First we should clear up a few misconceptions.
- Apple is not denying to handle data that it has in its person under a typical search subpoena and search warrant by the FBI. The company has in the past cooperated as much as possible in their investigations. In fact, Apple does generally provide any data they maintain upon a valid request and has even gone as far as making their experts available to the FBI to advise them in technical issues.
“We’ve handed over all the data we have, including a backup of the iPhone in question. But now they have asked us for information we simply do not have.”
– Tim Cook (Apple’s Open Letter)
- It is not an encryption battle as the issue is not one of decryption. It should be noted that if Apple had the phone’s encryption key, they would be obligated to hand it over. Apple is instead compelled to create a Custom OS (Operating System) for their phones that will bypass their own security protocols.
What is asked of the company by the FBI is quite unprecedented. The legal basis for the FBI’s request is the All Writs Act of 1789 (hereby known as “An old Act”). It says that courts “may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.” The use of the Old Act means that the order compelling Apple to act is not a normal subpoena, but a writ by a federal court to compell someone (See Apple) to follow the law. In this case, “following the law” is being interpeted as creating a completely new capability for Apple’s iPhone so that passcode tries can be entered electronically while certain other security features are bypassed. The reason the FBI needs this new capability is that the current iOS does not allow typing different passwords for more than a few times (to prevent bruteforce/password-guessing attacks).
An interesting question is then, how does an Act that was actually signed by George Washington, applicable in the current factual context and allows for an order (that is addressed to a Private Company) not to merely cooperate, but to utilise its assets and resources in order to actively manufacture code that will bypass its own company’s security features.
Should the government be allowed to order any corporate entity to create other capabilities, maybe for data collection or surveillance purposes? Such features could theoretically include anything, from recording conversations to location tracking. As Apple pointed out, this would set a very dangerous precedent for all large tech corporations. It amounts to a balancing issue on the triptych of privacy, safety and private property and should be the subject of an open discussion between a Government and its people.
The implications are vast. It could extend to more companies being legally compelled to create backdoors in their products or to even reduce their encryption standards (then we may actually face an encryption issue). And that brings us to the implications for the users. Weak encryption and backdoors means that other parties may be able to intercept and decrypt your data. Those parties could be anyone from intelligence agencies to independent hackers and criminal organisations.
As Apple put it:
“We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.”
– Tim Cook (Apple’s Open Letter)
It therefore seems that this is certainly not a small dispute. A decision on this will affect all of us, whether we live in the US, UK or China. The ramifications are vast and it is ultimately a question that we should help answer. After Snowden’s revelations about the NSA’s functions and capabilities, if one thing is certain it is that national authorities will overreach as they have so avidly done in the past. A legal precedent allowing the imposition of positive obligations on large corporate entities to weaken or create products that will exploit their own devices is exactly what we should all fear.
The FBI Director, James Comey made the following statement:
“It’s not their job [referring to Apple] to watch out for public safety. That’s our job.”
We respectfully disagree with Mr Comey.
*RELEVANT LEGAL ISSUE*
The outcome in the scenario where Party A (The Defendant) has encrypted data that Party B (The Authority) requires for its investigation. Such a situation would invoke the question of whether pleading the 5th amendment can cover denying to provide the encryption key to the authorities. Some courts have favoured the view that it does, for instance United States v. Doe (amounts to self-incrimination) and other courts the complete opposite (e.g. US v. Fricosu) by finding that the defendant should hand a decrypted hard drive to the authorities. Though, what would happen if the person would simply deny to comply with such an order has yet to be answered. Thus, in the US, in the absence of a Supreme Court decision to shed further light, it appears that the law is quite unsettled.
In the UK on the other hand, Part 3 of the Regulation of Investigatory Powers Act 2000 allows authorities to order the disclosure of encryption keys or force suspects to decrypt encrypted data. Moreover, the non-disclosure of an encryption key by A, where A is compelled legally to provide it by B, may result in up to 2-years imprisonment (Statutory Maximum).