An Issue of Security that Will Inevitably Bring Insecurity
By Ryan Vince
Months after the tragic terrorist shooting in San Bernardino, California, Apple Inc. (“Apple”) and the Federal Bureau of Investigation (“FBI”) continue their legal skirmish over whether Apple should be forced to create new “backup” technology. After successfully thwarting one of the San Bernardino terrorists, Syed Rizwan Farook, law enforcement officials discovered the killer’s Apple iPhone 5c. The government, thinking it could gain access to a goldmine of terrorist information, issued an order requiring Apple to write software for “breaking” into Farook’s phone. At first glance you may think, “Yes! Find the terrorists!” However, this situation involves issues of both national security and personal security. If Apple creates software capable of breaking into an iPhone, the trusted security of the iPhone may forever be jeopardized.
First, Apple ordinarily has the ability to access information on a used iPhone through standard iCloud backups. In order to comply with law enforcement investigations, Apple has left one door open for access into a locked iPhone: through the iCloud. Unfortunately, according to the FBI, the San Bernardino County Department of Public Health changed the iCloud password associated with Farook’s phone. As a result, the typical means for accessing the terrorist’s phone are no longer feasible. Apple’s only door of entry has essentially been closed because the iCloud password has been altered. This alleged incident may seem trivial, but determining who is responsible for the password alterations may be strongly influential. If the government had an opportunity to backup Farook’s phone but botched it when it reset the password, a court may not compel Apple to comply with the order.
Second, with compelling arguments on both sides, Apple probably holds the stronger hand. Regarding the All Writs Act of 1789, courts may “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.” The discernible limitation to this rule is that “unreasonable burdens may not be imposed.” Much debate rests on the true definition of an “unreasonable burden,” where in U.S. v. NY Telephone, the Court ruled that the FBI could require NY Telephone, a “highly regulated public utility with a duty to serve the public,” to provide the FBI with pen registers (a list of dialed phone numbers) to assist in an investigation. Relating this ancient case to the current issue, Apple does have a duty to serve the public, Apple may be highly regulated in business and communication matters, but Apple is not a public utility. “Public utilities” are roughly defined as a set of services provided by organizations consumed by the public: electricity, natural gas, water, sewage, and more recently, broadband Internet. In U.S. v. NY Telephone, the Court ordered a public utility company to “provide” the FBI with pen registers, items already in use and in possession of the utility company. In the San Bernardino case, Apple, a publicly traded company, will be required to create and develop brand new software. At an unbiased vantage point, the facts in California are highly distinguishable to the facts in New York because of the disparate level in “burdens.”
The Ninth Circuit, which governs the district courts of California, has ruled that code is “protected speech” under the First Amendment. Whether or not this case goes to the Supreme Court, this Ninth Circuit ruling gives strong precedence to a First Amendment defense made by Apple. If writing new code is inconsistent with Apple’s vision, and/or the code threatens the safety of its consumers, a court will not require compliance with the order. Yet, this ruling does not resonate through all U.S. courts and this argument may not work in a situation such as this.
Arguments for a Fourth and Fifth Amendment defense come down to the murky legal jargon of “reasonableness” and “just compensation.” In making a Fourth Amendment defense, Apple will argue that when the government executes a search warrant, it needs to be done in a “reasonable manner,” and that forcing the company to develop software is unreasonable. Similarly, under the Fifth Amendment, the government must give “just compensation” when it takes private property for public use. Is unlocking a terrorist’s iPhone for purposes of national security truly public use? And if so, how do you justly compensate a company for fashioning software capable of breaching its own security? Regardless of how much the government would pay Apple, it would neither be just nor compensation of actual loss.
Apple’s emphasis of concern has been to protect the privacy and security of the users of its products. Throughout its existence, Apple has been able to achieve this goal by the consistent development of secure products. If the government successfully compels compliance with its order, Apple will be forced to create its own Achilles heel, a product capable of breaching its own secure products. Nevertheless, as long as the government acts “reasonably” or Apple is “justly compensated” for its time, then I guess all is well.