Justice Oliver Wendell Holmes famously said, “Hard cases make bad law.” We may see that maxim play out in the next few weeks. On Tuesday February 16, United States Magistrate Judge Sheri Pym (Central District of California) granted the government’s request for an Order directing Apple to devise software to permit law enforcement to unlock the iPhone of Rizwan Farook, one of the San Bernardino shooters. The following day Tim Cook, CEO of Apple, issued a statement indicating that Apple would fight the Order. The privacy versus national security battles lines have been drawn.
An iPhone belonging to Farook was discovered during a search of an automobile, and a warrant was obtained to search the contents of the phone. A security feature of the software on the phone operating system, iOS 9, wipes the contents of the phone after ten failed attempts to input a password. Apple does not keep passwords on iPhones, so the only way the FBI could unlock the phone on its own would be with a ‘brute force” attack in which thousands of password letter and number combinations would be attempted, resulting in erasure of the phone’s contents.
The U.S. Attorney for the Central District of California submitted an application for an Order pursuant to a 1789 statute, the All Writs Act, directing that Apple assist it by creating a Single Image File (SIF) that could be uploaded to the subject phone (and only that phone) and would bypass of disable the erasure function. The government argued that the All Writs Act has been invoked previously by court orders issued in conjunction with warrants to search cell phones. Magistrate Judge Pym granted the application, but provided Apple with five days to contest her Order.
The day after the Order was issued Apple CEO, Tim Cook, said the company would, indeed fight the Order. In an open letter posted on the Apple website, Cook noted that the software Apple was directed to provide “does not exist today.” Its creation would provide a dangerous backdoor to mobile phone security, he said, because the tool could be used over and over and not just once, as the government contends. Granting such authority under the All Writs Act could, in addition to weakening security generally (i.e., the tool could be stolen by hackers), lead to demands that “Apple build surveillance software to track and intercept” users’ personal data.
Does the All Writs Act have a useful place in the digital age as a tool for law enforcement following attacks on San Bernardino and Paris, or does its invocation create a means for increased government surveillance and weakening of digital privacy and security at a time when encryption is ever more critical in the face of sophisticated hackers? This dispute has a long way to go, and the effects of the result may be felt for some time, regardless of the outcome.
If you have questions about mobile device security laws and regulations, please contact Kenneth N. Rashbaum.