The U.S. Department government has used a law created in the 1700's to force Apple Computer to break into an iPhone used by a terrorist last year. The New York Times reported that on Tuesday:
"... Magistrate Judge Sheri Pym of the Federal District Court for the District of Central California ordered Apple to bypass security functions on an iPhone 5c used by Syed Rizwan Farook, who was killed by the police along with his wife, Tashfeen Malik, after they attacked Mr. Farook’s co-workers at a holiday gathering. Judge Pym ordered Apple to build special software that would essentially act as a skeleton key capable of unlocking the phone... The Justice Department had secured a search warrant for the phone, owned by Mr. Farook’s former employer, the San Bernardino County Department of Public Health, which consented to the search... the F.B.I., instead of asking Congress to pass legislation resolving the encryption fight, has proposed what appears to be a novel reading of the All Writs Act of 1789... The government says the law gives broad latitude to judges to require “third parties” to execute court orders. It has cited, among other cases, a 1977 ruling requiring phone companies to help set up a pen register, a device that records all numbers called from a particular phone line..."
So far, Apple has refused to comply. Excerpts from a statement by Apple:
"The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand. This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake... Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us. For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe... But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone. Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession. The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control... The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe. We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data."
This is not the first use of the All Writs Act against Apple. NPR reported:
"Last fall, the Justice Department, using the All Writs Act, tried to force Apple to unlock an iPhone running iOS 7 in a case involving a suspected methamphetamine dealer. Apple responded that it might be technically capable of unlocking that phone (since iOS 7 has fewer security features than later operating systems) but said the cost to the company's reputation — and resulting harm to its business — would pose an "undue burden." That case is still pending.."
The NPR news story also mentioned:
"In 2014, at the Justice Department's request, a federal court in New York used the law to order a phone-maker to unlock a password-protected device. The Justice Department says various other companies have been ordered under the All Writs Act to provide otherwise inaccessible information to investigators."
This is huge news. It highlights several privacy issues:
- Has the government over-reached by using a 1789 law?
- How can the government force a company to build something -- software, malware -- that doesn't exist? This Atlantic article describes the coercion slippery slope.
- Can Apple successfully build a back door for a single iPhone?
- If #3 is not technically impossible, does the back door place all iPhones at risk?
- Are back doors the best way to fight terrorism? Like you, terrorists read the news and will simply switch to other products without built-in back doors.
- Are back doors really needed? The law enforcement community is split over this.
- Are back doors a benefit or a risk?
- How does the government ensure that criminals, terrorists, and other governments' hackers don't use the same "back doors" it uses? After all, the Federal government has had massive data breaches.
- Do "back doors" prevent businesses from adequately protecting their proprietary trade secrets, processes, and private information?
- Why haven't other technology companies resisted the government's demands for back doors, as Apple has? This Wired article discusses why Apple's position (including encryption and strong privacy protections) is good for business.
- What does this mean for consumers' privacy? Some iPhone users have already built a website for protests.
Regarding item #1, the American Civil Liberties Union (ACLU) wrote in December 2015:
"The All Writs Act permits a court to issue an order to give effect to a prior lawful order or an existing grant of authority, and has been used for such things as ordering a prisoner be brought before a court. The Act does not allow a court to invest law enforcement with investigative tools that Congress has not authorized — like the extraordinary and unconstitutional conscription of a third party into obtaining information the third party does not possess or control... it’s even more troubling to consider that the government, by its own admission, has invoked it successfully in at least 70 cases."
The ACLU, the ACLU of Northern California, and the Center for Internet and Society (CIS) at Stanford Law Scvhool, filed a Freedom of Information Act (FOIA) request in December to understand the government’s use of the All Writs Act to force device manufacturers to unlock devices. It is important to known the full scope of the government’s use of a 227-year-old law. The Electronic Frontier Foundation (EFF) announced that it will file an amicus brief supporting Apple.
"The text of the court order is here. Although it does not direct Apple to break the encryption per se, it asks the company to disable features that make it more difficult to brute force the device security capabilities -- such as the function that disables (er, self-destricts) the device after multiple attempts to enter a PIN number. While that sounds innocuous enough, it is likely such access cannot be granted on a device-by-device basis upon demand by law enforcement, although some technologists believe it possible. Rather, unless Apple demonstrates the technical, economical, or temporal infeasability of complying with the judge's order or gets the order lifted, the consequence may well be an update/patch to IOS that would implement that proverbial "backdoor" feature that certain law enforcement officials -- specifically, FBI Director James Comey -- allege is needed to protect the country, citizens, and (think of the) children from Any Number of Evil-Sounding Things That May or May Not Be True(tm). By contrast, NSA Director Admiral Mike Rogers has already stated publicly there is no need for such back doors or law enforcement access, and that strong Internet security features are more of a benefit than risk to society -- despite that perennial and selectively sensational hand-wringing by prominent law enforcement and/or intelligence officials..."
The privacy-friendly DuckDuckGo.com search engine posted this tweet on Wednesday: