Reason.com

Free Minds & Free Markets

Here's How Apple Plans to Beat the FBI

Among other things, Apple alleges that the FBI violates its First Amendment rights by compelling company engineers to write code.

downloadsource.fr/Flickrdownloadsource.fr/FlickrThe tech-policy community is still buzzing about a recent court order compelling Apple to craft a technical tool that would allow FBI investigators to bypass security measures on the iPhone used by San Bernardino shooter Syed Rizwan Farook.

The government’s legal argument rests largely on the archaic All Writs Act of 1789, a short law establishing that U.S. courts may "issue all writs [legal orders] necessary and appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law." Straightforward enough. As traditionally interpreted, this law merely allowed the judiciary a bit of flexibility to facilitate lawful legal procedures when the precise means needed were not already on the books. For example, a court might invoke this law to enlist a telephone company’s assistance in setting up a special kind of warranted wiretap that Congress had not specifically addressed in legislation. But there are supposed to be limits. For instance, the Act could not compel someone who is "far removed" from the situation to act, nor could it impose an "unreasonable burden" on a third party or "adversely affect" that party’s "basic interests."

But in recent years, the Justice Department has strained this 227-year-old provision beyond the reasonable bounds of interpretation in an effort to get around strong security technologies that it sees as hindering investigations. In 2014, reports from the The Wall Street Journal and Ars Technica revealed that courts in New York and California had invoked this obscure law to compel Apple and at least one other unknown device manufacturer to provide "technical assistance" to unlock password-protected phones. This most recent order to Apple has drawn these creative modern applications of a centuries-old law into strong public scrutiny.

Technology companies and civil-liberties activists oppose the order for the respective threats it would deal to security and privacy online. The FBI, on the other hand, has long sought a way to get around strong security and encryption techniques such as those found on newer versions of the iPhone. Regardless of the considerable technical vulnerabilities that these workarounds—often referred to as a "backdoor" or "secure golden key"—may generate, the FBI could end up getting its way either through judicial precedent or legislative action.

If it does, Apple engineers would be enlisted as unwilling iPhone hackers for the feds. Specifically, the FBI wants to force Apple engineers to build custom software that can disable an iPhone’s "auto-erase" security function, allow agents to electronically guess the PIN, and remove the time delay in between PIN guesses so that they can access data on Farook's work iPhone. 

Apple filed a 65-page motion to vacate the order late last month, handily addressing the DOJ’s questionable use of the All Writs Act and brings in extra constitutional muscle to defend its dissent.

Much of the document reiterates and expands on the points first sketched by Apple CEO Tim Cook in his initial rallying cry to the public: the FBI’s order amounts to little more than a government "backdoor" into secure technologies, an outrageous overreach of power, and a dangerous precedent that lacks proper congressional input. The filing at times reads more like a colonial-era broadside against the abuses of the crown than a staid legal motion. (By the second sentence, Apple has already positioned its case as integral to the "basic security and privacy interests of hundreds of millions of individuals around the globe.") But there’s a lot of new legal firepower packed in as well.

Here are Apple’s key arguments: 

The All Writs Act is not a magic catch-all for the FBI’s whims.

Apple’s first major legal argument is that the government’s use of the All Writs Act far exceeds the limits of the law. Invoking a Supreme Court ruling that the Act does not authorize courts to "issue ad hoc writs whenever compliance with statutory procedures appears inconvenient or less appropriate," Apple’s attorneys point out that the remedy to the issue of encrypted communications is one that must be addressed by Congress, not willed into existence by the courts.

In fact, Congress has previously weighed in on the issue of law enforcement’s authorities and limitations on procuring evidence from telecommunications providers in the Communications Assistance for Law Enforcement Act of 1994 (CALEA). This law outlined the procedures and boundaries that law enforcement must follow to gather data from third-party technology companies in the course of an investigation, and expressly states that the government cannot "dictate to providers of electronic communications services of manufacturers of telecommunications equipment any specific equipment design or software configuration." Because the FBI order to Apple outlined the specific schematics of the program it is demanding be created, Apple attorneys argue that the agency is in violation of the law.   

Furthermore, because Apple would be considered an "information service provider" under the CALEA, Apple is actually exempt from the burden of mandatory assistance to law enforcement. But even if Apple wasn’t exempt from mandatory assistance, CALEA explicitly states that third-party service providers—even those subject to mandatory reporting—cannot be compelled to "decrypt, or ensure the government’s ability to decrypt, any communication encrypted by a subscriber or customer unless the encryption was provided by the carrier and the carrier possess the information necessary to decrypt the communication." Apple does not possess the encryption key necessary to decrypt the Farook's iPhone. 

The FBI order places an undue burden on Apple.

Apple argues that the FBI order would violate the stipulations of the All Writs Act even if it could be applied in the manner that the FBI attempted. In its ex parte application for the order against Apple, the government’s attorneys argued that asking Apple to "writ[e] a program that turns off non-encryption features" is not an undue burden under the All Writs Act and requires only minimal effort on the tech giant’s part. Apple disagrees.

In its motion, Apple argues that the kind of program that the FBI so flippantly ordered would require "significant resources and effort"—somewhere in the ballpark of six to ten Apple engineers toiling for upwards of a month to break the very system they spent so long securing. Then the program would need to be tested, re-coded, and tested again until the engineers found the software to be reasonably functional and secure.

According to iOS forensic scientist Jonathan Zdziarski, such an instrument would likely be subject to further layers of testing by the courts, adding even more to the final cost. After the software is approved by all parties, it would need to be loaded and operated on Apple facilities. Then its engineers might also be tasked with destroying the device and program in such a manner that it can never be intentionally or unintentionally leaked into the wrong hands—a tall order in a world of constant corporate espionage and insecure systems. This is before considering the substantial costs in liability and diminished customer trust that would likely accrue.

Photo Credit: downloadsource.fr/Flickr

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  • mashed potatoes||

    Corporations aren't people and shouldn't find protections in the bill of rights. They should have their offices ransacked without warrant and forced to produce speech for the government. -run of the mill progressive totalitarian.

  • thom||

    But this is Apple we're talking about, and even your run of the mill progressive can see that this might adversely impact them at some point. I'm sure they can rustle up some rationale to oppose the government here.

  • kV||

    My proggie lawyer friends have been oddly silent about this Apple stuff. I think they've finally realized the inconsistency of their position on Citizens United.

  • Agile Cyborg||

    " A measly fifteen of them—or 0.046 percent of the total—were encrypted and unable to be deciphered."

    ...before the juggernaut of privacy lurched its once undisturbed hulk from its malaise of pathetic lethargy.

    Call them fucking invasive pricks but they have become wise to the forward potential of surveillance-resistant tech. The future holds few promises for their goddamn grimy scrabbling claws to reach anywhere into personal lives of collective citizen bodies unless swift precedents are established resoundingly against even the behemoths.

    Give encryption a glass tube into the future and that lab will be as impossible to ban as oxygen.

    Encryption should be as ubiquitous as porn if one truly approves of freedom and liberty.

  • The Iconoclast||

    Spot on.

  • Rich||

    Apple argues that the kind of program that the FBI so flippantly ordered would require "significant resources and effort"

    Surely a "flippant" order does not apply to an *iPhone*.

  • Tionico||

    oooohhh, nice one!!! We;; done.

  • Rasilio||

    So lets assume that the Feds find some way to rule Apple has to do this on some national security issue or some bullshit.

    What happens when the engineers that Apple assigns to the task refuse to cooperate, can the government compel those individuals to create on their behalf?

  • John C. Randolph||

    Speaking as one who has been an engineer at Apple, I don't believe any of my former colleagues would comply. I would also expect Apple to pay for their legal defense if the FBI attempted to force any of them to do so.

    -jcr

  • Rasilio||

    I've not worked at Apple but my guess as an outsider is that if the company is willing to stick it's neck out like this they must have gotten a LOT of pushback from their top engineers and guys like that tend to be very very passionate about their beliefs.

    If I had to guess when the request came in there were a few meetings at which at least several of the people with the requisite knowledge required to do what the FBI is asking basically said something to the effect of "Fuck that, if you try to make me do this you'll have my resignation by morning" and that as much as anything is why Apple is fighting this.

  • ||

    I've got another hypothetical: Suppose the courts side with the Feds and compel Apple to create a work around.

    Couldn't the engineers just pretend to be "working" on it and tell the FBI "Gee, this is a lot harder than we thought. It's going to take a lot longer than we thought." ?

    Sure the engineers could be cited for contempt of court, but the pool of engineering talent who can actually create a work around must be quite limited, right?

  • chipper me timbers||

    Let's not kid ourselves. Someone will take the job.

  • ||

    Immigrants, because they'll do jobs that Americans won't do.

  • thom||

    can the government compel those individuals to create on their behalf?

    Their own Constitution specifically prohibits involuntary servitude, so of course not.

  • Rhywun||

    That dusty old thing?

  • Bob K||

    Until the government starts conscripting them into the Army. They will then send the most vocal critics from Apple to Gitmo because they are providing material support to the terrorist by not following orders and the others will fall in line since they don't want to be waterboarded. At least that's what I heard was Trumps plan.

  • creefer||

    Seems to me the All Writs Act was made unconstitutional in 1865.

  • Jack Napier||

    This is a no-brainer. Apple should do whatever the hell the FBI asks them to do because TERRORIZZM!

  • ||

    The All Writs Act is not a magic catch-all for the FBI’s whims...

    Again, why isn't Magistrate Sheri Pym consistently impugned for all of this? Not that I 100% support the FBI's case, but I can't blame them for at least asking Apple to break in. Pym is *the* person I would expect to have looked at the situation, the technology, and the All Writs Act and said, "It's gonna take an act of Congress to do this." or "You know, if you guys could find your own asses with two hands and a flashlight, Apple might be willing to help you numbnuts voluntarily."

  • Rhywun||

    Apple might be willing to help you numbnuts voluntarily

    Huh? The whole point is that if Apple helps them "voluntarily", then you can kiss any notion of privacy good-bye. Permanently.

  • Tionico||

    Carefully reread Apple's stated positions in this article.... the best I've seen so far, as it does lay out Apple's foundations quite well.. surprisingly well, in fact.

    FBI are not asking Apple to "break in".... they are demanding Apple create the TOOL that could be used to break in, then GIVE THAT TOOL to FBI.. so FBI can use that tool at any time in the future. FBI re not asking Aple to "put a rock on the moon", no they're demanding Apple build the craft to put a rock on the moon, then give that craft to FBI so they can put whatever ELSE they wish to put, on the moon. See the difference? And THAT is why Apple have dug in. Breaking in and providing the data on that phone is NOT Apple's issue. It is enabling FBI to break in to any phone any time Apple adamantly opposes.... and rightly so.

  • Fairbanks||

    The order states that Apple does not have to create a tool that can be used on any phone. It specifically says that Apple only has to build a tool for that phone, if possible. So if Apple cannot build a tool specifically for that phone they are off the hook. As far as I've seen Apple is not using that argument, yet. Have you seen differently?

  • Dallas H.||

    These briefs respectively reiterate the need for strong investigative practices and justice for the victims of terrorism.

    Well, that's a complete non-starter then. There is no way this phone can be blocking "justice for the victims of terrorism." We know who committed the crime and they are dead. We know where they came from and how they did it.

    The only thing they could possibly suggest is on this phone, and only in a highly specious argument at that, is that there could be information about some potential future plot.

    The demand here doesn't in any way have the sheen of seeking "justice" for anyone, but for promoting the idea of investigating pre-crime.

  • 0x90||

    This, according to Apple’s attorneys, is equivalent to having someone sign a document with which they disagree at gunpoint.

    This should be the main argument, period. But people can be short-sighted, and unable to imagine a case where it would be they, themselves, who would be compelled to act against their own will, and against their own set of principles. And that, in a nutshell, sums up much of what is wrong with the world today.

  • Tionico||

    sort of like that German guy's demands I turn in my neighbour, and I'm fine with that, until the principle is reversed and my neighbour turns ME in, right? HOW is it that "educated" folk have such difficulty considering a principle and ?reading it forward" to see what ELSE that principle would enable or require? Fine for Mr. Smith to be compelled to rat out Mr. Jones, but when Mr. Smith rats out ME, hooboy, we've got a problem.
    Yes, we DO have a problem: that government can compel ANY action against the will of anyone. We are not slaves. Or are we?

  • Tionico||

    and agreeable to the usages and principles of law. now THERE is the gate, closed and locked tight. Other usages and principles of law dictate Apple cannot be forced against their will to perform some act against their will. That is called "slavery" and is illegal.

    Since both Apple and John McAffee have offered to crack the phone, download all the data, submit the data to FBI for their amusement and enjoyment, and then Apple will destroy the phone, and these offers have been rejected by FBI, I am forced to the conclusion FBI are using this case as a backdoor to force Apple to provide a backdoor tool to FBI which they would then be able to ccess your phone my phone, and his phone, at will. FBI are not interested in the data, but in the key to access any data in future.

  • Alan@.4||

    It appears that that might well be the case, with the setting of a precedent being the thing at the center of the matter..

  • Alan@.4||

    Questioning The FBI, aka "the government", isn't a capitol offense nor a major infraction of the law, is it? Seems as if The Congress has some work to do here, as with clarifying the law.

  • Hank Phillips||

    See Lysander Spooner's interpretation of the "shall not be questioned" clauses.

  • J. S. Greenfield||

    No, the first amendment argument put forth by Apple is not one of the more interesting arguments. It (along with the fifth amendment argument they present) is merely pro forma, so that, if needed, they can make some constitutional argument on appeal. Yet it is quite obviously doomed to fail. (If those arguments are correct, then pretty much any governmental mandate that ends up being implemented via software is also unconstitutional, for the exact same reasons. What do you think the likelihood of that is?)

    The real argument put forth by Apple -- and one I think is likely to prevail -- is the argument that the order vastly overreaches the statute. (And that's why they spend all but 3 pages of their response on such.)

    Of course, even assuming they prevail, that means nobody should expect a constitutional silver bullet. i.e., it will require ongoing policy and political efforts to prevent the adoption of some new statutory authority for this kind of demand.

  • Hank Phillips||

    Now we know how the French felt under National Socialist occupation (and the Vietnamese under French occupation). Will Apply betray its customers and collaborate with Vichy Amerika?

  • cedric and bob||

    Who!? Who doesn't want to write the code!?!?
    Apple is right, but we have already seen local governments force people to bake cakes.

  • Cap'n Krunch||

    I think you've hit the nail on the head here. If government can mandate that you bake and sell cakes to people you do not wish to bake and sell cakes to then why can't it tell you you have to build software for it, conscript people off of the streets and force them to dig ditches, make you respect your parents, tell you what time you have to go to bed?

  • Rational Exuberance||

    If Apple hadn't screwed up on their implementation of cryptography, we wouldn't be having this discussion because neither the FBI nor Apple could decrypt them. Instead of playing legal games, Apple should "beat the FBI" by fixing their f*cking phones.

  • Tyler.C||

    Apple

  • Tutu Helper iOS||

    love you apple :D

GET REASON MAGAZINE

Get Reason's print or digital edition before it’s posted online