Two Issues with the FBI & Apple

February 18, 2016

by Jay Marshall Wolman, CIPP/US

By now, practically everyone who cares has heard that Magistrate Pym has ordered Apple to help the FBI crack open an iPhone related to the San Bernadino shooting.  The order is pursuant to the All Writs Act, codified at 28 U.S.C. sec. 1651.  In short, it is a catch-all that lets courts issue whatever orders they feel like.  In response, Apple CEO Tim Cook sent a letter saying he opposed the order.  Notably, he wrote:

But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

There’s been a lot of discussion, but little focused on two issues that deserve some attention.  First, this isn’t simply asking Apple to turn over a piece of software or asking to borrow a gadget.  They are, if Mr. Cook is to be believed, asking Apple to write new software.  Software is a creative process, a means of expression; this is why it is protected by copyright. Apple itself was instrumental in this determination.  See  Apple v Franklin, 714 F.2d 1240 (3d Cir. 1983).  In a nutshell, the Order is tantamount to ordering Frank Gehry to design a building featuring straight lines and right angles or ordering Stephen King to write a Harry Potter/Game of Thrones cross-over (assuming, in theory, a criminal investigation that would make such desirable).  EFF briefly touched on this last year in similar circumstances.  The All Writs Act may date to 1789, but it predates the ratification of the First Amendment in 1791 and is subject to it.  The Government may not simply compel speech.  See, e.g., Knox v. SEIU , 567 U.S. 310 (2012)(“The government may not prohibit the dissemination of ideas that it disfavors, nor compel the endorsement of ideas that it approves.”).  

Second, there’s a certain subtext in Mr. Cook’s message.  What he says is that it is too dangerous to create, not that it is unfeasible to create.  The issue faced by the FBI is that the iPhone at issue may erase all data after too many failed attempts at a brute-force passcode hack.  So, they want Apple to design a work-around that would enable them to guess all possible passcodes without bricking the phone.  The auto-erase function is a security feature; the iPhone is encrypted by default.  We rely on this as part of our daily security–heck, I’m sure the government relies on it.  We’ve all seen street magicians use incredible slight of hand–how hard would it be for one of our diplomats, officers, or defense contractors to have had a foreign spy (let’s say–North Korean) swipe their iPhone (and SIM cards) and replace it with a counterfeit.  In that scenario, the person would try their passcode 10 times, fail, wonder why, but feel secure that the iPhone wiped itself.  Yet, the real phone would be in the hands of the foreign government.  Maybe the FBI and Apple haven’t yet developed the tool that bypasses the 10-tries-and-erase feature, but a foreign intelligence agency might have.  Our own NSA might have it also, but just isn’t sharing with the FBI.  This tells me that no iPhone is actually secure.  Though there is pretty much no such thing as an unbreakable lock, such a tool might enable a brute force attack on your phone to crack it in as little as 12 hours.  That’s more than enough time before the subject realizes his phone was swapped rather than just suffering a glitch.  As much as we may want Apple to be able to recover our phones if we forget our own passcodes, we really should want them to make a phone they themselves cannot crack.

These are the issues we should be discussing, in addition to whether we generally think it right for the government to ask Apple to hand over the keys to the kingdom.


Lawyer Mind Tricks

December 24, 2015

by Jay Marshall Wolman, CIPP/US

Like many of you, I saw Star Wars Episode VII: The Force Awakens.  I’m a lawyer and had law-oriented thoughts.  This post contains spoilers, so scroll past this image:

 

indiana-jones-et-le-temple-maudit_1368125780

and this one:

r2d2-3cpo-indiana-jones

OK, that should be far enough.

  1.  Cyber Security.  Star Wars exists in a galaxy where they have some form of holographic Skype/Facetime/etc.  The Jedi Council used in the prequels, and Lord Vader communicated with the Emperor this way.  Yet, in both A New Hope and in The Force Awakens, we have sensitive information transmitted through a physical medium given to a mobile AI.  In The Force Awakens, it makes sense that there are limited copies of the route to Luke.  Presumably they are using some sort of DRM to prevent multiple copies from being made.  Even so, there was a clear data breach–the AI, BB-8, was hacked through social engineering to reveal the route, copied to the memory banks of those who viewed it.  Kylo Ren identified this breach and sought to exploit it; fortunately, Rey was able to prevent it from being exploited, but this was moral luck, and not good planning.  Ideally, the data should have been better secured so that even BB-8 could not access it.  [This appears to be a general flaw, where the R2-D2 was able to plug into the Death Star and access data and control systems.]  Having a single copy, though, also increases the risks that it could be destroyed.  [I should also note that it was silly that R2-D2 was given the sole copy of the plans to the Death Star–those should have been immediately uploaded for broad distribution.  Another example of poor data management.]
  2. Kidnapping/Arrests.  In A New Hope, the Empire kidnaps and tortures an Imperial Senator and destroys her entire planet without due process.  We are told they are evil, so let’s presume ordinary natural rights do not apply under that regime.  Fair enough.  Presumably the First Order, as a non-governmental entity, certainly not constrained by the laws of war, cannot be similarly judged.  But in The Force Awakens, Leia sends Han to bring Ben Solo/Kylo Ren back.  As an agent of the First Order and having been complicit with and committed numerous atrocities, one would expect that he would be required to stand trial for his crimes.  But on what authority could he be held?  The Resistance was not formally part of the New Republic; the support was clandestine.  Blowing up Starkiller Base was a justifiable act of self-preservation (though I do wonder why they didn’t attempt to evacuate).  Holding and trying Ben for his crimes would require the re-establishment of a legitimate government.
  3. Slavery.  We are supposed to feel bad for FN-2187 because he was taken as a child to be raised and conditioned as a storm trooper.  But what of the Jedi?  In Revenge of the Sith and in The Force Awakens, we learn of children left (taken?) with the Jedi to be indoctrinated and trained in their ways.  There seems to be no regulatory oversight looking out for the welfare of the children.  And what of the sentient AIs?  Just because they may be conditioned to thank the maker at the drop of a hat does not make them of less value.
  4. Theft.  A tear comes to our eyes when we think of the demise of the late, great, Han Solo.  You know, the guy who cheated Jabba the Hut.  Who also cheated both the Guavian Death Gang and the Kanjiklub Gang in The Force Awakens.  Who steals back the Millenium Falcon for old time’s sake, from  Rey, who stole it from her guardian.  Granted, it appears that Han did not sell the Falcon, but capturing it mid-flight, seizing its contents and personnel in the process, seems like unlawful self-help.  We are also invited to cheer for Rey–a thief, who by moral luck has some skillz.  We even get to know Kylo Ren based on his chat with dead-grandpa Vader’s helmet–and how he came into possession of that is likely a matter of theft as well.  And let’s not forget the light-saber.  You know–the one built by Anakin, stolen by Obi Wan, fenced to Luke, until the rightful owner, Vader, caused it to be deposited on Bespin.  However Maz Kanata came into possession, it was not hers to give away, least of all to Rey.  As a known Skywalker, Ben Solo clearly had superior title; here, though, since Rey did offer it to Luke (and presumably told Leia), it is back in lawful hands.  This, of course, assumes that galactic estate law permitted the light saber to be demised to a Skywalker, notwithstanding the substantial claims against Anakin’s estate.

Looking forward to Episode VIII!