On Tuesday, Judge Sheri Pym issued an order under the All Writs Act requiring Apple to assist the FBI in searching the contents of one of the San Bernardino shooters’ iPhones. The Internet responded as expected: apoplectic hysteria. Tim Cook announced that Apple would refuse the order, writing in a public letter (0) that “the implications of the government’s demands are chilling. . . . [The government] would have the power to reach into anyone’s device to capture their data. The government could . . . demand that Apple . . . intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”
Cook’s concerns at best overstate the threat, and by doing so make it harder rather than easier to get some consensus around legitimately difficult but very important issues: the ongoing technological disruption of the delicate relationship between individuals and the state — between privacy and liberty on the one hand, and security on the other.
This is about willful destruction of evidence, not encryption
Here’s the key thing to understand about the current situation: It is not about encryption. No part of Judge Pym’s order comes close to requiring Apple to decrypt, assist in decrypting, or weaken the encryption used on the iPhone. Rather, Apple has designed its products with an easily enabled self-destruct feature. That is, they have designed their products to destroy evidence that the government routinely would otherwise have legitimate need for and access to. Judge Pym’s order requires Apple to assist the FBI in disarming the booby traps that Apple designed and distributed.
Let us be clear about why Apple designed the iPhone to self-destruct in this way: Edward Snowden. Apple did this in part in protest and opposition to our government’s domestic surveillance programs, and Apple did this in part to assure those in other countries that its products are secure from our (and other) government surveillance.
But the issue in the present case is not widespread surveillance. It is about an otherwise unquestionably legal search of a single device owned by a single person — a single dead person, unquestionably connected to a crime, who has no expectation of privacy or other protections under the fourth or fifth Amendments. The FBI has chosen to proceed as it has in this case for a very simple reason: There is probably no better set of facts to support its argument that we can’t allow companies to develop their products knowingly and intentionally in a way that will lead to the routine destruction of evidence. Indeed, in the telecommunications business, federal law requires that telecommunications equipment be designed specifically to support lawful law enforcement activities. Congress has been discussing in the hypothetical whether such requirements should apply to devices like the iPhone — cases such as this have a way of turning such hypothetical discussions into real legislation.
But the Internet says I should be worried. Shouldn’t I be worried?
No. There are two reasons why you should not be worried: This order facilitates neither easy nor widespread surveillance, and the legal basis for the order is narrow.
First, this is not a case about security. It is not about weakening encryption that is used to keep information from the hands of those not authorized to access it. Rather, it is about a technology that potentially destroys data — that is designed, at least in part, to keep data from those who are legally authorized to access it.
But the present concerns would be overwrought even were this not the case. What new opportunities for surveillance would there be if self-destruct features such as those at issue here were illegal? Anyone wanting to access data on the phone would still need to decrypt it. This puts access beyond the skill or resources of ordinary thieves. This would be a terrible approach to gaining access to a user’s information or to engage in identity theft — and if that is an attacker’s goal, they likely have much better means to engage in whatever nefarious activity they intend.
Only the government is likely to gain increased access to devices by outlawing self-destruct features like this. More specifically, only entities with reasonably extensive resources, interest in a specific individual’s device, and physical access to that device are likely to gain from this. This rules out the great Snowden concern — that removing the self-destruct feature would facilitate widespread government surveillance. Such surveillance would still not be possible because the government would need to break the encryption on each device it intends to surveil.
And second, contrary to the concerns expressed by some, the All Writs Act is not a grant of unbridled judicial authority. An order issued under the act needs to be necessary to fulfilling some other action within the court’s authority and written to appropriately fulfill that objective without unduly burdening other parties. It is generally used when needed “to effectuate and prevent the frustration of orders [that a court] it has previously issued,” or to fill in “gaps” in the law that “threaten to thwart the otherwise proper exercise of federal courts’ jurisdiction.”
Contrary to Tim Cook’s concerns, courts do not have plenary authority to “intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.” And, where they may have some authority to authorize such conduct, it is limited at least by the fourth Amendment and usually limited even further by statute. The All Writs Act doesn’t expand a court’s authority — it only allows it to exercise what authority it clearly does have, including commandeering the assistance of those who would otherwise deliberately obstruct a lawful court order.
*The title of today’s post is a riff on the popular catchphrase and Internet meme, ‘All your base are belong to us (1),’ and not a typo.