The Next Apple Case...
The reason many technologists fear a negative outcome in the San Bernardino Apple case is because of the possibility the precedent would establish the ability of a court to compel a malicious update.
Published by The Lawfare Institute
in Cooperation With
The reason many technologists fear a negative outcome in the San Bernardino Apple case is because of the possibility the precedent would establish the ability of a court to compel a malicious update. The technology community widely believes that if the FBI prevails, we will never again be able to trust our devices in the future and the result will be a disaster for computer—and even national—security.
Some on the other side of this discussion insists the San Bernardino case will not, in fact, create this dangerous precedent. But I cannot see any way that it won’t.
Let us imagine a future where the FBI wins the San Bernardino case. What does the next motion look like? Here's the start of the Memorandum of Points and Authorities for the future case after Apple has built protections against the malicious "device in hand" firmware updates used to deploy the desired "GovtOS" backdoor the FBI is requesting in the San Bernardino case.
MEMORANDUM OF POINTS AND AUTHORITIES
I. INTRODUCTION
Rather than assist the effort to fully investigate the potential for a deadly terrorist attack by obeying this Court's Order of February 16, 2019, Apple has in private repudiated that order. Apple has attempted to design and market its products to allow technology, rather than the law, to control access to data which has been found by this Court to be warranted for an important investigation. Despite its efforts, Apple nonetheless retains the technical ability to comply with the Order, and so should be required to obey it.
Before John Q Badguy ("Badguy") and his wife June Badgirl began planning their attack, Badguy purchased an iPhone 8X. The Federal Bureau of Investigation ("FBI") has reason to believe that Badguy is actively using this phone to communicate as part of a larger plot. The phone may contain critical communication and data that, thus far: (1) has not been accessed; (2) may reside solely on the phone; and (3) cannot be accessed by any other means known to either the government or Apple. The FBI obtained both a delayed notice warrant to search the phone and a Title III wiretap order. Because the iPhone is designed to resist access after arrest, the government subsequently sought Apple's help in its efforts to execute the lawfully issued search warrant. Apple refused.
Apple left the government with no option other than to apply to this Court for the Order issued on February 16, 2019. The Order requires Apple to assist the FBI with respect to this single iPhone used by Badguy by providing the FBI with the opportunity to determine the passcode and contents. The Order does not, as Apple's private statement alleges, require Apple to create or provide a "back door" to every iPhone; it does not provide "hackers and criminals" access to iPhones; it does not require Apple to "hack all of [its] own users" or to "decrypt" its own phones; it does not give the government "the power to reach into anyone's device" without a warrant or court authorization; and it does not compromise the security of personal information beyond the duly authorized court order. To the contrary, the Order allows Apple to retain authorization over its software's operation at all times and it gives Apple flexibility in the manner in which it provides assistance.
In the past, Apple has consistently complied with a significant number of orders issued pursuant to the All Writs Act to facilitate the execution of search warrants on Apple devices running earlier versions of iOS, both voluntarily and when compelled by the court in United States v Apple Inc (434 U.S. 555 (2018)). Based on Apple's recent public statement and private statements by Apple, Apple's current refusal to comply with the Court's Order, despite the technical feasibility of doing so, instead appears to be based on its concern for its business model and public brand marketing strategy.
Accordingly, the government now brings this motion to compel. While the Order includes the provision that "to the extent that Apple believes that compliance with this Order would be unreasonably burdensome, it may make an application to this Court for relief within five business days of receipt of the Order," Apple's statements makes it clear that Apple will not comply with the Court's Order. The government does not seek to deny Apple its right to be heard, and expects these issues to be fully briefed before the Court; however, the urgency of this investigation requires this motion now that Apple has made its intention not to comply patently clear. This aspect of the investigation into the potential behavior of Badguy must move forward.
II. STATEMENT OF FACTS
As set forth in the government's application for the All Writs Act order, and the Declaration of FBI Supervisory Special Agent ("SSA") Jane Q Lawwoman, which was attached thereto, both of which were filed on February 16, 2019, the FBI is currently investigating a potential plot involving Badguy. In this process, the FBI discovered the existence of iPhone 8X, Model: A1832, S/N:FFMNQ3MTG2DX, IMEI: 348820052301412 on the Verizon Network (the "SUBJECT DEVICE"). Using this evidence, the FBI has obtained authorization for both a delayed notice search warrant and a Title III wiretap order on the SUBJECT DEVICE.
Previously, the FBI could seize the suspect device and, with cooperation from Apple, temporarily install what Apple has sarcastically termed "GovtOS", enabling the FBI to repeatedly try all possible passcodes in an attempt to unlock the device. The changes in the iPhone 8X and Apple's iOS11 foreclosed this option as now an attempt to load GovtOS causes the phone to erase all contents. The FBI will be unable to make attempts to determine the passcode to access the SUBJECT DEVICE post arrest because Apple has written, or "coded," its operating systems with this new erase function that would result in the permanent destruction of the required encryption key material if there is an attempt to load GovtOS on this device without already knowing the passcode. Additionally, there is a significant chance that Badguy is using a longer pin or passcode which would also limit the ability of GovtOS to unlock the phone.
Apple, however, has the technical means to bypass this protection. Apple iOS devices regularly receive updates over the air (OTA) both from Apple and from the device's cellphone carrier which include additional functionality to both applications and the base operating system. All the FBI is requesting is that the next OTA update delivered to the SUBJECT DEVICE include a minor amount of additional functionality so that when loaded only on the SUBJECT DEVICE the phone communicates the user-entered passcode and all encrypted messages to the FBI, enabling the FBI to implement both its search warrant and Title III wiretap order which applies to the SUBJECT DEVICE.
The FBI has even offered to relieve Apple of any burden in delivering the update to the SUBJECT DEVICE, as the FBI can deliver the update through the SUBJECT DEVICE's carrier update mechanism pursuant to the existing Title III wiretap. Rather, Apple only needs to develop and cryptographically sign the update, something that Apple regularly does with each version of GovtOS pursuant to the All Writs Act as decided in US v Apple.
When the government first realized that Apple retained the means to obtain that data from the SUBJECT DEVICE and that due to the way that Apple created the software Apple was the only means of obtaining that data, the government sought Apple's voluntary assistance. Apple rejected the government's request, although it conceded that it had the technical capability to help. As a result, without any other alternative, on February 16, 2019, the government applied for - and this Court subsequently issued - an Order pursuant to the All Writs Act, compelling Apple to assist the FBI in its search of the SUBJECT DEVICE.
....
At this point, the eagle eyed reader should see that, apart from the hypothetical's framing, I largely took the Government's Motion to Compel in the San Bernardino case and replaced a few names and numbers. Beyond this point the government can just simply lift the rest of their text with the addition of US v Apple, rather than US v New York Telephone, as the controlling Supreme Court precedent.
All the arguments, both on the side of law enforcement and from technology companies, appear to apply equally well to my hypothetical. Neither side is making a key distinction on where the device is currently held, apart from the FBI's offer to loan the device to Apple so that Apple can limit the code's release. Apple's burden is the same in both cases: they need to create and cryptographically sign a backdoor. The relative burden of where the code is deployed is trivial in comparison. If anything, my hypothetical is arguably less burdensome, since Apple isn't suffering a new reputational damage as Apple is already compelled to sign backdoor code in the event they lose the San Bernardino case.
The US court system runs on precedent, and as a technologist I can't see how the FBI could win in San Bernardino, forcing Apple to create and cryptographically sign a backdoor for a target device, yet lose the subsequent case requiring Apple or Microsoft to sign a malicious over the air update.
Updates are the vaccines of the computing ecosystem. And we know what happens when people don't trust vaccines.