The hot topic of the day is the decision of United States Magistrate Judge Sheri Pym to order Apple to assist the FBI in accessing the data on an iPhone 5C owned by one of the San Bernardino terrorists. Whether on social media or news reports, commentators do not appear to understand what is really at issue in this case.
FBI vs. Apple
On December 2, 2015, Syed Rizwan Farook and his wife, Tashfeen Malik, murdered 14 people in a shooting spree in San Bernardino, California. The criminal act was as shocking as it was disgusting.
As part of its investigation, the FBI has zeroed in on Syed Farook’s iPhone. Specifically, an iPhone 5C, Model A1532 with Verizon service. As an Apple product, the phone has certain encryption features to protect data from hackers.
The FBI Position
The FBI desires to access the data on Farook’s phone. The Bureau has been unable to hack the phone. The FBI is out of ideas and intends to use a “brute force attack” to hack the phone. However, the Bureau is concerned the brute force attack will trigger the security on the phone to erase the data. To prevent this, the Bureau has petitioned Magistrate Judge Pym for assistance.
The Proposed Hack
Various reports suggest the court has ordered Apple to hack its encryption. These reports are not entirely correct. The proposed hack involves disabling a few aspects of the security, but not the encryption, itself. If Apple complies with the order, the FBI will not be able to just turn on the phone and see the data. The Bureau will still need to break the passwords but can have at it without risking data loss.
Apple argues disabling even part of the security for the iPhone is effectively compromising the encryption. The company further claims doing so creates a methodology for other third-parties to hack iPhones and other Apple products in the future. Apple also argues Judge Pym has no authority to force a company to create software to disable encryption in one of its products.
There is no law requiring a company to provide a backdoor to law enforcement for its encrypted products. How then did the FBI argue there was legal precedent for compelling Apple’s assistance in this matter? By citing an antiquated catch-all law…
…wait for it…
The All Writs Act of 1789.
Yes. A law enacted in 1789.
The All Writs Act of 1789 gives a judge the authority to issue an order when the prosecution meets four factors:
- No statute, law, or regulation addresses the issue in question.
- The company has some connection to the event.
- Extraordinary circumstances exist.
- Compliance is not unduly burdensome.
In this matter, the FBI has argued:
- There is no statute on the issue [correct].
- The phone is an Apple product and only accessible by Apple [correct].
- Extraordinary circumstances exist because there is no other way to access the phone, and the data could prevent future attacks [questionable].
- Apple writes code all the time and should be able to breach the security for its phone [possibly].
The Encryption Ruling
The courts appointed Sheri Pym a magistrate judge in 2011. Before her appointment, she served as an Assistant U.S. Attorney and Chief of the Riverside branch office of the United States Attorney’s Office – the same Office seeking the order in this matter!
As we now know, Pym sided with the FBI. The order reads as follows:
For good cause shown, IT IS HEREBY ORDERED that:
1. Apple shall assist in enabling the search of a cellular telephone, Apple make: iPhone 5C [“SUBJECT DEVICE”]…pursuant to a warrant of this Court by providing reasonable technical assistance to assist law enforcement agents in obtaining access to the data of the SUBJECT DEVICE.
2. Apple’s reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.
Bad Facts Make Bad Law
Legal professionals have a saying – bad facts make bad law – that applies to this case. The encryption debate is vigorous. Tech companies hate the idea of backdoors. Government agencies consider access a must. The Assistant United States Attorneys know this full well and have carefully forum shopped this case to set a precedent in federal court. After all, what federal judge located in San Bernardino wants to be viewed as protecting the data of one of the terrorists?
Encryption is a tricky subject. Tech companies and law enforcement agencies both have credible arguments for and against allowing backdoor access to programs. A federal courtroom is not the proper place to decide on this issue. Congress needs to address what legal limits, if any, will be placed on encrypted products and needs to do so quickly.
For better or for worse, Judge Pym is setting a precedent by compelling Apple to assist the FBI. Apple will undoubtedly appeal immediately, putting the case before an appellate court that might be less inclined to use a law from 1789 to address modern digital encryption issues.
Richard A. Chapo, Esq.
Other News of Note: