A court order requiring Apple to create software allowing the FBI to crack Syed Farook’s iPhone password (in turn allowing the FBI to decrypt the phone data whose encryption key is derived from that password ) raises distinct but related legal and policy issues. On the legal side, Apple’s best argument is that the court order goes beyond the scope of its power under the All Writs Act. On the policy side, Apple’s chief Tim Cook claims that forcing Apple to create a “backdoor” to its own robust security protections will lead to an erosion of security in all our mobile devices. Apple and others claim that the technology that Apple creates to comply with the court order could lead to law enforcement privacy abuses or malicious attempts by criminals or spies from other countries to gain access to the data in all of our phones. Apple has not yet submitted its opposition brief to the federal court’s order. The persuasiveness of both the legal and policy arguments against the order relies, in part, on slippery slope arguments connecting altering Syed Farook’s phone to risking the privacy and security of all of us. This case shows both the force and the limitations of slippery-slope arguments. At this preliminary stage, I tentatively believe that the slope is too slippery, and the technology too complex, for one federal magistrate judge to force Apple to design an end-run around its privacy and security protections. These very protections were created, in part, in response to Edward Snowden’s revelations about massive, secret government surveillance programs.
Understanding the technology involved, at least on a superficial level, is necessary to evaluating the legal and policy arguments. Because the data stored on the hardware of Farook’s iPhone is encrypted, the FBI cannot simply pull text messages, for example, off of Farook’s iPhone hardware; anything retrieved in this way will be incomprehensible. But, because iPhones have a feature that locks others out of the phone after several attempts at the phone’s password, the FBI cannot simply brute force its way to unlocking Farook’s phone and using it, decrypted, as if the Bureau were the phone’s owner. So, Magistrate Judge Sheri Pym’s court order requires Apple to create software, targeted only to Farook’s phone, that allows the FBI to try as many times as it likes to get the right password. The order also requires Apple to undo a delay feature designed to prevent hackers from running through attempted passwords quickly and efficiently until a phone is hacked.
Although Apple could advance the Fourth Amendment argument that this search is being carried out unreasonably, or the First Amendment argument that creating software is compelled speech, its best argument is an objection to this use of the All Writs Act. The United States Attorney’s Office applied for the order against Apple under the All Writs Act. This founding-era act empowers a court to issue orders to force third parties to assist in the execution of lawful orders. In this case, the California magistrate judge has ordered Apple to help the FBI access Farook’s phone, obtained via a valid, court-ordered search warrant and with the consent of Farook’s former employer.
Apple’s legal arguments mostly turn on how burdensome creating this software will be and how necessary it is to use Apple’s assistance. The Supreme Court, in United States v. New York Telephone, blessed application of the All Writs Act to require a phone company to lease phone lines and assist the FBI in installing pen registers, which indicated the telephone numbers dialed by suspects in an illegal gambling ring. Third parties must comply with these sorts of orders so long as they are not unreasonably burdensome and so long as the order does not compel the participation of a party too far removed from the investigation. A court may order a telephone company to provide telephone lines, for example, because it owns those lines, and because the company is in a position to frustrate the FBI’s legal investigation. According to the Supreme Court, “without [New York Telephone] Company’s assistance there is no conceivable way in which the surveillance authorized by the District Court could have been successfully accomplished.”
Apple has not yet filed its opposition to the court order, but legal and policy arguments combine to make a good case that this order should be invalidated. (Apple has complied with past orders requiring it to help the FBI crack criminals’ iPhones, but is now taking a stand, perhaps because a magistrate judge in Brooklyn refused to order Apple to comply with one of these cracking orders without briefing from Apple.) First, there are legitimate legal distinctions between Apple and the phone company in United States v. New York Telephone that work in Apple’s favor. Apple doesn’t own Farook’s phone and thus cannot frustrate the FBI’s investigation in the same way as a phone company owning its own telephone wires. Congress also seems opposed to forcing mobile companies to decrypt individuals’ data. Plus, cybersecurity experts like John McAffee have offered to assist the United States government in accessing Farook’s data to avoid the precedent of forcing Apple to render its own product less secure.
Policy arguments cut both in favor of Apple and the United States government, but ultimately, Apple can make a good case that the expansiveness of the court’s power to issue writs shouldn’t extend to this case. Some argue that Apple can limit possible security risks to just Farook’s phone. Apple can create software that possesses its own company signature and a unique identifier to Farook’s phone. This means that, even if the software fell into the wrong hands, if someone tried to modify the software to use it for another’s phone (say, the phone of President Obama, who supports the court order), Apple’s company signature would be destroyed and the software couldn’t run on an iPhone. Plus, preventing terrorism is an important government interest, and Apple can likely create this software within a matter of days or weeks (and can be compensated for its efforts).
Policy arguments against application of the All Writs Act depend, for the most part, on different varieties of slippery-slope arguments. The first variety is that, if this order prevails, the government is given another tool in its arsenal of invading citizens’ privacy, and this may lead to even more powerful tools in the future. Edward Snowden, famous for exposing NSA investigative techniques that many believe are illegal and unconstitutional, claims that the government just wants to establish a precedent for forcing Apple to develop software to help the FBI override decryption features (pegged to a phone owner’s password), so that it can perhaps require more burdensome or privacy-reducing measures in the future. The second variety of slippery-slope argument claims that there is no way to limit the software Apple develops to Farook’s phone, that our citizens’ data will be markedly less secure, and that other countries, including China, are looking to see how seriously the government takes data privacy.
The judge’s ultimate ruling in this case will likely depend on how seriously she takes these slippery-slope arguments. While technically a logical fallacy, slippery slope arguments are important in the law because courts (and lawyers) reason from precedent. Extending an argument to its logical conclusion preserves fairness, uniformity, and consistency in the law. Slippery-slope arguments are a variant on this type of reasoning. If courts allow one government action, they may allow an even greater government intrusion in the future, due to an inability to distinguish in principle the first action from the second. Slippery-slope arguments are important in, for example, First Amendment law, because free speech law must be especially principled to allow clear guidance on what citizens can and cannot say. A court may fear that if the state is permitted to punish the display of a swastika, then the state can also punish display of the Confederate Flag, or another political symbol with (somewhat) more ambiguous meaning, or perhaps even any political view it finds hateful.
The All Writs Act is less amenable to slippery-slope arguments, because courts can examine on a case-by-case basis whether a particular order is unduly burdensome, or whether the subject of that order is too far removed from an investigation to be conscripted into service by the FBI. That said, I preliminarily believe that Judge Pym should draw a line here. The court is asking Apple to design software that overrides an important privacy feature for its customers, despite the fact that the FBI on its own (or using another party) may be able to hack and decrypt Farook’s phone. Apple has legitimate concerns that it is being asked to compromise its business model (a company like Google employs fewer privacy protections because Google has to read through customer data to generate advertisements). And finally, in as non-alarmist a way as possible, I do think this court order could portend greater privacy breaches in the future both by the government and by hackers with a nefarious purpose. Apple has complied with court orders in the past, but Apple’s newer iPhones are designed with stronger security features enacted in the wake of Edward Snowden’s revelations about the NSA and the PRISM program. Other countries are looking to see how the United States handles privacy issues, and these countries may ask Apple to undermine its security features if it wants to sell its products abroad.
Before Apple is required to provide more methods to compromise user’s passwords (and the encryption schemes based on those passwords), there should be public debate and consideration by Congress. Hopefully, that will not produce legislation forcing companies to decrypt data for the government, but the slope is too slippery right now between Farook’s phone and all of our privacy. Apple has convincingly argued that now is the time for line-drawing.
Update: Apparently, McAfee’s plan to crack Farook’s phone seems unfeasible. That fact does change the analysis a bit, because perhaps the FBI really does need to rely on Apple to gain access to Farook’s iPhone data. On balance, I still tentatively believe that this order is too burdensome given the attenuation of Apple to this investigation (and given the speculation that Farook burned all the phones with relevant information on them). This is a closer case without the likelihood that Farook’s phone can be cracked without Apple but I still believe the government is using the All Writs Act to ask for too much.
Also of note: Apple’s compliance with past court orders did not involve phones that stored data encrypted, so the court orders did not require Apple to design software to crack a user’s passcode.