Apple to FBI: You Can’t Force Us to Hack the San Bernardino iPhone
After a week of anticipation, Apple today filed to dismiss a court order to assist the government in hacking an iPhone, bringing a variety of legal arguments to bear.
Apple acknowledged on a call with reporters that the FBI’s demands that it write software designed to weaken the security of its phones is without precedent. Its primary argument, unsurprisingly, takes on just how outdated and inapplicable the law the FBI has invoked is. The All Writs Act the government is citing as its authority to compel Apple’s assistance, the company argues, doesn’t give the courts the power to order the kind of assistance the government wants—primarily because that assistance would be unduly burdensome for Apple to fulfill.
The company further calls on its First and Fifth Amendment rights, which might seem out of joint, until you realize that code has long been legally recognized as a form of speech. Most of all, the dismissal drives home its point that this is not a case for the courts to decide, because of the alarming precedent it could set.
“This is not a case about one isolated iPhone,” writes Apple attorney Marc Zwillinger in today’s brief. “Rather, this case is about the Department of Justice and the FBI seeking through the courts a dangerous power that Congress and the American people have withheld: the ability to force companies like Apple to undermine the basic security and privacy interests of hundreds of millions of individuals around the globe.”
All Writs Act
Apple’s first focus is the All Writs Act, part of the 1789 Judiciary Act, which gives federal courts the power to issue writs when appropriate to compel third parties to help execute a court order—for example, a search warrant. The writs aren’t intended to be an end-run around existing statutes but simply to give courts a tool to enforce existing statutory authorities, particularly when there is a gap in what those statutes cover. While it does allow authorities to call on third parties to help execute a search warrant or court order, there are limitations. The Supreme Court has ruled, for example, that a court can issue an order to compel only as long as the order does not impose an unreasonable burden on the third party.
Apple argues that the government’s demand for assistance is indeed an unreasonable burden because of the nature of that assistance. The degree of burden that the government’s request places on Apple is one of the core issues the court will have to decide.
Last week, a magistrate in the US District Court in Central California ordered Apple to assist the FBI in hacking an iPhone used by one of the San Bernardino shooting suspects. The government wants Apple to write a new software tool—essentially a crippled version of its iOS software—to eliminate specific security protections the company built into its phone software to protect customer data. With that software installed on the phone, it would allow the FBI to perform a brute-force password-cracking attack on the phone in an attempt to unlock it and retrieve encrypted data stored on it.
The government has cited US v New York Telephone Company as one of the primary precedent-setting cases that give it authority under the All Writs Act to command technical assistance from Apple to crack the phone.
In that case, the government required New York Telephone company to provide technical assistance to record numbers dialed from a phone in what is known as a pen-register. New York Telephone objected, saying the pen-register statute didn’t require companies to provide technical assistance. The Supreme Court ultimately ruled that the phone company could be compelled to assist because it was already collecting this information as a matter of course for its own business purposes, in order to bill customers, detect fraud and conduct troubleshooting.
The government has tried to make the same argument in the Apple case, saying in a motion filed last week, that writing the software tool it wants would not be burdensome to Apple because the tech giant already “writes software code as part of its regular business.”
In response, Apple argues that not only does it not even know exactly how to create the software in question, the larger issue is the bad precedent of allowing the FBI to compel it, or any other tech company, to write code against its will.
“If Apple can be forced to write code in this case to bypass security features and create new accessibility, what is to stop the government from demanding that Apple write code to turn on the microphone in aid of government surveillance, activate the video camera, surreptitiously record conversations, or turn on location services to track the phone’s user?” asks the brief. “Nothing.”
So far, courts seem to agree with Apple. In a separate and pending case in New York, in which the government has also asked Apple to help extract data from an iPhone under the All Writs Act, Magistrate Judge James Orenstein has so far not been willing to concede the government’s arguments. The government isn’t asking Apple to develop special software to crack that phone—there’s no need because the phone is reportedly using an older version of Apple’s operating system that allows the company to bypass a user’s password to extract encrypted data. But even with that simple request, Orenstein said that prosecutors were asking the court to give them authority that Congress has so far specifically chosen not to give them: the authority to compel a company to unlock a protected device.
Lawmakers and the public, he noted, are still wrestling with the question, and the fact that no statute currently exists specifically giving courts the authority to compel a company to unlock a device can’t be interpreted as an oversight on the part of lawmakers, or a sign that the courts should step in to fill the gap left by the absence of a statute, Orenstein argued. Instead, the lack of a clear statute seemed to indicate that lawmakers were ambivalent on whether such a law compelling companies is appropriate or necessary. Issuing an order to compel Apple to unlock the device would assume an intent on the part of lawmakers that wasn’t there.
“[T]he question becomes whether the government seeks to fill in a statutory gap that Congress has failed to consider, or instead seeks to have the court give it authority that Congress chose not to confer,” Orenstein pondered in a court document.
And that is precisely what Apple wants to occur in the present case. In its filing to the court today, Apple asserted that this was a matter that only Congress should decide, not the court, and questioned the implications of such a broad reading of All Writs.
“The All Writs Act (or the “Act”) does not provide the judiciary with the boundless and unbridled power the government asks this Court to exercise…it does not grant the courts free-wheeling authority to change the substantive law, resolve policy disputes, or exercise new powers that Congress has not afforded them,” the brief argues.
Apple has also asserted First Amendment protections in its defense, arguing that if code is speech, then the government is compelling the company to say something it doesn’t want to by forcing it to cooperate in cracking the phone’s password.
“The government asks this Court to command Apple to write software that will neutralize safety features that Apple has built into the iPhone in response to consumer privacy concerns,” says the brief. “This amounts to compelled speech and viewpoint discrimination in violation of the First Amendment.”
Courts long ago established in Bernstein v. US Department of Justice that code is speech and is protected by the First Amendment. Apple iPhones won’t accept firmware updates that aren’t signed by the company, and Apple is arguing in its defense that to compel it to write code and to sign that software with the company’s digital key is equivalent to the government compelling Apple’s speech. Civil liberties experts say it’s a strong argument.
“The human equivalent of the company signing code is basically saying, ‘We believe that this code is safe for you to run,’” Jennifer Granick, director of civil liberties for the Center for Internet and Society at Stanford Law School, told WIRED this week. “So I think that when you force Apple to cryptographically sign the software, it has a communicative aspect to it that I think is compelled speech to force them to do it.”
The First Amendment issue also addresses Apple’s other concerns that creating a tool like this undermines the security it provides all of its customers.
Apple further argues that it has a Fifth Amendment right by being ordered by the FBI despite not being directly connected to the crime. The FBI, in Apple’s words, “by conscripting a private party with an extraordinarily attenuated connection to the crime to do the government’s bidding in a way that is statutorily unauthorized, highly burdensome, and contrary to the party’s core principles, violates Apple’s substantive due process right to be free from ‘arbitrary deprivation of [its] liberty by government.’”
Make Users Less Safe
Apple asserts that the tool the FBI wants it to create undermines the security features it intentionally placed in its software as well as the security infrastructure it has built to deliver safe and secure software to Apple customers.
“Apple’s security model depends on all of us knowing that Apple’s key is only used by Apple in its best judgment,” Nate Cardozo, staff attorney for the Electronic Frontier Foundation told WIRED recently. “And once that security model is broken, that’s sort of it. We can no longer assume that an over-the-air update to iOS isn’t compromised…. Apple being ordered to compromise their code-signing infrastructure undermines trust in the whole system.”
Not only that, but Apple argues that the creation of the software will make it an increased target of criminals.
“Given the millions of iPhones in use and the value of the data on them, criminals, terrorists, and hackers will no doubt view the code as a major prize and can be expected to go to considerable lengths to steal it,” write Apple’s lawyers, “risking the security, safety, and privacy of customers whose lives are chronicled on their phones.”
The security vulnerabilities could reach beyond Apple itself, as well, the company argues. “In the meantime, nimble and technologically savvy criminals will continue to use other encryption technologies, while the law-abiding public endures these threats to their security and personal liberties—an especially perverse form of unilateral disarmament in the war on terror and crime.”
What you’re left with, in Apple’s view, is no net security gain at all, and a dramatic drop in the security and privacy of everyday civilians.
Where It Goes From Here
The court has set a deadline of March 10 for the government to respond to Apple, and a hearing for oral arguments is scheduled for March 22 in the US District Court of Central California. It’s unclear how long Magistrate Sheri Pym will take to deliver her decision, but the case will no doubt be appealed no matter the ruling.
If the magistrate rules in the government’s favor and Apple balks at complying while it files an appeal, the government can ask the court to fine Apple for not complying. It’s a tactic the government used in 2008 against Yahoo after that tech giant fought a court order to hand over data under the NSA’s infamous PRISM program. After a court ruled that Yahoo’s arguments for resisting the order had no merit, the Feds threatened the internet giant with a $250,000-a-day fine if it didn’t comply.
Apple CEO Tim Cook told ABC News in an interview this week that he’s prepared to take his company’s fight to the Supreme Court. The company has already hired renowned Washington attorney Ted Olson to help in its fight over the phone-hacking order. Olson successfully represented former President George W. Bush in his Supreme Court battle—Bush vs. Gore—which helped Bush win the 2000 presidential election.
Link to article: