Security

Apple Files Motion To Vacate The Court Order To Force It To Unlock iPhone, Citing Constitutional Free Speech Rights

Comment

Image Credits:

In a discussion with Apple executives today, TechCrunch was informed that Apple had filed a motion to vacate in the case of the FBI compelling Apple to assist in unlocking an iPhone belonging to Syed Farook.

The executive said that “within hours” Apple had provided the information requested by the government on December 6 and again on December 16, and that it cooperated again on January 22 (responded to on the 26).

Apple says that it would have to create a ‘Government OS’ or GovtOS, for the FBI in order to cooperate with the FBI. It would also need to create an FBI forensics lab on site that Apple says could likely be used to unlock iPhones in the future, which law enforcement officials have already indicated in public statements.

In the motion, Apple hinges its argument on the fact that the FBI is attempting to greatly expand the use of the All Writs Act:

No court has ever granted the government power to force companies like Apple to weaken its security systems to facilitate the government’s access to private individuals’ information. The All Writs Act does not support such sweeping use of judicial power, and the First and Fifth Amendments to the Constitution forbid it.

On February 16, Apple says that the FBI filed an order with the court that required Apple to create this software and within hours the court had granted the request. Apple re-stated that it had no warning or communication from the government before the order was published.

“In order to comply with the Gov’t demands, Apple would need to create a new ‘GovtOS’ and FBI forensics lab on site that has the potential to be used on hundreds of phones now in law enforcements possession in conflict with existing law as well as the First and Fifth Amendment of the United States Constitution,” says Apple in the act.

Apple also states that the request violates Apple’s constitutional rights.

The demand violates Apple’s First Amendment rights against compelled speech and viewpoint discrimination. Apple wrote code for its operating system that reflects Apple’s strong view about consumer security and privacy. By forcing Apple to write software that would undermine those values, the government seeks to compel Apple’s speech and to force Apple to express the government’s viewpoint on security and privacy instead of its own.

The government’s demand also violates Apple’s Fifth Amendment right to be free from arbitrary deprivation of its liberties in that it would conscript Apple to develop software that undermines the security mechanisms of its own products.

Microsoft said today that it will file an amicus brief with the courts to support Apple in its battle with the government. At a congressional hearing today, its Chief Legal Officer Brad Smith said that the case has implications for others.

Apple says that it expects more companies to file amicus support for its efforts to oppose the order. Hearings on the order and rebuttal are set to be heard on March 22 at 1pm.

The defense

Apple’s reasoning in the brief rests on three pillars. First, that forcing Apple to write code that weakens its devices and the security of its customers constitutes a violation of free speech as protected by the Constitution.

Second, that the burden the FBI is putting on it by requesting that Apple write the software and assist in unlocking the device is too large. Apple argues that it would have to create the new version of iOS, called GovtOS, which requires coding, signing, verification and testing. It would then have to create an FBI forensics laboratory on site at its headquarters and staff it. The burden would then extend to what Apple views is the inevitable onslaught of additional devices that would follow after the precedent was set.

In addition to free speech, Apple argues that the Fifth Amendment’s Due Process clause prohibits the government from compelling Apple to create the new version of iOS. Apple argues that there is no court precedent for forcing a company to create something new, like GovtOS.

“But compelling minimal assistance to surveil or apprehend a criminal (as in most of the cases the government cites), or demanding testimony or production of things that already exist (akin to exercising subpoena power), is vastly different, and significantly less intrusive, than conscripting a private company to create something entirely new and dangerous. There is simply no parallel or precedent for it,” reads the filing.

The filing

Apple argues that if it complies, a litany of requests (it says hundreds) would come in within “a matter of days.” It’s establishing that there is a precedent being set here, that this is not about an isolated case alone:

“The government says: “Just this once” and “Just this phone.” But the government knows those statements are not true; indeed the government has filed multiple other applications for similar orders, some of which are pending in other courts. And as news of this Court’s order broke last week, state and local officials publicly declared their intent to use the proposed operating system to open hundreds of other seized devices—in cases having nothing to do with terrorism. If this order is permitted to stand, it will only be a matter of days before some other prosecutor, insome other important case, before some other judge, seeks a similar order using this case as precedent.”

Here, Apple brings up the international angle while broadening the discussion to encryption. If it complies with the order, then U.S. encryption would be weakened, and encryption created by foreign companies would be utilized instead. This is a common defense used by proponents of strong encryption. Basically, if you outlaw good encryption, the only people that will suffer are the law-abiding. Everyone else, including bad actors, will be just fine.

“Despite the context of this particular action, no legal principle would limit the use of this technology to domestic terrorism cases—but even if such limitations could be imposed, it would only drive our adversaries further underground, using encryption technology made by foreign companies that cannot be conscripted into U.S. government service. Indeed, the FBI’s repeated — leaving law-abiding individuals shouldering all of the burdens on liberty, without any offsetting benefit to public safety. Indeed, the FBI’s Repeated warnings that criminals and terrorists are able to “go dark” behind end-to-end encryption methods proves this very point.”

Then, Apple goes into a lengthy description of what it would need to do in order to comply with the government’s demands. In short, it would need to fire up a whole team dedicated to creating what is essentially a brand-new version of iOS, maintain a lab on site and facilitate what would undoubtedly be hundreds of additional requests for unlocking. This is key to its “undue burden” defense.

The compromised operating system that the government demands would require significant resources and effort to develop. Although it is difficult to estimate, because it has never been done before, the design, creation, validation, and deployment of the software likely would necessitate six to ten Apple engineers and employees dedicating a very substantial portion of their time for a minimum of two weeks, and likely as many as four weeks. Members of the team would include engineers from Apple’s core operating system group, a quality assurance engineer, a project manager, and either a document writer or a tool writer.

No operating system currently exists that can accomplish what the government wants, and any effort to create one will require that Apple write new code, not just disable existing code functionality. Rather, Apple will need to design and implement untested functionality in order to allow the capability to enter passcodes into the device electronically in the manner that the government describes. In addition, Apple would need to either develop and prepare detailed documentation for the above protocol to enable the FBI to build a brute-force tool that is able to interface with the device to input passcode attempts, or design, develop and prepare documentation for such a tool itself. Further, if the tool is utilized remotely (rather than at a secure Apple facility), Apple will also have to develop procedures to encrypt, validate, and input into the device communications from the FBI. This entire development process would need to be logged and recorded in case Apple’s methodology is ever questioned, for example in court by a defense lawyer for anyone charged in relation to the crime. Once created, the operating system would need to go through Apple’s quality assurance and security testing process. Apple’s software ecosystem is incredibly complicated, and changing one feature of an operating system often has ancillary or unanticipated consequences.

As a part of its Fifth Amendment defense, Apple argues that being forced to create a version of its software that weakens security is a gross expansion of the All Writs Act and is indeed counter to the Constitution. It argues that the legal case set out here has no practical limits, and could be used to force Apple (or another company) to essentially break any feature and cross any privacy line once a precedent was set.

In addition, compelling Apple to create software in this case will set a dangerous precedent for conscripting Apple and other technology companies to develop technology to do the government’s bidding in untold future criminal investigations. If the government can invoke the All Writs Act to compel Apple to create a special operating system that undermines important security measures on the iPhone, it could argue in future cases that the courts should compel Apple to create a version to track the location of suspects, or secretly use the iPhone’s microphone and camera to record sound and video.

Background

Apple is currently in a war of both court orders and public opinion in the case of a locked iPhone. The FBI wants Apple to build a special version of iOS that would weaken the device’s security and install it on the device. This version of iOS would allow the FBI to “brute force” the device’s pin code by trying it hundreds or thousands of times without delay or the device erasing itself.

The FBI argues that this is a very specific request, for a specific device that is associated with Syed Farook, one of the shooters in the San Bernardino workplace violence incident which left 14 dead. The FBI has deemed Farook and his wife terrorists and says that it needs access to the device in order to pursue leads.

Apple, for its part, argues that the FBI is using the All Writs Act, a 200-year-old law, too broadly in trying to get it to write code that would make the security of its devices worse. Apple plans to argue that the court’s order violates its free speech rights and CEO Tim Cook has given an extensive interview laying out how Apple looks at the case. In his remarks, he expounded on the points which Apple has been talking about to reporters, the most pointed of which is that this is not about just “one iPhone” and any ruling would be used to force Apple to unlock customer phones again and again.

The implications of the case are wide-ranging. The security of customer data in the United States, as well as the millions of Apple devices around the world will hinge on how the court battle turns out. There are solid indications that if the FBI does gain access to the device, it will issue another order to then have Apple decrypt the device’s contents. Law enforcement officials have indicated that they have a long list of devices and would take advantage of a precedent set here to force Apple to unlock.

Reports also indicate that Apple is making plans to improve iPhone and iCloud security to the point at which it will no longer be able to comply with government requests for information. These plans were hinted at in our discussion with Apple executives last week, where we noted that “the executive also indicated that it was fair to anticipate that Apple would continue to harden iPhone security to protect users against this kind of cracking, whether by Apple or otherwise.”

It’s worth noting that Apple has had a long history of cooperating with law enforcement requests for information. While it has not unlocked iPhones, it has extracted data from phones.

Those other cases could include legislation or further orders that weaken or alter the ground rules for encryption on devices from phones to smart home units to pretty much anything with an internet connection. If you use any such device to communicate over the Internet, it is likely that it uses encryption. If advocates are able to pass legislation that weakens encryption by giving the U.S. government a “back door,” then it is a matter of time before foreign countries push for the same from companies that do business there — and before bad actors like hackers discover the door and use it for themselves.

FBI Director James Comey and Apple General Counsel Bruce Sewell are set to testify on encryption at a March 1 Congressional hearing.

Update: The Justice Department has issued the following response to Apple’s filing. We’ve also updated the piece to reflect the hearing date:

The Justice Department’s approach to investigating and prosecuting crimes has remained the same; the change has come in Apple’s recent decision to reverse its long-standing cooperation in complying with All Writs Act orders. Law enforcement has a longstanding practice of asking a court to require the assistance of a third-party in effectuating a search warrant. When such requests concern a technological device, we narrowly target our request to apply to the individual device. In each case, a judge must review the relevant information and agree that a third party’s assistance is both necessary and reasonable to ensure law enforcement can conduct a court-authorized search. Department attorneys are reviewing Apple’s filing and will respond appropriately in court.

The motion to vacate is below:

Apple Motion to Vacate Brief and Supporting Declarations (1)

Apple vs FBI

More TechCrunch

Welcome back to TechCrunch’s Week in Review. This week had two major events from OpenAI and Google. OpenAI’s spring update event saw the reveal of its new model, GPT-4o, which…

OpenAI and Google lay out their competing AI visions

Expedia says Rathi Murthy and Sreenivas Rachamadugu, respectively its CTO and senior vice president of core services product & engineering, are no longer employed at the travel booking company. In…

Expedia says two execs dismissed after ‘violation of company policy’

When Jeffrey Wang posted to X asking if anyone wanted to go in on an order of fancy-but-affordable office nap pods, he didn’t expect the post to go viral.

With AI startups booming, nap pods and Silicon Valley hustle culture are back

OpenAI’s Superalignment team, responsible for developing ways to govern and steer “superintelligent” AI systems, was promised 20% of the company’s compute resources, according to a person from that team. But…

OpenAI created a team to control ‘superintelligent’ AI — then let it wither, source says

A new crop of early-stage startups — along with some recent VC investments — illustrates a niche emerging in the autonomous vehicle technology sector. Unlike the companies bringing robotaxis to…

VCs and the military are fueling self-driving startups that don’t need roads

When the founders of Sagetap, Sahil Khanna and Kevin Hughes, started working at early-stage enterprise software startups, they were surprised to find that the companies they worked at were trying…

Deal Dive: Sagetap looks to bring enterprise software sales into the 21st century

Keeping up with an industry as fast-moving as AI is a tall order. So until an AI can do it for you, here’s a handy roundup of recent stories in the world…

This Week in AI: OpenAI moves away from safety

After Apple loosened its App Store guidelines to permit game emulators, the retro game emulator Delta — an app 10 years in the making — hit the top of the…

Adobe comes after indie game emulator Delta for copying its logo

Meta is once again taking on its competitors by developing a feature that borrows concepts from others — in this case, BeReal and Snapchat. The company is developing a feature…

Meta’s latest experiment borrows from BeReal’s and Snapchat’s core ideas

Welcome to Startups Weekly! We’ve been drowning in AI news this week, with Google’s I/O setting the pace. And Elon Musk rages against the machine.

Startups Weekly: It’s the dawning of the age of AI — plus,  Musk is raging against the machine

IndieBio’s Bay Area incubator is about to debut its 15th cohort of biotech startups. We took special note of a few, which were making some major, bordering on ludicrous, claims…

IndieBio’s SF incubator lineup is making some wild biotech promises

YouTube TV has announced that its multiview feature for watching four streams at once is now available on Android phones and tablets. The Android launch comes two months after YouTube…

YouTube TV’s ‘multiview’ feature is now available on Android phones and tablets

Featured Article

Two Santa Cruz students uncover security bug that could let millions do their laundry for free

CSC ServiceWorks provides laundry machines to thousands of residential homes and universities, but the company ignored requests to fix a security bug.

1 day ago
Two Santa Cruz students uncover security bug that could let millions do their laundry for free

TechCrunch Disrupt 2024 is just around the corner, and the buzz is palpable. But what if we told you there’s a chance for you to not just attend, but also…

Harness the TechCrunch Effect: Host a Side Event at Disrupt 2024

Decks are all about telling a compelling story and Goodcarbon does a good job on that front. But there’s important information missing too.

Pitch Deck Teardown: Goodcarbon’s $5.5M seed deck

Slack is making it difficult for its customers if they want the company to stop using its data for model training.

Slack under attack over sneaky AI training policy

A Texas-based company that provides health insurance and benefit plans disclosed a data breach affecting almost 2.5 million people, some of whom had their Social Security number stolen. WebTPA said…

Healthcare company WebTPA discloses breach affecting 2.5 million people

Featured Article

Microsoft dodges UK antitrust scrutiny over its Mistral AI stake

Microsoft won’t be facing antitrust scrutiny in the U.K. over its recent investment into French AI startup Mistral AI.

1 day ago
Microsoft dodges UK antitrust scrutiny over its Mistral AI stake

Ember has partnered with HSBC in the U.K. so that the bank’s business customers can access Ember’s services from their online accounts.

Embedded finance is still trendy as accounting automation startup Ember partners with HSBC UK

Kudos uses AI to figure out consumer spending habits so it can then provide more personalized financial advice, like maximizing rewards and utilizing credit effectively.

Kudos lands $10M for an AI smart wallet that picks the best credit card for purchases

The EU’s warning comes after Microsoft failed to respond to a legally binding request for information that focused on its generative AI tools.

EU warns Microsoft it could be fined billions over missing GenAI risk info

The prospects for troubled banking-as-a-service startup Synapse have gone from bad to worse this week after a United States Trustee filed an emergency motion on Wednesday.  The trustee is asking…

A US Trustee wants troubled fintech Synapse to be liquidated via Chapter 7 bankruptcy, cites ‘gross mismanagement’

U.K.-based Seraphim Space is spinning up its 13th accelerator program, with nine participating companies working on a range of tech from propulsion to in-space manufacturing and space situational awareness. The…

Seraphim’s latest space accelerator welcomes nine companies

OpenAI has reached a deal with Reddit to use the social news site’s data for training AI models. In a blog post on OpenAI’s press relations site, the company said…

OpenAI inks deal to train AI on Reddit data

X users will now be able to discover posts from new Communities that are trending directly from an Explore tab within the section.

X pushes more users to Communities

For Mark Zuckerberg’s 40th birthday, his wife got him a photoshoot. Zuckerberg gives the camera a sly smile as he sits amid a carefully crafted re-creation of his childhood bedroom.…

Mark Zuckerberg’s makeover: Midlife crisis or carefully crafted rebrand?

Strava announced a slew of features, including AI to weed out leaderboard cheats, a new ‘family’ subscription plan, dark mode and more.

Strava taps AI to weed out leaderboard cheats, unveils ‘family’ plan, dark mode and more

We all fall down sometimes. Astronauts are no exception. You need to be in peak physical condition for space travel, but bulky space suits and lower gravity levels can be…

Astronauts fall over. Robotic limbs can help them back up.

Microsoft will launch its custom Cobalt 100 chips to customers as a public preview at its Build conference next week, TechCrunch has learned. In an analyst briefing ahead of Build,…

Microsoft’s custom Cobalt chips will come to Azure next week

What a wild week for transportation news! It was a smorgasbord of news that seemed to touch every sector and theme in transportation.

Tesla keeps cutting jobs and the feds probe Waymo