What's At Stake In Apple/FBI Fight: Who Gets To Set The Rules That Govern Your Privacy & Security
from the this-is-important dept
Lots of people, mainly those supporting the DOJ/FBI's view of the Apple fight, have been arguing that this isn't a big deal. They're just asking for one small thing. Other people have tried to examine "what's at stake" in the case, with a number of the arguments falling into the typical "privacy v. security" framing, or even something around precedents related to privacy and security. However, Jennifer Granick recently wrote a great piece that does a much better job framing what's truly at stake. It's not privacy vs. security at all, but rather who gets to set the rules over how software works in an era where software controls everything.That's a big question -- and it's not necessarily one that should be decided by a magistrate judge, making use of a law from the 18th century.We live in a software-defined world. In 2000, Lawrence Lessig wrote that Code is Law — the software and hardware that comprise cyberspace are powerful regulators that can either protect or threaten liberty. A few years ago, Mark Andreessen wrote that software was eating the world, pointing to a trend that is hockey sticking today. Software is redefining everything, even national defense. But, software is written by humans. Increasingly, our reality will obey the rules encoded in software, not of Newtonian physics. Software defines what we can do and what can be done to us. It protects our privacy and ensures security, or not. Software design can be liberty-friendly or tyranny-friendly.
This battle is over who gets to control software, and thus the basic rules of the world we live in. Who will write the proverbial laws of physics in the digital world? Is it the FBI and DOJ? Is it the US Congress? Is it private industry? Or is it going to be individuals around the world making choices that will empower us to protect ourselves — for better or for worse?
The big question then becomes: Are people going to be forced to live in a surveillance-friendly world? Or will the public be able to choose products — phones, computers, apps — that keep our private information, conversations, and thoughts secure?And if the DOJ wins this case, it's pretty clear where this goes:
Right now, the FBI wants to decide these questions with reference to a law that was originally passed in 1789. The All Writs Act allows courts to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.” Obviously, Congress wasn’t considering iPhone security at the time. The AWA has no internal limits and provides no guidance for courts on how to weigh individual privacy interests with corporate liberty and business interests with public safety interests. It is an utterly inappropriate vehicle for compelling forensic assistance.
This is not about one phone. It's not about one case. It's not just about encryption. It's about how we work as a society and who gets to set the rules. That's kind of a big deal.If the All Writs Act can be used in this way — to force a company to develop forensic software that the government wants to deploy in a single case of terrorism — it could be used in any number of other (currently unforeseen) circumstances.
In other words, design mandates will be next. In fact, maybe it’s already happening behind our backs. When the Snowden documents showed that Microsoft had created surveillance backdoors in Skype, Outlook.com, and Hotmail, the company issued a statement. It said:
Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That’s why we’ve argued for additional transparency that would help everyone understand and debate these important issues.
At the Center for Internet and Society, we’ve been trying to figure out what those legal obligations are. I wonder if these AWA arguments are part of it.
To make sound policy in this space, the public needs to know what the government is forcing companies to do, the full picture. This San Bernardino case is just one salvo in the ongoing war between a surveillance-friendly world and a surveillance-resistant world. The stakes for liberty, security, and privacy — for control over our software-defined world — are high.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: fbi, government, jennifer granick, people, privacy, rules, security, technology
Companies: apple
Reader Comments
The First Word
“Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
Professional wrestling
[ link to this | view in thread ]
Well the government gets to set the rules already. Think about what encryption is export controlled. How/why isn't this any different?
I personally agree that it's a dumb idea to give the government access but it just seems like the next step in a very old fight.
[ link to this | view in thread ]
Who sets the rules...
In Britain, there is no such thing as 'surveillance-free' zones. In London, there are thousands of cameras watching everyone every single second of the day.
Nobody seems to care.
Because they've been told it's for their own security.
We don't want to be like them, do we?
The FBI would like this kind of stuff, as would the NSA and a few other agencies-to take away any security or privacy you might have left in this day and age.
With this move against Apple, they get to own all of it, if they win.
That's what comes from people not caring enough until the very last minute, and even then they give only a shrug.
Used to be different a long time ago. Where did our moral outrage ever go?
[ link to this | view in thread ]
"What's at Stake" is quite simple --
Who is the Master & Who is the Servant in the roles of government and citizenry ?
The U.S. Government has now well established itself as Master over the Citizens -- it merely seeks to tidy up a few loose ends in its Police State. Bill of Rights & 4th Amendment have been almost totally neutered by government police agencies and judicial bureaucrats in black costumes.
"Jennifer Granick" and her "great piece" completely misses the core political/legal issue with her silly fixation on software.
[ link to this | view in thread ]
The Majority of U.S. Culture, "Meh"
[ link to this | view in thread ]
[ link to this | view in thread ]
Key Escrow
In fact, by using the All Writs Act like this, the DOJ could basically bypass Congress and get friendly judges to just order up whatever it wants.
[ link to this | view in thread ]
Involuntary Servitude: Apple, the FBI and 13th Amendment
http://www.pattisblog.com/blog.php?article=Apple-Involuntary-Servitude-and-the-13th-Amend ment_6914
http://www.washingtontimes.com/news/2016/feb/24/andrew-napolitano-apples-involuntary-servit ude/?page=2
In essence their argument amounts to this. The court has ordered Apple to create something which does not yet exist. Compelling Apple to create it, Pattis and Napolitano both argue, amounts to "involuntary servitude", something which is prohibited by the 13th Amendment to the US Constitution.
As Pattis points out:
[ link to this | view in thread ]
San Bernardino Hoax: The Chase
[ link to this | view in thread ]
I gotta say that this is a pretty huge logical leap. This case (and all that it implies) narrowly sits on devices that the police have in evidence, and not all phones. Any precedent set would apply in the narrowest of confines as defined by the case itself.
Yes, there is a biggest question, one of privacy versus legal discovery and how these devices would be treated as evidence in the future. That is a very different set of situations and circumstances. Apple having to apply a firmware patch to this particular phone which is in police custody and with the permission and agreement of the phones owner doesn't suddenly lead to a free for all of the government dumping your phone every night to make sure you haven't had any naughty thoughts.
For me, that is a scare tactic narrative that is way too over blown. I find that Tim Cook's incredibly heavy handed run of public statements, interviews, and "death to privacy" pronouncements are just way over the top.
More, I consider this concept: Perhaps if Apple doesn't agree to help out (ie, fights in court for years and years making it moot) they may find themselves facing a backlash against encryption entirely. That could lead to congress passing laws that would create that very mandated weakness that you all fear. It's a key turning point, Apple fighting the shadows for your rights today could in fact be leading to your rights being limited or crowded in the future.
I also think Apple may find themselves in deeper trouble if they don't cooperate in that the feds (like the FTC as an example) may end up looking into their walled garden approach to their phones and operating systems. The feds could (say on an android device) hire and outside third party to do the work. They only have to approach Apple on this one because they have hard restrictions on things like OS updates, firmware changes, and yes, hardware fixes as well. Apple may not be ready for all that comes with failing to fulfill what really is a very small mandate.
We also have to wonder if Apple doesn't already have the work done for the Chinese government, and just doesn't want to admit to it. Apple's aggressive stand on this one and massive smoke screening makes me thing there is something behind mirror #1.
[ link to this | view in thread ]
Wine vs Vinegar
When you're talking about laws that allow the government to compel certain things though, taking into account what was possible with the tech level at the time, then you start running into problems.
When a company cannot keep detailed records of everything, every message sent, every person an individual contacted and when, then an order to hand over 'everything' can only provide so much information. It's limited by practicality and what's reasonably possible.
Today however it's beyond easy for a company to gather up staggering amounts of data on someone and their activities, which means an order to hand over 'everything' is going to provide massively more information, and depending on who is targeted the scope of information is likely to be drastically wider as well.
Telling a phone company to hand over all the records they have regarding a certain customer is only going to tell you who they called and when when that's all they can track, but today, with so much done online, there is a lot more data available. Who do they call and when, who are on their list of contacts, what sites do they visit and how often. It's even possible to track their physical movements without once approaching them.
The difference between what could be compelled to be handed over via the AWA when it was first written, and what can be compelled to be handed over now is huge, and that is where the complaints over using such an old law are coming from. Age is only half of the equation, context is a much larger part.
[ link to this | view in thread ]
Re:
When were they ever accountable? Ever read much about Hoover?
[ link to this | view in thread ]
Re:
Ideally, "The government" does not get to set the rules - they are supposed to be doing what is in their constituents best interests. A huge problem is that politicians act as though their constituents are comprised only of those who give them money.
[ link to this | view in thread ]
Re: Who sets the rules...
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
the other states what a court is allowed to demand.
[ link to this | view in thread ]
Yeah .. like - what could possibly go wrong?
[ link to this | view in thread ]
Re:
You were saying? RTFA!
[ link to this | view in thread ]
Re: Re:
And before the last cryptowar, nearly identical issues and arguments were had over the telephone, the telegraph, the mail system, etc. etc. etc.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Jennifer, as this piece sums up (correctly), it's about the rules encoded, not their implementation. Focus on the rules. Variables are defined at the start of the code so are easy to be changed, for better or worse.
Secondly, when everything looks like a nail, all you need's a hammer. The DHS has redefined everyone to be potential domestic extremists. Sucks.
[ link to this | view in thread ]
Re:
We also have to wonder if you're a pedophile and just don't want to admit it.
What a fun game.
[ link to this | view in thread ]
Re:
The phone's owner is dead. I'm not so sure he gave them permission - where did you read this?
That could lead to congress passing laws that would create that very mandated weakness that you all fear.
And you think that somehow, this means encryption won't be used?
Say they do pass a law.
And I use 3rd party encryption that securely encrypts the phone (perhaps, say from someplace outside the US)
Do you think that somehow, that law ensures that the FBI will still be able to break the underlying math in the encryption?
Unless you're thinking encryption, in and of itself, can be made criminal. In which case, I'd say you're beyond full of shit.
[ link to this | view in thread ]
Re:
Actually, they don't have to approach Apple at all.
The FBI has engineers (or certainly ones they can hire).
Those engineers could reverse-engineer the code (although it would be unlawful for them to do so, given current copyright law - something I'm SURE you wouldn't back, given your penchant for licking the backsides of copyright maximalists).
Once the code is (illegally) reverse-engineered, they can modify it (again, illegal), insert it into the phone, and take their chances.
So no, nothing's stopping the FBI from fucking off and going at it themselves.
[ link to this | view in thread ]
Re: Re:
Or they could write their own from scratch. It wouldn't be cheap or easy, but it could be done. But why do it yourself when you can enslave someone else to do it for you?
[ link to this | view in thread ]
A: Free software.
[ link to this | view in thread ]
Re: Wine vs Vinegar
Playing devil's advocate for a second, the 4th Amendment affirms the government's ability to perform lawful searches and seizures, gives an outline of what constitutes "lawful", and only protects citizens from unlawful searches in seizures. I doubt the Founding Fathers could envision a world where physical papers and effects were replaced with virtual papers and effects and those virtual items could be stored in a common, everyday device that was impregnable if used as designed.
The amount of info that exists about people these days certain dwarfs what existed 200yrs ago, but encryption gives the masses a way to conveniently keep information under virtual lock and key that didn't exist 200yrs ago. If the going theory is that 'unbreakable' (forgive the hyperbole) encryption should be commonplace, and the government can just suck it, doesn't that undermine the 4th Amendment by making lawful searches and seizures nearly impossible?
Of course this doesn't really address the issue at had which is between the government and a third party (Apple). Oddly enough for a debate so centered on privacy is that fact that the owner of the device in question, San Bernardino County, doesn't want the info on the device to remain behind closed doors.
[ link to this | view in thread ]
Re: Re: Wine vs Vinegar
There will always be things beyond the reach of a court order(and in fact the 5th Amendment specifically allows this by prohibiting someone from being forced to provide evidence that can be used against them), that's just how it works, and how it must work if the rights and privacy of the public are to exist in any meaningful sense. If that means that they don't get to have access to all the potential evidence, then that's just too bad for them.
[ link to this | view in thread ]
Re: Re:
I've read it's a company phone provided by his employer.
[ link to this | view in thread ]
Re: Re:
They are supposed to do as told, like any other employee.
[ link to this | view in thread ]