On December 2, 2015, two shooters opened fire and killed fourteen members of the San Bernardino, California community.[1] Within hours, the police had shot and killed the couple who carried out the horrendous mass shooting.[2] Once the threat had been eliminated, law enforcement and the general public needed information explaining how and why this tragedy occurred. According to the Federal Bureau of Investigation (FBI), current evidence suggests that the shooters had a potential link to Islamic extremism.[3] While the FBI has uncovered troves of information about the San Bernardino attack, the FBI claimed that it needed more information.[4]
The FBI wanted to compel Apple to create software that will break-in to the iPhone and circumvent security features.[5] To do this, the FBI wanted the judicial system to issue a writ that requires Apple to create this software.[6] Judicial authority should not be used in this matter, if the government wants technology companies to provide technological assistance to the government, Congress should pass a law. No court should issue an order that requires a company to circumvent its own security features as the customer’s right to privacy should outweigh the perceived increase to safety.
Apple vs. the FBI
At the center of the FBI investigation was an iPhone 5c, a company phone used by one of the attackers.[7] The FBI has a warrant and the permission of the shooter’s employer, San Bernardino County, to search the phone; unfortunately, the phone is password-protected.[8] To obtain access to the information on the phone, the FBI needed to get around the iOS (the iPhone operating system) security features.[9] The FBI circumvented the iOS security features, without the assistance of Apple.[10] The FBI has not explained how it managed to access the device.[11] FBI director, James Comey, only disclosed that the government purchased a “tool” from a third party to access the device.[12] Comey has not decided whether or not he will inform Apple on how the FBI accessed the phone.[13]
Even though the FBI has accessed the San Bernardino iPhone, the issue balance between private technological security and national security remains. An examination into the security features the FBI needed to circumvent and the legal methods the FBI attempted to achieve that goal should be considered.
There were three security features preventing the FBI from accessing data: the auto-erase function that deletes a phone’s content after ten incorrect passcode entries; a mandatory delay between failed passcode attempts; and the requirement that passcodes be entered manually.[14] The Central District Court of California ordered Apple Inc. to provide technical assistance to law enforcement agencies so that law enforcement can search the iPhone.[15] The order requires Apple to create and provide the FBI with software that bypasses iOS security features.[16] The order does not require Apple to modify the iPhone’s iOS and only specifies that the software works on the shooter’s iPhone 5c.[17]
In a press release, Apple openly opposed the court order and claimed that the order presents an unprecedented threat to the security of Apple customers.[18] Apple calls the software requested by the government a “backdoor to the iPhone,” and considers this backdoor too dangerous to create.[19] Apple refutes the idea that they could create a backdoor that unlocks one iPhone without manipulating the iOS software; this manipulation would create a “key” to Apple’s encryption system and unravel the iOS security protections.[20] Apple’s refusal to obey a court order for the sake of consumer security protection continues the never-ending balancing act between expanding law enforcement’s investigatory abilities and individual privacy concerns.
Compulsion through the All Writs Act
The FBI requested Apple’s technical assistance to create this security-breaching software because the FBI could not create the software itself. The court order compelling Apple to provide technical assistance for the FBI was issued pursuant to the All Writs Act (AWA).[21] In U.S. v. New York Tel. Co., the FBI sought the technical assistance of a telephone company so that the FBI could install pen registers and identify co-conspirators involved in an illegal gambling ring.[22] The Court held that, pursuant to the AWA, federal district courts have the authority to require third-parties to provide aid to the government.[23]
Historically, the Court has liberally applied the AWA so that courts can issue writs to achieve the rational ends of law and to prevent the frustration of previously issued judicial orders.[24] The AWA applies to those that are in a position to frustrate the implementation of a court order and can apply to parties that have not taken affirmative action to hinder justice.[25] The Court reasoned that the phone company lacked a substantial interest to refuse and was therefore permissibly compelled to assist the FBI.[26]
Apple’s History of Refusing FBI Demands
Apple has publically and openly refused to assist the FBI,[27] but this is not the first time that the FBI has requested Apple’s technical assistance.[28] The Eastern District Court of New York initially declined to rule on whether the AWA required Apple to offer technical assistance to the FBI.[29] Ultimately, the Court ruled that the AWA cannot be used by the government to compel Apple to assist the FBI.[30] While this New York district court ruling does not establish precedent for the California District Court, the analysis and concerns raised are persuasive and should assist in ultimately resolving the San Bernardino iPhone case.
In the district court’s initial Apple ruling, the court pointed to numerous differences between the New York Telephone Company and Apple.[31] First, Apple does not own an individual’s iPhone, while telephone companies do own the equipment that connects landline telephones to one another.[32] Second, Apple is a private company that can choose to promote the security of its customers unlike telephone companies, which are regulated public utilities.[33] Third, telephone companies routinely use pen registers during the course of business; conversely, Apple currently does not have the ability to circumvent its device’s security features.[34] Finally, compelling a telephone company to install a pen register was consistent with other legislation passed in order to assist law enforcement, while no such legislation comports with what the FBI has requested from Apple.[35]
Apple and Technological Security: Protecting the Technology and the Customer
Due to the differences between the technical assistance FBI needed from telephone companies and the kind it needs from Apple, the courts should not have the authority to compel Apple to break the iOS encryption. Writs are meant to give courts the ability to more easily administer justice, but the power should not be without just cause. The AWA should not extend to Apple in this situation, as the request is too burdensome.
The technical assistance that the FBI seeks is in direct conflict with Apple’s desire to create a secure iPhone. Apple, as a corporation, must make business decisions to keep customers happy. Creating software that can work as a backdoor to the iPhone would undoubtedly hurt Apple’s reputation. Consumers concerned with encryption security would seek out other cell phone companies that have not created a backdoor for their phones.
Apple’s reputation is not the only thing at risk. Creation of a backdoor to the iPhone’s iOS could lead to the software being manipulated by cyber-criminals.[36] While most of the information conveyed on an iPhone, such as text messages, emails, social media posts, and web searches, can be accessed by the FBI, some information is encrypted or stored locally on the phone.[37] Some of the inaccessible information includes iMessages, WhatsApp messages, photos, and note documents.[38][This normally inaccessible information can be sensitive and private data, such as bank account numbers, private pictures of loved ones, and lists of passwords. This data becomes more vulnerable with a backdoor to the phone.
The reason that the FBI cannot access this information is because of Apple’s security features; in other words, if Apple created a backdoor to the iOS, these security features would be rendered effectively useless. The FBI contends that it only wants the software to work on this specific iPhone rather than iPhones in general.[39] There is concern that if this backdoor software could become available to computer-savvy criminals would change the software and use it on other iPhones. The proposed software would act as a master-key that would only require a few changes before it can work on other iPhones.[40] The AWA should not compel Apple to remove the iOS security features or require any private organization to put its consumers’ information at risk.
Complying with the Order: More Extreme Version of the Third-Party Doctrine
The United States government already has a multitude of investigatory tools and procedures at its disposal. One of those powers involves obtaining information that an individual has conveyed to a third-party. In Smith v. Maryland, the Court held that “a person has no legitimate expectation of privacy in information he voluntarily turns over to third-parties.”[41] In Smith, the Court determined that when Smith dialed a phone number, he voluntarily conveyed information to the phone company and no longer had an expectation that the information would not be disclosed to the government.[42] However, societal expectations regarding privacy have changed as technology has improved and become more advanced.[43] Due to the increased connection between an individual’s personal information and third parties in an ever-increasing digital world, society has changed its view on when a reasonable expectation of privacy exists.[44] Requiring Apple to develop software that breaks the iOS security would continue the degradation of technological privacy.
In most of the United States, based on current case law, law enforcement can use cell phone towers to track a person’s location without a warrant.[45] The basic argument allowing this practice is that an individual’s use of a cell phone means that the individual has voluntarily conveyed information to the cell phone provider.[46] Allowing law enforcement to have the ability to compel third parties to manipulate the cell phones that the third party has manufactured is unreasonable. Individuals have not voluntarily conveyed information to their cell phone manufacturer when they simply store information on their phones. There is no doubt regarding the privacy of information conveyed from a cell phone to a cell phone tower, information locally stored on a cell phone should certainly remain private.[47] While law enforcement should have the ability to access information on a cell phone it seizes pursuant to a warrant, compelling a third party to access the cell phone unreasonably eliminates society’s expectation of privacy as well as the interests of the cell phone manufacturer to create a device that ensures privacy.
Apple has nobly refused to allow the FBI access to the San Bernardino shooter’s iPhone. However, law enforcement officials claim that Apple should comply with the FBI as the concerns of safety and stopping terrorism outweigh the privacy concerns in this case.[48] Law enforcement agencies argue that Apple is hindering law enforcement’s investigation and that information about co-conspirators or additional evidence is on the phone.[49] Proponents also argue that the victims deserve justice and that the order compelling Apple to access the iPhone protects the victim’s guaranteed due process rights under the California State Constitution.[50]
What the FBI has requested from Apple would essentially extend the third-party doctrine to include any information that an individual creates to which a third-party may be able to obtain access. This would be a gross erosion of our Fourth Amendment protections against unreasonable search and seizure. Even though the FBI asserts that these security features hinder law enforcement’s ability to investigate cases, the small hindrance should not outweigh Fourth Amendment protections. Additionally, the victim’s due process rights, alleged by proponents of the FBI, should not outweigh the San Bernardino shooter’s Fourth Amendment Rights. The balance of safety against security and the victim’s and perpetrator’s rights are difficult to balance, but the constitutional protections afforded by the Fourth Amendment should not be cast aside.
The FBI Accessed the Phone: The Privacy Argument Remains
The FBI obtained access to the San Bernardino shooter’s Apple device without the assistance of Apple.[51] Even though Justice Department investigators found a way around Apple’s iOS security features, advocates of privacy, especially those fighting against technological governmental intrusion must stay vigilant. This will not be the last time that the government will seek out technological assistance to circumvent security features in the interest of national security.
Currently, Congress has numerous pieces of legislation circulating in both houses that aim to resolve the debate between technological privacy and national security.[52] One such bill, which has bipartisan sponsors, would require technology companies to “provide ‘technological assistance’ to investigators seeking access to locked devices.”[53] Apple has stressed its desire to continuously stay one step ahead of hackers and to increase the security of its devices.[54] If legislation is passed that requires technology companies to assist in criminal investigations, it will be more difficult for technology companies to ensure to its customers that their devices are secure. However, legislation, rather than a judicial order, is the appropriate avenue to compel private technology companies to assist in governmental investigations. The use of the All Writs Act to compel a private entity to remove security mechanisms from its products in the interest of national security is an inappropriate use of judicial power. The FBI found a way to circumvent security features in this case, but the debate will continue.
Conclusion
Apple understands that the privacy of its customers, even when faced with adversity, is more important than allowing the FBI unfettered access to our devices with the illusory promise of a safer nation. While it would be a great tool for the FBI to have access to everyone’s iPhones, such a tool simply poses too much of a risk. The All Writs Act should not be used to compel a private technology company to eliminate its own security features; such compulsion needs legislative backing.
[1] Adam Nagourney, Ian Lovett, and Richard Pérez-Peña, San Bernardino Shooting Kills at Least 14; Two Suspects Are Dead, New York Times (Dec. 2, 2015), http://www.nytimes.com/2015/12/03/us/san-bernardino-shooting.html, (The shooters were a man and woman who had been engaged).
[3] Id. The FBI believes that the shooters have ties to Islamic extremists due to the couple’s recent travel to the Middle East, the couple’s national and ethnic origin, and a Facebook post where the female had praised allegiance to the Islamic State.
[5] Tim Cook, A Message to Our Customers, Apple Inc. (Feb. 16, 2016), http://www.apple.com/customer-letter/.
[7] Alina Selyukh and Camila Domonoske, supra note 4.
[10] Lorenzo Ferrigno and Charles Riley, FBI director: We bought ‘a tool’ to hack terrorist’s iPhone, CNN Money (April 7, 2016 4:35 AM), http://money.cnn.com/2016/04/07/technology/fbi-iphone-hack-san-bernardino/.
[14] Alina Selyukh and Camila Domonoske, supra note 4.
[15] Matter of Search of an Apple Iphone Seized During Execution of a Search Warrant on a Black Lexus IS300, California License Plate 35KGD203, No. ED 15-0451M, 2016 WL 618401, at *1 (C.D. Cal. Feb. 16, 2016).
[17] Id. (The order does not require Apple to create software that allows law enforcement the ability to bypass other iPhones, just this specific iPhone).
[18] Tim Cook, supra note 5.
[21] 2016 WL 618401 at *1; see 28 U.S.C. § 1651(a) (The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law).
[22] U.S. v. New York Tel. Co., 434 U.S. 159, 161-62 (1977) (A pen register is a device that collects the phone numbers called from a landline telephone).
[28] In re Order Requiring Apple, Inc. to Assist in the Execution of a Search Warrant Issued by this Court, No. 15MISC1902, 2015 WL 5920207, at *1 (E.D.N.Y. Oct. 9, 2015).
[30] In re Apple Inc., 2016 WL 783565, at *27 (E.D.N.Y. Feb. 29, 2016).
[31] Id. at *5; see New York Tel. Co., 434 U.S. 159 (1977).
[41] Smith v. Maryland, 442 U.S. 735, 743-44 (1979).
[43] United States v Graham, 796 F.3d 332, 359 (4th Cir. 2015).
[45] See In re U.S. for Historical Cell Site Data, 724 F.3d 600, 615 (5th Cir. 2013); see also U.S. v. Davis, 785 F.3d 498, 500 (11th Cir. 2015).
[46] See generally Davis 785 F.3d 498; In re U.S. for Historical Cell Site Data, 724 F.3d 600.
[47] Compare Graham, 796 F.3d 332, with Davis 785 F.3d 498; In re U.S. for Historical Cell Site Data, 724 F.3d 600.