Apple’s motion to vacate the All Writs Act assistance order: Has Apple chosen the best “test case”?

Here it is.

On first read, I think it has some very strong sections, including, in particular, its description of the efforts Apple would have to undertake to create and secure the software necessary to disable the “auto-erase” feature on the iPhone in question, and its explanation of how the assistance required by the court’s order goes far beyond how the All Writs Act has previously been used (and is easily distinguishable from the assistance at issue in the leading AWA precedent, United States v. New York Telephone).

The brief also includes some much weaker arguments, such as the paper-thin Free Speech and Due Process arguments at the tail end, and its lead argument — that Congress has already precluded this sort of order in CALEA. (It is true, as Apple argues, that “in CALEA, Congress decided not to require electronic communication service providers, like Apple, to do what the government seeks here,” and that CALEA itself expressly “does not authorize” law enforcement to compel Apple to write such software. It does not follow, however — not even close — that “Congress declared via CALEA that the government cannot dictate to providers of electronic communications services or manufacturers of telecommunications equipment any specific equipment design or software configuration,” even if such an order would otherwise have been permissible under the All Writs Act. The brief’s related “separation of powers” argument (p. 18) is weaker still: the court here is in no way purporting to “repurpose” CALEA, or to impose generally applicable obligations on all companies similarly situated to Apple.)

The strongest part of the brief, at least at first glance, is where Apple argues that the order would be unreasonable, under New York Telephone’s AWA “test,” because Apple has a compelling business interest in not creating and facilitating the use of software that would “invade or control the private data of its customers,” and that would “undeniably threaten” the data protection systems of customers who depend on those systems to store their most confidential data.

But there’s the rub, at least in this case: Here, Apple’s customer — the entity to which it arguably owes some loyalty and whose trust it does not wish to betray — is the San Bernardino County Department of Public Health (Farook’s employer), which owns the iPhone in question. The SBCDPH has consented to the government’s search, and apparently it agrees with the FBI that Apple should create and implement the software that would disable its iPhone’s “auto-erase” function (which would in turn make it possible for the government to find the passcode through “brute force” searches). In this case, therefore, Apple’s concerns would appear to be misplaced — which in turn argues in favor of the reasonableness of the order.

Apple quite understandably emphasizes the fact that “the government has filed multiple other applications for similar orders, some of which are pending in other courts,” and that “state and local officials [have] publicly declared their intent to use the proposed operating system to open hundreds of other seized devices.” Presumably, in some or all of those other cases, Apple’s customers do not wish for Apple to disable their iPhone’s “auto-erase” functions, which would, arguably, be a betrayal of the implied promises of security that Apple sold to them. Apple’s “unreasonableness” argument under the AWA would have much greater force in such a case.

The court’s order in the San Bernardino case, however, could be limited — both by its terms and in its precedential effect — only to those cases in which the iPhone owner wants Apple to disable the auto-erase function, so that the owner itself can get at the information on the iPhone, which it is lawfully entitled to access in the first instance.

To be sure, the phone owner’s consent would not, in and of itself, settle the “reasonableness” question under the AWA, particularly if my co-blogger Julian Sanchez is correct that there would be a significant risk that Apple’s new “key” would be hacked and compromised, with deleterious effects for many phones beyond the one in the FBI’s possession. According to Julian, such a key “almost certainly [would be] stored [by Apple] in secure vaults, on a Hardware Security Module that makes it difficult or impossible to copy the key itself off that dedicated hardware, and likely protected by elaborate procedures that have to be followed to authenticate major new software releases.” Even so, he worries that “[i]f your adversaries realistically include, say, the Chinese and Russian intelligence services — and for Apple, you’d better believe it — it’s a serious enough security problem to guard against exfiltration or use of that Holy Grail private key. Doing the same for a continuously updated and deployed hacking tool is likely to be hugely more difficult.” [This is the way Apple puts the same point (I think): “Keeping and maintaining the compromised operating system and everything related to . . . forc[es] Apple to take on the task of unfailingly securing against disclosure or misappropriation the development and testing environments, equipment, codebase, documentation, and any other materials relating to the compromised operating system. Given the millions of iPhones in use and the value of the data on them, criminals, terrorists, and hackers will no doubt view the code as a major prize and can be expected to go to considerable lengths to steal it, risking the security, safety, and privacy of customers whose lives are chronicled on their phones.”]

I’m no expert in such things, but this strikes me as perhaps the most important question in the case: What are the risks that the software, despite Apple’s best efforts to secure it, would be compromised by others? (The cost to Apple to prevent such an occurrence is presumably less of an issue — or at least it would be if the government were willing to foot the bill, as I presume it is.) If those risks are minimal, then perhaps Apple would be much better off making its AWA “unreasonableness” argument in a case where the owner of the iPhone does not consent to Apple’s assistance in disabling the “auto-erase” function.

P.S. The most intriguing argument in Apple’s brief is the suggestion (p. 30) that the FBI should not be permitted, under the All Writs Act, to put Apple to the task of creating the new software unless the government can represent that the NSA can’t offer the necessary assistance, which “might obviate the need to conscript Apple.” 

About the Author(s)

Marty Lederman

Professor at the Georgetown University Law Center Follow him on Twitter (@marty_lederman).