Apple Leans on 227-Year-Old Law in Encryption Fight

A California judge demanded on Tuesday that Apple help the Federal Bureau of Investigation crack the code to one of its iPhones—specifically, the one used by the San Bernardino shooters last fall—so that law enforcement officials can continue their investigation into that horrific attack.

Apple says it can’t do that. In order for it to help the FBI crack that phone, the California-based company would have to engineer a whole new version of its iOS operating system—and that, the company says, is just too much to ask.

“[W]e have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists,” said Apple CEO Tim Cook in a letter to customers Tuesday, explaining that the company had complied with all valid subpoenas and search warrants and “offered our best ideas on a number of investigative options at their disposal.”

But, Cook added firmly, engineering a new operating system “that bypasses security in this way” is out of the question. Doing so would make all iPhone users vulnerable to attack by hackers, cybercriminals and authoritarian regimes that would also like access to people’s private iPhones. “And while the government may argue that its use would be limited to this case,” Cook wrote, “there is no way to guarantee such control.”

Some version of this debate has been happening for decades, animating everything from the WikiLeaks issue to the controversy over Edward Snowden’s leaks about the National Security Agency’s metadata program. The lines of demarcation are clear: law enforcement officials want as much access to digital information as possible to solve crimes and protect national security; privacy and civil rights advocates want to build a moat around digital information to protect citizens from online crime and unwarranted spying.

So what happens now? Can the government simply force Apple to crack open the iPhone in question and be done with it?

The short answer is no. At least not right now.

The longer answer is maybe. It all comes down to how U.S. courts interpret a 227 year-old law, known as the All Writs Act, originally passed in 1789, which has never been tested in this way in court. So we’re in uncharted waters.

In all likelihood, the question of whether the FBI can force Apple to build new technology in order to comply with an existing warrant will be appealed all the way up to the 9th Circuit Court of Appeals in California, and possibly the Supreme Court.

Here are the basic facts of the case.

Apple doesn’t currently have the keys to break into to the San Bernardino shooter’s iPhone. In fact, it doesn’t have the keys to any iPhone. That’s what makes the technology known as “end-to-end encryption” so strong: nobody except the end users—the person sending a message and the person receiving it on the other end—can unscramble a message while it’s transiting through cyberspace.

The government knows this. For years, top law enforcement officials, including FBI Director James Comey, have pushed for new legislation that would force technology companies like Apple to engineer so-called “backdoors” into their products to allow law enforcement officials, with warrants, to break into a phone if necessary.

Apple and dozens of other companies have pushed back against such proposed legislation with the power of a thousand supercomputers. They say such backdoors would be easily exploited by hackers and criminals—and end up making all of us much less safe in the long run.

This particular case is different. The FBI is not asking Apple to build a “back door” into its iPhone exactly. Instead, it is asking Apple to build a new version of its iOS operating system that would dismantle two safety mechanisms on the iPhone 5c. The first erases all of the information on the device after an incorrect password has been entered ten times. The second requires that a password be manually entered onto an iPhone screen rather than through a USB drive.

Dismantling those two safety mechanisms would allow the FBI to use what’s known as a “brute force” attack on the San Bernardino shooter’s iPhone password. It would set up a computer, connected to the phone via a USB drive, that would try every single possible combination of numbers in the password, and eventually, by trial and error, break into that way. No encryption key necessary.

But in order to pull off such a brute force attack, it needs Apple to rewrite its operating system, and “sign it,” so to speak, with the official Apple key, so that the San Bernardino shooter’s iPhone would accept the new version as a legitimate operating system update.

And there’s the rub. Apple says that engineering a whole new version of the iOS operating system is, in legal terms, “unduly burdensome.”

That language is crucial. Whether the FBI’s request is “unduly burdensome” or not is the essential question at stake in that 1789 law, the All Writs Act. It says that the government can order someone to do anything necessary to comply to an existing writ, so long as the government’s request is not “unduly burdensome.” (The writ in this case is the FBI’s warrant to look at the phone in question.)

So the FBI is using the All Writs Act to say that Apple must engineer a new version of its operating platform in order to comply with the warrant. Apple is saying that such a request violates the “unduly burdensome” caveat. And that’s where the issue stands today.

In five days, a California magistrate judge will rule on that question. Regardless of her decision, it will almost definitely be appealed, and slowly make its way up through the U.S. appellate system, and possibly all the way to the Supreme Court. As of now, there’s no precedent for this kind of decision, so it’s really hard to know what to expect next.

In the mean time, don’t hold your breath. Experts expect Apple to fight this one all the way to the top, and the legal battle could last for years.