Presumably, you’re already up to speed on the story of Apple’s refusal to decrypt an iPhone belonging to one of the San Bernardino terrorists, as reported here at USAToday:
WASHINGTON — Attempts by the FBI to force Apple to unlock the iPhone of a dead terrorist from December’s mass shooting in San Bernardino, Calif. brought new urgency Wednesday to the debate between privacy advocates and security hawks and could spark a renewed push for action by Congress.
Sen. Ron Wyden, D-Ore., a strong privacy rights advocate, said he expects what he called “dangerous” efforts in Congress this spring to force U.S. tech companies to build backdoors into encrypted cellphones and other devices used by millions of Americans.
My view is that
- if the Feds have a warrant and
- the owner of the phone is dead and
- they have a way to decrypt the durned thing within a reasonable amount of time
then Apple should do it. I realize that “reasonable” is in the eye of the beholder but still. What, a week or so? Big companies can’t do anything in less than a week.
On the other hand, if they can’t do it, they can’t do it. The warrant and status of the former owner of the phone are irrelevant.
What do you think?
I generally agree with you. The question I have is would Apple’s decryption method (and by extension their Encryption method) thus become known to the government and hence to everyone if the methods were then revealed in court proceedings? In that case my opinion of the matter might change.
Anyway, shouldn’t the bright lads & lasses at the NSA be able to figure this out?
The way I hear the story, the Feds aren’t actually asking Apple to decrypt the iPhone. They’re asking Apple to provide a way to keep the iPhone from erasing itself while the Feds decrypt the iPhone.
If I were king, Tim Cook would be sitting in a cell on contempt of court charges while all of this works its way through the legal process. Sadly, IMO this is yet another case of there being one law for the rich and another for the poor.
If I were king, Tim Cook would be sitting in a cell on contempt of court charges while all of this works its way through the legal process.
In that case a good chunk of the State Department (including Kerry) should be rotting in jail now for failure to comply with court orders regarding Hillary’s email account.
It’s never been more apparent that there are two sets of rules in this country.
Seems reasonable to me. The alternative is to subpoena Apple to turn over all of their documentation and to provide hours and hours of deposition testimony on their technology. The current approach is more limited: the government wants a fish, and the judge ordered the fish; you could teach the government how to fish itself, so its not reliant on Apple, but then there will be no judicial rule in policing the catches.
Additionally, it seems to me that what Apple is complaining about is that complying with the court order will screw up their marketing plan. I hate to break it to them but it’s a lousy marketing plan.
As I understand it the request is quite narrow and those who are worrying about a slippery slope are mistaken. There is such a thing as the “slippery slope fallacy” and I think this may be an example—claiming a slippery slope where there is none.
I’ve already expressed my opinion of that. I think that’s where they should be. And people wonder why there’s an angry mood in the country.
Ice, you tend to dig up very relevant responses, as they relate to similar behaviors in the government — i.e. John Kerry and the snail’s pace reluctance in complying with HRC’s email account.
With regards to Apple, why can’t Apple retrieve the information asked for, themselves, and then hand it over to the government. This way no encryption method, or back door key to others’ info would be part of this retrieval process that Apple so wants to keep secure? Somehow, Apple doesn’t seem to be very flexible about their part in the government investigation of these terrorists.
Orin Kerr has the first part of a post up on the issue. One thing I didn’t know was that the phone was owned by the dead terrorist’s employers, who have consented to the FBI search — they just don’t have the password.
A company phone that already has a “backdoor” built into it? Now I really want to here Apple’s legal argument for refusing to comply with the court order. And why Apple isn’t an accessory after the fact.
If the facts in Orin Kerr’s piece are true, then I’m for a wait-and-see approach. I’m a bit conflicted about this, so I think it’s something the courts should work through and decide, particularly since it seems it might set an important precedent.
@andy, I think where Kerr will be going with this is that the legal issue is essentially going to be a balancing test based upon the specific facts of this situation. As a legal matter, it won’t hold much precedent because any factor might be different in future situations.
As a practical matter though, if Apple creates this feature, then in future petitions, Apple cannot claim the burden is significant, at least as to this operating system. So the ruling may make future petitions difficult to reject, though again the outcome might be different if, for example, the phone’s owner is alive.
OTOH, if information useful to learn and stop ongoing criminal conduct is not available because of technological impediments, I would expect a legislative push to require public-safety components to be installed in phones. I would also expect court rulings in other areas to “balance out” the inability to obtain this information.
Apple has every reason to refuse compromising their own product. If the “owner” of the phone fails to maintain access to their own equipment that gives them no standing to demand the manufacturer undertake a project to compromise the security and trust of its customers.
My understanding is that they’re not being asked to create anything. They’re just being asked to turn a key in a keyhole. The keyhole already exists. The key already exists but it’s solely in Apple’s possession.
IMO Tim Cook has gotten on to his high horse not because of anything in the U. S. but because of the Chinese market for iPhones. One of the things about state-based hacking is that the state becomes very sensitive about the likelihood of being hacked. They’re afraid of U. S. spying because it’s what they would do in our position.
@Dave, my impression from the Kerr article is that Apple would have to create software:
“The ‘backdoor,’ if you want to call it that, is that Apple retains the technical ability to send a software update to the phone that would disable the optional password-guessing-thwarting functions that Farook probably used. Apple hasn’t written that software update, and it strongly opposes being required to write it.”
In a sense, Apple isn’t even being asked to provide the key (which they don’t have), but to help disengage the booby-trap that would prevent the government from creating its own key.
BTW/ Kerr has updated the post to correct/clarify that this particular “backdoor” is also a feature of newer phones.
My understanding is that the older version of the iPhone that we’re talking about allowed Apple to perform software updates without the permission of the owner/user. All that would be necessary would be for Apple to create a little kludge that would disable the auto-wipe and initiate an automatic update of the phone with it.
If the phone in question operates like current models do, it would be much more difficult.
I’ve been thinking about a liability analogy. There were a number of court cases that were testing gun-manufacturer’s liability for deaths caused by their non-defective guns. In Illinois, the theory was rejected, with one dissenting justice, arguing that in the narrow case of Saturday-Night-Specials, because he perceived their design was intended to facilitate criminal use. I don’t know enough about the type of gun; it seems to me that he is simply talking about cheap guns and there is always a market for less expensive goods.
The majority though that the issue of manufacturer liability was a matter entrusted to the legislative branch and refused to carve-out a common-law remedy. (Congress would later nix these types of lawsuits altogether) Certainly legislatures can require guns to have a serial number and forbid such features as fingerprintless surfaces that would generally be for criminal use only.
A wrinkle.
@andy, interesting. Why would they assume the password was changed by county officials? A quick google finds that people complaining that their password has been changed, believe their phone has been hacked, and are being asked if they shared their password with anyone. Not knowing the technology, I would assume that co-conspirators changed the password after the fact.
Orin Kerr has the next installment, which basically states that the main precedent is U.S. v. New York Telephone Co. (1977), which held that the telephone company could be compelled to install a telephone line and monitoring device under court order in order to investigate a gambling ring.
The context of the dispute is telling. The power to order a third-party to assist in an investigation was not questioned, but the lower court required more specific statutory authorization to regulate this power. This is Apple’s gamble, that it will win and there will not be legislative consequences.