How the FBI's Apple Court Order Could Hurt Your Privacy
Policy + Politics

How the FBI's Apple Court Order Could Hurt Your Privacy


Late on Tuesday a federal magistrate judge in California ordered Apple to help the FBI break into the cell phones of the San Bernardino shooters the Associated Press has reported. Agents have so far been unable to access the password-encrypted data on Syed Rizwan Farook’s phone, which they believe could contain communications between Farook and his co-conspirator, wife Tashfeen Malik, as well as potentially others.

In Judge Sheri Pym's ruling she ordered that Apple provide “reasonable technical assistance" and such specialized software as necessary to override the iPhone’s self-destruct feature, a failsafe which wipes out all data on the device if a user enters too many false passwords. The FBI would like to use a brute-force approach to unlock Farook’s device which would otherwise trigger this precaution.

Related: Key U.S. lawmaker suggests openness to encryption legislation after Apple order

The assistance which Apple has been ordered to provide would allow agents to try as many passwords as necessary to unlock the device without destroying its data.

This decision is almost certain to have privacy advocates up in arms, as it hands the government a major victory in the balance between privacy and security. As encryption has gotten progressively more sophisticated the government has pushed for more powerful legal tools to defeat it, arguing the urgency of counterterrorism and crime fighting as drivers.

Tuesday's case breaks new ground on this issue. While law enforcement has previously subpoenaed tech companies for user passwords in the past, Pym's order is the first time a cell phone company has been required to break its own encryption on behalf of the government. This ruling specifies that Apple provide material assistance in the form of specialized software to break into Farook’s device. In the context of Fourth Amendment jurisprudence this it's similar to the difference between subpoenaing the combination to a safe and forcing someone to help crack it.

In both cases the result is the same; however, the rights and involvement of the third party are far more entangled when law enforcement has enlisted their skill and expertise in addition to mere property access.

Related: Top New York law officials call Apple's encryption stance irresponsible

Although Tuesday’s order requires that Apple limit its help to unlocking Farook’s device, the company has not yet indicated whether that will be technically feasible or if any workaround could be applied generally.

Still, while this case is the first of its kind, it’s also important not to draw overly broad conclusions.

First of all, Pym’s decision is narrowed by the fact that it applies to Farook’s work phone which is owned by the county of San Bernardino. Farook and Malik destroyed their personal devices before launching their attack. It’s unclear whether a future judge would consider this issue differently over the objections of a device’s owner.

More importantly, the FBI has a properly issued warrant, meaning that the result it seeks is still within the confines and oversight of the Fourth Amendment.

Related: NSA says new phone spying program meets privacy safeguards

Key disclosure has become a hot topic among lawyers and law enforcement because of the expressive nature of digital content. While the Fourth Amendment allows the government to access physical property, the Fifth Amendment protects defendants from coerced or unwilling expression. The traditional model is the difference between a safe that’s locked by a key or a combination; the government can seize a key, but can’t force a defendant to reveal the combination.

It can, however, subpoena that information from third parties or just break the safe open.

However in 2014 Apple officially put users’ passwords even beyond the company’s own knowledge, meaning that the government couldn’t issue a subpoena for relevant information. Instead the Justice Department filed its motion under a statute known as the All Writs Act. This law gives the courts authority to issue “all writs necessary or appropriate in aid of their respective jurisdictions.” Under this law, the court may find a properly issued warrant within the scope of its jurisdiction and issue an injunction requiring that the company help in its execution.

Pym’s reasoning was not made public, but her decision puts this case squarely in line with existing Fourth Amendment jurisprudence as the government has historically been authorized to compel the aid of third parties in carrying out a legal search and seizure.

What makes the digital world different is the rise of encryption which even the government cannot break, creating the possibility of warrants that it can execute only with outside assistance. This is different from the traditional assumption that law enforcement can forcibly conduct a search or seizure with minimal aid from third parties. The result, however, is a contest that is (legally) more about Apple’s right to be left alone than about data privacy or protection.

This article originally appeared on MainStreet. Read more from MainStreet:

10 Big CEOs Who Make Way Too Much Money

8 Ways to Start Saving for Retirement in Your 20s

11 Best Smartphones of 2015