“The All Writs Act Does Not Provide A Basis To Conscript Apple To Create Software Enabling The Government To Hack Into iPhones” opens the “arguments” section of the motion Apple filed this afternoon against a court order that says Apple needs to help the FBI unlock one of the San Bernardino shooting suspects’ phones. In one weirdly formatted line, we have the centerpiece of much of the modern digital economy, an overstretched law from 1789, and a very curious definition of the word “conscript.”
The motion to vacate is the strongest move yet from Apple in its growing legal battle with the FBI over the specifics of a phone used by San Bernardino shooter Syed Farook, and the broader fight over the security and privacy of our increasingly vital mobile devices.
A week ago Tuesday, a judge ordered Apple to help the FBI unlock the old iPhone 5C administed to Farook by his employer, San Berardino County, months before Farook and his wife, Tashfeen Malik, shot and killed 14 people in December 2015.
The FBI wanted to brute force its way into the phone, by guessing at the phone’s password as many times as they could until they got it right. A feature on the operating system of the iPhone 5C is designed to protect against this: guess the password ten times, and the phone wipes out all user data. Rather that guess wrong and risk losing any useful information Farook may have had, the FBI is instead asking Apple to create and sign a software update that will disable the auto-wipe feature.
Apple is refusing to create this software. Shortly after a judge ordered Apple to comply with the FBI’s request last week, Apple CEO Tim Cook published a public letter on Apple’s website, saying this was against the interests of Apple, its customers, and the basic security of phones themselves.
The information the FBI is seeking in this case isn’t coming from iCloud, it’s cloud storage setup, which Apple has provided, and will continue to turn over to the courts when served with a proper warrant. Because iCloud information is held on Apple servers, it’s Apple’s information to hand over. But information stored on the phone’s internal hard drive or cached on the phone from other third-party apps and services, Apple argues, isn’t the company’s to turn over.
To highlight this, Apple executives on a media call referred to the software they’re being asked to build as “GovOS,” a play on Apple’s iOS operating system. Apple makes it very clear in its motion that this isn’t just about one phone, but about the sanctity of all smartphones.
From the motion’s introduction:
The implications for Apple are clear: if they follow this one exception, every phone and every device they make will be compromised. It’ll be like requiring all suitcase locks to be opened by the same government-held master key, and then being surprised when that master key is copied and used by people besides the government to steal belongings. (This is a real thing that happened). Apple continues:
Much of the case hinges on alternative ways for the government to address the trade-off between security and privacy. The motion is a wagging finger at the failure of Congress to craft and pass meaningful legislation for circumstances like this, and that in their failure, law enforcement is forced to use a broad and archaic law.
This motion also puts Apple very squarely at a fight that will define much of security for the next century: are normal people allowed to use the encryption that makes them and their personal information safest, even if that safe encryption can at times shield terror suspects? Or will we have a world of back doors, where encryption is so easily circumvented by the government, malicious actors, and bored hackers so often as to be functionally meaningless?
Apple unequivocally sides with a greater good of strong, meaningful encryption for all. We’ll see if the courts do, too.