The Apple v. FBI case in California about the San Bernardino killers is not the only case where the government is trying to gain Apple’s assistance in unlocking an iPhone. In a recent—and very similar—case in New York, the government argued for a court order under the All Writs Act (AWA) that would compel Apple to assist a search warrant by bypassing the security on one of its devices. Magistrate Judge James Orenstein concludes that the court can not grant such an order in a well-written and technologically fluent decision.
I like this decision a lot. The Judge clearly understands the implications for privacy of a decision against Apple when technological progress is considered:
As constantly increasing computing power is continually squeezed into ever smaller storage devices, the category of consumer products containing licensed software will continue to grow. In a world in which so many devices, not just smartphones, will be connected to the Internet of Things, the government’s theory that a licensing agreement allows it to compel the manufacturers of such products to help it surveil the products’ users will result in a virtually limitless expansion of the government’s legal authority to surreptitiously intrude on personal privacy.
Next we have this:
Just as the criminal Feng has done, the United States government has chosen to entrust extremely sensitive communications and secret documents — including those of many of the prosecutors and judges who work in this court — to the passcode protections and other robust data security measures available on a variety of Apple devices. That observation does not mean Apple should have any greater or lesser obligation, as a matter of law or morality, to accede to the demands of law enforcement agencies. But it does highlight the proposition that forcing Apple to compromise the data security measures it offers its customers may adversely affect many who rely on such technology for purposes the government would endorse.
Quite a few lawyers and judges use iPhones, it seems. The important point, though, is that the decision recognises the trade-off implicit in the government’s request—that weakening security measures on the devices can also have a detrimental effect on the security of legitimate users. This same argument can be applied against introducing backdoors into encryption.
And lastly:
Not only has Apple done nothing wrong in marketing devices with such strong data security features, it has exercised a freedom that Congress explicitly deemed appropriate in balancing the needs of law enforcement against the interests of private industry. Specifically, in writing CALEA, Congress included a provision making clear that the statute “does not authorize any law enforcement agency or office … to prohibit the adoption of any equipment, facility, service, or feature by … any manufacturer of telecommunications equipment, or any provider of telecommunications support services.” 47 U.S.C.§ 1002(b)(1)(B). In other words, CALEA provides that law enforcement agencies cannot do precisely what the government suggests here: dictate to a private company in the business of manufacturing smartphones the extent to which it may install data security features on such devices.
The decision indicates here that Apple is protected by the Communications Assistance for Law Enforcement Act (CALEA), contrary to what the FBI claims in the San Bernardino case. CALEA limits the authority of the government to require specific design of software or equipment from telecoms providers and manufacturers, as well as stating that
A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.
For more on CALEA and its applicability to the San Bernardino case, read here and here.