The “Apple vs. FBI” debate has motivated iPhone users to look up from their iPhones to talk about their iPhones. Apple, specifically CEO Tim Cook, has raised privacy concerns regarding the FBI’s recent request for the development of new software to assist in the San Bernardino investigation. Cook, calling this new software a potential “cancer,” set the stage for a privacy vs. security debate. There have been reports that Apple has assisted the FBI with cracking phones similar to this situation, but those reports are false. Apple has extracted data to assist in investigations, but has not unlocked phones for the FBI. After a scrupulous review of ubiquitous Facebook posts of the Apple customer letter that is nothing more than PR campaign, many potentially affected iPhone users may misunderstand the debate. As an Android user, I try to take an impartial view in calling for improved, proactive legislation.
The FBI is not requesting a “backdoor” into iPhones. FBI Director James Comey stated in a press release,
“We simply want the chance, with a search warrant, to try to guess the passcode without the phone essentially self-destructing and without it taking a decade to guess correctly.”
The FBI is attempting to do its job by investigating to its fullest legal capacity. The iPhone, obtained through a warrant, is owned by the employer of one of the San Bernardino shooters and cannot be unlocked without knowing the user’s password. If the FBI has a warrant, specifically for the purpose of better understanding a legitimate terrorist threat, the FBI should have access to the shooter’s personal data. Subsequently, the FBI, under the All Writs Act, requested assistance in developing software to gain access to just one phone. To provide context, the All Writs Act was a piece of the motivating legislation for the decision of Marbury v. Madison. The major argument against this request is what the development of that software could lead to. Several cybersecurity professionals believe that developing software to gain access into one phone would lead to international state and non-state actors replicating and implementing it. Also, software requests will affect all iPhone users on a global scale. If the American government can request and receive software to guess passwords, other governments may follow suit. So while our personal data is being abused daily in the American private sector, Apple is warning its customers to be aware of federal requests to access encrypted data via software.
Secondly, and more importantly, the debate is exposing a vacuum in legislation and regulation, which ought to alarm the government and should alarm Apple customers. Apple’s position is that neither the Communications Assistance for Law Enforcement Act, or CALEA, nor the All Writs Act obligate it to provide technical assistance to the FBI. We live in a time where new legislation is necessary. The development of information sharing and data collection in the United States is beyond rampant. The distinction between “telecommunications carriers” and companies providing “information services” is blurred. For example, consider iMessage through telephone communications providers. Those services enable “storing . . . retrieving, utilizing, or making available information via telecommunications,” and therefore meet the CALEA definition of “information services,” yet they are carriers. So while, as carriers, they could be obligated to assist the government, as information service providers, they are not legally obligated to assist the government. Data collection and information sharing cannot rely on reactive, outdated laws. In short, the FBI’s request is coming from the All Writs Act of 1789 and CALEA of 1994, both eras where smartphone usage was slightly less than today.
Another question in the debate is on the legal status of software, source, and object code. Software is subject to copyright protection – which is relevant because the tie between copyrighted subject matter and expression is explicit in U.S. copyright law: Copyright protects “original works of authorship fixed in any tangible medium of expression.” Expression, in turn, is protected under the First Amendment. Thus, when a person writes new software, he or she is engaging in an expressive act. But what about when a corporation such as Apple writes software? Would a Stanford student be willing to apply the “corporations are people” precedent in Citizens United for the first time in their life?
My final question involves what appears to be a security vs. security case, as opposed to a security vs. privacy dilemma. The purpose of this specific investigation is to better understand the network of the San Bernardino shooters in order to improve short-term security against domestic threats of ISIS. The purpose of Apple’s pushback is to maintain the security of its product and its customers’ long-term accumulation of personal data. In reconciling short-term vs. long-term security interests, proactive legislation must be developed to address potential privacy issues regarding regulation, network information sharing, encryption, and data collection and investigation.
Contact James Stephens at james214 ‘at’ stanford.edu.