The order issued Tuesday by Magistrate Judge Sheri Pym in the Central District of California (government's motion and order, court documents via EFF) commands Apple to produce a custom version of iOS that disables the auto-erase function and the inter-attempt delay on a single iPhone 5C — the device of Syed Farook, the San Bernardino shooter. The legal vehicle is the All Writs Act of 1789. Apple's open letter from Tim Cook on Wednesday morning (apple.com/customer-letter) refuses, and the public argument is now joined.
The technical content of the request is narrower than much of the press coverage suggests. The iPhone 5C does not have the Secure Enclave that ships in the 5S and later, so the passcode-derivation cryptography is implemented in software in the device's flash. Apple, possessing the firmware-signing key, can in principle build and sign a firmware image that lifts the auto-erase-after-ten-failed-attempts behaviour and the time delays between passcode attempts, install that firmware on the recovered device through Device Firmware Update mode, and present it to the FBI for a brute-force attack on the four-digit passcode. The brute-force itself, with the protections lifted, completes in minutes. The chain of custody and operational specifics are technical, and Apple's brief in opposition will detail them, but the request is feasible against this specific class of hardware.
The legal question is whether the All Writs Act, a procedural statute that authorises courts to issue writs "necessary or appropriate in aid of their respective jurisdictions", reaches that far. The historical use of the All Writs Act has been narrow — to fill procedural gaps in the orderly administration of cases the court already has jurisdiction over. The order against Apple uses it as a substantive compulsion — not to assist with a particular evidentiary act on existing material, but to compel the creation of new material (the custom firmware) by a third party not itself involved in the underlying conduct. That is a substantial legal stretch. The Department of Justice's brief argues that the New York Telephone case from 1977 (United States v. New York Telephone Co., 434 U.S. 159) supports the reach. Apple will argue, correctly in my view, that the New York Telephone case turned on the use of an existing telephone-company capability (pen registers) on the company's own equipment, not on the compulsion of new product development.
The policy question is the more important one and is the one I want to engage with. The framing of the order as "just one phone, just one time" is not, on the technical evidence, sustainable. The custom firmware Apple would produce, once it exists, is reusable on any iPhone 5C in physical custody of an investigator. The signing key that produces it can produce others. The legal precedent that Apple can be compelled to do this work, once established, will be invoked in every subsequent case where the government wants access to a device. The specific technical controls (signed firmware that can only be installed via DFU on a single device, etc.) can mitigate but not eliminate the precedent's reach. The argument that the precedent stops at iPhone 5C devices in physical custody held in connection with terrorism investigations does not survive contact with the procedural reality of how legal precedent operates.
The wider question — and this is the part I keep coming back to in customer briefings — is what end-to-end encryption means as a property of products and as a piece of public policy. The encryption available on consumer devices and in messaging apps in 2016 is materially stronger than what was available in 2010. The Going Dark concern that James Comey has been articulating for the past two years (Comey speech at Brookings, October 2014) describes a genuine operational consequence for law enforcement: investigations that would once have been routinely supported by service-provider data are now meeting end-to-end-encrypted barriers that the service provider cannot remove. The question of what to do about that is, fundamentally, a political question about the relative weight of investigative access and citizen security. The technical positions taken in that political debate — "responsible encryption", "exceptional access", "key escrow" — have, on every technical analysis I have read in the past twenty years, the same problem: they introduce a structural weakness that is exploitable by adversaries other than the legitimate authorities the design is intended to serve.
The Crypto Wars of the 1990s had this argument, (Hal Abelson et al, "The Risks of Key Recovery" 1997) and the technical position has not changed since. The political position has, but the technical position has not. A key-escrow architecture has the same security properties as a non-escrowed architecture minus the protection against compromise of the escrow. The escrow is an attractive target. The escrow's compromise is a much larger event than any single device compromise. The mathematics has not changed since 1997.
For the customer programmes, the immediate operational consequence is small but real. Several of the vCISO clients have iOS device fleets in which the recoverability question matters — devices held by employees who leave, devices held by employees who die, devices in legal hold. The conversation I want to have with them this quarter is about the in-tenant management posture (Apple Configurator, MDM, the iOS supervised mode) which provides organisationally-controlled recovery at the cost of some user-side privacy. The Apple-FBI question is about consumer-grade unmanaged devices; the corporate posture has more options, and the right options are configurable rather than statutory.
Apple's filing is due in two weeks. The Department of Justice will respond. The case will likely be heard at length, possibly appealed, and possibly resolved without a precedent if the FBI obtains the unlock by other means before the legal question is finally answered. The other-means possibility is real: there are commercial vendors, Cellebrite among them, whose stock-in-trade is exactly this kind of device exploitation, and the FBI's procurement options are not exhausted by the All Writs Act order. If they do find another route, the legal question goes away for now. The political question does not.
The thing I want the customer briefings this quarter to land is that this is not, despite the news cycle, a story about one phone. It is a story about whether the operating-system vendors of the world can be conscripted by court order into modifying their products against their users. That is a precedent question that has consequences far beyond Cupertino, far beyond iOS, and far beyond the United States. I am writing more on this for the long-form essay file.