The Department of Justice filed a motion in response to Apple’s announcement that they would not be complying with the court order to create a backdoor that would allow access to the San Bernardino shooter’s cellphone. It is not toally surprising that they would do so since the FBI is part of the DOJ. I’m a little surprised by the timing. I would have thought that it would have made more sense for the DOJ to file this motion after Apple made their official response to the court. But, I am not a lawyer, so maybe there is some tactical reason why the government would want to file this first.
Page 1 lines 3-5: Rather than assist the effort to fully investigate a deadly terrorist attack by obeying this Court’s Order of February 16, 2016, Apple has responded by publicly repudiating that Order.
This is interesting, at least in light of the New York Times article claiming that Apple wanted to have the original order be sealed, and the government was the one who made it public, and only after that did Tim Cook draft and release his Letter to Customers.
Page 1 lines 9-11: Despite its efforts, Apple nonetheless retains the technical ability to comply with the Order, and so should be required to obey it.
This seems to be true. I haven’t seen anybody claiming that Apple doesn’t have the technical capabilities to remove the security on the phone. Of course, that being true doesn’t lead to the conclusion that they should have to use those technical capabilities in this case.
Page 2 lines 2-7: The Order requires Apple to assist the FBI with respect to this single iPhone used by Farook by providing the FBI with the opportunity to determine the passcode. The Order does not, as Apple’s public statement alleges, require Apple to create or provide a “back door” to every iPhone…
This is an example of the straw man logical fallacy (incidentally, the previous quote would also be an example of this fallacy). The argument by privacy advocates, Apple, and technologists isn’t that this particular operating system would lead to a backdoor for every iPhone. The argument is that the legal precedence of this order would then lead to the government being able to compel similar access in the future.
This section continues that the order:
Page 2 lines 9-11: does not give the government “the power to reach into anyone’s device” without a warrant or court authorization;
This takes the straw man argument and makes it blatantly obvious. Notice how the motion stops after the word “device”? There’s a good reason for that. That’s because Apple doesn’t make the argument that they would be giving the government access without court authorization. That would make absolutely no sense because the whole argument is over a court order. The question is whether the court order should be legally enforceable, and whether enforcing the court order would be good policy for the United States.
Page 2 lines 16-19: In the past, Apple has consistently complied with a significant number of orders issued pursuant to the All Writs Act to facilitate the execution of search warrants on Apple devices running earlier versions of iOS.
Just because a citizen or corporation has voluntarily assisted law enforcement in the past, or at least not refused to assist law enforcement, does not mean that they are compelled to do the same in the future. Using this logic, if a suspect in a criminal investigation cooperates with the police, then he would be waiving his right to then refuse to cooperate in the future if he changes his mind. This is clearly not the way our justice system works.
Page 2 line 22 – page 8 line 2: Apple’s current refusal to comply with the Court’s Order, despite the technical feasibility of doing so, instead appears to be based on its concern for its business model and public brand marketing strategy.
Of course Apple is concerned about its business model and marketing. That doesn’t mean that is the only argument, or even the main argument, against compelling Apple to remove the security on an iPhone, and it certainly doesn’t prove that Apple is in the wrong here.
Page 3 lines 11-14: the urgency of this investigation requires this motion now that Apple has made its intention not to comply patently clear. This aspect of the investigation into the December 2, 2015 terrorist attack must move forward.
That answered my question of why the DOJ decided to make this motion now. I think it may be a little wishful thinking on the part of the government, though. I think most observers expect this to be litigated for quite a while, likely to the Supreme Court, since both sides have so much to gain and so much to lose if a ruling goes against them.
Page 12 lines 7-12: In Mountain Bell, the Ninth Circuit emphasized that its decision “should not be read to authorize the wholesale imposition upon private, third parties of duties pursuant to search warrants,” 616 F.2d at 1132, but Apple is not a random entity summoned off the street to offer assistance, nor is it the target of the investigation.
It seems to me like the government’s argument here would lead to almost anybody being compelled to have to assist a warrant. Law enforcement wouldn’t be ordering just anybody to assist, they would be wanting assistance from people who have particular skills or knowledge, or some other applicable quality that law enforcement would want to make use of. It seems like the government’s reasoning would lead to the situation where anybody with any specialized skills would be required to assist in serving a warrant, which is a lot more broad than the quoted Ninth Circuit opinion seems to imply.
Page 14 lines 3-10: assistance under the All Writs Act has been compelled to provide something that did not previously exist – the decryption of the contents of devices seized pursuant to a search warrant. In United States v. Fricosu, 841 7 F.Supp.2d 1232, 1237 (D. Co. 2012), a defendant’s computer -whose contents were encrypted – was seized, and the defendant was ordered pursuant to the All Writs Act to assist the government in producing a copy of the unencrypted contents of the computer.
This doesn’t seem like a very apt comparison. If Apple was being required to provide a password or some kind of knowledge to be used to decrypt the iPhone, then that would be similar to decrypting the defendant’s computer. In this case, Apple is being asked to write a new firmware update. That’s not the same thing as putting your password into a computer. And, it’s not exactly settled case law that a person can be compelled to give their password to law enforcement, anyway.
Page 14 line 27 – page 15 line 10: the Order is tailored for and limited to this particular phone…Nor is compliance with the Order a threat to other users of Apple products. Apple may maintain custody of the software, destroy it after its purpose under the Order has been served, refuse to disseminate it outside of Apple, and make clear to the world that it does not apply to other devices or users without lawful court orders. As such, compliance with the Order presents no danger for any other phone and is not “the equivalent of a master key, capable of opening hundreds of millions of locks.”
Again, the concern isn’t that this particular source code will be let out into the wild. The concern is that once the government sets this precedence, then Apple will have to comply with similar orders in the future. The government didn’t pick this case to make their public stand because they need access to this phone in order to stop an impending attack. They chose this case because the publicity of a terrorist using an encrypted device works to further their effort to weaken encryption in a misguided attempt to battle the so-called “going dark problem.”
Page 20 lines 20-25: no one outside Apple would have access to the software required by the Order unless Apple itself chose to share it. This eliminates any danger that the software required by the Order would go into the “wrong hands” and lead to criminals’ and bad actors’ “potential to unlock any iPhone in someone’s physical possession.”
I’m glad the government has complete faith in Apple’s ability to keep something a secret. Do they have that same amount of faith in the Office of Personnel Management? Or in JP Morgan Chase? Or maybe Adobe, which had their source code stolen by hackers?
Page 20 line 26 – page 21 line 1: marketing or general policy concerns are not legally cognizable objections to the Order. As discussed above, the analysis of whether a court order presents an unreasonable burden is focused on the direct costs of compliance
I don’t know enough about the law to know if this is true, but it seems like it might be. It would be a lot harder to quantify potential indirect costs, such as that American tech companies may not be trusted in the global marketplace. Unfortunately, those indirect costs are worth a lot more than the direct costs to Apple of having some software engineers write some code.
Page 21 lines 9-10: Strong public policy interests favor enforcing the All Writs Act Order in this matter.
I’ll close with this, because it is obviously in debate. I think it’s obvious that I come down on the infosec community’s side, the technology community’s side, the side of privacy, and the side of security. In other words, I hope Apple wins this case. I don’t hope that because I support terrorists, as Apple has been accused of doing. I hope it mainly because the problem of precedence and the damage to our technology industry such a ruling would cause are humongous.
Workentin's Cybersecurity Blog 