UPDATE (FBI admits): #AppleVsFBI – Just 1 iPhone? In 1977 it was Just 1 Pen Register

The law develops by the process of incrementalism. That is, it is a slow, gradual development, step by tiny step. In the United States, judicial decisions that fill the gaps in between the constitutional and statutory law and helps those bodies of law evolve. Each case sets a precedent, or foundation, upon which the reasoning for the next case is constructed.

In the USA v. Apple iPhone dispute (#AppleVsFBI), the government seeks to assuage the concerns of those who fear it is seeking a “back door” or “master key” into Apple’s iPhones by saying that this case is only about this one phone. The White House has made this claim.

SEE UPDATE BELOW: THE FBI DIRECTOR HAS FINALLY COME CLEAN!

LISTEN NOW: Podcast – Making Sense of #AppleVsFBI

Now James Comey, the Director of the FBI, has made the same argument in a post on the Lawfare blog: “The San Bernardino litigation isn’t about trying to set a precedent or send any kind of message. . . . We don’t want to break anyone’s encryption or set a master key loose on the land.”

Of course not. This is not how the law works. It is never about the ultimate goal. It is always about just one phone. In fact, once upon a time back in the 70’s, it was about just one pen register. This is how it works:

In the present case, #AppleVsFBI, in the Government’s Ex Parte Application for Order Compelling Apple Inc. to Assist Agents in Search; Memorandum of Points and Authorities (the “Application & Memorandum“), the government made its argument for why it was entitled to an order compelling Apple to provide the requested relief.  At page 11 of the Application & Memorandum, the government relied on the case In re Order Requiring [XXX], Inc. to Assist in the Execution of a Search Warrant Issued by This Court by Unlocking a Cellphone, 2014 WL 5510865, at *2 (S.D.N.Y. Oct. 31, 2014) (“In re XXX, Inc.“), as persuasive authority (it was not binding “precedent” in a legal sense, but it has served as precedent, generally speaking) in the form of a similar case in which a court granted at least somewhat similar relief as the government is requesting in #AppleVsUSA.

The court in In re XXX, Inc., relied on an earlier US Supreme Court case for its authority, and because it was the US Supreme Court, it was legal precedent:

“The Supreme Court case that most directly supports the application here is United States v. New York Telephone Co. In that case, the Supreme Court held that a district court had authority under the All Writs Act to issue an order requiring a telephone company to provide technical assistance to the Government in its effort to install a “pen register”—a device for recording the numbers dialed on a telephone. It held that such an order was in aid of the district court’s jurisdiction under Fed.R.Crim.P. 41 to issue a search warrant.”

So, to support its argument for the Order requiring Apple to comply in #AppleVsUSA, the government is relying on In re XXX, Inc., which in turn relied on the persuasive authority of United States v. New York Telephone Co., in which  the government prevailed, which means that it was the government’s arguments in that case that have now led to where we are today.

Consider the government’s arguments on page 28 of its brief to the United States Supreme Court in New York Telephone Co., which were made way back in 1977 (emphasis added):

It is no answer to say, as did the court of appeals majority, that sustaining the district court’s order could serve as a “dangerous and unwise precedent for the authority of federal courts to impress unwilling aid on private third parties” (Pet. App. 15a). The court of appeals was bound to rule on the case before it, not on some hypothetical future case. It was required to decide only whether the district court could properly order the telephone company, not some other private individual, to provide the assistance necessary for the execution of a valid warrant–a warrant supported by probable cause to believe that the company’s facilities were being employed in a criminal venture. Analysis of that issue, we submit, leads to the conclusion that the district court had such power and that it properly exercised it in this case.

In New York Telephone Co., the government made it clear that it was only seeking this one pen register, this one time, in this one case.

It’s always just this one. This one pen register. This one iPhone. This one case . . .

UPDATE!

It took Congress to get FBI Director James Comey to admit what we knew all along: 

  • The ultimate outcome of the Apple-FBI showdown is likely to “guide how other courts handle similar requests”
  • The outcome “will be instructive for other courts”, Comey told the House intelligence committee.
  • Comey … acknowledged that police departments and district attorneys around the country were also seeking similar access to locked phones and encrypted conversations in ordinary criminal cases.
  • Manhattan prosecutor Cyrus Vance has said he has a backlog of 175 locked iPhones awaiting the resolution of the Apple-FBI fight, which is almost certain to be decided in high federal courts.

FULL STORY: FBI director admits Apple encryption case could set legal precedent

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud and data privacy law. He is a Cybersecurity & Data Protection Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

6 Comments

  1. debmcalister

    I don’t know much about incrementalism. But I do know quite a bit about IT security and wireless devices — and even more about PR. And this case isn’t about encryption. The phone isn’t encrypted – or at least, if it is, no one knows it yet.

    This case is about a company (Apple) that put a kind of digital kill switch into its products specifically to block the kind of brute-force break-ins required to let a computer try out thousands of password/PIN combinations to get around a locking mechanism. After 10 tries with the wrong password, the phone self-destructs, destroying data.

    I’m getting older, and so is my husband. Awhile back, I watched him try 14 times to remember a password on a computer here at the house. Thank goodness the computer wasn’t built like the iPhone, or my entire hard-drive could have been erased because he couldn’t remember if the address of the house his grandmother lived in when he was a kid started with 214, 412, or 319.

    I think that the company should be required to comply with the court order. The phone’s owner got a gun and opened fire on the employees of an agency that serves disabled kids for goodness sake. I don’t think he had any reasonable expectation of privacy once he fired the first shot — and if he did, then I don’t think the government is bound by his delusion. To e, it really is about ONE phone, ONE situation.

    Apple has had its PR win. We get it. They’re the good guys, standing up for the privacy of their customers. Or at least that’s the PR spin they’re putting on it, despite decades of data collection and sharing by Apple itself. So they should take their victory and quietly comply with the judge’s order.

    To me, the real question here is not about encryption or privacy or security. It’s whether or not a company can be compelled to provide something that it doesn’t have? Can a court order a company to create something that doesn’t exist, using its technology to build a solution to the government’s problem? If this were a case where Apple had the solution, I would think it would be a lot clearer, don’t you? But since the company insists that no solution exists, I wonder whether or not the courts will ultimately decide that the solution must be created or not.

    Love the article — as always, your blog is insightful and well-written. Looking forward to the next great post!

    All the best, Deb

  2. Shawn E. Tuma

    Deb,

    Thank you so much for your very thoughtful and insightful comment! At the end of the day, I think this really is more about PR for both sides of the debate, than it is any particular phone or steps to access such phones. I think it is probably as true for PR as it is for law in that whichever side is able to frame the issues in the debate, has an advantage.

    In this case, the USA is trying to frame it exactly as you put it: that this is about only this phone and that they are NOT asking Apple to break the encryption on the phone, but are only asking Apple to disable the 10 guess then wipe feature.

    Apple, on the other hand, is trying to frame this as what the USA is trying to do is get Apple to help it take steps to ultimately break the phone’s encryption by, as you said, writing a tool — code — that it does not already possess.

    Personally, I think this is posturing by both sides to try and gain an upper hand in the larger ongoing debate over whether (1) encryption should be outlawed, as some argue, or (2) whether companies that provide security features such as this should be compelled to give the government a “back door” into the systems for purposes such as we see here.

    Legally, I think the issue is going to come down to exactly what you said, “Can a court order a company to create something that doesn’t exist, using its technology to build a solution to the government’s problem?” Now, do the recent reports that the government’s on missteps with regard to changing the password on the iCloud account impact this? I think they may, I just don’t know how much. But this is where the legal decision will likely be made.

    As for the policy issues, I honestly can’t say I have the answer without any doubt in my mind. There is still too much new information coming in for me to fully digest the issues and weigh the impact — just as I think I have an answer, something new is revealed. If my family’s lives were on the line and forcing Apple to do this was the only way to save them, you betcha, I’d say do it in a second. But I know that is not the right way to analyze policy because that leads head first down the slippery slope.

    What I do know, however, is that even if in its heart of hearts the government really only intends this to be about this one case and this one phone, it will not be limited to just this one case and this one phone. In the future, when exigent circumstances exist for taking actions such as these, if the government prevails, this case will then be cited as at least persuasive authority for a future court to do this and more.

    Thanks again, Deb, I always appreciate your insight!

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s