The Apple Case Isn't Just About Apple

The situation between Apple and the FBI has received a remarkable amount of media attention, and even everyday Americans are weighing in with their opinions. And while this matter is being litigated in court and discussed in Congress, it is not just about Apple and a one-time request to help the FBI unlock a phone. The outcome of this case has implications that could be far-reaching for the tech industry. 

As has been documented in the press, the FBI has obtained an order from a federal district court in California asking for Apple’s help in unlocking the iPhone belonging to one of the perpetrators of the San Bernardino shooting, Syed Farook.

However, the FBI’s request is not simply that Apple unlock the phone at issue. Instead, they’re asking Apple to develop a currently non-existent version of their iOS software that would disable the feature within the iPhone that erases the phone’s contents after ten incorrect passcode guesses. That would allow the FBI to try as many times as necessary to guess the passcode (aka a “brute force” attack) without risk of losing the information they so desperately seek. Because the phone is an iPhone 5C, Apple can send the software update directly to the phone without the owner’s permission (this wouldn’t be feasible with newer versions of the iPhone that use a feature called Security Enclave embedded directly into the hardware and can’t be updated remotely without first entering the passcode).

The FBI has claimed that this software will be used only for this particular case.  Nevertheless, Apple has pointed out that the FBI could use it again and again once it exists. Further, Apple asserts that the mere existence of this software would weaken the security protections for all iPhone 5C users because it could potentially be used in future cases and could be replicated by hackers.

The FBI is relying on a law called the All Writs Act of 1789 (“AWA”) a law written at the same time as the Bill of Rights. Its age shouldn’t diminish its relevance however, as it has always played an important role in American jurisprudence over the last 200+ years. The AWA allows federal courts to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable usages and principles of law.” That means, essentially, that the AWA acts as a complement to existing law and gives courts the power to issue orders that don’t fall under other laws. It has typically been used to help carry out search warrants, as it has been in this case.

Unfortunately there is little case law out there on the limits of the AWA. The most relevant case to the one before us is the 1977 Supreme Court case U.S. v. New York Telephone Company. In that case, the Court allowed the AWA to be used to compel a telephone company to install a pen register (a pre-existing device that records outgoing calls) to help them conduct surveillance. The court ultimately found that the AWA could not be used if it imposed an “unreasonable burden” on a company, but unfortunately did not outline a clear test for what an unreasonable burden is. The Court found that the pen register was not an unreasonable burden, but largely used case-specific facts in its determination. 

In its court filing, Apple makes a number of arguments for why the All Writs Act can’t be used in this case, most notably that the court’s order asking it to write new software to help unlock the iPhone would qualify as an unreasonable burden.  Should the court rule in favor of the FBI, it has been argued that it could set a dangerous precedent for the tech industry. The FBI could potentially force companies in the future to write software to help break their own encryption or access just about any secure information. This would obviate the need for encryption backdoor legislation, which the FBI has requested since 2014.

Apple’s other primary argument in this case is that the court’s order goes beyond the scope of the AWA. The AWA is meant to fill in gaps in law that Congress has not considered, but there is circuit court precedent stating the law cannot be used when a court is seeking authority that Congress has specifically declined to give it. Congress has clearly considered the issue of encryption backdoors (they’ve held several hearings on it specifically), and thus far has intentionally declined to move forward on such legislation. Apple asserts that allowing a court to insert itself into a hotly-debated policy issue through the AWA would potentially give courts unprecedented lawmaking powers. Apple is arguing that Congress, not the courts, should decide the limits of law enforcement’s access to encrypted information.

As you can see, while this case might seem simple and isolated at its highest level, it has potential implications for the entire tech industry and the limits of law enforcement. National security is a vital interest for us all, and law enforcement should have any lawful tools at their disposal to protect us.  But we are now appropriately debating where and how to delineate a clear line between individual privacy and the appropriate reach of law enforcement.