Article Lead Image

The 1789 law the U.S. is using to force Apple to break the iPhone’s security

An 18th century law is being used to solve a 21st century problem.

 

William Turton

Tech

Posted on Feb 17, 2016   Updated on May 27, 2021, 5:08 am CDT

When a U.S. magistrate judge demanded Apple create specialized software to bypass security on the iPhone that belonged to San Bernardino, California, shooter Syed Rizwan Farook, she couldn’t use a normal court order.

Instead, because there isn’t actually a law on the books explicitly describing a scenario to demand a tech company to write code to undermine its own product’s security, the court relied on a law originally created 227 years ago: the All Writs Act.

For background, a “writ” is just legal jargon for a formal legal order. The All Writs Act was included in the Judiciary Act of 1789, which was enacted in the first ever session of the United States Congress.

There are a few qualifications that must be met in order for the the All Writs Act to be used as a way to compel Apple to create this software:

  • The All Writs Act is only applicable if no statute, law or rule on the books to deal with the specific issue at hand.

  • The business in question (Apple) has some connection to the investigation.

  • There are extraordinary circumstances that justify the use of the All Writs Act.

  • The All Writs Act only applies if compliance is not an unreasonable burden.

In this scenario, the first three qualifications of the All Writs Act have been met. First, there isn’t a law or statute specifically compelling a software company to create new software in order to bypass a security feature on a device it developed. Second, Apple is clearly connected to this investigation, as it developed and created the product in question, Farook’s iPhone 5c. Third, the U.S. government qualifies this as an extraordinary circumstance, as Farook and his wife Tashfeen Malik killed 14 people in San Bernardino, and information on Farook’s phone is undeniably important to investigations.

The fourth qualification is where things get interesting.

As reflected in the last paragraph of the court order, the request must not be “unreasonably burdensome.” This is where Apple bases its argument, via the court order:

To the extent that Apple believes that compliance with this Order would be unreasonably burdensome, it may take an application to this court for relief within five business days of the receipt of this order.  

The case in question is fairly unique. Farook had an iPhone 5c. This model iPhone has an optional security feature, which he may have enabled, to erase all data on the phone after 10 failed passcode attempts. Apple, by design, doesn’t have the means to override this. So the U.S. wants Apple to create specialized software to disable that feature, as well as to remove any software that would introduce a delay in between password attempts, helping law enforcement guess more passwords at a faster rate. As a security precaution for users, Apple has designed the hardware of the iPhone to introduce an 80 millisecond delay between passcode attempts to thwart “brute force” attempts to break in—a standard method used by both malicious hackers and, at least in this case, the FBI.

The case of Farook’s iPhone 5c isn’t the first time a judge has used the All Writs Act to compel Apple to assist the United States government in unlocking an iPhone. In the Eastern District Court of New York, Apple is currently fighting an order to assist in unlocking an iPhone owned by a convicted drug dealer. Unlike Farook’s phone, the iPhone in that case is unencrypted. Apple currently has the ability to help law enforcement unlock that phone, as it has done at least 70 times in the past, according to prosecutors.

Apple CEO Tim Cook rejected the order to unlock Farook’s iPhone in a statement released Wednesday morning. “Opposing this order is not something we take lightly,” Cook wrote. “We feel we must speak up in the face of what we see as an overreach by the U.S. government.”

Apple, as well as privacy advocates, fear the specialized software that Apple would be forced to create could very easily be abused, and that if it fell into the wrong hands, it would put the security of every iPhone user at risk.

“Up to this point, we have done everything that is both within our power and within the law to help them,” Cook said. “But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.”

Apple will almost certainly argue, as Tim Cook did in his statement, that creating the software required by this order will be a massive burden in multiple ways. In the Eastern District of New York case, one of Apple’s paramount arguments was that it would do massive damage to Apple’s brand, as customers wouldn’t trust the company to protect its data. Apple could also argue that the creation of this software would undermine the security of all of their devices.

What happens next? First, Apple will appeal. Then it’s up to the court to decide.

Clarification: It is unclear whether Farook enabled the feature that erases the iPhone’s data after 10 failed login attempts.

Photo via Kelvinsong/Wikimedia Commons (CC BY 3.0)

Share this article
*First Published: Feb 17, 2016, 1:32 pm CST