Full Brief From San Bernardino District Attorney Even More Insane Than Application About 'Dormant Cyber Pathogen'

Legal Issues

from the it-goes-on-and-on dept

Like many, we wrote about the bizarre filing from San Bernardino County District Attorney Michael Ramos in the Apple/FBI encryption fight — you know, the one where he speculates randomly that the iPhone might contain evidence of a “dormant cyber pathogen” that is waiting to infect computer systems everywhere? Of course, that was found in his 4 page application to file the full brief, and as far as we can tell, no one else has explored the full 40 page brief that Ramos eventually did file, after magistrate judge Pym granted permission. And, it probably won’t surprise you that in a filing that’s 10x as long, it’s got much more room for crazy arguments, many of which seem to be in the “day is night, black is white” variety. Let’s dig in:

At issue before this Court is whether on balance there is a compelling governmental interest in acquiring evidence of criminal activity contained solely on the specific San Bernardino County-owned iPhone, seized and ordered searched by a lawful search warrant issued by a United States Magistrate, that outweighs any real or imagined interest that Apple, a for-profit California-based corporation, asserts to deny assistance to the FBI, San Bernardino County District Attorney’s forensic partners, and by extension the San Bernardino County District Attorney and our client, the People of the State of California, in acquiring this evidence.

Actually, that’s not the issue. The issue is not whether there’s a compelling governmental interest, but whether or not a company can be compelled to build new hacking tools and surreptitiously load them onto user devices. That’s a very different question, and one that Ramos doesn’t even want to consider. So, instead, he makes up things unrelated to the issue at hand.

Then, Ramos repeats the whole bogus “there may have been a third shooter!” and “DORMANT CYBER PATHOGEN!” arguments, based on absolutely no evidence, and follows it up by flipping the burden of proof, and hilariously arguing that it is Apple’s burden to prove that there is no such dormant cyber pathogen. PROVE A NEGATIVE, APPLE!

At the time that the murders in San Bernardino County were being perpetrated on December 2, 2015, at least two 911 calls to the San Bernardino Police Dispatch Center reported the involvement of three perpetrators. Although the reports of three individuals were not corroborated, and may ultimately be incorrect, the fact remains that the information contained solely on the seized iPhone could provide evidence to identify, as of yet, unknown co-conspirators who would be prosecuted by the District Attorney for multiple murders and attempted murders in San Bernardino County.

In addition, the iPhone is a county telephone that may have connected to the San Bernardino County computer network. The seized iPhone may contain evidence, that can only be found on the seized phone, that it was used as a weapon to introduce a lying-dormant cyber pathogen endangering San Bernardino County’s infrastructure, a Violation of Cal. Penal Code § 502 (Lexis 2016), and which would pose a continuing threat to the citizens of San Bernardino County.

Apple has not advanced a single argument to indicating why the identification and prosecution of any outstanding coconspirators, or to detect and eliminate cyber security threats to San Bernardino County’s infrastructure introduced by its product and concealed by its operating system, and Apple’s refusal to assist in acquiring that information, is not a compelling governmental interest. To the extent that Apple states in its brief at page 33 that there is no compelling state interest because the government “has produced nothing more than speculation that this iPhone might contain potentially relevant information,” Apple completely forgets that a United States Magistrate has issued a search warrant based on a finding of probable cause that the iPhone does contain evidence of criminal activity. The reason we search is to find out if the device contains evidence or is an instrumentality of the crime. Such authority is granted by the United States Constitution.

Got that? As long as the DA makes up some totally mythical “cyber pathogen,” so long as Apple has not proven that such a thing is not on the phone, then open ‘er up, Apple!. That’s a fascinating view of due process.

Oh, speaking of due process, Ramos then, absolutely ridiculously, flips Apple’s 5th Amendment due process argument on its head, arguing that by not hacking into users’ devices, Apple is the one that is harming due process rights. Really:

The California Constitution guarantees victims of crimes committed in California a Victims’ Bill of Rights…. These rights include those shared by all people of the State of California, “that persons who commit felonious acts causing injury to innocent victims will be appropriately and thoroughly investigated brought before the courts of California and tried by the courts in a timely manner.” … The Victims’ Bill of Rights continues to state, “In order to preserve and protect a victim’s rights to justice and due process, a victim shall be entitled to the following rights… To be reasonably protected from the defendant and persons acting on behalf of the defendant”… and the right to have all relevant evidence admitted in any criminal proceeding….

The due process protections of the California Constitution clearly attach to not only the fourteen people murdered, and the twenty two injured in the assault, but also those physically uninjured, but mentally injured survivors who witnessed the mass murder.

Apple is infringing on the due process rights of these real, and not speculative, victims. It is preventing protection from the defendant and those who assist the defendant. Through the design of its operating system and its refusal to assist in accessing the information contained on the seized phone, Apple is preventing the acquisition of information leading to the identity or elimination of outstanding coconspirators. This denies the surviving victims of the knowledge that there are either no additional coconspirators, or that those that are outstanding will be pursued. Apple’s actions in denying assistance in acquiring access to the phone infringes on the Victims’ right to be reasonably protected. Denying access to this information deprives victims of all relevant evidence in any criminal proceeding that could be the product of the information contained on the phone, and it certainly is denying the victims of the right guaranteed to them to have the case investigated and prosecuted in a timely manner.

Let’s put this simply: this is an insane reading of the California Constitution. Based on this, Ramos can basically argue that anyone and anything that gets in the way of law enforcement finding out absolutely anything, no matter how speculative is infringing on someone’s due process rights. Did you sell someone a shredder that allowed them to shred a paper that may have included something useful? You’ve infringed someone’s due process rights. Did you happen to overhear someone planning a crime, but you can no longer remember what the person looked like? You’ve violated the victims due process rights. That’s not how it works. Private companies don’t infringe on someone’s due process rights — governments do.

And, then, just because this isn’t crazy enough already, in somehow arguing that a private company has the burden to prove a negative, and that a private company is responsible for due process, Ramos argues that Apple is “usurping the authority of the District Attorney“:

In refusing to assist in the opening of this repository of evidence, Apple is making the defacto decision of who can be charged with a crime and is giving a de facto grant of immunity to those iPhone users that use the phone as an instrumentality of a crime, a cyber weapon, or store, intentionally or not, evidence of a crime on the device. Questions of whether Apple’s conduct falls within traditional definitions of harboring one who commits a crime aside, Apple is infringing on the authority of the District Attorney to make charging and immunity decisions. Apple is free to exercise its First Amendment rights to express what activities, including none at all, should be considered crimes, or who should be charged with a crime, including nobody, but Apple has no de jure or de facto authority to make those decisions by its actions.

No person but the San Bernardino County District Attorney and his deputies are authorized to decide when criminal charges are brought or not brought, or to whom to provide a grant immunity from prosecution in San Bernardino County. Apple has no such dejure or defacto authority in San Bernardino County.

Except… that’s nuts. Apple is not “granting immunity” or making decisions about who can be charged with a crime. Like the whole “dormant cyber pathogen” this is Ramos simply making up shit and telling it to a judge. Nothing that Apple is doing prevents law enforcement from bringing charges if they have enough evidence. But, once again, Ramos is flipping the very concepts of burden of proof and due process in suggesting that any technology that happens to get in the way of collecting evidence is somehow “granting immunity.”

If you thought that wasn’t crazy enough, Ramos keeps going deeper and deeper into the “What did he just say…..?” hole. Next up: claiming that Apple is an “Orwellian arbiter” of privacy, which in his mind is illegal because Apple is not a public policy maker, and thus is somehow not allowed to build systems that keep customers’ info private. I’m NOT JOKING (though, really, I wish I was).

Apple asserts that its operating system and its refusal to assist in unlocking the phone is, in Apple’s view, necessary to protect the privacy interests of its customers. Apple advances its concept of privacy as absolute privacy in the context that it proffers the opinion that the contents of any Apple iPhone or Apple mobile device is immune from any type of government intrusion due to its security features. While Apple can represent what it chooses in its marketing of its devices and operating systems, Apple is neither the legislature nor judiciary empowered to define privacy as absolute. Apple in not a public policy maker. Apple is a for-profit corporation. No one has appointed or elected Apple to be the Orwellian arbiter or definer of privacy for society or even for all of Apple’s customers.

This falls into the so wrong it’s “not even wrong” category. It’s insane. It’s not even in the realm of reality. Of course a for-profit company gets to determine what kind of privacy tools it offers customers. Is Ramos honestly claiming that companies are somehow breaking the law by building secure systems? Because that’s crazy. It goes directly against basically… everything.

From there, Ramos again pretends the case is about something entirely different:

Apple’s concept of absolute privacy and immunity from government search is not supported by the Constitution of the United States or the cases that interpret it. Furthermore, Apple has no privacy rights in the device before the Court, nor is it legally permitted to assert any privacy rights regarding the search of the San Bernardino County-owned phone.

Right. And Apple is not asserting privacy rights here so what the hell is Ramos even arguing about here? He’s making things up that aren’t even remotely related to the case. Apple is not arguing about its privacy rights. It’s arguing about whether or not the All Writs Act can be used to force it to build hacking tools that undermine the safety and security of its customers.

Ramos then goes on to totally misinterpret the finding in the famous Supreme Court Riley v. California decision about whether or not law enforcement could search mobile phones without a warrant. The ruling in that case, quite rightly and importantly, noted that you could not search a mobile phone without a warrant. But, Ramos pretends that means that the Supreme Court’s decision means that all data on cellphones must be accessible under a warrant, which is not what the court said at all.

Hilariously, after raising issues that aren’t before the court at all (Apple claiming a right to “privacy”), Ramos claims that Apple is the one raising issues not before the court — and appears to do so by not understanding what the actual issue in this case is about:

Apple asserts that unlocking the seized iPhone will open the siege gates and make its users’ personal information vulnerable to hackers, identity thieves, hostile foreign agents and unwarranted government surveillance. It has also expressed concerns about how foreign governments may treat their citizens and the demands that might be made on Apple. None of these issues are before the Court. This case does not involve speculation as to what foreign governments may demand of Apple, or how Apple may respond to those demands in the future. There is no issue of identity theft here, and Apple has not advanced an explanation of how unlocking this phone would lead to identity theft elsewhere, nor have they advanced any evidence of identity thefts caused by their unlocking phones prior to the deployment of IOS 8. Similarly, Apple warns of unwarranted government surveillance. No surveillance is present here. Apple has not advanced any evidence or explanation of how this surveillance will be unleashed by unlocking this phone. Apple cites the hacking of the Office of Personnel Management as illustrative of the dangers of hacking into databases, yet these databases were not contained on a specific iPhone as the evidence here is nor has there been an indication that the databases were hacked by an unlocked iPhone. These speculative concerns do not outweigh the compelling interest in the need to acquire real evidence of real crimes from the seized iPhone.

Here’s the thing. This isn’t that complicated. The law at issue in this case is the All Writs Act. The All Writs Act specifically notes that any “writs of assistance” must be “appropriate” and under the law it’s been determined that to be “appropriate” it cannot be unduly “burdensome.” The judge in the case has specifically requested that the parties focus on whether or not the order is unduly burdensome, and that’s why Apple raised all of the issues above, directly answering the judge’s questions which directly relate to the law at hand. To argue that these are “issues not before the court” suggests such a profound ignorance of the case here that one wonders what Ramos is doing here and how he got elected to be San Bernardino’s DA.

And, really, for Ramos to whine that Apple’s evidence of actual security concerns are somehow too “speculative” when he’s the one spewing nonsense about speculative “dormant cyber pathogens” is just… insane.

Finally, Ramos concludes by saying that, look, he doesn’t really give a shit how Apple breaks encryption, but it needs to be able to break encryption:

Apple’s creation of their iOS 8 and iOS 9, the product of their brilliant engineering created all these issues where it did not exist in previous operating systems. There is nothing unreasonable in having this same brilliance applied to remediating the problem they created. How Apple chooses to accomplish this is a matter of their own choosing. Neither the FBI nor San Bernardino County District Attorney is asking to know how they do it, or directly possess the tools to do so. How Apple resolves the problem, or protects the solution is not our concern. We only seek for this Court to compel that Apple do so.

That’s the DA version of “nerd harder, Apple.” Of course, it (once again) totally misunderstands and misstates the issue. Also, while it is true that, in this case, there do appear to be technical ways (very, very dangerous ones) to force Apple to do what the FBI wants (which, we should note has very specific requests, which Ramos doesn’t even seem aware of, despite being widely discussed), is Ramos honestly asserting that in cases where there isn’t such a backdoor possible that companies still be required to break in, even when that’s mathematically impossible?

The people of San Bernardino County deserve elected officials who actually understand the issues at hand. Not technically and legally ignorant buffoons who file such misleading tripe in such an important case.

Filed Under: all writs act, amicus brief, cyber pathogen, doj, due process, encryption, fbi, michael ramos, privacy, san bernardino, san bernardino da
Companies: apple