An Encryption Debate: Should Apple Comply with Judge’s Order?
Over the past week, Americans have engaged in a heated discussion about privacy and technology. On Tuesday February 16, 2016, Judge Sheri Pym, a federal magistrate for the United States District Court for the Central District of California, ordered Apple to help law enforcement agents by enabling the search of a device previously seized under warrant.[1] Apple is the manufacturer of the device, an iPhone 5C, and the data is encrypted by default, accessible only with the proper passcode for the iPhone. This particular iPhone belonged to Syed Farook, who, along with his wife, Tashfeen Malik, killed fourteen people and injured several others.[2] This deadly attack occurred in San Bernardino, CA on December 2, 2015. The iPhone in question was Farook’s work phone, issued by his former employer, San Bernardino County. The County gave permission to search the phone, however, no one knows Farook’s passcode.[3] The data contained in the locked iPhone presumably includes contacts, photos, and iMessages, all of which may help investigators determine the couple’s motives behind the attack, whether they were planning other attacks, and whether there were any others involved.[4]
The Judge’s ruling requires Apple to create software that the FBI can download onto Farook’s iPhone, which will bypass the self-destruct feature, erasing the phone’s data after ten incorrect password entries. With the software, the FBI intends to try different combinations of passwords until the correct one is found.[5] This approach is referred to as “brute force,” and could require tens of millions of combinations.[6] Although the FBI was able to obtain all of the data backed up to Farook’s iCloud account, the most recent backup was on October 19, 2015. The content for the six weeks leading up to the attack remains only on the iPhone.[7] The government’s request relies on a centuries old law−the All Writs Act of 1789.[8] The Act allows judges to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”[9] This Act is cited as a source of authority for judges to issue orders not otherwise covered by statutes.[10]
Shortly after the Judge’s order was released, Apple CEO Tim Cook published a letter to customers on the Apple website.[11] Cook makes it clear that Apple opposes the Judge’s order, which “threatens the security of our customers…[and] has implications far beyond the legal case at hand.”[12] According to Cook, encryption is extremely important to Apple, so much so that “we have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.”[13] Cook states: “Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.”[14] The software that the FBI requested, does not exist, and according to Cook, “in the wrong hands, [it]… would have the potential to unlock any iPhone in someone’s physical possession.”[15] Cook argues that despite the government’s request that the software would be limited to this iPhone, there is no guarantee of that.[16]
In complying, Apple would deliberately weaken the security of its own product.[17] Scholars are arguing that Apple’s compliance with this order would create a dangerous precedent.[18] Others have cited a slippery slope argument, hypothesizing what could be asked of companies in the future.[19] Sundar Pichai, the CEO of Google, supported Cook’s letter in a series of tweets on February 17.[20] John McAfee, cybersecurity expert, published a letter on February 18, offering to decrypt the phone for free so Apple does not have to comply with the order.[21] McAfee describes the backdoor as “the beginning of the end of America,” and that it is impossible for the FBI to protect the backdoor.[22]
Christopher Mims, a writer for the Wall Street Journal, believes that Apple’s refusal to cooperate with the government could create an even worse situation: “[B]y so publicly refusing to cooperate, Apple is creating a situation in which eventually the courts or Congress will force it to do even more damage to the security of our most personal devices than capitulation in this case would require.”[23] Mims’ worries are legitimate – the phone in question is not just any iPhone in a criminal investigation, it is the phone of a known terrorist.[24]
There are political and constitutional questions embedded in the current situation as well. Can the government compel companies to deliberately weaken their own security systems? As one scholar, Joel Reidenberg,[25] points out, “The government should have an ability to compel companies to unlock encrypted devices for access to evidence of crimes, but should not be able to force companies to build electronic skeleton keys, new access tools, and security vulnerabilities.”[26] As many experts are making clear, if Apple creates this technology, it cannot be contained to just one iPhone, and will put every single user of an iPhone at risk of unauthorized access and hacking. The default encryption security that Apple created for the security of its users would be compromised.
On Friday, February 19, the argument between Apple and the government intensified, when prosecutors filed a motion in court, alleging that Apple refuses to assist with unlocking the phone because it is “good marketing.”[27]Although this move was not legally necessary, the prosecutors were requesting Judge Pym to force Apple to obey Tuesday’s order, in an apparent response to Cook’s Wednesday letter.[28] Apple has until February 26, to respond to the order.[29]
Image courtesy of: Stuart Carlson by Stuart Carlson, and Apple Store 5th Avenue by Nikhil Khadtare.
Footnotes