Apple v. FBI

Concerning an Order Requiring Apple to Create Custom Software to Assist the FBI in Hacking a Seized iPhone

Summary

The dispute between Apple and the FBI arises out of an application that the agency filed with a federal magistrate judge in California, seeking assistance with the search of an iPhone that was seized during the investigation into the December 2015 attacks in San Bernardino, CA. The FBI was unable to access data on the locked iPhone, which was owned by the San Bernardino Health Department but used by one of the perpetrators, and requested that the Court order Apple to provide assistance in decrypting the phone. But because Apple has no way to access the encrypted data on the seized iPhone, the FBI applied for an order requiring Apple to create a custom operating system that would disable key security features on the iPhone. The Court issued an order requiring that this custom hacking tool be created and installed by Apple without unlocking or otherwise changing the data on the phone. Apple has opposed the order on the grounds that it is unlawful and unconstitutional. Apple argues that if the order is granted it will undermine the security of all Apple devices and set a dangerous precedent for future cases.

Top News

Background

The dispute between Apple and the FBI arises out of a warrant application that the agency filed in the U.S. District Court for the Central District of California in December 2015, following the attacks in San Bernardino. The case is captioned "In the Matter of the Search of An Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus IS300, California License Plate 35KGD203." The FBI filed an application for an order of assistance under the All Writs Act, 28 U.S.C. § 1651, on February 16, 2016. The Court granted the application the same day and issued a three page order requiring apple to "assist in enabling" the search of the phone by "providing reasonable technical assistance," which "shall accomplish the following three important functions":

  1. it will by pass or disable the auto-erase function whether or not it has been enabled;
  2. it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT DEVICE;
  3. it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware

The Court also specified that "Apple's reasonable technical assistance may include, but is not limited to: providing the FBI with a signed iPhone Software file, recovery bundle, or other Software Image File ("SIF") that can be loaded onto the SUBJECT DEVICE." This custom software would need to be able to "load and run from Random Access Memory ("RAM") and will not modify the iOS on the actual phone, the user data partition or system partition on the device's flash memory." Apple would also need to uniquely code the software to the phone at issue and provide the government with a means to "conduct passcode recovery analysis" on the device in an Apple facility or government facility.

The Court noted that Apple may seek to comply with the order "using an alternate technical means" if "it can achieve the three functions" stated in the order. The Court also noted that "Apple shall advise the government of the reasonable cost of providing this service" and that "[t]o the extent that Apple believes that compliance with this Order would be unreasonably burdensome, it may make an application" to the Court "within five business days" of the Order.

Shortly after the Court granted the FBI application and issued the order to Apple, the FBI moved to unseal the documents and notified the press of its request for Apple's assistance in the case. In response, Apple CEO Tim Cook published a letter to Apple customers, making clear that the company would oppose the order and that the order would set a "dangerous precedent." The Court subsequently issued a scheduling order, establishing deadlines for briefs in the case and setting a hearing for March 22, 2016 at 1:00pm. The FBI also filed a motion to compel compliance with the court's February 16th order.

On February 25, 2016, Apple filed its motion to vacate the Court's order, arguing that the order is unlawful and unconstitutional. Specifically, Apple argued that "[t]he All Writs Act does not provide a basis to conscript Apple to create software enabling the government to hack into iPhones" and that the Order "would violate the First Amendment and the Fifth Amendment's Due Process clause."

EPIC's Interest

Since its founding more than 20 years ago, EPIC has been an advocate for the rights of consumers to use strong encryption and the promotion of privacy enhancing technologies. This issue was at the center of the national debate 1990s after the White House introduced the Clipper Chip proposal in 1993 and the FBI led an effort to outlaw non-escrowed encryption. EPIC lead one of the first major Internet petitions in opposition to the Clipper proposal after a group of leading cryptography experts sharply criticized the Clipper Chip technology in a letter to the President. EPIC also filed amicus briefs in two important cases concerning export controls and other restrictions on the use of encryption software, Bernstein v. U.S. Department of Justice, 176 F.3d 1132 (9th Cir. 1999), vacated, 192 F.3d 1308 (9th Cir. 1999), and Karn v. U.S. State Department, 107 F.3d 923 (D.C. Cir. 1997). The district court decision in Bernstein established that code is speech and that restrictions on the dissemination of encryption software burdened the First Amendment rights of a computer researcher. Ultimately the Clipper Chip proposal and efforts to ban strong encryption were defeated.

EPIC also played a key role in the development of the international framework for cryptography and privacy policy, which led to establishment of the OECD Cryptography Guidelines in 1997. These guidelines outlined eight key principles to guide the development of international cryptography policy, including (1) the establishment of trust in cryptographic methods in order to promote the use of communications systems, (2) the right of users to choose any cryptographic method, and (3) the protection of privacy and personal data. A report by the National Academy of Sciences also found in 1996 that cryptography "is a most powerful tool for protecting information" and that "many vital national interests require the effective protection of information." EPIC also prepared a report entitled Cryptography and Liberty 2000, which outlined the state of international cryptography policy following the resolution of the key escrow and export controls debates.

Legal Documents

U.S. District Court for the Central District of California, Nos. 16-cm-00010 and 15-mj-00451

Resources

News

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.

#Privacy