Apple v. FBI
by Thomas Katsampes CISA CTPRP

February 18, 2016

In the ongoing spat between Apple and the Federal Bureau of Investigation (FBI), there are essentially three issues that seem to be conflated.

The first issue is whether Apple should assist the FBI in rooting the iPhone (running iOS 5c) so that the FBI can determine what happened in the San Bernardino terrorist attack. Apple should absolutely assist the FBI to root this one phone so that authorities can obtain as much information as possible regarding this attack. This is a public safety issue, and the FBI can easily obtain a warrant to force Apple to break into this particular phone. If the FBI hasn't already, it should.

The second issue is whether Apple can be forced by the FBI to build its phone's operating system in such a way that it can be rooted by authorities in the case of an investigation. I believe the answer to this question is no. The government does not have the authority to force Apple to do this. By comparison, in some hotels, each room has a lockable safe. Now, in the event of a crime, the authorities can get a warrant to force the hotel to open one safe. However, what authorities are asking for from Apple is like going to the manufacturer of the safes and asking for a master combination that will open every safe that the company makes. Clearly, this is unreasonable and the company ought to refuse on 4th amendment grounds. The 4th amendment guarantees citizens the right to be secure in their "papers and effects," and a safe, or an iPhone, is included in someone's effects. The safe is a physical effect, the phone is a digital effect, but the citizen has the right (absent a warrant upon probable cause) to be secure in both. Apple correctly has refused to make an operating system that has backdoors available to the government.

The third issue is Apple's iOS 8, which does not store any encryption keys whatsoever. The encryption is for all intents and purposes unbreakable. While this looks like the holy grail for privacy rights advocates, the question must be asked whether Apple is creating an unbreakably secure communications facility for the bad guys as well as law-abiding citizens. In the absence of mitigating information, the answer would seem to be yes. Apple is wrong, in my view, to create an unbreakably secure device.

But there is more to this. Many if not most privacy rights advocates believe that the U.S. government, not bad guys such as drug dealers and terrorists, is the enemy, or at least the bigger enemy. I tend to view the federal government with a jaundiced eye when it operates outside of its Constitutionally-granted enumerated powers. However, in the United States, government can be voted out of office. Terrorists cannot be voted out of ISIS or Al-Qaeda. Radical Islamic terrorism, not our government, is the true enemy here. Both conservatives and privacy rights advocates need to recognize this.

Because of the revelations of Edward Snowden, people have come to fundamentally distrust that shadowy side of government (the FBI, CIA, NSA, et al.) which ostensibly exists to keep America safe by, for example, foiling terrorist plots. Many people believe that bulk collection of phone numbers by the U.S. government poses a greater threat to personal liberty than Radical Islamic Terrorism. Conservatives may be responsible for this zeitgeist. Many conservatives have made it a habit of proclaiming how "evil" Barack Obama and by extension the federal government are. Whatever one's views regarding Mr. Obama, the government is charged with executing the powers delegated to it by the Constitution, and to the extent that labeling government the enemy makes it more difficult for government to perform its constitutionally-mandated functions, conservatives do themselves and our country a disservice. The damage Snowden has done consists not so much in revealing classified information - though this is itself likely a felony - but rather in undermining the fundamental trust that goverment is in fact operating to keep its citizens safe, and not for some nefarious motive.

Many people adhere to the European model of equating privacy and security. In other words, privacy is security and vice versa. But while this may be Europe's model, it is not how privacy has been historically understood in the United States. The federal government has the constitutionally enumerated power to protect the American people ("provide for the common defense...") and it also has the power to conduct searches and seizures, and to issue warrants, but only based on a warrant issued by the court upon probable cause. However, there is no constitutionally enumerated general right to privacy. While a person has the right to be secure in his "papers and effects," a person doesn't have the right to secure communications while plotting to murder and maim other people. Privacy must be respected, but unlike in Europe, privacy is not an ironclad right. In fact, in the wrong hands, unbreakable encryption leads to unavoidable disaster. We must consider whether as society we are going to allow everyone access to unbreakable encryption. The fact that there is already movement afoot in California and New York to outlaw the sale of unbreakable devices suggests that many people don't agree with privacy uber alles.

The tone of the debate seems to verge on hysterical: If Apple roots one phone for a government criminal investigation then it has "caved in," and thus heralded the end of privacy as we know it; alternatively, Apple needs to include backdoors so that the government will be able to get into each and every phone ever made just because the government says it's investigating something. We should continue with the same system we've had in place for centuries: the government does not have the right to search and seizure except with a warrant issued by the court. This is the Fourth Amendment. This is the American legal tradition.

What is needed is secure communication but also the ability in the event the device is used for a crime or terrorism to get the data on that device. The obvious question then, as I pointed out during a radio show this morning, is who holds the encryption keys that would allow authorities to do this? For the reasons given above, government should not hold the keys. But then Apple doesn't want to hold the keys either because it doesn't want ligitation nor does it want to be seen as weak on privacy. The conundrum rests in the fact that there is no neutral third party that can serve as a key escrow between Apple and the government. Perhaps because of this, Apple decided to build an unbreakable phone (iPhone version 8) - unbreakable because Apple quite literally "locked the cell and threw away the key." In its noble attempt to create the ultimate privacy-respecting machine, Apple may have perversely provided criminals and terrorists their most valuable and powerful tool to date: secure communication that is impenetrably protected from governments and authorities charged with keeping citizens safe.

Home