A dramatic legal battle is taking place that will have dramatic implications for the future of technology, privacy, security, and the extent of government power. The FBI obtained an order from a magistrate judge to force Apple to develop software to help the FBI break into an encrypted iPhone.
The case arises out of the mass shooting in San Bernardino. FBI are seeking to unlock shooter Syed Rizwan Farook’s encrypted iPhone. Apple’s iOS has security features that prevent brute force attacks on the phone. Brute force attacks involve using software to make repeated guesses at passwords until the password is cracked. To circumvent such attacks, Apple has a delay feature that delays how frequently password guessing attempts can be made. And after 10 wrong guesses, the phone is wiped.
The FBI is demanding that Apple write a new iOS to install onto the phone to get around these features. How can the FBI make a software company write new software to help it break into an iPhone?
The FBI claims that a statute from 1789 gives it the authority to compel Apple to write the software. The All Writs Act, 28 U.S.C. § 1651 provides: “(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law. (b) An alternative writ or rule nisi may be issued by a justice or judge of a court which has jurisdiction.”
From this, the FBI has convinced a magistrate judge to issue an order to compel Apple to provide “reasonable technical assistance” to the FBI. Apple vigorously opposes being forced to assist. In a letter to customers, Apple writes: “Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.”
The FBI has cleverly chosen a case involving a heinous terrorist incident to lodge a challenge to Apple, which has taken a hard stance on user encryption that has enraged the FBI. The FBI and other government law enforcement and spy agencies have been pushing to mandate that backdoors be created for encryption so the government can peak in when it needs to. I blogged here about why I think that this will weaken security — a post entitled “The Kafkaesque Sacrifice of Encryption Security in the Name of Security.” As the Apple letter states: “The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.”
Nothing is stopping the FBI from developing its own tools to crack into the iPhone. But it seems quite extraordinary that the FBI would have the power to compel people who ware unwilling to write software for them. I thought that the best way for me to express my thoughts about the case is with a cartoon. so here it is:
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. This post was originally posted on his blog at LinkedIn, where Solove is a “LinkedIn Influencer.” His blog has more than 950,000 followers.
Professor Solove is the organizer, along with Paul Schwartz of the Privacy + Security Forum (Oct. 24-26, 2016 in Washington, DC), an annual event that aims to bridge the silos between privacy and security.