(Page 2 of 2)
Compromising iPhone security adversely affects Apple’s basic interests.
In futher violation of the All Writs Act, the FBI court order would "adversely affects" Apple’s basic interests, the company argues. It’s easy to see why. Unlike many other technology companies that monetize their free services through data brokerage and advertising, Apple makes money by offering high-quality, secure devices that their customers trust. In recent years, Apple’s commitment to customer security drew the company to implement strong encryption techniques on popular devices. In 2013, Apple began encrypting all external data stored on devices running iOS 7 by default. By the next year, iOS 8 boasted beefed up security features that were so airtight that Apple itself could not access much customer data. In this version of the software, data stored on iPhones was encrypted in such a way that only the customer could unlock their device to retrieve their information—thereby earning the ire of law enforcement groups like the FBI.
But while the fuzz only focused on the new challenges to their traditional warrant process that these security measures imposed, Apple clearly has a compelling company interest in providing the most secure and reliable products that they can for customers. The FBI is essentially ordering a company to destroy a key trade advantage that the company had "spent years building," Apple argues. If the All Writs Act can indeed be applied in a manner that destroys the core profitability of a U.S. company, other firms abroad would likely sell similar security features to their customers—and the problems for law enforcement would continue.
Code is First Amendment-protected speech.
One of the more interesting arguments put forth by Apple’s attorneys is that the court order actually violates Apple’s First Amendment rights. The argument’s central premise—that code is First Amendment-protected speech—was the subject of endless debates during the first Crypto Wars in the 1990s. In 1991, a programmer named Phil Zimmerman rocked the computer science and intelligence communities by releasing an email encryption technology to the public called "Pretty Good Privacy" (PGP). The symmetric-key algorithm at the heart of PGP was before then mostly only employed by researchers and agents of the state. By publishing the PGP source code on the Internet for anyone to access and apply, Zimmermann challenged the existing legal infrastructure that criminalized exporting encryption use, which was categorized as a "strong munition."
The U.S. government dropped the criminal investigation against Zimmermann, but the question was again raised in 1995, when a graduate student named Daniel Bernstein published a paper containing the source code for his encryption technique called Snuffle. In publishing the code, Bernstein, like Zimmermann, was targeted by the U.S. government for violating munitions regulations. In Bernstein v. United States (1999), the Ninth Circuit Court of Appeals ruled that the munitions export controls invoked by the government to stop the spread of encryption constituted an impermissible prior restraint on speech and violated the First Amendment.
The Ninth Circuit stopped short of holding that "all software is expressive." Still, Apple’s attorneys cite Bernstein v. United States and other rulings holding that certain kinds of computer code are protected by the First Amendment in its defense.
Building on precedents establishing First Amendment protections for computer code, Apple argues that the FBI is impermissibly compelling the company to speak by developing a tool to decrypt Farook's phone. The program that the FBI is demanding would require Apple engineers to write speech (code) under duress and compel engineers to issue a digital signature used only by Apple employees. This, according to Apple’s attorneys, is equivalent to having someone sign a document with which they disagree at gunpoint.
The government cannot force its citizens to speak in ways that they do not want, nor can it force scientists to create and sign off on programs beyond their own wills. Therefore, Apple argues, the FBI order violates Apple’s First Amendment rights. (Ironically, this line of argumentation forces groups that have traditionally opposed the Citizens United ruling to invoke it.)
Silicon Valley Versus Washington
Apple friends in Silicon Valley have called in their own litigative cavalry to back Apple's motion to dismiss the FBI order. An amicus brief filed by a group of tech titans including Amazon, Dropbox, Cisco, Facebook, Google, Microsoft, and Mozilla emphasizes the catastrophic harms to strong digital security that such orders would engender. Another brief, this one produced by a consortium including Reddit, Medium, LinkedIn, Twitter, and GitHub argues that the order is an "extraordinary and unprecedented effort to compel a private company to become the government’s investigative arm" with "no legal basis." And a brief filed by superstar information security experts—many of the same ones that released a highly-influential paper criticizing government backdoors last summer—highlights how measures to assist law enforcement by undermining security will ironically generate extreme harms to public safety.
In the FBI’s corner, meanwhile, are briefs filed by other law-enforcement groups and some of the victims of the San Bernardino attack. These briefs respectively reiterate the need for strong investigative practices and justice for the victims of terrorism.
All of these briefs share a common concern for public safety and understanding of the need for law enforcement to have all of the legal tools necessary to protect the public and promote justice. At the same time, it’s important to have a data-driven understanding of the scope of the problem. Before the horrific San Bernardino attacks, much of the public discussion about criminals "going dark" through encryption was mostly hypothetical. Indeed, internal emails leaked to the press show the intelligence community outright exasperated by the virtual lack of any terrorist act that could be used to justify a curtailment of strong encryption.
Last month, I dug into reports produced by the Administrative Office of the U.S. Courts to see just how prevalent the problem of encrypted communications has been for law enforcement. The numbers are pretty surprising: from 2001 to 2014, only 147 of the 32,539 domestic wiretaps reported by the courts encountered any kind of encryption at all. That’s less than 0.45 percent of the total. And much of the encryption is quite weak anyway. Law enforcement officials were able to crack and decipher the vast majority of these communications. A measly fifteen of them—or 0.046 percent of the total—were encrypted and unable to be deciphered.
So, according to the best public information available, over 99.5 percent of criminals investigations have no problems with criminals "going dark" at all. Surely there are better ways that we can improve criminal investigations without undermining the digital security of our entire nation?
Photo Credit: downloadsource.fr/Flickr