Right now, all eyes are on Riverside, California, where a federal magistrate judge issued an unprecedented and dangerous order to Apple on February 16 compelling the company to create and cryptographically sign a special, crippled version of its iOS software that disables certain iPhone security features. The federal government asked the court for this software so that it can try to guess by brute force the passcode to a locked, encrypted iPhone used by San Bernardino shooter Syed Farook. (The device runs a recent version of iOS, so Apple cannot obtain the data without the device’s passcode as it could with earlier iOS versions.)
Last week, Apple moved to vacate the February 16 order, calling the crippled iOS software “GovtOS” and explaining why the All Writs Act does not permit the government to conscript Apple to create and sign software for it. The court has set a hearing in the matter for March 22.
Jennifer has written about the San Bernardino case over at Just Security. CIS Director of Privacy Al Gidari has written extensively on this blog about how the case interacts with CALEA (the Communications Assistance for Law Enforcement Act) here, here, and here.
Also, we’ve blogged several times in recent months about the government’s use of the All Writs Act, which the Riverside court relied on in its order, to try to compel Apple to render technical assistance to law enforcement in getting data from passcode-locked, encrypted iPhones.
The San Bernardino case represents a major shift in the government’s All Writs Act strategy. It has moved from attempting to compel Apple to do something the company is already capable of doing—bypassing the passcode on devices running older versions of iOS—to forcing the company to create, and just as importantly sign, entirely new iOS software that doesn’t presently exist. The government’s theory of the All Writs Act seems to have no limit on what it would permit a court to order a third party like Apple to do. Under its rationale, Apple, other smartphone makers, and manufacturers of the “Internet of Things” such as smart TVs, all could be compelled to turn their products into surveillance devices for law enforcement. Nothing in the All Writs Act allows third parties to be dragooned into the service of law enforcement like that. Nor should courts adopt the government’s reasoning when it would allow such an extreme outcome—the commandeering of our consumer devices for surveillance purposes.
The court’s order is not only wrong on the law, it also raises significant public safety issues, as Jennifer wrote in her most recent post. If Apple is compelled to create, cryptographically sign, and install software on one iPhone in this high-profile case, it will be ordered to do so in other cases—not just by U.S. courts, but by foreign governments. Obtaining the “GovtOS” software will be an attractive target for authoritarian states, hackers, spies, and criminals. Users of iPhones and other mobile devices would lose trust in automatic software updates, which are a crucial means of maintaining device security. In short, the court’s order jeopardizes the security of everyone in the name of breaking into a single device.
These risks don’t appear to have been taken into consideration by the Riverside magistrate judge. That’s why CIS sought to file a friend-of-the-court, or “amici curiae,” brief in the case today to explain these dangers more fully. We submitted the brief on behalf of a group of experts in iPhone security and applied cryptography: Dino Dai Zovi, Charlie Miller, Bruce Schneier, Prof. Hovav Shacham, Prof. Dan Wallach, Jonathan Zdziarski, and our colleague in CIS’s Crypto Policy Project, Prof. Dan Boneh. CIS is grateful to them for offering up their expert take on the serious implications of the court’s order for the entire security ecosystem. We hope the court will listen.