The real stakes in the Apple vs FBI standoff

There are three points that are frequently overlooked in the debate about the FBI’s demand that Apple provide custom access to a terrorist’s locked iPhone.

  •  Apple is not defying a court order

  •  The FBI is seeking a broad precedent

  •  The tool requested by the FBI would compromise Apple in other countries

These are not the only issues in this debate. There are important things to know about the technical issues and the real life consequences of the outcome of the dispute in this case and others. But discussing these three issues may help you understand what’s really at stake.

 


Apple is not defying a court order

This is a simple point but it gets overlooked in the hype.

Apple is not defying a court order. Apple is not committing an act of civil disobedience. It has not stationed armed employees at the gates of the Apple campus to repel government intruders.

Apple was served with a court order. As US citizens, we trust the legal system that issued the order. It has safeguards in place to ensure that law enforcement balances our desire for security and privacy. The demands that Apple comply with the order are based on the belief that the legal system has acted with due regard for the competing interests and has issued an enforceable order.

The legal system also has procedures to review court orders. Apple will file an appeal to obtain that review. There are rules for every step in that process, including the additional reviews that might cause this someday to be considered by the Supreme Court. Apple and the US government will be following those rules. This is not defiance of the US courts. The upcoming appeal is exactly what our legal system is built to handle.

There are many people who do not trust the government agencies that seek this information, and do not feel there is enough protection for privacy in the legal processes for warrants and authorized searches. Those are valid concerns in the post-Snowden era, but those are not issues that will be addressed in the Apple/FBI legal proceedings. Apple believes the court order seeks a result that it should not be legally compelled to deliver, and it will ask the US legal system to consider that further. If you believe in our legal system, then embrace all of it, including the right to appeal.

 


The FBI is seeking a broad precedent

On February 21, 2016, FBI Director James Comey posted an open letter on the FBI website. He said: “The San Bernardino litigation isn’t about trying to set a precedent or send any kind of message.” That is not true. The FBI, on behalf of law enforcement agencies generally, is using this as a test case for the general principle that they should be able to compel tech companies to assist in police investigations.

For several years, Apple generally complied with law enforcement demands to unlock phones or provide phone-related data. In the first six months of 2013, Apple received almost 5,000 court orders from federal, state and local agencies affecting nearly 10,000 devices. It had employees working 24/7 to meet the demand but CNET reported in 2013 that Apple had received so many police demands to decrypt seized iPhones that it had created a “waiting list” to handle the deluge of requests. In 2014, Apple posted extensive guidelines describing what data the company can provide to law enforcement and the processes for requesting that data. The flood of court orders continued to grow. According to the New York Times: “In a report covering the first six months of 2015, Apple said it had received nearly 11,000 requests from government agencies worldwide for information on roughly 60,000 devices, and it provided some data in roughly 7,100 instances.”

In September 2014 Apple began to change the design of the iPhone to make it more difficult to unlock encrypted data on new iPhone models without a passcode. The Washington Post: “Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user information.”

The FBI (and presumably other agencies) immediately began to search for a test case that would either prevent Apple from achieving its goal, or compel it to create a method for law enforcement to unlock phones. The San Bernardino terrorist phone is that test case. It was chosen precisely because it presents the clearest possible circumstances for law enforcement to get what it wants – a decision that the courts can use to compel tech companies to assist in police investigations in the future.

There is nothing wrong with test cases. Roe v. Wade and Brown vs. Board of Education were test cases that were carefully chosen to establish basic principles. That’s how our laws are developed and advance to meet changing conditions.

The entire process has been steered very precisely to give the government the best possible test case. It is a terrorism case with national security overtones, most likely to make us sympathetic to law enforcement. The FBI deliberately framed the order in this case in narrow terms so that on its face it applies only to a specific phone which they want unlocked under specific conditions to ensure security and privacy.

It is, however, unquestionably a test case to set a precedent that will be the basis of court orders in many circumstances in the years to come.

The New York Times reported today that the Justice Department is already demanding Apple’s help in unlocking at least nine more phones nationwide. Apple said in its open letter: “Law enforcement agents around the country have already said they have hundreds of iPhones they want Apple to unlock if the FBI wins this case.” Manhattan District Attorney Cyrus Vance, Jr. told PBS’s Charlie Rose that he has 175 iPhones and he would “absolutely” try to get Apple to help get data off those devices if the FBI prevails in this case.

Nicholas Weaver, a senior researcher in networking and security for the International Computer Science Institute (ICSI), sees where this will inevitably lead. “Almost immediately, the National Security Agency is going to secretly request the same authority through the Foreign Intelligence Surveillance Court (FISC),” Weaver wrote. “How many honestly believe the FISC wouldn’t rule in the NSA’s favor after the FBI succeeds in getting the authority?”

Court orders from the secret FISC court would not be new. In addition to routine law enforcement inquiries, Apple already is inundated with secret court orders from the NSA. It said this in its most recent public statement about government requests:

National Security Orders from the U.S. government

“A tiny percentage of our millions of accounts is affected by national security–related requests. In the first six months of 2015, we received between 750 and 999 of these requests. Though we would like to be more specific, by law this is the most precise information we are currently allowed to disclose.”

If Apple complies with the order in the San Bernardino case, or if it is ordered to do by the highest court handling the appeals, that will immediately be used by the NSA and countless law enforcement agencies to compel the same result in other cases. This will not be limited to Apple; similar orders will be directed at Google for Android phones. If the order is broad enough, it could be used to compel any type of tech company to create tools to unlock private information for law enforcement.

Last year New York federal Magistrate James Orenstein wrote: “[Apple] is a private-sector company that is free to choose to promote its customers’ interest in privacy over the competing interest of law enforcement.” You may or may not agree. But don’t buy into the FBI’s PR claim that this is an isolated case that will have no repercussions. This is the test case for big legal principles and it deserves the full airing in the court system that is likely to proceed for the next few years.

 


The tool requested by the FBI would compromise Apple in other countries

Apple is not a US company. It is a global company. It has offices and customers and products for sale in countries all over the world. The same thing is true of Google. Also Microsoft, Amazon, Facebook, Uber, and AirBnB. Also Ford, Coca Cola, WalMart, and every other large business, regardless of whether you think of them as a “US company” or not. All big corporations are global citizens, governed by the legal systems of dozens of countries.

The FBI has framed this case in circumstances where we trust the motives of the US agency seeking to force Apple to create the tool, and we trust the safeguards in the US legal procedure that handles those requests.

If Apple creates the tool requested by the FBI and uses it to unlock the terrorist phone, Apple will have seriously compromised its ability to resist government pressure in other countries where we may not have any faith at all in their motives or legal system.

Imagine that Apple receives this letter from the Chinese government at its offices in China.

Hypothetical letter from Chinese government to Apple

“Enclosed are phones belonging to forty Chinese citizens who have protested the Chinese firewall that blocks the free flow of Internet communication in and out of the country. Attached is a court order (from a court which we control) instructing you to unlock the phones and send us the data on them. If the phones show that they communicated with each other about matters that we consider to be traitorous, we will put them to death.”

How does Apple respond? If you believe Apple should create a tool to unlock phones for the FBI, what are the grounds to resist a demand for that tool from a duly appointed court in China? How about demands from Iran? North Korea?

This is already an issue with China, which is watching the Apple/FBI dispute closely. According to The Guardian: “The impact of the mutual distrust between Washington and Beijing can be seen in China’s new cybersecurity and counter-terrorism bill, passed last December. The far-reaching law mandates that internet firms and telecos doing business in China provide law enforcement with decryption keys in terrorism cases. Analysts and foreign firms are waiting to see how far China goes in enforcing the controversial measure, particularly in light of Apple’s standoff with the FBI.”

There is no coherent way to argue that Apple should comply with US laws but not comply with Russian laws or Syrian laws. And if your reflexive response is, well, Apple could just stop doing business in those countries – don’t make me come over and hit your knuckles with a pointer. I need you to stay focused on the real world where multi-billion dollar public companies cannot make capricious decisions to leave huge markets for no reason except that they like US policies better – particularly if the US orders Apple to do exactly the same thing desired by repressive regimes.

Apple will be in a much stronger position to decline requests by other countries if it has never created a tool to bypass its own security procedures and does not have the ability to fulfill the orders.

These are not easy issues. I happen to think that the concerns from the technology community are sincere and well-founded. You may disagree. But don’t be fooled into thinking that anything is obvious or that this won’t have any consequences in other cases. The test case has been chosen and many things about technology and security will be decided by this case.

Share This