The new iOS could be side-loaded onto the iPhone, leaving the data intact.
But Apple had refused. Cook and his team were convinced that a new unlocked version of iOS would be very, very dangerous. It could be misused, leaked, or stolen, and once in the wild, it could never be retrieved. It could potentially undermine the security of hundreds of millions of Apple users.
In the boardroom, Cook and his team went through the writ line by line. They needed to decide what Apple’s legal position was going to be and figure out how long they had to respond. It was a stressful, high-stakes meeting. Apple was given no warning about the writ, even though Cook, Apple’s top lawyer, Bruce Sewell, and others had been actively speaking about the case to law enforcement for weeks.
The writ “was not a simple request for assistance in a criminal case,” explained Sewell. “It was a forty-two-page pleading by the government that started out with this litany of the horrible things that had been done in San Bernardino. And then this . . . somewhat biased litany of all the times that Apple had said no to what were portrayed as very reasonable requests. So this was what, in the law, we call a speaking complaint. It was meant to from day one tell a story . . . that would get the public against Apple.”
The team came to the conclusion that the judge’s order was a PR move—a very public arm twisting to pressure Apple into complying with the FBI’s demands—and that it could be serious trouble for the company. Apple “is a famous, incredibly powerful consumer brand and we are going to be standing up against the FBI and saying in effect, ‘No, we’re not going to give you the thing that you’re looking for to try to deal with this terrorist threat,’” said Sewell.
They knew that they had to respond immediately. The writ would dominate the next day’s news, and Apple had to have a response. “Tim knew that this was a massive decision on his part,” Sewell said. It was a big moment, “a bet-the-company kind of decision.” Cook and the team stayed up all night—a straight 16 hours—working on their response. Cook already knew his position—Apple would refuse—but he wanted to know all the angles: What was Apple’s legal position? What was its legal obligation? Was this the right response? How should it sound? How should it read? What was the right tone?
Cook was very concerned about the public’s reaction and knew that one of the outcomes of his action could be that Apple would be accused of siding with terrorists. What kind of company wouldn’t help the FBI in a terrorist investigation? From a public relations standpoint, Apple had always been on the side of privacy advocates and civil libertarians. This case put the company unexpectedly on the side of a terrorist. This was brand-new territory, and Cook had to figure out how to navigate it. He had to show the world that he was advocating for user privacy rather than supporting terrorism.
At 4:30 a.m., just in time for the morning news cycle on the East Coast, Cook published an open letter to Apple customers explaining why the company would be opposing the ruling, which “threatens the security of our customers.” He referenced the danger that could come from the government having too much power: “The implications of the government’s demands are chilling,” he wrote. “If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data.”
Apple had been working with the FBI to try to unlock the phone, providing data and making engineers available, Cook explained. “But now the US government has asked us for something we simply do not have, and something we consider too dangerous to create . . . a backdoor to the iPhone.” He continued, “In the wrong hands, this software—which does not exist today—would have the potential to unlock any iPhone in someone’s physical possession.” This could have potentially disastrous consequences, leaving users powerless to stop any unwanted invasion of privacy. “The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”
Cook then accused the government of trying to force Apple “to hack our own users and undermine decades of security advancements that protect our customers . . . from sophisticated hackers and cybercriminals.” It would be a slippery slope from there. The government could then demand that Apple build surveillance software to intercept messages, access health records or financial data, or track users’ locations. Cook needed to draw a line. He believed the FBI’s intentions were good, but it was his responsibility to protect Apple users. “We can find no precedent for an American company being forced to expose its customers to a greater risk of attack,” he wrote. Though it was difficult for him to resist orders from the US government, and he knew he’d face backlash, he needed to take a stand.
The magistrate’s order thrust into the spotlight a long-running debate Apple had been having with the authorities about encryption. Apple and the government had been at odds for more than a year, since the debut of Apple’s encrypted operating system, iOS 8, in late 2014.
iOS 8 added much stronger encryption than had been seen before in smartphones. It encrypted all the user’s data—phone call records, messages, photos, contacts, and so on—with the user’s passcode. The encryption was so strong, not even Apple could break it. Security on earlier devices was much weaker, and there were various ways to break into them, but Apple could no longer access locked devices running iOS 8, even if law enforcement had a valid warrant. “Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,” the company wrote on its website. “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”
The update had repeatedly stymied investigators. At the New York press event two days after Cook’s letter on San Bernardino, the authorities said that they had been locked out of 175 iPhones in cases they were pursuing. For more than a year, law enforcement at the highest levels had been pressuring Apple for a solution. “When the FBI filed in San Bernardino, I think many people in the public perceived that as the beginning of something,” said Sewell. “Whereas in reality, it was a long point leading up to that, with a lot of activity that preceded the actual decision by [FBI director James] Comey to file.”
Sewell explained that he, Cook, and other members of Apple’s legal team had been meeting regularly with heads of the FBI, the Justice Department, and the attorney general in both Washington and Cupertino. Cook, Sewell, and others had met not only with James Comey, but also with Attorney General Eric Holder, Attorney General Loretta Lynch, FBI director Bob Mueller (Comey’s predecessor), and Deputy Attorney General Sally Yates.
Cook and Sewell met with Eric Holder and Jim Cole, then the deputy attorney general, in late 2014, and FBI agents told them they were “interested in getting access to phones on a mass basis.” This was way before the attack in San Bernardino, and Apple made it clear from the start that they were not going to grant the FBI access to hack into Apple users’ phones. Cook and Sewell told Holder and Cole that they “didn’t think that that was an appropriate request to be made of a company that has as its primary concern the protection of all citizens.” They had a similar conversation with Lynch and Yates.
Sewell said that during the discussions, it was clear that some law enforcement officials weren’t convinced by the broader social issues. Some were intellectually sympathetic to their position, but as officers of the law, they insisted they needed access to pursue cases. But Sewell said Cook stuck to his position that security and privacy was a cornerstone. Cook was adamant that any attempt to bypass security would be very dangerous. Once a backdoor had been created, it could easily be leaked, stolen, or abused.