The impetus for this article stems from the multiple ‘water cooler’ conversations many of us have had regarding the current FBI v Apple case. Of particular import, and one this article is meant to address, is the general misunderstanding of the issues involved especially its more technological aspects. It was under these auspices that I asked our CTO, Ben Wang, to pen an article covering the topics at hand. The article that follows offers a summation of the case thus far and is extensively hyperlinked – both to actual court records, as well as, expert commentary from those familiar with the matter. Both the FBI and Apple make cogent, valid arguments on the matter and, as a matter of discourse, have linked to articles defending both sides. The questions, and implications, this case raises will affect us all no matter the outcome. In the words of FBI Director, James Comey, this case is “potentially precedential” in other cases where the FBI, and related government organizations, request similar information from other technology companies. Stated another way, this case is too important to be misunderstood.
Recently, in between news cycles inundated with coverage of the upcoming 2016 Presidential Elections, you may have noticed an occasional story about the escalating lawfare between the FBI and Apple over the iPhone of the San Bernardino terrorist/shooter, Syed Farook. While this story is much lower profile than the question of who is going to be the next President of the United States, the effects of this case, and its resolution, will be just as important.
An interesting feature of the FBI v Apple case is that a fair amount of it is being waged in the court of public opinion via strategic Press Release. Both sides are attempting to frame the debate in terms favorable to them, as well as, attempting to shape public opinion ahead of the eventual, and most likely inevitable, Supreme Court ruling.
The story so far:
(For a more in-depth timeline of events, other than the brief summary shown below, go to the following link: http://techcrunch.com/timeline/a-timeline-of-apples-iphone-unlocking-fight-with-the-fbi/)
After the San Bernardino shooting last December, the FBI recovered Syed Farook’s San Bernardino County-issued work cell phone from his car. The FBI asked Apple to help them access the data on the phone. Apple refused, stating that with the iOS 8 update released September 2014 even they can no longer break into an iPhone with their own tools.
The FBI filed a motion ordering Apple to assist in their search and the Department of Justice filed a motion to force Apple to comply with the court’s order. Apple responded by filing a motion to vacate these orders.
Tim Cook, CEO of Apple Inc., published a public letter defending people’s right to strong personal data security and (by extension) right to privacy: http://www.apple.com/customer-letter/, and has stated that they will take the case to the Supreme Court (http://www.newsweek.com/tim-cook-says-hes-ready-take-iphone-case-supreme-court-430144).
FBI Director, James Comey, responded with his own blog post, titled, “We Could Not Look the Survivors in the Eye if We Did Not Follow this Lead” (https://www.lawfareblog.com/we-could-not-look-survivors-eye-if-we-did-not-follow-lead).
So what’s the big deal?
There are a number of technical reasons why it is impossible for Apple to unlock Farook’s cell phone; chief among them was the FBI’s decision to change Farook’s iPhone password after it was in custody thereby negating the iPhone’s ability to push an iCloud backup. This reason, and many more, have been well documented all over the more technical parts of the Web. In the end, however, this case really isn’t about this particular investigation or this phone at all.
Jonathan Zdziarski (http://www.oreilly.com/pub/au/1861), one of the foremost experts in iOS related digital forensics and security and whose books on the topic are frequently distributed to the law enforcement community, penned an article detailing why this particular iPhone likely has no evidence on it: http://www.zdziarski.com/blog/?p=5655.
One major point is that any information on the phone would have been backed up to iCloud storage, which on numerous previous occasions the FBI subpoenaed and received (as is common practice). In the case of Farook, these backups are empty and made inaccessible by poor forensic investigating on the part of the FBI. Furthermore, if Farook took steps to destroy his personal cell phone and laptop, why did he not bother turning off the “Find My iPhone” setting on his phone? If anything this suggests he wasn’t concerned about his work cell phone being discovered.
If the FBI knows there’s nothing on this phone, why the full Court press? Simply put: Public Relations and Optics. It is easy for the FBI to argue that they need tools to fight terrorism, and the argument essentially makes itself and it is a valid point; your liberty is moot if you are dead.
The tool the FBI is demanding in this case is a special version of Apple’s iOS that they can break into upon request. They have said that this software would be used in only this one case, but at the same time Director Comey admits that this case would set legal precedent on a number of other ongoing cases involving an iPhone (http://www.theguardian.com/technology/2016/feb/25/fbi-director-james-comey-apple-encryption-case-legal-precedent).
The Writs that Bind
The FBI is using the All Writs Act of 1789 to justify its compulsion of Apple to create the tools it needs. The All Writs Act has been under scrutiny before this case in situations involving strong consumer encryption — back in 2014 there was much discussion about the power of the All Writs Act and whether this gives the government the power to demand a company provide a back door in its product (https://www.eff.org/deeplinks/2014/12/sifting-fact-fiction-all-writs-and-encryption-no-backdoors). The Electronic Frontier Foundation argued that creating a backdoor is unreasonably burdensome, is too wide in scope to be “in aid of the court’s jurisdiction,” and likely conflicts with the Communications Assistance for Law Enforcement Act (let alone 4th Amendment rights) — all of these failing the four conditions required for invoking the All Writs Act.
The fact that this is an old law is not important — the First Amendment still applies to digital speech, for instance. What is important is that the Act usually compels the production of something that already exists.
In this case the FBI is demanding Apple create something that not only does not exist, but the creation of the tool would forever compromise Apple’s entire product line and open a Pandora’s Box of unintended consequences. For instance, once this technology exists and the US Government can use it on demand, what’s to stop China from demanding the same tools from Apple?
Creating compromised security systems — even if well-intentioned for the purposes of fighting terrorism — is letting the digital genie out of its bottle. Apple’s argument — aside even from the questionable legal basis of the Government’s case — is that the cost to one’s right to privacy these kinds of tools represent far outweighs any potential benefit.
So there are two major issues at hand: The obvious: does the Government have the right to access all of your data, anytime it wants? But the non-obvious, and potentially further-reaching, question is: how much say does the Government have in product development, and can the Government compel a private company to create a product that is antithetical to itself?
The way these questions are ultimately decided will have implications far beyond the FBI’s investigation into the events surrounding the San Bernardino attacks and whose repercussions will far outlast the upcoming Presidential election. How, and at this point if, the Supreme Court weighs in on these questions will shape not only the legal landscape of the future, but may reconfigure aspects of private enterprise as well.
For full article see http://abimultifamily.com/abinsight-the-fbi-v-apple-v-the-rest-of-us/?utm_source=ABInsight+Weekly+%283.9.2016%29&utm_campaign=ABInsight+Special+Report+%283.9.16%29&utm_medium=email