Posted on 03/13/2016 1:21:37 PM PDT by Swordmaker
The FBI wants Apple to do something no private company has ever been forced to do: break its own technology. Specifically, the FBI wants Apple to build a new version of its mobile operating system (iOS, or GovOS) so that the contents of an iPhone can be removed from an iPhone used by Syed Farook, one of the gunmen in the San Bernardino shooting.
A magistrate judge recently ordered Apple to comply with this request; Apple in turn filed a Motion to Vacate (MTV) the magistrates order. The key point made in the MTV and the key issue on which this entire case hangs is that complying with the FBIs request would weaken a valuable encryption platform at a time when the United States desperately needs stronger, more effective encryption.
There is an arms race to create more-sophisticated, harder-to-crack encryption tools, and if the FBI gets its way, we will be running that race with a self-imposed handicap.
This week Apple is appearing before Congress to address the issues raised above. For those unable to attend the hearings, I want to explore how Apple is thinking about the FBIs legal authority to compel the company to create new software to crack Apples security measures.
After exploring that legal issue, well consider the broader constitutional stakes involved in this case. After all, its not everyday that the U.S. government is asking a private company to undermine a technology platform without providing any concrete evidence that doing so will make Americans safer.
To understand what the law says, we must first properly frame what the FBI is trying to compel Apple to do. Without a precise understanding of what the FBI is demanding in this case, it is hard to clearly say that the FBI is trying to overstep its bounds.
What is the FBI seeking here? First, the FBI is demanding that Apple make a new software product. Second, that software product would have to be designed in accordance with specifications provided to Apple by the FBI. Third, once Apple created that software product, it would have to test the product to ensure it met Apples own quality standards. Fourth and finally, Apple would have to test and validate this software product so that criminal defendants would be able to exercise their constitutional rights to challenge the governments legal claims as provided by the Federal Rules of Evidence (FRE).
Forcing a company to break its own technology appears to be something a dictatorship might do, not a democracy like the United States.
Simply put, the FBI is demanding that Apple create a new software product that meets specifications provided by the FBI. As Apple clearly articulates in its MTV, the FBI is demanding the compelled creation of intellectual property. The legal grounds for the FBIs demand come from the Communications Assistance for Law Enforcement Act (CALEA) and the All Writs Act (AWA).
With this understanding in mind, what does the law say? Is there any law that allows a government agency such as the FBI to compel private companies to create new software products?
Let us begin with the key law regulating the interception of electronic communications, CALEA. This law was enacted to carefully control the governments right and ability to intercept communications in order to enforce the laws of the United States. Specifically, CALEA outlines the circumstances in which a private company must provide law enforcement with assistance in order to effectively carry out electronic surveillance.
Under CALEA, there is a strong argument that Apple cannot be legally required to create new software of any kind for any department of the federal government. When Congress passed CALEA, it had the opportunity to include device manufacturers like Apple within the scope of the law. Congress decided to require telecommunications companies to ensure that their equipment and facilities are built in a way that allows the government to conduct surveillance on the basis of a lawful surveillance warrant.
In other words, telecommunications companies have to build in a back door. However, under CALEA, Apple is not a telecommunications company; instead, Apple is considered an information service to which CALEA does not apply. In short, Congress made it clear they did not intend for CALEA to even apply to companies like Apple.
Even if CALEA applied to Apple, the FBI would not be entitled under CALEA to force the company to break its encryption protocol. The statute in section 1002(b)(3) states that telecommunications companies are not responsible for decrypting communications unless the encryption (1) was provided by the carrier and (2) the carrier possesses the information necessary to decrypt the communication.
Because Apple does not currently possess that information, even an improperly broad interpretation of CALEA would not compel Apple to create GovOS in this case. The FBI can ask, but under CALEA it cannot compel.
The All Writs Act (AWA) also does not allow the FBI to compel Apple to create new software. Enacted in 1789 as a stop-gap that allows the government to efficiently administer its given legislative privileges, the AWA is being given an impermissibly broad interpretation by the FBI.
According to that interpretation, this stop-gap gives courts any relief that is not specially prohibited by existing law. So, if theres no law expressly prohibiting Apple from being compelled to write code for the FBI, then the AWA gives courts the authority to force the company to do just that.
Apple should do what is necessary to preserve our enduring constitutional values.
Lets take a completely make-believe example. Imagine that a federal law gives a particular agency the right to do X, but doing X is hard and costly. The AWA might be invoked to help get X done more efficiently. But the key is this: The AWA is only appropriate when theres already a federal law or a constitutional principle that gives the particular agency the right to do X in the first place. That is precisely why the AWA cannot be lawfully used by the FBI in this case: The FBI has no underlying right to compel Apple to create new software products.
If this seems like a legal technicality, zoom out a bit and reconsider that for just a minute. Imagine if the Department of Homeland Security used the AWA to argue that citizens with certain last names should be subject to arbitrary detention to make it easier to catch terrorists. Would that violate American values and our system of laws? Absolutely.
Alternatively, consider a scenario in which the Department of Energy tried to use the AWA to force federally funded universities to donate resources to the DOE in order to enhance its Energy Materials Network. Would this be inappropriate? It would be completely inappropriate, because the DOE does not have the underlying legal right to force universities to do this.
In a nation of laws, the FBIs attempt to expand the AWA is dangerous. The FBIs interpretation of the AWA transforms the law into something it was never meant to be: a tool granting government agencies boundless powers not authorized under the Constitution or in existing federal law.
Lawyers have a fancy way of describing this problem. They say that expanding the AWA violates the separation of powers between the federal courts and Congress. After all, what is the purpose of Congress if our courts are allowed to expand federal law without any meaningful limitations? One might go further still and say that forcing a company to break its own technology appears to be something a dictatorship might do, not a democracy like the United States.
Fortunately, a Brooklyn judge recently ruled, in a separate but similar case involving a demand from the Department of Justice to unlock an iPhone, that the AWA only empowers courts with residual authority to issue orders that are consistent with the usages and principles of law. Judge Orenstein explicitly condemned the governments overreach in that case, echoing the exact concerns explored above: The implications of the governments position are so far-reaching both in terms of what it would allow today and what it implies about Congressional intent in 1789 as to produce impermissibly absurd results.
Apple should do what is necessary to preserve our enduring constitutional values, including life, liberty and the pursuit of happiness. Those values also include the privacy and speech rights protected by the Constitution. The First Amendment famously protects an individuals right to say what he or she thinks or feels, and the Fourth Amendment guarantees that Americans shall be free of unreasonable searches and seizure.
These values and constitutional ideals are not mere commodities to be traded away, but are instead regulative ideals that capture and define who we are. Such ideals must remain unmolested by the temporary whims of each and every government agency. Thats what it means to be a nation of laws that is guided by a constitution.
In this particular case, Apple has a responsibility to resist the FBIs efforts to force the company to undermine the security measures in its mobile operating system. To understand what is at stake here, one has to think deeply about what the world would be like if Apple were to comply with the FBIs demands.
Imagine that Apple complied with the FBI. To do so, Apple would need to build a new version of iOS (GovOS) that does three things.
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
First, GovOS would bypass the auto-erase function for an individual iPhone. This feature is designed to prevent third parties from getting unauthorized access to an iPhones contents.
Second, Apples newly minted GovOS would need to provide the FBI a new way of electronically submitting passwords to a particular iOS device. At present, these passwords must be manually submitted, and each incorrect password submission results in a delay before another attempt can be made.
Third, and finally, GovOS would disable the delay between incorrect password submissions. In a nutshell, GovOS would be a special version of iOS that allowed an iPhone to be cracked automatically without knowing the owners password.
The FBI, then, is asking Apple to build a technology that destroys the value of the key security mechanisms built into its mobile operating system: The FBI wants to force a private company to build a tool that completely breaks the security technology for what is arguably the worlds gold-standard for mobile operating systems, iOS.
On this narrow issue, the FBI has to agree and concede this critical point. For the FBI cannot say that (1) it needs Apples assistance to crack an iPhone but (2) Apples assistance would not break a world-class encryption product. Once the FBI says that it needs Apples help, the FBI cant honestly challenge the fact that the help it seeks would utterly break a security suite that Apple has spent years developing.
A recent conversation with information security expert John Sebes (formerly of Securify, acquired by McAfee) put this issue into proper context. Imagine you are building a security mechanism for your mobile ecosystem. You have spent years developing this system because you want to provide your customers, private citizens as well as the government, a software product that is secure. Your intention, in other words, is to create a product that protects the security and integrity of information your customers place on any device that has that security mechanism.
If encryption would be illegal then FIPS 140-2 devices would be illegal instead of required by federal law in certain cases.
Let me make it simple, people died, the police want access to the phone to see who the murderers were in contact with. Time is of the essence. Tim Cook thinks he is above the law and will not provide the information. More people may die. If you are okay with this fine, I am not. Comply with the court order or go to jail.
Not to unlock the iPhone. Apple provided everything they had custody of pursuant to a search warrant. They also provided assistance with the FBI's attempt to unlock the iPhone through normal means they had available to them. Now the FBI wants Apple to create extraordinary means. That is not permissible.
It’s only illegal to destroy ‘evidence’.
Everything encrypted is not evidence.
There are many examples of ‘good’ encryption.
I believe financial firms are required to use encryption- and maintain backups.
Yes, they are and the backups must be FIPS 140-2 encrypted as well. If all the persons who have the passwords are killed in a shootout with LE, then the LE will not be able to access that data.
“they never had the idea that the creator could be forced to decipher it for them.”
I never read that. Where did you read that?
No, Kenny, you are wrong. Apple has NOT received a warrant for any search of an iPhone.
A Search Warrant is served for something for which Apple has in its possession. Apple did have the iCloud data for the terrorists in its possession, received a warrant for that, and dutifully surrendered everything they had. This is a Court Order to render assistance but even more, it's a Court Order instructing Apple to use its resources to create NEW SOFTWARE and/or hardware that will forever break its own proprietary company secret hardware/software code that's unbreakability is a primary advantage Apple's hundred billion dollar product has in the market.
That Court Order relies on a 1789 Law called the All Writs Act which compels cooperation only when it is not an undue burden on those who are being compelled. The courts have ruled that an "undue burden" only exists when that burden is doing something they ALREADY do in the course of their ordinary business. Creating something that will damage their ordinary business is NOT something any business would do in the course of their ordinary business, ergo, it meets the test for being an "undue burden."
In addition, the All Writs Act is very constrained in that it cannot be used for anything that Congress has ever, EVER, addressed with the intent of legislating, whether they took action or not. Even if they did not finally decide to act, the very act of considering taking action, the Court may NOT substitute its wisdom for that of Congress' in determining that the proper course is to do NOTHING if Congress so determined that was the course to take. However, in this case, as the article points out, Congress actually DID SOMETHING and addressed this very thing in the Communication Accessibility for Law Enforcement Act of 1994 (CALEA) and prohibited Law Enforcement or its agents from requiring a company such as Apple from doing what the FBI (which the last time I looked was defined as a Law Enforcement Agency) from requiring the decryption of any device which they have manufactured, or placing any feature or software or hardware specifically on such devices for that purpose. The FBI, by using the Court, is attempting to do exactly what FEDERAL CALEA LAW, written by Congress specifically to reign in the over reach of their power, prohibits them from doing!
Apple is doing exactly what is lawful, resisting an illegal court order.
As usual, the only one being ignorantly silly here, is you. You really do not know what you are talking about.
Wrong, LE needs to access the phone to see who the murderers were in contact with, Cook should be thrown in jail until he complies, he has no defense. Lives are at stake. Time is of the essence.
Apple has complied with every valid SEARCH WARRANT in this case they've been served and turned over every single piece of data held by them relating to the case.
This is NOT about a search warrant, CodeToad. Quit raising red herrings that are irrelevant to an All Writs Act Court Order which has nothing to do with any Search Warrant not sent to or served on Apple.
Kenny500c is flat-out wrong, proven so many times. Childlike statements (I don't know if even a child would be so wrong). Wrong, wrong, wrong, but he doesn't listen.
I believe they are required to maintain the data so that it is as near impossible to be inaccessible as possible.
Not neccessarily for LE but for the sake of the clients.
Here’s an article by Orin Kerr on FINRA regs: https://www.washingtonpost.com/news/volokh-conspiracy/wp/2016/02/20/has-apple-made-iphones-illegal-in-the-financial-industry/?tid=a_inl
If you’re a tceh person you will enjoy the shredding he gets for his lack of knowledge of the field.
Murder, you are down with that? Call me stupid all day but that is what we are dealing with here. There is no question multiple crimes have been committed, or do you deny that?
Much more than probable cause here, the police need to access the phone to see who the murderers were in contact with and Cook is resisting, if it were you or me we would be locked up, but we are not billionaires, or maybe you are.
Lives are at stake and yet you support the terrorists, why?
What don’t you understand about probable cause? The right to privacy is not unlimited.
Its not Kerr, its that Baker guy.
This brings to mind a great analogy. Apricot Inc. a company makes a consumer level shredder that does both linear and cross shredding. On of Apricot's high-end shredders was used by some terrorists to destroy documents that may or may not have been used to plot their terrorist act. However, the desk next to the shredder only contained work related paperwork and the shredder was owned and supplied by the terrorist's employer. There was another room with another desk that had been stripped of all paperwork and a pristine shredder and out in the back an incinerator was filled with the ashes of paper and shredded paper ashes, soaked with water to forever destroy them. The neighbors had seen him burning lots of stuff the day before the terrorist attack and had even told him that burning was prohibited and he had yelled "Alahu Akbar" at them.
The FBI has muddied the waters a bit by hiring a six year old to try and assemble some of the bits of confetti like a jigsaw puzzle, and, since the six year old couldn't read, nothing makes any sense of his paste up, so they re-shredded his pasted up efforts.
The FBI gets a All Writs Act court order from a Federal Magistrate Judge ordering the Apricot, the manufacturer of the shredder, to invent a device that can take a basket full of the confetti from one of their shredders and re-assemble the individual pieces into completely assembled properly assembled papers so the FBI can read the shredded documents. Apricot says it would be almost impossible to devise such a machine, although perhaps techinecally feasible with lots of money and time it could be done, and files a Motion to Dismiss. The FBI calls Apricot all kinds of nasty names, saying they are just interested in their profits and sales.
Let me make it simple. This was his work phone. The police and FBI already have the complete records of every phone call, message, and email, to and from the iPhone. Except for a few during work hours from his monster wife's known personal phone, they are all accounted for as work related for the San Bernardino County Department of Public Health. These data were provided from Verizon, the carrier, as soon as it was asked for. The only thing they don't have access to would be any notes there may be still on the iPhone or any iMessages that are sent encrypted to other iPhone or iPads. However, the evidence suggests that there is nothing on that iPhone except work related data. Part of that evidence is that Syez Farouk did not bother to destroy it.
These two terrorists maintained two BURNER cell phones which, along with their own two laptop computers the throughoughly smashed and dumped into a lake. These burner phone were off the shelf untraceable phones for which the police and FBI can learn nothing because they do not even have the phone numbers or even know what carrier they were using. They can get no call, message, or email information from the unknown carrier for the simple reason they have no linking phone number to even start to look for one.
Wrong, wrong, wrong again. Why don't you listen to saner minds like ours?
The police had their shot at accessing the phone, and blew it. They had asked for Apple's help and advice. When Apple gave advice, the "authorities" ignored it and changed the I.D., thereby locking it up forever. They delivered a lawful request to Apple for access to the data in iCloud, and Apple complied fully and delivered what they had. Beyond that, there is no probable cause to make Apple deliver something they do not possess. The feds cannot force Apple to create something that does not exist, akin to a shredder manufacturer being forced to make a device to "unshred" documents (thanks to Swordmaker for the excellent analogy, suitable for children to comprehend).
As the commenters point out, it’s a bad article in every regard. The proper conclusion is the opposite of the article’s headline. A phone with unbreakable encryption for data-at-rest will be required and if Android doesn’t have that, it will be illegal.
No, you are wrong. No one is in danger, or the FBI is incompetent. The've waited over two months to take any action to compel Apple to assist. . . but Apple has been assisting them since about a week after they seized the iPhone. Had they asked earlier, or had Apple known there was an iPhone involved, they could have had data even sooner. You really do not know what you are talying about.
The authorities already HAVE all the numbers, messages, and email that were used to dial or message that iPhone which they got from the carrier, Verizon.
You said you were an attorney. I am beginning to doubt that. You've made no legal arguments at all and ignored every single legal argument I made in post 47. . . and fell back on your weak claims about "time is of the essence" now three months post the crime. That shows me you really don't know what you are talking about.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.