Two Issues with the FBI & Apple
by Jay Marshall Wolman, CIPP/US
By now, practically everyone who cares has heard that Magistrate Pym has ordered Apple to help the FBI crack open an iPhone related to the San Bernadino shooting. The order is pursuant to the All Writs Act, codified at 28 U.S.C. sec. 1651. In short, it is a catch-all that lets courts issue whatever orders they feel like. In response, Apple CEO Tim Cook sent a letter saying he opposed the order. Notably, he wrote:
But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.
There’s been a lot of discussion, but little focused on two issues that deserve some attention. First, this isn’t simply asking Apple to turn over a piece of software or asking to borrow a gadget. They are, if Mr. Cook is to be believed, asking Apple to write new software. Software is a creative process, a means of expression; this is why it is protected by copyright. Apple itself was instrumental in this determination. See Apple v Franklin, 714 F.2d 1240 (3d Cir. 1983). In a nutshell, the Order is tantamount to ordering Frank Gehry to design a building featuring straight lines and right angles or ordering Stephen King to write a Harry Potter/Game of Thrones cross-over (assuming, in theory, a criminal investigation that would make such desirable). EFF briefly touched on this last year in similar circumstances. The All Writs Act may date to 1789, but it predates the ratification of the First Amendment in 1791 and is subject to it. The Government may not simply compel speech. See, e.g., Knox v. SEIU , 567 U.S. 310 (2012)(“The government may not prohibit the dissemination of ideas that it disfavors, nor compel the endorsement of ideas that it approves.”).
Second, there’s a certain subtext in Mr. Cook’s message. What he says is that it is too dangerous to create, not that it is unfeasible to create. The issue faced by the FBI is that the iPhone at issue may erase all data after too many failed attempts at a brute-force passcode hack. So, they want Apple to design a work-around that would enable them to guess all possible passcodes without bricking the phone. The auto-erase function is a security feature; the iPhone is encrypted by default. We rely on this as part of our daily security–heck, I’m sure the government relies on it. We’ve all seen street magicians use incredible slight of hand–how hard would it be for one of our diplomats, officers, or defense contractors to have had a foreign spy (let’s say–North Korean) swipe their iPhone (and SIM cards) and replace it with a counterfeit. In that scenario, the person would try their passcode 10 times, fail, wonder why, but feel secure that the iPhone wiped itself. Yet, the real phone would be in the hands of the foreign government. Maybe the FBI and Apple haven’t yet developed the tool that bypasses the 10-tries-and-erase feature, but a foreign intelligence agency might have. Our own NSA might have it also, but just isn’t sharing with the FBI. This tells me that no iPhone is actually secure. Though there is pretty much no such thing as an unbreakable lock, such a tool might enable a brute force attack on your phone to crack it in as little as 12 hours. That’s more than enough time before the subject realizes his phone was swapped rather than just suffering a glitch. As much as we may want Apple to be able to recover our phones if we forget our own passcodes, we really should want them to make a phone they themselves cannot crack.
These are the issues we should be discussing, in addition to whether we generally think it right for the government to ask Apple to hand over the keys to the kingdom.