Citing a 1789 statute called the All Writs Act, a United States District Court of Central California Magistrate Judge named Sheri Pym yesterday ordered tech giant Apple Incorporated to hack an iPhone that formerly belonged to dead San Bernardino terrorist Syed Rizwan Farook. The implications for ordinary citizens who carry their lives around in their smart phones and for anyone who just doesn’t want the government rummaging around in his life seem ominous.
Pym’s order includes the provision: “To the extent that Apple believes that compliance with this Order would be unreasonably burdensome, it may make an application to this Court for relief within five business days of receipt of the Order.” The order responds to a 40-page motion partly titled “In the Matter of the Search of an Apple iPhone Seized During the Execution of a Search Warrant on Black Lexus is300 California California License Plate 35KGD203 Government’s ex parte Application for Order Compelling Apple Inc. to Assist Agents in Search.”
In the interests of national security, the FBI wants to examine the information contained on Farook’s cellphone. Farook and his wife, a Pakistani national named Tashfeen Malik, murdered 14 people and wounded 22 others at a holiday luncheon at the Inland Regional Center in San Bernardino on December 2, 2015. Government officials want to know what, if any, connections existed between the two murderers and the Islamic State or other terrorist organizations.
But the issue is much more complex than simply gaining military intelligence from the phone of a dead terrorist. FBI Director James Comey complained about iPhone encryption for months before the San Bernardino murders. Last October, he complained that the iPhone’s security features protect mere criminals. He told CBS, “The notion that people have devices…that with court orders, based on a showing of probable cause in a case involving kidnapping or child exploitation or terrorism, we could never open that phone? My sense is that we’ve gone too far when we’ve gone there.”
Pym is ordering Apple to invent a way to hack its own product and defeat its own encryption features.
The issue is pertinent to the current state of American journalism. Most American journalists use iPhones because of their encryption features. Courts can seize a reporter’s cell phone and order him to unencrypt it with a court order under penalty of contempt but that doesn’t always work. It is traditional for American journalists to eat such charges. Google has announced plans to incorporate encryption features similar to Apple’s in its Android operating system.
Both companies argue that once they give the government the means to defeat encryption other governments, for example China, Russia, Iran and North Korea, will use the same hack to spy on visitors and their own citizens.
The government intends to access information on the iPhone by means of a “brute force hack.” Such hacks simply bombard a targeted device or website with millions or billions of attempts to login using a different password each time. The iPhone incorporates two features to frustrate such hacks. One feature, when enabled, simply deletes everything on the phone after ten unsuccessful attempts to log in. The other feature is more subtle. It only allows one log in attempt about every 80 milliseconds. Consequently, even if the FBI is able to preserve the data on the phone, a brute force hack against a thoughtfully concocted password like “*\&@1sCRew=+3tHe))7fbi” might take years.
All Writs Act
The All Writs Act, which was part of the 1789 Judiciary Act and which Judge Pym thinks compels Apple to hack its own product, allows courts to ask third parties for help in executing search warrants. Pym’s ruling demonstrates her fundamental misunderstanding of both search warrants and the All Writs Act. Search warrants are court documents that give police permission to do something. They do not compel anything. You are not violating anything if you live in an armor plated house with a bank vault door. It is the police’s job to execute their search warrant. It isn’t your job to execute their search warrant for them. It isn’t Apple’s job to hack its own phone.
Pym ordered Apple to provide “reasonable technical assistance to assist law enforcement agents in obtaining access to the data on the subject device” by doing three things. First, “Apple’s reasonable technical assistance shall disable the auto-erase function whether or not it has been enabled. Second, “it will enable the FBI to submit pass codes to the subject device for testing electronically via the physical device port, Bluetooth, Wi-Fi or other protocol available on the subject device; and finally Apple “will ensure that when the FBI submits pass codes to the subject device, software running on the device will not purposefully introduce any additional delay between pass code attempts beyond what is incurred by Apple hardware.”
Apple Says No
Yesterday afternoon in a statement published on Apple’s website, Chief Executive Officer Tim Cook said the company would not cooperate with the hack. He wrote, “We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well meaning and law abiding citizens who rely on companies like Apple to protect their data.”
“Up to this point, we have done everything that is both within our power and within the law to help them,” Cook wrote.“But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.”