still buzzing about a recent court order compelling Apple to craft a technical tool that would allow FBI investigators to bypass security measures on the iPhone used by San Bernardino shooter Syed Rizwan Farook.The tech-policy community is
The government’s legal argument rests largely on the archaic All Writs Act of 1789, a short law establishing that U.S. courts may "issue all writs [legal orders] necessary and appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law." Straightforward enough. As traditionally interpreted, this law merely allowed the judiciary a bit of flexibility to facilitate lawful legal procedures when the precise means needed were not already on the books. For example, a court might invoke this law to enlist a telephone company’s assistance in setting up a special kind of warranted wiretap that Congress had not specifically addressed in legislation. But there are supposed to be limits. For instance, the Act could not compel someone who is "far removed" from the situation to act, nor could it impose an "unreasonable burden" on a third party or "adversely affect" that party’s "basic interests."
But in recent years, the Justice Department has strained this 227-year-old provision beyond the reasonable bounds of interpretation in an effort to get around strong security technologies that it sees as hindering investigations. In 2014, reports from the The Wall Street Journal and Ars Technica revealed that courts in New York and California had invoked this obscure law to compel Apple and at least one other unknown device manufacturer to provide "technical assistance" to unlock password-protected phones. This most recent order to Apple has drawn these creative modern applications of a centuries-old law into strong public scrutiny.
Technology companies and civil-liberties activists oppose the order for the respective threats it would deal to security and privacy online. The FBI, on the other hand, has long sought a way to get around strong security and encryption techniques such as those found on newer versions of the iPhone. Regardless of the considerable technical vulnerabilities that these workarounds—often referred to as a "backdoor" or "secure golden key"—may generate, the FBI could end up getting its way either through judicial precedent or legislative action.
If it does, Apple engineers would be enlisted as unwilling iPhone hackers for the feds. Specifically, the FBI wants to force Apple engineers to build custom software that can disable an iPhone’s "auto-erase" security function, allow agents to electronically guess the PIN, and remove the time delay in between PIN guesses so that they can access data on Farook's work iPhone.
Apple filed a 65-page motion to vacate the order late last month, handily addressing the DOJ’s questionable use of the All Writs Act and brings in extra constitutional muscle to defend its dissent.
Much of the document reiterates and expands on the points first sketched by Apple CEO Tim Cook in his initial rallying cry to the public: the FBI’s order amounts to little more than a government "backdoor" into secure technologies, an outrageous overreach of power, and a dangerous precedent that lacks proper congressional input. The filing at times reads more like a colonial-era broadside against the abuses of the crown than a staid legal motion. (By the second sentence, Apple has already positioned its case as integral to the "basic security and privacy interests of hundreds of millions of individuals around the globe.") But there’s a lot of new legal firepower packed in as well.
Here are Apple’s key arguments:
The All Writs Act is not a magic catch-all for the FBI’s whims.
Apple’s first major legal argument is that the government’s use of the All Writs Act far exceeds the limits of the law. Invoking a Supreme Court ruling that the Act does not authorize courts to "issue ad hoc writs whenever compliance with statutory procedures appears inconvenient or less appropriate," Apple’s attorneys point out that the remedy to the issue of encrypted communications is one that must be addressed by Congress, not willed into existence by the courts.
In fact, Congress has previously weighed in on the issue of law enforcement’s authorities and limitations on procuring evidence from telecommunications providers in the Communications Assistance for Law Enforcement Act of 1994 (CALEA). This law outlined the procedures and boundaries that law enforcement must follow to gather data from third-party technology companies in the course of an investigation, and expressly states that the government cannot "dictate to providers of electronic communications services of manufacturers of telecommunications equipment any specific equipment design or software configuration." Because the FBI order to Apple outlined the specific schematics of the program it is demanding be created, Apple attorneys argue that the agency is in violation of the law.
Furthermore, because Apple would be considered an "information service provider" under the CALEA, Apple is actually exempt from the burden of mandatory assistance to law enforcement. But even if Apple wasn’t exempt from mandatory assistance, CALEA explicitly states that third-party service providers—even those subject to mandatory reporting—cannot be compelled to "decrypt, or ensure the government’s ability to decrypt, any communication encrypted by a subscriber or customer unless the encryption was provided by the carrier and the carrier possess the information necessary to decrypt the communication." Apple does not possess the encryption key necessary to decrypt the Farook's iPhone.
The FBI order places an undue burden on Apple.
Apple argues that the FBI order would violate the stipulations of the All Writs Act even if it could be applied in the manner that the FBI attempted. In its ex parte application for the order against Apple, the government’s attorneys argued that asking Apple to "writ[e] a program that turns off non-encryption features" is not an undue burden under the All Writs Act and requires only minimal effort on the tech giant’s part. Apple disagrees.
In its motion, Apple argues that the kind of program that the FBI so flippantly ordered would require "significant resources and effort"—somewhere in the ballpark of six to ten Apple engineers toiling for upwards of a month to break the very system they spent so long securing. Then the program would need to be tested, re-coded, and tested again until the engineers found the software to be reasonably functional and secure.
According to iOS forensic scientist Jonathan Zdziarski, such an instrument would likely be subject to further layers of testing by the courts, adding even more to the final cost. After the software is approved by all parties, it would need to be loaded and operated on Apple facilities. Then its engineers might also be tasked with destroying the device and program in such a manner that it can never be intentionally or unintentionally leaked into the wrong hands—a tall order in a world of constant corporate espionage and insecure systems. This is before considering the substantial costs in liability and diminished customer trust that would likely accrue.
Photo Credit: downloadsource.fr/Flickr