What's At Stake In Apple/FBI Fight: Who Gets To Set The Rules That Govern Your Privacy & Security

from the this-is-important dept

Lots of people, mainly those supporting the DOJ/FBI’s view of the Apple fight, have been arguing that this isn’t a big deal. They’re just asking for one small thing. Other people have tried to examine “what’s at stake” in the case, with a number of the arguments falling into the typical “privacy v. security” framing, or even something around precedents related to privacy and security. However, Jennifer Granick recently wrote a great piece that does a much better job framing what’s truly at stake. It’s not privacy vs. security at all, but rather who gets to set the rules over how software works in an era where software controls everything.

We live in a software-defined world. In 2000, Lawrence Lessig wrote that Code is Law ? the software and hardware that comprise cyberspace are powerful regulators that can either protect or threaten liberty. A few years ago, Mark Andreessen wrote that software was eating the world, pointing to a trend that is hockey sticking today. Software is redefining everything, even national defense. But, software is written by humans. Increasingly, our reality will obey the rules encoded in software, not of Newtonian physics. Software defines what we can do and what can be done to us. It protects our privacy and ensures security, or not. Software design can be liberty-friendly or tyranny-friendly.

This battle is over who gets to control software, and thus the basic rules of the world we live in. Who will write the proverbial laws of physics in the digital world? Is it the FBI and DOJ? Is it the US Congress? Is it private industry? Or is it going to be individuals around the world making choices that will empower us to protect ourselves ? for better or for worse?

That’s a big question — and it’s not necessarily one that should be decided by a magistrate judge, making use of a law from the 18th century.

The big question then becomes: Are people going to be forced to live in a surveillance-friendly world? Or will the public be able to choose products ? phones, computers, apps ? that keep our private information, conversations, and thoughts secure?

Right now, the FBI wants to decide these questions with reference to a law that was originally passed in 1789. The All Writs Act allows courts to ?issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.? Obviously, Congress wasn?t considering iPhone security at the time. The AWA has no internal limits and provides no guidance for courts on how to weigh individual privacy interests with corporate liberty and business interests with public safety interests. It is an utterly inappropriate vehicle for compelling forensic assistance.

And if the DOJ wins this case, it’s pretty clear where this goes:

If the All Writs Act can be used in this way ? to force a company to develop forensic software that the government wants to deploy in a single case of terrorism ? it could be used in any number of other (currently unforeseen) circumstances.

In other words, design mandates will be next. In fact, maybe it?s already happening behind our backs. When the Snowden documents showed that Microsoft had created surveillance backdoors in Skype, Outlook.com, and Hotmail, the company issued a statement. It said:

Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That?s why we?ve argued for additional transparency that would help everyone understand and debate these important issues.

At the Center for Internet and Society, we?ve been trying to figure out what those legal obligations are. I wonder if these AWA arguments are part of it.

To make sound policy in this space, the public needs to know what the government is forcing companies to do, the full picture. This San Bernardino case is just one salvo in the ongoing war between a surveillance-friendly world and a surveillance-resistant world. The stakes for liberty, security, and privacy ? for control over our software-defined world ? are high.

This is not about one phone. It’s not about one case. It’s not just about encryption. It’s about how we work as a society and who gets to set the rules. That’s kind of a big deal.

Filed Under: , , , , , , ,
Companies: apple

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “What's At Stake In Apple/FBI Fight: Who Gets To Set The Rules That Govern Your Privacy & Security”

Subscribe: RSS Leave a comment
32 Comments
Anonymous Coward says:

“It’s about how we work as a society and who gets to set the rules. That’s kind of a big deal.”

Well the government gets to set the rules already. Think about what encryption is export controlled. How/why isn’t this any different?

I personally agree that it’s a dumb idea to give the government access but it just seems like the next step in a very old fight.

Anonymous Coward says:

Re: Re:

I disagree, this is a new problem because portable computers with huge capabilities and interconnectivity is not a very old line of products. In relative terms it is quite recent.

Ideally, “The government” does not get to set the rules – they are supposed to be doing what is in their constituents best interests. A huge problem is that politicians act as though their constituents are comprised only of those who give them money.

John Fenderson (profile) says:

Re: Re: Re:

I think this is a new battle in a rather old war. There was a cease-fire in that war for a few years so people forgot, but I’m hearing nothing, on any side of the issue, that I didn’t hear during the last crypowar.

And before the last cryptowar, nearly identical issues and arguments were had over the telephone, the telegraph, the mail system, etc. etc. etc.

FM Hilton (profile) says:

Who sets the rules...

Owns the world.

In Britain, there is no such thing as ‘surveillance-free’ zones. In London, there are thousands of cameras watching everyone every single second of the day.

Nobody seems to care.

Because they’ve been told it’s for their own security.

We don’t want to be like them, do we?

The FBI would like this kind of stuff, as would the NSA and a few other agencies-to take away any security or privacy you might have left in this day and age.

With this move against Apple, they get to own all of it, if they win.

That’s what comes from people not caring enough until the very last minute, and even then they give only a shrug.

Used to be different a long time ago. Where did our moral outrage ever go?

Warner8 says:

_+_+_+

“What’s at Stake” is quite simple —
Who is the Master & Who is the Servant in the roles of government and citizenry ?

The U.S. Government has now well established itself as Master over the Citizens — it merely seeks to tidy up a few loose ends in its Police State. Bill of Rights & 4th Amendment have been almost totally neutered by government police agencies and judicial bureaucrats in black costumes.

“Jennifer Granick” and her “great piece” completely misses the core political/legal issue with her silly fixation on software.

Anonymous Coward says:

Re: Re:

From the article: To make sound policy in this space, the public needs to know what the government is forcing companies to do, the full picture. This San Bernardino case is just one salvo in the ongoing war between a surveillance-friendly world and a surveillance-resistant world. The stakes for liberty, security, and privacy — for control over our software-defined world — are high.

You were saying? RTFA!

Anonymous Coward says:

Why is the age of the All Writs Act always mentioned (as if that’s inherently important) but the age of the Constitution and/or 4th Amendment are not? And why no history of how/when the AWA has been used? It’s not like someone just stumbled upon it in an obscure law book. For example, the All Writs Act was used in the 70’s to compel a telephone company to help with government wiretapping. You’d think that would be mentioned more since it seems pretty relevant to what’s going on now.

That One Guy (profile) says:

Re: Wine vs Vinegar

Because some ideas age pretty well, while some don’t. Concepts such as freedom of speech, freedom of religion, freedom against unreasonable searches and seizures, those were good ideas when they were written down, they’re good ideas today, and they’ll be good ideas a couple centuries down the road.

When you’re talking about laws that allow the government to compel certain things though, taking into account what was possible with the tech level at the time, then you start running into problems.

When a company cannot keep detailed records of everything, every message sent, every person an individual contacted and when, then an order to hand over ‘everything’ can only provide so much information. It’s limited by practicality and what’s reasonably possible.

Today however it’s beyond easy for a company to gather up staggering amounts of data on someone and their activities, which means an order to hand over ‘everything’ is going to provide massively more information, and depending on who is targeted the scope of information is likely to be drastically wider as well.

Telling a phone company to hand over all the records they have regarding a certain customer is only going to tell you who they called and when when that’s all they can track, but today, with so much done online, there is a lot more data available. Who do they call and when, who are on their list of contacts, what sites do they visit and how often. It’s even possible to track their physical movements without once approaching them.

The difference between what could be compelled to be handed over via the AWA when it was first written, and what can be compelled to be handed over now is huge, and that is where the complaints over using such an old law are coming from. Age is only half of the equation, context is a much larger part.

Anonymous Coward says:

Re: Re: Wine vs Vinegar

That One Guy: “The difference between what could be compelled to be handed over via the AWA when it was first written, and what can be compelled to be handed over now is huge, and that is where the complaints over using such an old law are coming from. Age is only half of the equation, context is a much larger part.”

Playing devil’s advocate for a second, the 4th Amendment affirms the government’s ability to perform lawful searches and seizures, gives an outline of what constitutes “lawful”, and only protects citizens from unlawful searches in seizures. I doubt the Founding Fathers could envision a world where physical papers and effects were replaced with virtual papers and effects and those virtual items could be stored in a common, everyday device that was impregnable if used as designed.

The amount of info that exists about people these days certain dwarfs what existed 200yrs ago, but encryption gives the masses a way to conveniently keep information under virtual lock and key that didn’t exist 200yrs ago. If the going theory is that ‘unbreakable’ (forgive the hyperbole) encryption should be commonplace, and the government can just suck it, doesn’t that undermine the 4th Amendment by making lawful searches and seizures nearly impossible?

Of course this doesn’t really address the issue at had which is between the government and a third party (Apple). Oddly enough for a debate so centered on privacy is that fact that the owner of the device in question, San Bernardino County, doesn’t want the info on the device to remain behind closed doors.

That One Guy (profile) says:

Re: Re: Re: Wine vs Vinegar

True enough to a point, but encryption has always existed, so while it’s easier to encrypt things now the ability to do so would not have been unthinkable back when the 4th was written, and I don’t imagine they would have agreed that a reasonable search and seizure included being able to force someone to decrypt something in their possession. They can seize the encrypted communications/data, but decrypting it is their problem.

There will always be things beyond the reach of a court order(and in fact the 5th Amendment specifically allows this by prohibiting someone from being forced to provide evidence that can be used against them), that’s just how it works, and how it must work if the rights and privacy of the public are to exist in any meaningful sense. If that means that they don’t get to have access to all the potential evidence, then that’s just too bad for them.

Stephen says:

Involuntary Servitude: Apple, the FBI and 13th Amendment

Another argument has appeared on the Net over the past day or so from a couple of lawyers: Norman Pattis and Andrew Napolitano.

http://www.pattisblog.com/blog.php?article=Apple-Involuntary-Servitude-and-the-13th-Amendment_6914

http://www.washingtontimes.com/news/2016/feb/24/andrew-napolitano-apples-involuntary-servitude/?page=2

In essence their argument amounts to this. The court has ordered Apple to create something which does not yet exist. Compelling Apple to create it, Pattis and Napolitano both argue, amounts to “involuntary servitude”, something which is prohibited by the 13th Amendment to the US Constitution.

As Pattis points out:

It is one thing to order a company to produce a document or a record. it is quite another to order it to do work it does not want to do.

The court’s order that Apple engineers design a program to bypass its security features is nothing less than indentured servitude. It matters not that the government might be willing to pay Apple for its service, or that it will keep secure the program it compels Apple to create. The fact is the government wants to force Apple to undertake a task Apple does not want to do.

That, my friends, is involuntary servitude.

Whatever (profile) says:

“In other words, design mandates will be next”

I gotta say that this is a pretty huge logical leap. This case (and all that it implies) narrowly sits on devices that the police have in evidence, and not all phones. Any precedent set would apply in the narrowest of confines as defined by the case itself.

Yes, there is a biggest question, one of privacy versus legal discovery and how these devices would be treated as evidence in the future. That is a very different set of situations and circumstances. Apple having to apply a firmware patch to this particular phone which is in police custody and with the permission and agreement of the phones owner doesn’t suddenly lead to a free for all of the government dumping your phone every night to make sure you haven’t had any naughty thoughts.

For me, that is a scare tactic narrative that is way too over blown. I find that Tim Cook’s incredibly heavy handed run of public statements, interviews, and “death to privacy” pronouncements are just way over the top.

More, I consider this concept: Perhaps if Apple doesn’t agree to help out (ie, fights in court for years and years making it moot) they may find themselves facing a backlash against encryption entirely. That could lead to congress passing laws that would create that very mandated weakness that you all fear. It’s a key turning point, Apple fighting the shadows for your rights today could in fact be leading to your rights being limited or crowded in the future.

I also think Apple may find themselves in deeper trouble if they don’t cooperate in that the feds (like the FTC as an example) may end up looking into their walled garden approach to their phones and operating systems. The feds could (say on an android device) hire and outside third party to do the work. They only have to approach Apple on this one because they have hard restrictions on things like OS updates, firmware changes, and yes, hardware fixes as well. Apple may not be ready for all that comes with failing to fulfill what really is a very small mandate.

We also have to wonder if Apple doesn’t already have the work done for the Chinese government, and just doesn’t want to admit to it. Apple’s aggressive stand on this one and massive smoke screening makes me thing there is something behind mirror #1.

Anonymous Coward says:

Re: Re:

Apple having to apply a firmware patch to this particular phone which is in police custody and with the permission and agreement of the phones owner doesn’t suddenly lead to a free for all of the government dumping your phone every night to make sure you haven’t had any naughty thoughts.

The phone’s owner is dead. I’m not so sure he gave them permission – where did you read this?

That could lead to congress passing laws that would create that very mandated weakness that you all fear.

And you think that somehow, this means encryption won’t be used?
Say they do pass a law.
And I use 3rd party encryption that securely encrypts the phone (perhaps, say from someplace outside the US)
Do you think that somehow, that law ensures that the FBI will still be able to break the underlying math in the encryption?

Unless you’re thinking encryption, in and of itself, can be made criminal. In which case, I’d say you’re beyond full of shit.

Anonymous Coward says:

Re: Re:

They only have to approach Apple on this one because they have hard restrictions on things like OS updates, firmware changes, and yes, hardware fixes as well.

Actually, they don’t have to approach Apple at all.

The FBI has engineers (or certainly ones they can hire).
Those engineers could reverse-engineer the code (although it would be unlawful for them to do so, given current copyright law – something I’m SURE you wouldn’t back, given your penchant for licking the backsides of copyright maximalists).

Once the code is (illegally) reverse-engineered, they can modify it (again, illegal), insert it into the phone, and take their chances.

So no, nothing’s stopping the FBI from fucking off and going at it themselves.

tqk (profile) says:

A couple of points …

Increasingly, our reality will obey the rules encoded in software, not of Newtonian physics.

Jennifer, as this piece sums up (correctly), it’s about the rules encoded, not their implementation. Focus on the rules. Variables are defined at the start of the code so are easy to be changed, for better or worse.

Secondly, when everything looks like a nail, all you need’s a hammer. The DHS has redefined everyone to be potential domestic extremists. Sucks.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...