Make a list of the top 3 issues in Case 1 "Building a Backdoor to the iPhone". Number these issues in terms of which should be dealt with first: 1 = should be addressed first, 2 = addressed after 1, 3 = should only be addressed after the first two.

For each issue listed, discuss 2 things:

1. Why is this urgent for the company? What will happen if they don't act now?
2. Why is this important for the company? What will this issue effect if it is not addressed?

BUILDING A "BACKDOOR" TO THE IPHONE: AN ETHICAL DILEMMA

Tulsi Jayakumar and Surya Tahora wrote this case solely to provide material for class discussion. The authors do not intend to illustrate either effective or ineffective handling of a managerial situation. The authors may have disguised certain names and other identifying information to protect confidentiality.

This publication may not be transmitted, photocopied, digitized or otherwise reproduced in any form or by any means without the permission of the copyright holder. Reproduction of this material is not covered under authorization by any reproduction rights organization. To order copies or request permission to reproduce materials, contact Ivey Publishing, Ivey Business School, Western University, London, Ontario, Canada, N6G 0N1; (t) 519.661.3208; (e)

Copyright 2016, Richard Ivey School of Business Foundation Version: 2017-08-16

In February 2016, Tim Cook, Apple's chief executive officer (CEO), took a stance on a matter that drew

strong public debate. Involving Apple's flagship product, the iPhone, the debate pitted on either side of the fence proponents of two rights. On the one side were Apple and digital rights groups advocating protection of customer digital privacy, while on the other were the U.S. government and the Federal Bureau of Investigation (FBI) seeking support from Apple and from other technology companies in protecting national security.

Specifically, the U.S. government and the FBI sought and demanded Apple's help in unlocking the iPhone of a terrorist involved in a terrorist attack in San Bernardino, California. The phone, which had been recovered from the slain terrorist, was expected to provide vital insights into the motives of the attack, as well as to provide crucial evidence regarding terrorist networks and activities. The FBI demanded that Apple build a "backdoor" to the terrorist's iPhone essentially, a new version of its iPhone operating system (iOS) software that could help FBI agents unlock the phone and access the information on it as a one-off case. Cook, however, refused to acquiesce to the government's demand, citing Apple's commitment to customer digital privacy and security.

Was Cook justified in his refusal to heed the U.S. government's demand to build a one-time access to the iPhone retrieved from the terrorist on grounds of protecting customer digital privacy? Was Apple's obligation to protect customer privacy greater than its obligation to contribute to national security? What dilemmas did Cook and the Apple management team face in this decision? How could the dilemmas be resolved?

APPLE'S IPHONE AND IOS

Steve Jobs and Steve Wozniak, both college dropouts, founded Apple Computers, Inc. (Apple) in 1976 with

a vision to make small, user-friendly computers to be used in homes and offices. Apple's initial products Apple I and Apple II revolutionized the computer industry. The company's sales increased from US $7.8million in 1978 to $117 million in 1980, the year Apple went public. In 1990, the company posted its highest profits yet; however, the company's market share waned after this peak.

Jobs, who had left the company in 1985, rejoined it in 1997. Apple subsequently launched a host of

products, which included personal computers (iMac), portable digital music players (iPod), mobile communication and media devices (iPhone and iPad), various related services and software (iOS, iTunes Store, and iCloud),and ancillary products (Apple TV and AppleWatch). However, the iPhone, accounting for two-thirds of Apple's revenue in 2016, was Apple's flagship brand -the brand that contributed to Apple gaining and maintaining its status as the world's most valuable brand through the period 2011 toJanuary 2016.

The first iPhone was launched on June 29, 2007, in a 4- and 8-gigabyte version. Apple's mobile revolution, however, could be credited to creation of the iOS (previously iPhone OS) a mobile operating system. Apple initially developed the iOS in 2007 and distributed it for the iPhone and iPod Touch. Apple developed later versions of the iOS to support other devices such as the iPad and Apple TV. By Q3 2015, Apple had sold more than 1.1 billion iOS devices. As of June 2015, Apple's App Store contained more than 1.5 million available iOS-based applications, which had been collectively downloaded more than 100 billiontimes.

Apple provided major updates to the iOS operating system approximately once a year. The update most recent to the "backdoor issue" was iOS 9, released on September 16, 2015. As of February 8, 2016, 77 per cent of devices were using iOS 9, 17 per cent were using iOS 8, and the remaining 6 per cent were usingearlier operating systems.

In the fiscal quarter ending December 2015, Apple experienced a slowdown in its sales. The iPhone, as well as other Apple products, exhibited weak performance. Sales of the iPhone grew by less than 1 per cent year-on-year, compared to a 50 per cent growth in the previous year. Unit sales of the iPad tablet fell 25per cent from the previous year, and sales of iMac computers fell by 4 per cent. its flagship product, the iPhone, remained strong. Even so, Apple's faith in its flagship product, the iPhone, remained strong. Cook maintained that the popularity of the iPhone provided the company with a "long-lasting foundation."

CUSTOMER PRIVACY AND APPLE

Apple's business model was based on selling products, not harvesting data. This business model was unlike others in the industry, such as Google's, which generated revenue through targeted ads developed with the assistance of harvested data. Cook had long been a champion of customer privacy. Speaking at a technology conference in 2010, Cook made his views on customer privacy clear: "[Apple] has always had a very different view of privacy than some of our colleagues in the [Silicon] Valley." Thus, after building a feature into the iPhone that showed where the phone and its user were located, the company, citing customer privacy, left the choice of whether to use this feature entirely to users, who could control whether apps were able to use the phone's location data.

The increasing use of iPhones as a store of personal information, and consumer sensitivity regarding the potential use and abuse of personal information, prompted Cook to take a hard stance on customer privacy. The matter came to a head in June 2013 following revelations of massive U.S. government surveillance, exposed by Edward Snowden, a former Central Intelligence Agency (CIA) employee and U.S. government contractor. Called Prism, the surveillance system essentially a counter-terrorism data collection effort launched in 2007 "allowed the U.S. National Security Agency (NSA) to receive emails, video clips, photos, voice and video calls, social networking details, logins, and other data held by a range of U.S.Internet firms," which included Apple.

More specifically, Snowden's disclosures included revelations that questioned the ability of Apple products

to withstand tampering and ensure customer privacy. It appeared that the CIA had, for more than a decade, tampered with Apple products, embedding spy tools in the hardware and modifying Apple software updates in order to collect data about app developers and carry out systematic surveillance of their customers. Irate Apple customers wrote to Cook, expressing concerns regarding Apple's commitment and ability to ensure. Meanwhile, the Internet and social media were being increasingly used to plan and coordinate international terror attacks and to "spread propaganda, incite violence, and attract new recruits." The use of secret, private chat rooms and encrypted Internet message boards prompted the advent of surveillance programs like Prism. In a world faced with growing threats of terrorism, Apple and other technology companies faced increased pressure from law-enforcement agencies to share information about their customers and devices. Justifying Prism, President Obama stated, "You can't have 100 per cent security and also then have 100 per cent privacy and zero inconvenience." Technology companies, especially Apple, viewed information- sharing requests as compromising customer security and privacy.

One of the ways technology companies like Microsoft, Yahoo, Facebook, and Apple handled the conflicting dimensions of the government requests was to share with the public (to the extent allowed under the law) the details and scope of the government's periodic requests. For instance, Apple disclosed that, in the first six months of 2015, it had received between 750 and 999 national security-related requests from the U.S. government, affecting 0.00673 per cent of Apple's customers.

Nonetheless, customers remained concerned, and in response, Apple implemented increasingly stringent encryption measures. Until iOS 6, only resident Apple apps were encrypted by default; developers of third party applications had to opt in to encryption. By 2013, however, Apple had taken measures to ensure that third party application data was also protected. With iOS 7, Apple began "encrypting all third party data stored on customers' phones by default, until [customers] first unlocked [the phone] after rebooting." When the company designed iOS 8, it ensured that even its own engineers would be unable to extract data.

In an open letter to Apple customers in September 2014, Cook reiterated Apple's concern regarding privacy: "Security and privacy are fundamental to the design of all our hardware, software, and services, including iCloud and new services like Apple Pay."

He added:

Our business model is very straightforward: We sell great products. We don't build a profile based on your email content or web browsing habits to sell to advertisers. We don't "monetize" the information you store on your iPhone or in iCloud. And we don't read your email or your messages

to get information to market to you. Our software and services are designed to make our devices better. Plain and simple.

Addressing the issue of trust, Cook stated, "Our commitment to protecting your privacy comes from a deep respect for our customers. We know that your trust doesn't come easy. That's why we have and always will work as hard as we can to earn and keep it."

THE SAN BERNARDINO BOMBING AND APPLE

On December 2, 2015, a married couple, Syed Rizwan Farook, 28, and Tashfeen Malik, 29, shot at and killed 14 people and injured 22 at the Inland Regional Center in San Bernardino, California. The victims were employees of the San Bernardino health department who had gathered for a holiday party in a conference room at the centre, which provided services to disabled people. The FBI stated it had evidence

that the attack was based on "extensive planning" and that it was investigating the attack as an act ofterrorism. Farook was an inspector with the county health department and had left the party in progress, returning with his wife to shoot at his co-workers. The couple were later killed in a gun battle with the police. The terror group Islamic State of Iraq and the Levant (ISIS or ISIL) claimed that the two slain suspects were supporters of the group.

A key focus of the investigation involved checking the couple's phone, travel, computer, and other records to ascertain the motive behind the attack and to determine the reasons for the makeshift bomb lab found in the couple's rented home. The shooters had tried to destroy any evidence that could track their digital However, an iPhone, provided to Farook by his employer, was found in the vehicle in which the couple had been killed in the aftermath of the attack.

The iPhone was not Farook's property but that of his employer, San Bernardino County, which consentedto a search of the phone, completely and permanently erased in their attempts to unlock the phone. The FBI sought Apple's assistance in the days following the attack, and Apple "provided data that was in [its] possession, complied with valid subpoenas and search warrants . . . made Apple engineers available to the FBI to advise them, and offered [its] best ideas on a number of investigative options at their disposal."33 However, the FBI wanted Apple to go a step further. It sought Apple's assistance in unlocking the encrypted iPhone used by Farook. The FBI wanted Apple to build what became known as "a backdoor" to the iPhone. Talks betweenlawyers of the Obama administration and Apple went on for two months, but in the end, Apple refused toacquiesce to the FBI's demand.

THE GOVERNMENT'S STANCE

A dispute had been building between the U.S. government and technology companies for more than a decade regarding the latter's encryption practices. In 2010, the Obama administration proposed draft legislation that would have forced technology companies like Google and Apple to provide unencrypted data to the government. The draft legislation was similar to the legislation forced on phone companies during the Clinton administration, which made it mandatory for such companies to build digital networks that government agents could tap. If the new draft legislation was accepted as law, it would have been a blow to customer privacy activists. However, the Snowden disclosures in 2013 led to a large-scale criticismof the U.S. government, and the Obama administration decided not to move on the proposed legislation.

The San Bernardino case proved to be a flashpoint in the dispute. The U.S. government stated that it would "attempt to exhaust every investigative lead in the case," since it owed resolution to the victims and their families. Consequently, when the talks between the government lawyers and Apple failed, the U.S. Justice Department filed an application in the Federal District Court for the District of Central California to "learn everything possible about the attack in San Bernardino."

Federal prosecutors, in their initial filing, stated:

The government requires Apple's assistance to access the . . . device to determine, among other things, who Farook and Malik may have communicated with to plan and carry out the IRC shootings, where Farook and Malik may have travelled to and from before and after the incident, and other pertinent information that would provide more information about their and others'involvement in the deadlyshooting.

Prosecutors further claimed that Farook's device could be encrypted to the point that its content would be "permanently inaccessible" and that "Apple has the exclusive technical means which would assist the government in completing its search."

Based on this request, a U.S. Federal Court judge passed an order directing Apple to provide "reasonable technical assistance" to the FBI. Such assistance was to be in the form of software that could disable thesecurity features that erased data from the iPhone after 10 unsuccessful attempts to unlock the phone. If the security feature was disabled, the investigators could attempt as many combinations as necessary to unlock the phone.