Info Tech Judge orders Apple to build a backdoor OS for the FBI, CEO Tim Cook vows appeal



Info Tech Apple has taken a hard stance on encryption in recent years, and implemented encryption in iOS 8 and 9 that would prevent the company from decrypting its own hardware, even if ordered to do so. Yesterday, a judge challenged that stance for the first time and ordered the manufacturer to decrypt a device running iOS 9. It’s not the first time Apple has gone to court to challenge the government’s ability to compel decryption, but that case concerned a product running iOS 7, which wasn’t protected by the same security measures.

The briefing relies on the 1789 All Writs Act, which states that federal courts may “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.” Specifically, Judge Sheri Pym has ordered to Apple to assist the government in the following ways:
Apple’s reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.
Yes, this means that a law passed at a time when long-distance communication meant using semaphore telegraphs — prominently visible light sources used to transmit messages between signaling stations — is being used to determine the federal government’s ability to demand access to modern smartphones.

Tim Cook has vowed to fight the decision. In an open letter to Apple customers, he writes:
But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control…
The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

When is a door not a door?

I’ve criticized the way corporations, including Apple, pay lip service to security on the one hand, while oftentimes building services that encourage users to freely share private data on the other. In this, however, Cook is correct. Government backdoors are typically framed as built-in access points installed at the factory, but what Pym has ordered Apple to create functions as a de facto backdoor. There’s no functional difference between a backdoor Apple installs by default and a backdoor Apple is compelled to install by the federal government.
There is, however, a potential difference between requiring Apple to ship a backdoor on all hardware and having the option to install that backdoor to certain devices in specific circumstances. The latter option arguably reduces the security risk and subjects the process to a degree of judicial oversight.
Unfortunately, the events of the past 15 years have demonstrated beyond any reasonable doubt that the government cannot be trusted with this kind of power at either the federal or the local level.
State cops have partnered with license plate scanning companies to build unprecedented surveillance businesses and empowered these firms to act as debt collectors on behalf of the state with little to no oversight of their actions. Police across the United States have been caught lying about stingray use, often in collaboration with the FBI. The DEA has used information from the NSA to arrest suspected drug smugglers, then lied about the source of its information to avoid disclosing the warrantless surveillance of American citizens.
NSA agents have been caught using government surveillance programs to spy on ex-lovers, a process jokingly referred to within the agency as LOVEINT. Most recently, the data sets it used for targeting supposed terrorists in Pakistan have been exposed as fundamentally flawed, to the point that thousands of innocent people may have been killed because poor software algorithms erroneously identified them as terrorists. This isn’t just a problem with the FBI or NSA. Local, state, and federal authorities have all abused the power granted to them in the wake of 9/11.

The Supreme Court conundrum

Tim Cook’s aggressive stance leaves no doubt that Apple will pursue this case to the Supreme Court, but how the court will handle it is less clear. In Riley v. California, the Supreme Court unanimously held that cell phone data was protected by the Fourth Amendment and that police could not conduct a warrantless search of a device upon arrest. The Fifth Circuit has ruled that forcing an individual to provide a passcode to a device is a violation of his or her Fifth Amendment rights against self-incrimination, though the Supreme Court has never addressed the issue.
The principle question here is whether or not a 1789 law can be extended to allow the government to compel a corporation to reveal personal user information, on what grounds it can do so, and what level of proof is required to bring the charge. This is one area where the 1789 All Writs Act so blatantly falls short; it provides nothing in the way of guidelines regarding when and how information and support can be compelled, and no security against the kind of blank-check demands Apple is concerned the government will now demand.

The precedent set in this case could be critical to the future of digital privacy — and the court just lost a strong defender of both the Fourth Amendment and criminal defendants. Justice Scalia was disliked by many for his originalist doctrine, full-throated support of the death penalty, and his dismissal of programs like Affirmative Action, but he often sided with more liberal justices when it came to protecting the Fourth Amendment rights of citizens. In Kyllo v. United States, Scalia joined Souter, Thomas, Ginsberg, and Breyer in holding that data from thermal imaging cameras could not be used to obtain a warrant to search a home, even if that data suggested the domicile was being used to grow marijuana.
In United States v. Jones, Scalia again sided with a unanimous court in ruling that police required a warrant before placing a GPS device on a car for tracking purposes. There’s no telling how SCOTUS would rule in this case, but Scalia would not have been an automatic vote in favor of the government’s position.
Apple could theoretically appeal directly to the Supreme Court, but the company almost certainly won’t. With only eight justices currently on the Supreme Court, any 4-4 decision will be read as affirming the judgement of the lower court, whatever that might be. Senator Mitch McConnell has already promised to block any Obama appointment, regardless of the candidate, and whoever Obama nominates might support the government’s position in any case. The only candidate still in the race who has taken a strong stance against the NSA’s mass surveillance is Bernie Sanders, and he’s currently considered a long-shot candidate at best.
There’s a high chance this case will eventually end up in front of the Supreme Court, no matter what the 9th Circuit might decide — and the decision will have significant impacts on the limits of citizen privacy in the digital age. The San Bernadino shootings that sparked this court case were a tragedy, but 15 years ago, we let a terrible tragedy blind us into approving terrible laws. How many more terrible decisions must follow that one until we say enough is enough?