The US government’s repeated attempts to force Apple to make the contents of its handheld devices accessible for law enforcement purposes has pitted two common conceptions of security against each other: computer security and national security. The government argues that current industry encryption standards seriously undermine its ability to engage in legitimate law enforcement and national security investigations. On the other hand, Apple argues that it cannot undermine the security of one iPhone without undermining the security of all iPhones. Ultimately, an evaluation of the trade-off between computer security and national security requires not only an analysis of what is legally possible but also what is politically and socially desirable. Such analysis, at the very minimum, requires engaging with the following four questions: first, are the government’s requests legitimate? Second, are the government’s requests lawful? Third, are the government’s requests reasonable? And fourth and finally, do the government’s requests make sense in light of what the government is ultimately trying to achieve? In what follows, I will address each of these questions in turn: Are the government's requests legitimate? Apple’s fundamental aversion against breaking into its customers’ handheld devices to make them accessible for law enforcement purposes has to be understood in the wider context of the rippling aftereffects of the Snowden revelations, which seriously tainted the reputation of the US government’s law enforcement and national security infrastructure as a whole. Large multinational companies such as Apple are particularly concerned about losing customer trust both at home and abroad. They have therefore adjusted the marketing of their products in order to make them appear particularly privacy friendly. Companies such as Apple particularly do not want to appear as abetting warrantless mass surveillance programs. However, the two most prominent cases at hand – the government’s request to unlock the iPhone of one the two attackers in the San Bernardino shootings, on the one hand, and that of a New York resident (“Feng”) suspected of engaging in drug trafficking, on the other hand – concern two particular Apple customers whom the government had probable cause to believe that they were engaged in serious criminal wrongdoing. In that sense, unlike the surreptitious front and backdoor access attempts at issue in warrantless mass surveillance programs, the government’s access requests in these two particular investigations seem legitimate. Are the government's requests lawful? However, even if the government’s access requests are legitimate, that does not yet make them lawful. In asking Apple to undermine its own encryption standards to make the content of its customers’ handheld devices accessible for law enforcement purposes, the government is exclusively relying on the authority of the All Writs Act (AWA), 28 U.S.C. §1651(a), which stipulates that “The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of the law.” But as the US District Court of the Eastern District of New York correctly points out in the Feng case, even if the government’s access requests are “necessary and appropriate” and “in aid of” the court’s jurisdiction, they are not “agreeable to the usages and principles of the law” because they are in direct conflict with Congressional intent; Congress, after all, had explicitly absolved companies providing “information services” from the law enforcement assistance requirements under the Communications Assistance for Law Enforcement Act (CALEA). The government’s access requests are therefore unlawful. Are the government's requests reasonable? But even if the government’s access requests were lawful, they would not be reasonable in light of the relevant case law because they impose an unreasonable burden on Apple. After all, as the court points out in the Feng case, unlike the government’s request in New York Tel. Co. (1977) concerning the installation of a pen register device at the company’s headquarters, “the assistance the government seeks here – bypassing a security measure that Apple affirmatively markets to its customers – is not something Apple would normally do in the conduct of its own business and is, at least now, plainly ‘offensive to it’.” Furthermore, as experienced computer scientists have pointed out, given the current state of encryption, undermining the security of one particular device risks undermining the  security of the system as a whole – a system furthermore, as noted by the Feng court, law enforcement and the judiciary rely upon themselves, given that they, too, have “chosen to entrust extremely sensitive communications and secret documents … to the passcode protections and other robust security measures available on a variety of Apple devices.” Therefore, the government’s requests are not only unlawful but also unreasonable. Do the government's requests make sense? Finally, even if the government’s access requests were lawful and reasonable, they would not make sense in light of the goals the government is ultimately trying to achieve. The US government seemingly fundamentally underestimates the difficult position Apple finds itself in; indeed, the difficult position the US government itself put Apple in, having embroiled the company in its warrantless mass surveillance programs. Even if the government were to succeed in the short run, in that Apple would be forced to break into its own security code in order to make the handheld devices in question accessible for law enforcement purposes, it would probably incentivise Apple and similarly positioned companies such as Microsoft, Google and Facebook, to redesign their systems such that it becomes even more difficult in the future for companies to provide law enforcement access to sensitive customer data, even if they wanted to. Therefore, a government victory in either the “Feng” or San Bernardino cases may be “little more than a pyrrhic victory.” Paula Kift is a PhD candidate and Research Fellow at New York University. She focuses on international law, surveillance, media and culture.
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.