Apple! Yay!!! iPhone! Yay!!! iOS8! Yay!!!
Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user information.
During the Lavabit fiasco, geeks explained with as much aplomb as they could muster how technology could solve government intrusion by making it impossible, with a few deft keystrokes, to get its nasty mitts on anything. Ironically, nobody adores alphabet soup more than the government than geeks. SQL? Cool.
Already, applause can be heard. And Android will follow suit any moment now.
In the meantime, though, it’s great to see tech companies actually competing on how well they can protect the privacy of their users’ data from the prying eyes of law enforcement and intelligence agencies.
So were the geeks right all along? Have they outwitted the neanderthals in polyester suits with their clubs beating brilliant techies to a pulp for their backdoor passwords? Not so fast.
Orin Kerr throws the first wet blanket on the geeks’ beach blanket bingo.
I find Apple’s new design very troubling. In this post, I’ll explain why I’m troubled by Apple’s new approach coded into iOS8. I’ll then turn to some important legal issues raised by Apple’s announcement, and conclude by thinking ahead to what Congress might do in response.
Let’s begin with a really important point: In general, cryptography is an awesome thing. Cryptography protects our data from hackers, trespassers, and all sorts of wrongdoers. That’s hugely important.
But, but, but, what about law enforcement?
And under Apple’s old operating system, cryptography protects iPhones from rogue police officers, too. Thanks to the Supreme Court’s recent decision in Riley v. California, the Fourth Amendment requires a warrant to search a cell phone. Apple’s old operating system effectively enforced the warrant requirement technologically by requiring the government to serve a warrant on Apple to decrypt the phone.
And this is where the situation gets confusing to geeks, who lack the respect for a warrant that someone like Orin, or any federal judge anywhere, is inclined to have.
If I understand how it works, the only time the new design matters is when the government has a search warrant, signed by a judge, based on a finding of probable cause. Under the old operating system, Apple could execute a lawful warrant and give law enforcement the data on the phone. Under the new operating system, that warrant is a nullity. It’s just a nice piece of paper with a judge’s signature.
So here’s the situation as seen through the eyes of a government lawyer and federal judge. Apple could make it work that it can comply with a search warrant, but has chosen to do whatever crypto voodoo it can to make it not work. Their choice targets the government, to thwart lawful process. Geeks don’t feel as beloved of lawful process as government lawyers and judges do, or even Orin. They really don’t give a damn that some judge issued a warrant, because he’s only a judge, the system sucks and is corrupt, and, screw it, they have the technology.
Orin offers a few thoughts about how this plays out, focusing largely on congressional response when egregious deprivations, the sort that tug at the public’s heartstrings, turn the tide of concern over privacy back in the government’s favor.
1) The most obvious option would be to follow the example of CALEA and E911 regulations by requiring cellular phone manufacturers to have a technical means to bypass passcodes on cellular phones. In effect, Congress could reverse Apple’s policy change by mandating that phones be designed to have this functionality. That would restore the traditional warrant requirement.
2) A second option would be to enact a new law severely punishing a target’s refusal to enter in his passcode to decrypt his phone. Under current law, such a refusal could lead to civil or criminal contempt charges. But given that the Fifth Amendment isn’t implicated for reasons discussed above, I don’t think there is a constitutional barrier to punishing it more severely. How severely is a policy question up to Congress, so Congress could theoretically impose quite high punishments. Of course, this option wouldn’t work if the owner of the phone is unavailable, such as would be the case in a homicide investigation when it’s the victim’s phone.
3) A third option would be to impose data retention laws. If the key evidence lost because of Apple’s policy is communications data stored on the phone that won’t be found elsewhere, Congress could require providers to store the data. For example, Congress could require cell providers to retain specific kinds of data (such as text messages) so it can obtain the messages from the provider with a warrant rather than from the phone.
While these may serve to address the long term use of technology to stymie legal process, I don’t believe for a minute that it will ever get that far. Orin is far too kind toward doctrinal solutions to see the most obvious solution the government will offer to a cellphone/operating system creator deliberately making choices designed to defeat the government’s efforts to access whatever damn information it needs, and for which a court has issued a warrant for it to get.
If this was a fair fight, I might bet on Apple and its technology, but the government of the United States of America does not believe in fair fights. They use a scalpel when it works, but when it doesn’t, they use a bludgeon. As the Supremes held in Branzberg v. Hayes, the government is entitled to every man’s evidence. They will do whatever they have to do to get it. Crush Apple. Crush Android. Crush you and me. Hold the Board of Apple in contempt, lock them away, impose ruinous fines, take away their wifi, whatever.
Rather than go down the road of how exactly the government will use its bludgeon, which strikes me as a waste of time, it’s sufficient to know that they will use it.
For those who remember the joke about Timmy, the boy who always used dirty words in class, so the teacher refused to call on him to give a word as she went through the alphabet until she got to the letter “R,” where she couldn’t think of any curse that began with the letter “R” and so she finally called on Timmy, you know how he responded. That’s how the government will respond as well. Argue the merits of Apple’s principled decision and technological advantage all you want. It won’t matter when the government turns it into “a big, fucking rat.”
Discover more from Simple Justice
Subscribe to get the latest posts sent to your email.
As a geek, my view is that it’s a marketing gimmick. The government doesn’t need the ability to get past the passcode to spy. They get the location of the phone from the cellular service provider, the NSA already listens to phone calls, any other data stored on the phone gets synced to iCloud where the government can get it from Apple, and the phone’s microphone and camera can be remotely activated by malware installed by subverting the software update process.
There are plenty of workarounds based on the specifics of the situation, but there will be times when they need what they need, and they need it now. And frankly, they just don’t see it as the government’s problem to find workaround because Apple.
I think that maybe Apple has enough power and certainly deep pockets but frankly trust them only a little more than any other large corporation to cover their behinds…and much like Ken think the “backdoors” are in place. Frankly if I wanted to do something that I wouldn’t want someone else to find out about I’d leave the phone out of it for not only texting and calls but even going anywhere.
I work as a software engineer within the mobile computing industry, and I have held positions at times that make me responsible for the design of security features on technology products.
What isn’t mentioned in this conversation, is that placing a backdoor or a bypass in a product to allow someone to lawfully get at its contents, will inevitably allow unauthorized persons to unlawfully gain access to the device.
These kinds of features historically have been abused more widely by criminals than legitimately used by law enforcement. It would be foolish to think that such a backdoor, or secret master key would not quickly become known to foreign intelligence officers, organized cybercriminals, and malicious hackers causing grief.
Other more eloquent security experts have written on the subject better than I can:
[Ed. Note: Links deleted per rules.]
I think the backdoor problem is sufficiently obvious. What’s similarly obvious is that the potential for exploit is Apple’s problem, not the government’s. The govt wants what it wants, and it’s up to Apple to deal with collateral damage.
I think folks are thinking about this wrong. I think this is being brought out and touted less for concerns about the NSA and more about the icloud hackings being a horrible PR black eye.
I think that’s what Ken Hagler was alluding to when he called this a marketing gimmick. But hey, since Apple raised it, it’s now raised.
what was the word Timmy said to the teacher
It took a long time for someone to ask. “R” is for rat. “A big, fucking rat.” See? Even when there’s no curse that begins with an “R,” Timmy is still Timmy and he’ll find a way.
Under the IOS8, the target of the warrant has an opportunity to quash the warrant before it is executed in cases where the warrant is somehow defective.
Under the old IOS, Apple had an opportunity to attempt to quash the defective warrant. But, Apple is not the target, so Apple would not be expected to expend the resources needed to determine that defective warrants are defective and get them quashed prior to warrant execution.
In this sense IOS8 is better for the cause of justice than the old IOS. One might argue that that the guilty can suppress evidence in cases of defective warrant, but this is not a remedy for one who is not a criminal, but, rather, merely seeks to avoid an unConstitutional invasion of 4A privacy interests. So, yay IOS8!
Also, to the extent Congress takes legislative action against what Apple is doing, at least Apple has converted this issue from one decided by the judicial branch to one decided by the legislative branch. Congresspeople can be votes out and legislative acts can be overturned by democratic process. I think that matters, and it is another reason Apple is doing a good thing here even if they do not ultimately “win.”
That may be the view from the academic bleachers. It’s not how it looks from the trenches.
It is really, really difficult to convince a court that a warrant is defective at a suppression hearing, so it must be equally difficult to get a warrant found defective prior to its execution.
I understand this line of thinking, but I do not agree.
The question isn’t whether they’ll get the warrant. They will get the warrant. The govt may hate to have someone in there willing to fight to quash the warrant (though this too is largely an overstated problem, just as people aren’t willing to retain counsel to defend themselves, they won’t retain counsel to contest a warrant), but the govt will still get what it needs.
The question is whether notifying the target of the investigation before the government is ready will undermine its efforts. It will. The govt won’t tolerate it, and the courts won’t let that happen.
Well, I will grant you this: If another sinking of the Maine, or Pearl Harbor, or 9/11 occurs, then the government will probably get the legislation suggested by Professor Kerr. Otherwise I think the legislative outlook is less certain.
Maybe courts have the power to enjoin IOS8 under the current state of the law, but Professor Kerr did not seem to suggest that, and I am thinking that if he could have he would have based on his track record.
You aren’t getting the idea here at all. Legislature solutions are for sissies. A judge on the ground will issue an order that makes Apple cry, and no one outside of the government and Apple will know about it, and then, poof, the problem disappears.
This is not a game for pseudo-dilettantes to pretend they get how this works by reading it in appellate decisions and on the internet.
Okay, insult aside, thanks. I understand better what you are saying now.
If you didn’t keep pushing the stupid button, it wouldn’t be necessary to reduce the discussion to why you don’t get it. Try harder to understand rather than stick with your position at all costs.
And if you don’t like my responses, you don’t have to comment or read SJ. But stop whining about it.
I have a follow up question, which is:
do you think that only federal law enforcement / counter-terrorism will use these secret court proceedings to force Apple to hand over unencrypted data,
OR
do you think that state and local law enforcement will also come to have the same prerogatives to “twist Apple’s arm”?
The “secret court proceedings” are called “ex parte applications,” and they have and continue to happen all the time. How do you think the cops get warrants?
My guess is that state judges will have a far harder time because of jurisdictional issues.
SHG,
Our judges have Apple cell phones (4S). We have been told that for now we should not download the new operating system. There is an irony here, but I can’t seem to find it. All the best.
RGK
You get government cellphones? If I knew that, I might have returned Chuck Schumer’s call.
Pingback: Orin Kerr's Dangerous Thinking - Windypundit
You are all basing your assumptions under a US-centric structure.
Apple is scared.. scared of media painting them in a bad light via the iCloud celebrity PR disaster and more importantly scared of Android and the market lead that Android based phones have in the rest of the 95% of the worlds population that is not the USA.
They want to sell to Europe and under the new EU rulings re data retention and inherent human rights to privacy etc (no matter how wrong or right those rulings might be) the EU is a HUGE market for them to be 2nd place in phone sales (in fact if you count Samsung, HTC, Huawai, etc as separate Android phones.. Apple is way below 2nd in sales and uptake)
Then you have SE Asia, Greater Asia and Oceania (and lets not forget S.America – Brazil etc) where Apple is basically being destroyed. They need the marketing gimmick (that stock Android has anyway just you need to load certain base programs to turn it on) of ‘client side encryption’ and I have a suspicion that they wont care what the USA Govt says or does. Their major incentive is to make their shareholders money. If that means they will maybe, someday, be legislated against or even charged with crimes then the 5% that is the USA market (it’s around 28% in practice at moment and going lower year by year) is a problem they can do without. They will either have a seperate product (which wont go down with the USA populace) or remove themselves from USA jurisdiction – more likely this will happen anyway at some stage in future.
That’s my read anyway.. though remember Timmy SHG? He had a friend who say a picture of an elephant and said “Thats a Fricken Elephant” to the teacher. After being slapped over the head the teacher then read the text under the picture.. Sure enough it said AFRICAN Elephant. It’s all in how you see things. 😉
Interesting point. Yes, you’re right, at least for me.