Since last year, the US government and Apple have been in a deadlock over the government’s demand that Apple unlock an iPhone. And now the landscape surrounding these cases has vastly shifted in recent months.
In a 2015 case, the SEC filed a civil suit against Bonan Huang and Nan Huang, former fraud analysts based in Virginia, for insider trading. However, the SEC’s case could not go forward without the passcode for the mobile telephones which were encrypted with Apple software. U.S. District Judge Mark Kearney wrote that as the passwords for the smartphones are not recorded with the corporation, “the act of producing their personal passcodes is testimonial in nature and Defendants properly invoke their fifth Amendment privilege.” And when the Department of Justice attempted again to force Apple to unlock its iPhones, Apple issued its “Supplemental Response to Court’s October 9, 2015 Order and Opinion” which clarified Apple’s refusal to unlock the device in question.
Then there is the case of the San Bernardino shooter, Syed Rizwan Farook, who together with his wife, killed fourteen people in December 2015. The FBI requested that Apple unlock the shooter’s iPhone and Apple refused stating that complying with this request would entail the creation of “a backdoor to the iPhone.” More recently in February, 2015, a California judge ordered Apple to assist the FBI in breaking into the phone of the San Bernardino shooter. Apple again refused citing its reasons in this response:
The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals… Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority. The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.”
This case is just one of many in recent months where the courts have attempted to force either the user or Apple to unlock an iPhone. Apple has been increasing its level of encryption in its mobile software amid privacy concerns in the almost three years following the leaks by former National Security Agency contractor, Edward Snowden. Today there are more and more cases going before the courts setting precedent regarding the use of smart phones and private information just a little over a year after DMCA regulations established that it was illegal to unlock smartphones. In what is now becoming a routine act of transparency post-Snowdon, Apple has revealed in a recent report that it has received over 1,000 government requests for user data.
Yet there have been two recent game changers. First, the case of San Bernardino gunman Syed Farook, where the FBI was able to retrieve data from the iPhone without the help of Apple. In March, less than twenty-four hours before its court date, Justice Department lawyers wrote in a court filing that they no longer needed Apple’s assistance. FBI director James Comey confessed just last week that the FBI paid approximately $1.3m for software to hack Farook’s iPhone, a fee which he claims was “worth it.” Also last week was the case in New York where an individual had given investigators the passcode to an iPhone linked to a local drug investigation, resulting in the Department of Justice telling a federal judge that it was dropping its case against Apple.
Relatedly, The Wall Street Journal just announced today that the FBI has no plans to report the software vulnerability that should be reported to the Vulnerabilities Equities Process panel, stating that, “Such a move, tantamount to deciding not to share the vulnerability with Apple, is likely to anger privacy advocates who contend the FBI’s approach to encryption weakens data security for large groups of customers in order to preserve technical options for federal investigators.” What started as a standoff over privacy issues is now turning into a delicate balancing act between providing privacy measures for all users of information technology while not allowing government agencies to exploit their power over sensitive information. Even the future of software updates is endangered by the menacing pull on technology that the state is exploiting, according to the ACLU’s Principle Technologist with the Speech, Privacy & Technology Project, Christopher Soghoian.
What trust we put in software companies in the US or the UK is paramount to protect, but as we use our mobile devices for everything from banking to nourishing long distance relationships, along with the expansion of the Internet of Things, more and more software and devices in our home will be susceptible to the same sorts of government requests to hack. Until March 2016, Apple was able to rely upon the fact that the current iOS does not allow even Apple to access data, but this may soon change as the UK unveiled a draft “Investigatory Powers Bill” on 4 November, 2015 which would place tight controls on service providers to aid in intercepting data requiring web and phone companies to keep “internet connection records” for a maximum of twelve months without police warrant.
Additionally, the person commissioned with carrying out what is called in the UK the “Snoopers’ Charter,” David Anderson QC, has recently confirmed that he will be leaving his position as the Independent Reviewer of Terrorism Legislation. Anderson has recently written about the Investigatory Powers Bill which has recently finished (19 May 2016) going through the committee stage in the House of Commons after having passed its second reading in March of this year, “gets the most important things right….no one’s communications can be intercepted without the approval of a judge, the Bill goes a long way to meet the cynics who see its vital powers as ripe for governmental abuse.” Anderson outlines some of the more problematic areas of this proposed bill, namely that: the powers in vigour do not cover the mass body of communication on the Internet, mobile platforms, and bulk equipment interference; the requirement of ISPs (Internet service providers) to retain Internet connection records is both controversial and expensive; and that the report (245 pages) is replete with technical details that require disambiguation.
The Bill will next be considered at the Report Stage and Third Reading whose stages are scheduled to be debated on Monday 6 June and Tuesday 7 June 2016. Moreover, on 15 March 2016 MPs agreed a carry-over motion which allows for proceedings on the Bill to be resumed in the 2016-2017 session of Parliament.