Yesterday, a federal judge in Brooklyn said that the U.S. government cannot force Apple to unlock an iPhone in a New York drug case.
U.S. Magistrate Judge James Orenstein in Brooklyn ruled that he did not have the legal authority to order Apple to disable the security of an iPhone that was seized during a drug investigation, Reuters reported this morning.
According to the report, a senior Apple executive told reporters that the judge’s decision is a good sign for the company in the more notable San Bernardino case where the government’s demands, “which include compelling Apple to alter its operating system, were even more far-reaching than in the NY case.”
The government is relying on the All Writs Act, a very broadly written law from 1789 that allows judges to require actions necessary to enforce their own orders.
Apple had argued that being forced to extract data from their phones “could threaten the trust between Apple and its customers and substantially tarnish the Apple brand,” according to court records.
Judge Orenstein said his ruling in Apple’s favor was not a decision on “whether the government should be able to force Apple to help it unlock a specific device; it is instead whether the All Writs Act (AWA) resolves that issue and many others like it yet to come.”
Judge Orenstein concluded that “the government posits a reading of the latter phrase so expansive – and in particular, in such tension with the doctrine of separation of powers – as to cast doubt on the AWA’s constitutionality if adopted.”
He added: “The implications of the government’s position are so far-reaching – both in terms of what it would allow today and what it implies about Congressional intent in 1789 – as to produce impermissibly absurd results.”
The stakes are much higher in the San Bernardino case where the government has obtained an order to compel Apple to hack into an iPhone as part of the FBI’s investigation into the San Bernardino shooters.
As Alex Abdo, staff attorney for the ACLU, argued in a Time Magazine opinion case, “While the government’s investigation is an important one, the legal order it has obtained crosses a dangerous line: It conscripts Apple into government service and forces it to design and build what is, in effect, a master key that could be used as a mold to weaken the security of an untold number of iPhones.”
He writes, “The resulting order is not only unconstitutional, but risks setting a precedent that would fundamentally undermine the security of all devices, not just the one iPhone being debated in the news.”
Abdi Soltani, the Executive Director of the ACLU of Northern California, recently argued that this sets “dangerous legal precedent,” as once Apple develops a method to open an iPhone, “there is nothing to stop the government from demanding more access to more information.”
This is not just a theoretical danger of an overwrought government. Mr. Soltani argues that “if the order forces Apple to create a backdoor, that security hole would actually function as a master key that could be used any number of times – to get into any number of devices. It would put hundreds of millions of people at risk.”
He warns, “Hackers, cybercriminals, governments, and industrial spies could get their hands on this vulnerability, and could use it to break through our phones and violate our privacy. Every day we hear reports of yet another government agency or company that has suffered system breaches, exposing the most sensitive information of thousands of people. In fact, there were over 49 million instances of Californians affected by data breaches in the past four years alone.”
Mr. Soltani takes the concern a step further, “Encryption protects hundreds of millions of people worldwide who rely on these devices. If Apple, Google, or any manufacturer or software company for these phones creates the kind of access that the US government demands, China, Russia and countless other countries where people have even fewer legal safeguards for their privacy could also quickly demand the same.”
This isn’t like a simple government subpoena for information that is already stored and available. This has far broader implications. The government is asking that Apple be “forced to hack into their customers’ devices.” This isn’t just a benign intrusion, Apple would be required “to write new software and then cryptographically ‘sign’ that software.”
As Mr. Abdo argues, “Once a company has been forced to build a backdoor into its products, there’s no way to ensure that it’s only used by our government, as opposed to repressive regimes, cybercriminals or industrial spies.”
Moreover, this debate “is not about one phone—it’s about every phone. And it’s about every device manufactured by a U.S. company.”
Apple CEO Tim Cook argues that backdoors are uniquely dangerous: “Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.”
Last week, Ben Wizner of the ACLU, also an attorney to Edward Snowden, pointed out that the access to information that the government now has dwarfs the surveillance activities of J. Edgar Hoover and COINTELPRO (the counter-intelligence program).
Ben Wizner noted that the cost of storing a gigabyte of information has gone from hundreds of thousands of dollars as recently as 1980 to a few pennies, most likely, today.
“What that means is it’s now technologically and financially feasible for governments to record virtually all of our movements, our communications and our associations and to store that information for later analysis,” he said. “Because surveillance used to be expensive and labor intensive, living this life of obscurity was the norm. Today it’s virtually impossible to opt out of tracking.”
Some may argue, if you aren’t doing anything wrong, you have nothing to fear. But, as Mr. Wizner argued, the danger is that “a government with enough data about any of us can find some basis for being suspicious.” And, as we know, innocent people sometimes get caught up in the web.
But moreover, as he pointed out, “The question the Constitution asks is not whether the government has the proper internal safeguards on who can obtain access to a database.” As Chief Justice John Roberts writes, “The Founders did not fight a revolution to gain the right to government agency protocols.”
Mr. Wizner argues that the people who wrote the Bill of Rights “would have been appalled by a political discourse that subordinated hard-won rights to talismanic invocations of national security – a term they would not even have recognized.”
He argued that the founders would have argued that “the Constitution is supposed to make the government less efficient not more.” He read from the Fourth through Eighth amendments and said, “The only way you can read these words written over 200 years ago is that they are more fearful of a government with too much power than they were about a bad guy who might get away.”
The frustrating part of the debate, Ben Wizner said, is to try to set the dial to maximize both the value of security on the one hand and liberty on the other. “But that ignores that the framers of the Constitution already put their thumbs on the scale,” he said.
Still, a more practical question is probably in order in the Apple case, and that is whether the information they are seeking from the iPhone in the San Bernardino case is so important that it justifies such a massive intrusion into all of our privacy and security. I have not seen the case made either way on that point.
—David M. Greenwald reporting
The government needs a court order on each case to gain access to the data on the phone. Apple argued that forcing them to open the phone “could threaten the trust between Apple and its customers and substantially tarnish the Apple brand,” The ability of the government to gain access to data stored on these phones by terrorists, child pornographers, drug dealers, criminal street gangs and other criminal organizations to protect the public safety is significantly more important than a tarnished brand. If Apple’s new brand being advertised is the creation of a data safe haven to conceal date it is no more than an invitation to criminals to use an encrypted device to conceal their criminal enterprises to avoid detection by law enforcement. Is this brand more important than preventing terrorist deployment of a dirty bomb or an eight year old being raped for profit by a child pornographer? I think not.
I also think that quoting Eric Snowden, a wanted fugitive hiding in Russia, or his attorney on this issue is pathetic.
zaqzaq says:
> The government needs a court order on each case to gain access to the data on the phone.
True but the court is part of the government and gives them the OK to look at pretty much (99.97%) anything they want.
http://www.motherjones.com/mojo/2013/06/fisa-court-nsa-spying-opinion-reject-request
Since many people “talk” (via text and e-mail) using their phones more than they “talk” using their voice I’m wondering if zaqzaq would support the government taping everything we say (maybe mandatory “body cameras” like some police have) so the government could watch and listen in any (or 99.97%) time they want?
The “warrant” issue trumps… it would not be legal to even seek the information without a warrant, which, as I understand, requires a ‘probable cause’ both as to the person served with the warrant, and to whether the information sought is pertinent…
In the San Bernadino “accident”, the person served (the owner of the phone) agreed to disclosure, there is probable cause to believe that the person using the phone was involved in a crime, that may have involved ‘conspirators’, and having access to the information is pertinent as to determine if others are involved. Any evidence obtained should NOT be used to publicize any communications unrelated to the “accident”.
This is not a warrant issue. This is a court-order. This is far beyond a warrant.
“The ability of the government to gain access to data stored on these phones by terrorists, child pornographers, drug dealers, criminal street gangs and other criminal organizations to protect the public safety is significantly more important than a tarnished brand. ”
And significantly less important than allowing private information to be turned over to the government and potentially other sources.
“I also think that quoting Eric Snowden, a wanted fugitive hiding in Russia, or his attorney on this issue is pathetic.”
I think this statement clarifies where you stand on this issue. You believe that the government is in the right in that dispute, therefore, I think you are more concerned with maintaining the government position on safety than civil liberties and private concerns. That’s certainly your prerogative, but not one I share.
“is the information they are seeking from the iPhone in the San Bernardino case so important that it justifies such a massive intrusion in all of our privacy and security? I have not seen the case made either way on that point.”
I agree that this is the critical issue. At some point in time, we will have to address head on where the limits are of such intrusion are. I truly value privacy, and I agree that our national founders feared government more than they feared that “a bad guy might get away”. But then, I doubt that they could have envisioned that a “bad guy” might be able to bring down the Twin Towers or destroy a city, or spread a pathogen which could wreak havoc not on one city, but on the world. We are looking at an entirely different level of risk than they could have even imagined. At some point, we are going to have to reimagine our security responses. While I am very cautious about allowing new intrusions into private communications, I am also very cautions about allowing one individual, in this case the head of Apple to decide the balance of intrusion vs safety.
David asks:
> is the information they are seeking from the iPhone in the San Bernardino
> case is so important that it justifies such a massive intrusion into all of our
> privacy and security.
No, the government is just using these people since so many (on both the right and left) are afraid of “terrorists” (they would not have the same support if the IRS wanted to get in to the phone of a coffee shop owner to prove that she was pocketing all the cash she took in and not paying income tax on it). The iPhone is the guys “work phone” (issued by the government) and almost for sure has nothing on it since:
“The couple took pains to physically destroy two personally owned cell phones, crushing them beyond the FBI’s ability to recover information from them.”
http://abc7.com/news/apple-ordered-to-help-fbi-hack-san-bernardino-killers-phone/1203482/
” I truly value privacy”
Moi, aussi, bon docteur! Unless one is in a windowless room without wifi, cell phone, laptop, satellite or cable box, or in a very few remote spots on the globe, someone may be watching and listening. I travel in cities where my every move is tracked on cctv. I transfer data on easily accessed networks. I have only nominal security software and firewall in place, because Big Brother (and Macy’s, RIAA, Nugget, ad infinitum)has been able to track me for decades, now. I decided in the 1980s that I would live my life in plain sight, rather than alter it to suit others. I cannot help but agree that Apple does little to enhance its brand by advertising to the world’s malefactors,”Your data is safe, here!”
Biddlin
“ I decided in the 1980s that I would live my life in plain sight, rather than alter it to suit others.”
I also have made this decision to live openly as witnessed by the fact that I post and write here under my own name. I do not choose to live in fear, and will not even if it were to result in me having to choose to live outside this country. I am not more afraid of power wielded by the government than I am of power wielded by private corporations. But then I live a 1/2 block from the east/west railroad tracks and so feel I am probably as likely to be incinerated as I am to be tracked by the feds for my tongue in cheek C4 reference.
Re: “It conscripts Apple into government service and forces it to design and build what is, in effect, a master key that could be used as a mold to weaken the security of an untold number of iPhones.”
This is the only significant legal challenge raised here, as far as I can tell; the other issues raised in the article all have technical/protocol solutions.
It seems there may be only two solutions for the government to reliably be able to access communications by criminal cartels, terrorists, etc.:
(1) The NSA capability–use it to record every communication on every device in the world–voice, pictures/movies, e-mail, text messages, twitter, blog posts, etc. etc. etc. As I understand it, the new facility in Utah has the capability to access and store every transaction of almost every kind of electronic communication in the world that uses wireless, landlines, optic fibers, etc.
(2) Require all manufactured communications devices to have built-in back-door highly
restricted key capability.
There is no reason that such back-door keys cannot be ultra-secure; comparably as secure or more secure than the user account memory encryption. The precedent would be the requirement for all communications devices to have such back-door capability.
re: “that could be used as a mold to weaken the security of an untold number of iPhones”
No, it could be done in such a way that it could not be used as a mold to weaken the security of other iPhones–this is a technical issue, and it is possible to design a system with an ultra-secure back door.