Apple-DOJ Showdown Forces Courts to Weigh National Security and Data Privacy

Posted on 03-16-2016 by
Tags: Legal Industry , Apple , Industry Trends , Latest Headlines & Stories , Supreme Court , trending news , SCOTUS

 The Justice Department brought a temporary halt to one of the more difficult legal disputes in recent times when it announced on March 28th that it had found a way to unlock an iPhone without help from Apple, allowing them to withdraw their lawsuit to compel the tech company to assist them in the San Bernardino terrorism investigation.

“The government has now successfully accessed the data stored on [Syed] Farook’s iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court’s Order Compelling Apple Inc. to Assist Agents in Search dated February 16, 2016,” the Department of Justice said in its court filing.

The DOJ didn't say how it obtained the information, which it previously said it had no way of accessing without Apple's help, but the department hasn't yet conceded the central issue that companies should release users' private, encrypted data when necessary. For its part, Apple described the DOJ’s withdrawal of its lawsuit as a victory for data privacy, arguing this issue should have never been litigated in the courts.

            Here is a recap of the central issues in the dispute as we presented them earlier this month:

What is it about this high-stakes legal showdown between one of America’s greatest private companies and its most high-profile government law enforcement agency that makes it such a “split decision” dispute for the courts to resolve?

The Case

The underlying issue in the case is actually a straightforward technology challenge that has stymied law enforcement investigators. Right now, iPhone® users have the option to set a security feature that only allows a certain number of tries to guess the correct passcode to unlock the phone before all the data on the iPhone is deleted. It’s a security measure Apple put in place to keep important data out of the wrong hands, but it has also become a dead-end for law enforcement investigators in dozens of cases since the new encryption technology and data privacy policy was rolled out in 2014.

The heat has been rising in this battle over encryption “backdoors” for some time now. In fact, the Obama Administration announced just last fall that it would not give source code and encryption keys on digital devices to law enforcement and government agencies, for fear it would leave the U.S. open to international attacks. However, the horrifying mass shooting in San Bernardino, Calif., on December 2nd—in which 14 people were killed—completely changed the dynamics of the dispute and raised the stakes for the FBI.

Federal prosecutors looking for more information behind the San Bernardino shootings don’t know the passcode on the work iPhone owned by Syed Rizwan Farook, one of the San Bernardino terrorists. If they guess incorrectly too many times, the data they hope to find will be deleted. So the FBI wants Apple to disable the security feature, opening up a backdoor for agents to hack into the device by guessing as many combinations as necessary before the code is cracked.

The Legal Dilemma

The legal flashpoint was sparked in February when U.S. Magistrate Judge Sheri Pym signed off on a Department of Justice request to force Apple to unlock a passcode-protected iPhone belonging to Farook.

Judge Pym’s order required Apple to develop software to defeat a security feature on the newest version of Apple’s iOS operating system that erases data after 10 consecutive unsuccessful passcode entries. Specifically, she mandated that Apple provide the FBI a custom firmware file—known as an IPSW file—that would likely enable investigators to “brute force” the passcode lockout currently on the phone.

However, in an open letter to customers posted on Apple’s website, Apple CEO Tim Cook said the company would oppose the order “as an overreach by the U.S. government” and would challenge the FBI’s demands. True to his word, Apple appealed the order and filed a motion to vacate Judge Pym’s order and dismiss the government’s request.

Apple’s motion to vacate boils down to three arguments:

  1. The fact that no court has ever granted the government power to force companies like Apple to weaken its security systems, which also would have the added financial impact of potentially harming the company’s reputation with consumers;
  2. A rejection of the All Writs Act, which in the past has allowed the government to get assistance in accessing technological devices used in criminal activities; and
  3. That the government’s demands violates Apple’s constitutional rights because Apple wrote computer code to protect data on its products due to its views about consumer privacy—so forcing Apple to write software that would undermine those values would force Apple to express the government’s viewpoint on security and privacy instead of its own.

The Department of Justice enjoys the support of a wide range of law enforcement agencies and political figures (e.g., Donald Trump called publicly for a boycott of Apple products if they don’t comply with the judge’s order), and relatives of some of the people killed in the San Bernardino attack filed their own brief siding with the FBI. Meanwhile, Apple has been aided with friend-of-the-court briefs from other tech companies such as Google™, Facebook® and Microsoft®, as well as from diverse non-profit organizations such as the American Civil Liberties Union, the Electronic Frontier Foundation and Amnesty International.

The dispute heads to court in late-March for oral arguments, but legal experts agree this case raises such profound issues that it is likely to be resolved at higher courts this year.

The Plaintiff’s Case

The DOJ’s objective with the case is singular and honorable: protecting the public from terrorist threats.

The DOJ request of the court asks for Apple’s assistance with decrypting Farook’s iPhone in order to harvest what may be important intelligence that could prevent additional terrorist threats and better protect innocent Americans. To comply with the court order, Apple would be forced to assemble a team of its own data security professionals to open up the iPhone to a brute force attack, in which all it takes is time and patience to submit a large number of passcodes. These attacks are usually carried out with the assistance of a powerful computer, which can automatically input millions of different password combinations until it guesses the correct one.

The countless law enforcement officials who support the agency’s position said that the impasse with Apple provided an ideal test case to move from an abstract debate over the balance between national security and privacy to a concrete one. If the FBI is able to succeed in the courts, it will be a powerful win for other law enforcement agencies facing the similar challenge to unlock iPhones in other investigations. Already, Apple says it has received U.S. court orders, under the same legal authority, seeking to get it to unlock 12 other devices.

The Defendant’s Case

Meanwhile, Apple likewise has an honorable goal at the heart of its defense in the litigation: protecting digital privacy.

Apple argues that helping the FBI would be like providing a universal key that will permit law enforcement to break into anyone’s iPhone. Apple and other tech companies say it would also create vulnerabilities that cyber criminals from China, Iran or other countries could exploit, so Apple views itself as an important defender of digital privacy rights.

Cook argues that consumers should not have to trade privacy for national security and has raised an important question: if the U.S. government is allowed to execute this demand, what is to stop the Chinese or Russian governments from doing the same thing? According to Cook’s open letter to Apple customers: “We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data.”

The Implications

The Apple-DOJ showdown has the potential of setting an important precedent in how we view the role of the government and what they can do to compel private companies to assist them when it comes to mobile security challenges. Indeed, what’s at stake in this dispute is something even bigger than the investigation in San Bernardino, it’s ultimately an important philosophical question for our courts to decide: how far should companies be required to go to help the government conduct surveillance of their users?

The FBI has not merely directed Apple to break into an iPhone, they’ve secured a court order that essentially forces them to commission a new operating system that the company must digitally sign so that the iPhone “trusts” it—and then use to take customers’ information. If the courts find in this dispute that the government has the legal authority to compel a company to create software that undermines its own data security, in theory law enforcement agencies would be empowered to use that power with other operating systems and other software companies.

More broadly, many observers believe it could set a precedent for all forms of encryption in a wide range of technology platforms—such as encrypted laptops and databases—and could possibly help determine whether other companies could be compelled to give up encryption algorithms for other technology products.

It seems only fitting that a case with such important ramifications for our nation’s future, in which public opinion is nearly split down the middle, should be resolved in the courts—where the compelling arguments on both sides can receive a full and fair hearing, measured against the rule of law.

* The court documents – including briefs, pleadings, motions and court orders – cited in this article were obtained from LexisNexis® CourtLink.

Know and act fast with the leading online docket and document research tool.  Find out now>>

About the Author:

Eric Olson is director of content solutions at LexisNexis, where he is responsible for market expansion of LexisNexis CourtLink. He has also served in a variety of product management and product planning roles for various court access products in the LexisNexis portfolio of research and information solutions.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close