Listen to the podcast:
A request by the U.S. Federal Bureau of Investigation for help from Apple to unlock an iPhone used by a terrorist has quickly grown into full scale battle. The FBI’s argument of enhancing national security is countered by the technology industry’s fears that a one-off software backdoor could set a precedent for more such demands, compromising consumers’ security and privacy, and negatively impacting business. According to experts, the FBI’s case is on uncertain legal ground and the agency ought to empower itself with Congressional backing and in-house resources to cope with technological obstacles such as the one in the latest case.
The iPhone 5C in question had been owned by Syed Rizwan Farook, one of the two terrorists who killed 14 people in San Bernardino, Calif., on December 2, 2015. The FBI had been in touch with Apple since then to unlock the phone, but without success. Matters came to a head last Tuesday, when Judge Sheri Pym of U.S. District Court in Los Angeles ordered Apple to provide “reasonable technical assistance” to investigators seeking to unlock data on the iPhone.
According to Jeffrey Vagle, a lecturer in law at the University of Pennsylvania Law School and executive director of the school’s Center for Technology, Innovation & Competition, the FBI’s request “seems innocuous.” It relates to one phone that didn’t even belong to the shooter but to his employer, and that employer has already granted the government access to search the phone, he noted.
However, “the problem is the legal precedent that such a decision might set in what the government is asking for — a sort of malware workaround provided by Apple to be installed on the phone so that they can unlock that phone,” said Vagle. “If that can be forced on Apple by the government, that same order could be forced on Google, or Facebook or Cisco — not just by the U.S. government, but by other governments who might also latch on to that same precedent.”
“If that [demand for phone unlocking codes] can be forced on Apple by the government, that same order could be forced on Google, or Facebook or Cisco….” –Jeffrey Vagle
The worries have expanded because “this isn’t just about the one iPhone … this is about all of our software, all of our digital devices,” said Ross Schulman, senior policy counsel at the Open Technology Institute of New America, a Washington, D.C.-based public policy think tank. Schulman’s work focuses on cyber security, encryption, surveillance and Internet governance.
“If this precedent that the FBI is seeking gets set, it is really a digital disaster for the trustworthiness of the computers and the mobile phones that we use on a day-to-day basis,” said Schulman. “It’s about the software that we trust the companies to update securely, and we expect them not to be updating it for the purposes of subverting our own security.”
Vagle and Schulman discussed the larger implications of the FBI’s demands on Apple on the Knowledge@Wharton show on Wharton Business Radio on SiriusXM channel 111. (Listen to the podcast at the top of this page.)
Andrea M. Matwyshyn, professor of law and computer science at Northeastern University, expanded on Schulman’s argument. A special backdoor weakens the security of the whole system and also raises consumer protection concerns, she said. “The reason technology companies are building stronger security features into their products is because identity theft is rampant, and consumers are worried about having their identities stolen,” she noted. “By strengthening security, we are preventing large categories of crime and helping combat that. So, it is a discussion about a new category of crime prevention versus another type of crime prevention.” Matwyshyn was formerly professor of legal studies and business ethics at Wharton.
The FBI spells out what it wants Apple to do in its order of February 16: The firm will bypass or disable the auto-erase function; enable the FBI to submit passcodes to the device for testing without any delays that are triggered when wrong codes are entered; and create software that could be loaded onto that iPhone.
Matwyshyn said the court order provides Apple with three options. One, it could build the software tools the FBI wants. Two, it could direct the FBI to other resources that would help the FBI in acquiring the information it seeks from the phone. The third option is for Apple to file an objection and a reply within five days of the order. Apple has time until Friday, February 26, to reply to the court order; the original deadline was Tuesday. On Monday, Apple called on the government to withdraw the court order, and said federal officials should instead form a commission “on intelligence, technology and civil liberties to discuss the implications for law enforcement, national security privacy and personal freedoms.”
Outpouring of Outrage
Apple CEO Tim Cook has used strong language to oppose the FBI’s request. “The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals,” he said in a letter to Apple customers soon after the court order.
“This isn’t just about the one iPhone … this is about all of our software, all of our digital devices.” –Ross Schulman
Although the government suggests that it would use the tool only once, the potential exists for it to be used “over and over again,” Cook said. “In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.” He also expressed surprise that the government was relying on the All Writs Act of 1789 to force Apple in this case, instead of asking for legislative action through Congress.
Apple has come out with such a strong statement on this because “the political framing of this by the FBI, and by supporters of the FBI within the White House and Congress, is putting Apple in a corner,” said Vagle. “Apple is trying to make its case very plainly, very strongly, that this is not just about the narrow political framing that is being put forth by the FBI, [but] it is about something much, much broader.”
According to Vagle, the FBI’s demands on Apple “could possibly send us down what has been described as a ‘slippery slope’ — technology companies feel it could go beyond phones [to] the technological infrastructure worldwide that we all depend on.”
Schulman characterized the potential outcome of the FBI’s demands differently. “It is not a slippery slope, but a step off of a cliff — there’s no sliding down a slope here,” he said. “Once we’ve done this, it is done, and it applies to everything. This precedent will go to the ends of the earth in as far as the FBI cares to take it.”
Clash over Legality
Schulman said the FBI is also stretching the All Writs Act beyond its original intent. “The Act … was not written with anything approaching unlocking an iPhone in mind,” he said. “It is being twisted beyond its original contours to apply to this situation.”
According to Vagle, the roots of the law come from ancient Roman and British tradition, where it served as “a gap-filler” if the king wanted something but there was no law to provide it.
However, the U.S. Constitutional system espouses the principle of the separation of powers “where the courts cannot make law — that is the prerogative of Congress,” Vagle said. He noted that the U.S. Supreme Court has talked about limits on where the All Writs Act could be used. “But the problem is that it’s not a really bright line,” he said.
Matwyshyn noted that law enforcement agencies have in the last few months repeatedly asked Congress to pass a statute compelling technology companies to alter the design of their products to create backdoors or special access for law enforcement in their products. “Congress has been hesitant to do so because in essence, it likely weakens consumer protection and the security of the system as a whole.”
Opposition from Tech Industry
Technology companies like Google, Facebook and Twitter obliquely backed Apple, saying they oppose government requirements to build backdoors that weaken the security of their systems and compromise their customers’ information. A similar statement came also from Reform Government Surveillance, a grouping of technology companies including Apple, Facebook, Google, Yahoo and Microsoft.
“The technology companies are viewing this set of law enforcement requests as an unreasonable interference in private sector decision making with respect to innovation, product creation and the technology economy,” said Matwyshyn.
“Technology companies are viewing this set of law enforcement requests as an unreasonable interference in private sector decision making….” –Andrea Matwyshyn
U.S. technology companies are concerned that they would lose market share globally if their products were perceived to be less secure and less private because of U.S. law enforcement demands, Matwyshyn noted. Such demands could also encourage similar requests from other countries, she added. “They view it as an untenable slippery slope both in terms of the economic impact of product design on a global scale and also with respect to the reconfiguration of their innovation to be around something other than around the needs and requests of their own consumers.”
Matwyshyn pointed out that consumers in other countries are perhaps even more sensitive to privacy and security concerns than U.S. consumers have historically been. She noted that those concerns escalated, particularly in Europe, after the Edward Snowden revelations in 2013 about spying by the U.S. National Security Agency on citizens of other countries and heads of state.
Interestingly, it appears that the current face-off between the FBI and Apple was avoidable. According to a report on BuzzFeed.com, the password linked to the iPhone used by Farook was changed by San Bernardino county officials at the insistence of the FBI. “Had this password not been changed, the government might not have needed to demand the company create a ‘backdoor’ to access the iPhone used by Farook,” the report added.
Empowering Law Enforcers
In any event, Matwyshyn felt the current case underscores the need for the FBI to get its technology house in order. “Law enforcers are challenged by evolving technology changes, and data gathering in investigations has become progressively more challenging,” she said. However, law enforcement agencies have faced technology evolution challenges in every generation and adapted accordingly, she added.
Matwyshyn called for the FBI to equip itself with the necessary resources to deal with evolving technological challenges. She noted that it is not the best idea to spend valuable time in shipping phones across the country to gather and analyze forensic data, especially in coping with terrorism. “It is both more cost-effective and time-sensitive to have in-house technology experts that are of the highest caliber inside our law enforcement agencies to be to be able to analyze this data in-house,” she said.