Strange Bedfellows: Apple, terrorists, the FBI, and really old law
The issue of whether Apple must provide the FBI with software needed to obtain data from the iPhone of one of the San Bernardino attackers has entered the court system.
This past December, our nation suffered a terrible tragedy in San Bernardino, California, when Syed Rizwan Farook and Tashfeen Malik, two Islamic terrorists, shot and killed fourteen people at the Inland Regional Center. In the months after the attack, the FBI has sent a request to Apple seeking help in unlocking Farook’s iPhone 5c, in order to gain more information about their connections to possible terrorist groups, like ISIS.
The phone itself belongs to Farook’s employer, San Bernardino County Department of Public Health. The Department has consented to the search of the iPhone. Since there is no reasonable expectation of privacy in communications sent to third parties, there is no Fourth Amendment issue present. The FBI specifically needs the technology from Apple to access the communications.
In order to unlock this information, the FBI is asking Apple to write software that essentially unlocks an encrypted iPhone.
In order to unlock this information, the FBI is asking Apple to write software that essentially unlocks an encrypted iPhone. Specifically, the FBI wants Apple to make three tweaks to the iPhone operating software: (1) iPhones have built in software that deletes the data on a phone after a wrong password has been typed in 10 consecutive times. The FBI wants this limiting feature removed, as the FBI does not want to take the chance of having valuable information disappear into cyberspace; (2) the FBI wants the new software to stop creating long delays after incorrect passwords are entered; and most importantly, (3) the FBI wants a means to enter passwords electronically instead of by hand, so thousands of passwords can be entered extremely quickly.
Tim Cook, the CEO of Apple, rejected the FBI’s request to create this software. In a letter to customers on Apple’s website, Cook states, “now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.”
According to Cook, and other privacy advocates, the problem is not with unlocking Farook’s phone. The problem is that this technology in the wrong hands will lead to disastrous results, and would give the person holding the software to break the encryption code to any iPhone, at any time. Given the government’s reputation for protecting innocent citizen’s privacy, this appears to be a legitimate concern.
[T]he FBI asked a United States Magistrate Judge to use the All Writs Act . . . to order Apple to build the backdoor software.
Frustrated with Apple’s refusal to comply, the FBI asked a United States Magistrate Judge to use the All Writs Act, a 227 year old law, to order Apple to build the backdoor software. The leading case that gives guidance on how the All Writs Act works is United States v. New York Telephone, decided in 1977 by the United States Supreme Court.
The New York Telephone Company was in a very similar situation as Apple is today, and made the same argument, that by allowing the government to have access to their network, the government would have the power to indiscriminately violate the privacy rights of their customers. That argument won at the Second Circuit, but not the Supreme Court.
The Supreme Court overruled the Second Circuit by holding the All Writs Act authorizes “a federal court to issue such commands under the All Writs Act as may be necessary or appropriate to effectuate and prevent the frustration of orders it has previously issued in its exercise of jurisdiction otherwise obtained.” Because the government in this case had correctly obtained a warrant to install a pen register device to intercept the conversation of s suspected illegal gambling ring, “[t]he assistance of the Company was required here to implement” the warrant.
Apple is not a public company and has not duty to serve the public like the New York Telephone Company has.
In New York Telephone, the Supreme Court did establish a few limitations on the All Writs Act: (1) the requested action by the government cannot be an unreasonable burden on the third party; (2) the All Writs Act can only be used if another statute does not address the issue at hand; (3) the Third party cannot be so far removed that its assistance could not be permissibly compelled.
Since Congress has passed multiple statutes that deal with the government’s ability to obtain electronic date, the All Writs Act has been untouched for quite a while, and New York Telephone is the seminal case. This presents a problem because the case leaves with it a large amount of uncertainty about the bounds of the All Writs Act.
As Professor Orin Kerr of the Washington Post’s The Volokh Conspiracy notes, “Beyond the ‘unreasonable burden’ test, it’s not clear what to make of the other matters that the court mentions. Are they all just factors in a grand multi-factor test? Are they actually parts of the undue burden standard, just not explicitly labeled that way? Are they parts of what makes the order “appropriate”?”
Beyond the issues of the unreasonable burden test that Professor Kerr touches on in his article is a potentially bigger distinction between Apple and the New York Telephone Company. The Supreme Court noted that the New York Telephone Company was a “highly regulated public utility with a duty to serve the public…Certainly the use of pen registers is by no means offensive to it. The Company concedes that it regularly employs such devices without court order.”
Apple is not a public company and has not duty to serve the public like the New York Telephone Company has. Maybe even more importantly, the software the FBI is asking Apple to create does not exist, a large difference from the New York Telephone Company, which owned their own pen registers. The software is offensive to Apple, as CEO Tim Cook made clear; pen registers were not offensive to the New York Telephone Company.
[California judge] agreed with the FBI that the All Writs Act gave the FBI the power to compel Apple to create the backdoor software.
A United States Magistrate Judge in California, Sheri Pym, agreed with the FBI that the All Writs Act gave the FBI the power to compel Apple to create the backdoor software. In her opinion, Judge Pym tried to calm Apple’s fears by making clear that Apple would have complete control of the hypothetical software, “Apple may maintain custody of the software, destroy it after its purpose under the order has been served, refuse to disseminate it outside of Apple and make clear to the world that it does not apply to other devices or users without lawful court orders … No one outside Apple would have access to the software required by the order unless Apple itself chose to share it.”
Judge Pym also made it clear that Apple could maintain physical position of the software at all times. However, Judge Pym also said that if Apple elects to keep Farook’s phone at their facility, Apple must “provide the government with remote access to the SUBJECT DEVICE (Farook’s phone) through a computer allowing the government to conduct passcode recovery analysis.”
Essentially, this means that if Apple wants to breakdown Farook’s iPhone at their facility, they will have to allow the government to access Farook’s phone over the internet. This could lead to a serious security issue if a foreign government or terrorist group was able to hack into the transmission of the information and get ahold of the software. Apple has spoken out against Judge Pym and has plans to appeal her decision.
The Department of Justice has already filed a brief in opposition to Apple’s action, making clear that they only want to use the software on this single phone, and that Apple has full permission to destroy the software after it is created.
No matter where you fall on the divide between Apple and the FBI, this controversy presents the judicial system with big questions. Can a court order a company to create software that has extreme privacy implications only to hack one phone? Can the government be trusted with the holy grail of encryption breaking software? And how will a court apply a muddled 37-year-old court opinion? Apple has until February 26, 2016, to file their response to Judge Pym’s order.