Privacy vs. Security: The iPhone Encryption Debate
As technology becomes increasingly intermixed with the criminal justice system, Apple continues to advocate on behalf of its users by refusing to create software that would help override the passcode security system on Apple phones. Specifically, the FBI wanted Apple to unlock an encrypted iPhone used by one of the two attackers that killed 14 people in San Bernardino, California this past December. The judge ordered Apple to bypass a security feature that erases a device’s data after too many unsuccessful attempts. The government officially withdrew its request to Apple on Monday, March 29, 2016. In its filings, the government stated that they no longer require assistance from Apple. The next day the FBI hacked into the iPhone without Apple’s help.
Apple argues that the government was requesting software that simply does not exist and that creating this software would be “hacking its own technology.” If a backdoor is created it would create a security risk for other Apple customers because both the U.S. government and foreign nations would demand assistance in an unimaginable range of cases. The Justice Department is demanding Apple unlock at least nine other iPhones in various cases. Prosecutors say that the public should not be surprised that the government is seeking assistance in cases besides the California attack. “Once created, the technique could be used over and over again, on any number of devices,” Apple’s CEO, Tim Cook, said in a letter to users.
Apple has long maintained that it would release data to comply with court orders when it was technically feasible. Apple has said it is impossible to unlock phones with new operating systems that are passcode protected, due to the level of encryption in the newer operating systems. “In a report covering the first six months of 2015, Apple said it had received nearly 11,000 requests from government agencies worldwide for information on roughly 60,000 devices, and it provided some data in roughly 7,100 instances.” While phones are generally inaccessible without the specific passcode, data on a user’s iCloud account is readily accessible by Apple.
A federal judge issued an order compelling Apple to assist the FBI in unlocking the shooter’s phone, giving Apple until February 26 to respond. Apple filed a formal response, requesting that the judge vacate the order. Apple cited violations of the First and Fifth Amendments and argued that the order exceeded the powers granted to the government in the All Writs Act, the mechanism the court used to compel the technology company. Apple stated that software code should be treated as speech under the First Amendment and that the court violated due process by depriving the company of its right to be free from “arbitrary deprivation” of its liberty by government. It also cited being compelled to develop software as “forced labor.”
On March 1, Apple appeared before the House Judiciary Committee to testify on encryption-related issues. Both Apple’s general counsel, Bruce Sewell, and FBI Director James Comey were questioned. "Should the FBI have the right to compel a company to produce a product it doesn't already make, to the FBI's exact specifications and for the FBI's use?" Sewell asked members of the House Judiciary Committee. Director Comey felt that the core question for Congress is this: Once all of the requirements and safeguards of the laws and the Constitution have been met, are we comfortable with technical design decisions that result in barriers to obtaining evidence of a crime?" Google, Facebook, Twitter and Microsoft are among the tech companies supporting Apple's position on privacy.
The FBI stated earlier this month that the agency lost a chance to view and utilize data from the iPhone of one of the San Bernardino shooters. Director Comey stated, “There was a mistake made in the 24 hours after the attack,” in which FBI personnel apparently believed that by resetting the iCloud password, they could get access to information store on the iPhone. Alternatively, the work of the bureau backfired and the process locked them out of the phone and destroyed any means of ever getting into it. “The big question for our country is how much privacy are we going to give up in the name of security,” Representative Jason Chaffetz, a Utah Republican, told Director Comey. “And there’s no easy answer to that.”
On March 21, the government claimed it may not need Apple’s help to unlock the phone. The Justice Department disclosed that it may not need the company’s help, leading a judge to postpone a court date over the issue. In a subsequent court filing, the government claimed that they had an outside party who demonstrated a way to unlock the phone used by Syed Rizwan Farook, the San Bernardino shooter.
A source reported that the government must legally explore and exhaust all outside methods to open the phone before turning back to Apple. This debate has created an interesting area of debate for criminal law practitioners. It stresses the privacy concerns of defendants regarding their personal cell phones, which, if turned over to the prosecutors could be potentially incriminating. It highlights the need for security measures to be in place on cellular devices, but also points out the potential value of being able to unlock iPhones for prosecutors. Practitioners should be aware of Apple’s security policy when defending clients with potentially useful information stored on their phones.