As Apple filed its defense against the government on Monday, FBI Director James Comey was in Beijing, meeting with the head of China's surveillance state. According to state media reports, Comey and Public Security Minister Guo Shengkun discussed ways to "deepen law enforcement and security cooperation."
It was a diplomatic meeting, trying to warm a relationship that’s been chilled by countless hacking and trade secrets incidents — but it was also a strange reflection of the bureau's ongoing fight with Apple. Both Comey and Guo are currently pressuring Apple to turn over the source code to iOS, as part of larger lawful access campaigns. In their desire for more evidence and more powerful investigations, the FBI and the Chinese government have ended up on exactly the same side.
The FBI and the Chinese government have ended up on the same side
This wasn’t what Comey had in mind when he launched his crusade against encryption, but the past two weeks have made it difficult to avoid. For weeks, the FBI has been using Apple’s Chinese expansion as a way to score points. In a particularly taunting editorial last Saturday, a former general counsel for the NSA asked "just how much work you’ve already done for repressive regimes surveilling their own people." If Apple has already built backdoors for China, how can it object to building one for the FBI? In a filing in the San Bernardino case the next week, the government made a similar case. They told the judge about Apple's accommodation of the Chinese WAPI wireless standard and Chinese state media reports that suggested the company had turned over source code to the government. For prosecutors, those accommodations looked an awful lot like the same kind of measure Apple was now denying to the FBI.
Yesterday, Apple pushed back. In submitted testimony to the court, Apple software chief Craig Federghi stated under penalty of perjury that the company has never built a backdoor for any country, never submitted source code, and never built the kind of custom access system proposed by the FBI. "Apple uses the same security protocols everywhere in the world," Federghi wrote. "While governmental agencies in various countries, including the United States, perform regulatory reviews of new iPhone releases, all that Apple provides in those circumstances is an unmodified iPhone device."
"Apple uses the same security protocols everywhere in the world."
In part, it’s a straightforward denial — but it also turns the FBI’s insinuations on their head. We know China has pushed for source code review from other companies , sometimes successfully. But if Apple has successfully avoided turning over the code, it puts the FBI’s demands in a very different light. Apple and other companies have successfully drawn the line at handing over the inner workings of their software to law enforcement, even in environments as hostile as China. Now, Comey himself is threatening to break that balance, inadvertently strengthening China’s case. And while Apple could successfully fend off China’s demands, we still don’t know if the company can fend off the FBI.
Naturally, the FBI and its supporters don’t see it that way. The core of Apple’s defense is that the company follows local laws, the same in China as in Germany or the UK. But local laws in China are very different. Requests for iCloud data in Germany and the UK come after judgment from a court, weighing standards of evidence and a whole constellation of checks on judicial power that simply don’t exist in China. If you’re troubled by participating in an attack on anti-government speech or religious freedom, for instance, your only option is not to participate at all.
The Chinese web makes security of any kind difficult
At the same time, the nature of the Chinese web makes it difficult to maintain hard security of any kind. Standards like WAPI are established and maintained in secret, making it unclear whether the government is maintaining a vulnerability, and hard to do anything about it if they are. The government has direct access to most of the services used by the average Chinese iPhone user, and web usage is monitored and filtered aggressively enough that government agents generally don’t need to bother breaking into the local storage of individual phones. If the number of Chinese iCloud requests seems low, it’s at least in part because the government has so much already.
None of that is Apple’s fault exactly. As powerful as the company is, Apple can’t remake the Chinese court system or tear down the Great Firewall. But that system means any company doing business on the Chinese web is forced to make some ugly compromises. There’s a reason Google and others pulled out of the country. For that same reason, the FBI and its allies wanted to make sure everyone knew that Apple stayed.
But while the government knew Apple’s Chinese ventures could be embarrassing, it didn’t fully understand why. The Chinese authorities are in the investigation business, just like the FBI. When they come to a company like Apple, they’re asking for more or less the same things. Many of the sins of the Ministry of Public Security have also been committed by the NSA at a more restrained scale. Both have faked certificates to implant malware. Both scan web traffic in bulk. Both insert secret backdoors into encryption standards. The difference isn’t the inherent righteousness of the US Government, but the restraints our system tries to put on that power. After looking at Apple’s struggles and compromises in China, do we really want to loosen those restraints?