Encryption

Silicon Valley Backing Apple Because 'fbiOS' Precedent Would Apply to Them Too

A murder of local, state, and federal law enforcement agencies would want their own backdoors too.

|

There's an excellent reason why just about everyone in Silicon Valley is alarmed by the FBI's demands for encryption backdoors: we expect the feds will show up at our doorsteps next.

That's why Google, Twitter, Facebook, Microsoft, WhatsApp, and other software companies are backing Apple publicly. They filed a brief in federal court this week warning that requiring a backdoored fbiOS would kick off an unprecedented wave of surveillance demands. They say, with some understatement, that "investigative tools meant for extraordinary cases may become standard in ordinary ones."

This is not merely a convenient intersection of marketing and customer privacy. Given the existence of scores of federal police agencies, it's simple self-preservation. Once an fbiOS precedent is set, the U.S. Marshals, Homeland Security, postal inspectors, Secret Service, and military police will also invoke the All Writs Act to demand that companies build equally extensive backdoors. Local and state police won't want to be left behind.

It's true that, given enough time and resources, any large Silicon Valley firm could comply with a lone All Writs Act demand. They have capable engineering teams. Details like legality and constitutionality aside, Cupertino could puzzle out how to undermine its own security by creating a backdoor to unlock the San Bernardino shooter's iPhone.

But when there's a queue of police agencies already forming, the likelihood of being required to code custom backdoors for everyone should worry even the largest companies. The Manhattan district attorney, Cyrus R. Vance Jr., acknowledges he'd "absolutely" want to invoke an fbiOS precedent in his own criminal investigations.

To put these requests in perspective, there were 3,554 wiretaps authorized last year at an average cost of $40,000, plus thousands of additional surveillance orders not included in that total. In 2013, Apple was forced to create a waiting list because of so many police demands. Jon Matonis, the former CEO of Hushmail, said on Twitter: "We received so many international subpoenas for info that I had to create a subpoena division!" Custom backdoors would be far more tricky and expensive.

Operating system makers like Google and Apple are not the only companies at risk. If Apple can be forced to code fbiOS, then the same All Writs Act could force any software company to craft malicious features designed to spy on users. Would in-app searches for certain terms be required to trigger alerts? Travel to certain locations? Would automatic updates quietly implant backdoors? What criminal would enable them? (Most wiretaps are for drug offenses; expect libertarian-leaning software engineers to engage in creative civil disobedience.)

"It is hard to conceive of any limits on the orders the government could obtain in the future," Apple argued in a recent legal brief. "If Apple can be forced to write code in this case to bypass security features and create new accessibility, what is to stop the government from demanding that Apple write code to turn on the microphone in aid of government surveillance, activate the video camera, surreptitiously record conversations, or turn on location services to track the phone's user? Nothing."

The precedent that the FBI hopes to set could put smaller companies like mine out of business. My company, a San Francisco bay area startup that has released a smart news app for iOS and Android, has two founders. We both write code. We don't have a legal department. In fact, by limiting the log data we store, and allowing Recent News to be used anonymously, we're hoping to avoid being hit by legal orders at all.

If a judge chose to slap us with a backdoor order, we have no process to use to comply. My co-founder and I would have to write thousands of lines of code, at virtual gunpoint and on threat of being held in contempt over bugs, based on specifications drafted by prosecutors—who have no knowledge of our iOS or Android technology stack or how our recommendation engine written in Python works. (Normally we release new versions of Recent News to beta testers to flag device-specific bugs. I doubt the FBI would like that.)

The FBI could simply ask Congress to enact a law mandating backdoors—it's done this before, after all. In 1997, the FBI persuaded one House of Representatives committee to outlaw manufacturing, selling, or importing unapproved encryption devices without backdoors for the Feds. The bill died without a floor vote.

The FBI didn't give up. In early 2008, the bureau completed a "high-level explanation" of backdoor legislation, according to documents obtained by the Electronic Frontier Foundation through open records laws. In 2012, the proposal had morphed to sweep in social-networking sites, email providers, and services like Apple's iMessage. But for the last eight years, despite requests from Capitol Hill, neither the Bush nor Obama administration chose to forward the FBI's proposal to Congress.

If the FBI truly needs to conscript Silicon Valley's software developers, it should be forthright about it and ask Congress for that authority. My company and I would oppose any such law, but at least that would allow an open debate. It's unfortunate but telling that a federal police agency is attempting a clandestine power grab through the courts instead.

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

67 responses to “Silicon Valley Backing Apple Because 'fbiOS' Precedent Would Apply to Them Too

  1. …we expect the feds will show up at our doorsteps next.

    I’d be surprised if they hadn’t already been let past the threshold.

    1. That only gets you in the front door. Another threshold has to be crossed to get to the second floor.

      What? You thought I was one of those basement coders?

  2. we expect the feds will show up at our doorsteps next.

    No shit?

  3. Looks like Reason needs a night away from Trump-blogging to burn some energy based on the thumbnails today.

  4. There’s a guy on Bloomberg who said, a few days ago, “Apple should absolutely do what the FBI asks, because everything in the iphone was invented by the government!”

    How do you even respond to that?

    1. You don’t. Idiots should be ignored and marginalized. When you engage them you just validate their opinions.

    2. So send you phone back to Apple already! While you’re dilly-dallying the terrorists are busy winning!

    3. It was all invented by me.

      See, I had this idea once….

  5. Unturned stones are the bane of oppressors.

    1. So are unturned stoners.

  6. the same All Writs Act could force any software company to craft malicious features designed to spy on users.

    If you make a point of shooting policemen in video games, expect a knock flashbang grenade at your door.

    1. Well at least they are not using tank mounted battering rams to tear down walls.

      https://www.youtube.com/watch?v=f5uJP6yDtkM

  7. It’s unfortunate but telling that a federal police agency is attempting a clandestine power grab through the courts instead.

    Who better to know the needs of the law enforcement community than the law enforcement community? If the FBI says they need these tools who are the courts to say they don’t? It’s not a judge’s place to substitute his judgement of what an agency needs or is allowed to have for that of the very people tasked with determining what that agency needs or is allowed to have, is it? That’s judicial activism, by gum! Judicial deference demands the courts side with the agencies authorized by Congress and acting under the direction of the President absent a clear and compelling argument that they’re acting contrary to the enabling legislation or the administrative regulations that bind them. Besides which, the FBI has every incentive to act lawfully, openly, and honestly (because reasons) so we can trust them. If you can’t trust your own government, who can you trust?

  8. I don’t think people are waking up to how important this is yet. Not just for personal security either. Consider corporations who use smartphones – if the FBI wins, no company will let their employees use one for company business ever again.

    It is basically the end of an industry.

    1. Don’t worry. It will be a SECURE back door.

    2. Since corporations are evil you might be giving them another selling point.

  9. Did anyone else reading the Sam Harris stuff regarding Apple over the weekend? It seriously just bummed me out. I thought that since he recognized that right now, Islam is far more of a threat than any evangelical Christian or Orthodox Jew, I had some hopes that he would be someone we could tend to agree with politically more often than not.

    But then, it is like he completely bypassed liberty altogether. He jumped from anti-PC about discussing and intellectually confronting Islam, to pants-shitting about terrorism.

    1. Islam isn’t a threat.

      1. In the context of what BearOdinson said, the correct term might be Islam is “incompatible” with Christianity.

      2. Just a lot of its adherents.

        These days I don’t worry about Nazis. But in 1933 to 1945 it was a different matter.

        An interesting (short) read is Wm. Burrough’s “Islam Inc.”

        http://powerandcontrol.blogspo…..m-inc.html

        1. How do you define “a lot”? There are approximately 1.6 billion Muslims worldwide. How many of those are involved with terrorist organizations, either as combatants or consciously providing material support? I would be surprised if it was even one percent.

          1. According to surveys sympathy for the terrorists runs from about 20% (in the “enlightened countries) to 70% or more.

              1. Niiiiice. By “polls” you mean “Wikipedia summery of various polls”. So it looks like you’re pulling your 20% claim from either the survey of British Muslims feeling sympathy towards the July 7th terrorist attacks, or to the survey of European Muslims on whether violence towards civilians is ever justified.

                Since the British study is only on a specific event and ALSO found that 99% disapproved of the terrorist attack, even if they sympathized with the terrorist’s motives, that’s hardly a basis for “civilized nation Muslims” being supportive of terrorism as you imply.

                The other study, of European Muslims and violence against civilians, ONLY works out to 20% if you take a Muslim’s answer of “violence against civilians is rarely justifiable” as “sympathizes with terrorists.” Using THAT, this survey shows 20% of European Muslims between the extremes of supporting mowing down random people for disagreeing with you to supporting that civilian casualties are a necessary evil in times of war.

                For reference, in a survey breaking up American support for the US military targeting civilians, we have Protestants and Catholics at 58%, Jews at 52%, Mormons at 64%, and Nones at 43%. When you take out the context of the Government doing the killing and make it small groups or individuals, support drops to 26%, 27%, 22%, 19%, and 23%.
                http://www.gallup.com/poll/148…..lence.aspx

                1. This is not to say that I don’t find the fact that ~20%, or one in five, of European Muslims think violence against a noncombatant can EVER be justified. But my concern is more of that ~20%, or one-in-five, of EVERYONE in these “enlightened” countries think that violence against noncombatants can be justified.

                  Also of note, while your studies only cover Europe, my American study shows the justification of violence (without the State as context) dropping to 11% among American Muslims. Probably because America is better at integrating and de-radicalizing people than the snobs in Europe.

                2. Also, on a OT note, this survey seems to imply that Mormons are the most deferential to the state, with one of the lowest support numbers for just anyone going out and enacting violence against civilians, but the highest support numbers when it is the State doing the violence. Statistics is fun.

            1. Uh super, but opinions aren’t any more of a threat than are religious beliefs. Threats come from the willingness to actually pick up a weapon and do something about it, or buying a weapon for someone else to use.

              1. Well the Nazis were powerless too. Until they weren’t. And how about homegrown? The KKK cause quite a few problems when it was mainstream.

                How many have to take up arms to become a problem? Lets see. 1% of 1.5 billion is 15 million.

                15 million is quite a nice army. Well suppose only 1% of those fight (1 in 10,000 Muslims).

                Now you are down to only 150,000 terrorists. And mostly they fight each other over there. Would it be a good idea if they did that over here?

                1. Yes. When you pull numbers out of your ass, the numbers can be quite scary.

                  Now I’m not saying we should fear Buddhists, but if only 1% of them support the Buddhist Power Force, then that means we have FIVE MILLION BUDDHIST TERRORISTS OUT THERE!!!!! Oh wait, no we don’t. Because pulling numbers out of my ass and doing math with them doesn’t actually affect the world around me.

    2. I’ll surpass that stupidity with a more generalized Luddism about everything.

      This is a prelude of things to come, not only with encryption technologies, but everything from artificial intelligence to drones, robotics, and synthetic biology. Technology is moving faster than our ability to understand it and there is no consensus on what is ethical. It isn’t just the lawmakers who are not well-informed, the originators of the technologies themselves don’t understand the full ramifications of what they are creating. They may take strong positions today based on their emotions and financial interests but as they learn more, they too will change their views.

      1. The stupid is strong in that one.

      2. re: world moves fast and i is scared. pls make laws. thnx.

      3. It isn’t just the lawmakers who are not well-informed, the originators of the technologies themselves don’t understand the full ramifications of what they are creating.

        Just like with Kurzweil, I love the implications that this is only a recent phenomenon;

        So it was the Wright Bros. who were ultimately behind 9/11! We shoulda known all along.

        1. Rudolf Diesel is the second biggest mass murderer in history – right behind Prometheus.

      4. “…It isn’t just the lawmakers who are not well-informed, the originators of the technologies themselves don’t understand the full ramifications of what they are creating….”

        ‘Predictions are hard, especially about the future’. Yes, you idiot, we don’t know where some of it will lead and neither do you.
        I presume this twit would outlaw ANY innovation until someone invents a perfect crystal ball?

      5. When in doubt, gambol.

    3. I find it interesting how reliably the New Atheist crowd turns out to be unrepentant warmongering statists. They seem totally convinced that the righteousness of their views justifies using the force of the state to impose them on the unconvinced both domestically and abroad. They rail against religiousity of all stripes, and yet adopt the same tactics that crusaders have used for millenia to convert or destroy the heretics.

      1. I find it interesting how reliably the New Atheist crowd turns out to be unrepentant warmongering statists.

        That’s not fair at all. On being asked what he’d do as world dictator, Daniel Dennett wrote:

        My reluctance to use my political power to educate the young is based on the begrudging opinion that resistance to such impositions is itself so intense that the effort is almost certain to be counterproductive…. If the stick is unlikely to work, what about the carrot? Suppose I command that some benefits are available only to those who reform their education systems. This is often an effective way of gaining compliance. In extreme cases, such withholding of benefits amounts to coercion and is hardly distinguishable from direct force. . … With those two steps resolutely taken. I’d be ready to let the world rule itself, with people making informed choices as best they could. And I would proceed to enjoy my fabulous benefits, on my fleet of sailboats, puttering in my splendidly equipped workshop, and served by a team of chefs, nutritionists and personal trainers who would discreetly modulate my intake of lobster, wine, foie gras, peanut butter and ice cream to optimise my weight and health so I could go on and on and on.

        Who could argue with lobster wine, foie grass, peanut butter and ice cream?

        1. I think it would actually be a good use of government resources to send New Atheist figureheads out to sea.

          1. Do ships still have figureheads?

            I hadn’t noticed.

          2. You better slow your roll, son. When you mess with the grandfather of teleological functionalism, you disrespecting me; you disrespecting my hood. You lucky I was acting all cool, cuz. I told you I ain’t got time for that, nigga. But today, I got time, cuz!

    4. I had some hopes that he would be someone we could tend to agree with politically more often than not.

      Had you not read Harris before?

      1. Cognitive neuroscienist who has done a lot of work in investigating how the brain differs in its response to statements judged by the individual to be true versus those judged to be lies. He has also done work in cognition and free will and the cognition of religious experience.

        He’s also really into to Brazilian Jiu-Jitsu.

        1. He sounds insufferable. I’ll forget about him now.

          1. He can get a bit insufferable when he gets on his soapbox about religion in general, but he is one of the few public intellectuals in America to speak truth to power when it comes to Progressive’s consistently excusing the worst excesses of Islam while holding other groups’ feet to the fire for even less “sins”.

            And he kicked the ever-loving shit out of Dean Obeidallah on national television.

            1. And he kicked the ever-loving shit out of Dean Obeidallah on national television.

              OK, I’ll retract my prejudicial statement for now.

      2. One of the preaching atheists like Dawkins and Hitchens.

  10. Why would the government lie? It’s only one phone! You’re all a bunch of paranoid cynics!

  11. “The iphone is not a “paper” so it’s not covered by the Fourth Amendment.” Someone who makes this argument will be the next member of the Supreme Court.

    1. If only the Fourth Amendment referred to more than just paper. . . .

      The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated,

      1. But are they “special” effects?

      2. If only the 4th amendment had anything to do with this case.

        1. ^ This there is no 4th amendment issue here at all. There is a valid, properly issued warrant, and the item to be searched is in police control, and the owner of the item agrees to the search.

          Now, the 5th and 13th amendments present some issues…

  12. If cops looked like that I might not mind a police state.

  13. “A murder of local, state, and federal law enforcement agencies would want their own backdoors too.”

    “Murder” is a group of crows. The correct term for a group of law enforcement is a “sounder”.

  14. I don’t get what makes the govt believe it has the authority to compel action on the part of these companies. Not that they won’t eventually give in, but I’d like to see a judge tell me that I have to sit down, individually, and write code for him. Actually, I’d like to have the opportunity… so you say I have to do this — okay, let’s do it… but then, what, is it contempt or treason or something, when I instead wipe the phone the first time you try to brute-force the password? Prove that I did it willfully, and that it wasn’t just an honest bug, After all, what you’re asking me to write is something that was, by conscious design, intended to be impossible.

    But then again… commerce clause.

    1. That’s a good point. These folks are not typically well-versed in any technical subject, never mind programming or crypto. I wonder if they just don’t understand what they’re asking. I mean, it’s not like asking a painter to paint a house a different color. It’s like forcing a heart surgeon to do a triple bypass at gunpoint.

      1. An engine-builder friend of mine has a funny anecdote he relates, which is applicable here; he had a customer who was a surgeon of some sort, who was in the shop; I think it goes that one of the employees goes over to the surgeon and says something to the effect of how changing the cam is not unlike doing open-heart surgery, to which the surgeon immediately replies: “Sure, but next time, try doing it with the engine running.”

        Not sure if that’s true, or his — he’s a bit of a storyteller — but I always got a chuckle from it.

    2. As any programmer will tell you, all you can do is deliver what they ask for which is almost never what they actually want.

      1. Well, I mean, you could see the feature-creep at almost the first instance — not only do you want me to somehow disable over-the-max-password-attempt wiping of the phone, but you also want me to hook you up to usb or wifi or whatever, and somehow let you enter the password programmatically? It’s not like there would necessarily be tests in place for verifying how the system handles automation of brute-force password entry, since, you know, that’s implicitly been done through a physical interface, given the basic design of the phone.

  15. I’ve been writing my buddy at Apple asking him to suggest their bosses send donations to libertarian party candidates. If tech firms were to suddenly wake up and do a Aaron Swartz number recommending the ONLY party that does not want their doors kicked in by goons with guns, shucks, it could be more’n a Libertarian Moment. It could be an Alice’s Restaurant Massacre complete with four-part harmony and constitutional amendments to restore the Bill of Rights!

  16. I’ve made $76,000 so far this year working online and I’m a full time student.I’m using an online business opportunity I heard about and I’ve made such great money.It’s really user friendly and I’m just so happy that I found out about it.

    Open This LinkFor More InFormation..

    ??????? http://www.selfcash10.com

Please to post comments

Comments are closed.