Silicon Valley firms are stressing constitutional objections as they join Apple’s side.
America’s largest tech companies are urging a federal court to accept Apple‘s argument that it should not have to help the U.S. government unlock a terrorist’s iPhone by writing special code that it has called dangerous and unprecedented.
The Justice Department on Feb. 16 secured a court order forcing Apple to write code that would let the FBI flood the iPhone of one of the San Bernardino shooters with password guesses. The government wants to unlock the phone so it can search for evidence that the husband-and-wife shooters had help planning the Dec. 2, 2015, shooting that killed 14 people and injured 22 others in San Bernardino, California.
Apple CEO Tim Cook quickly promised to appeal that order, arguing in a defiant open letter that it would set a precedent for more intrusive government demands for technical assistance. “The United States government,” Cook said, “has demanded that Apple take an unprecedented step which threatens the security of our customers.”
Four powerful trade groups representing a constellation of Silicon Valley firms—BSA | The Software Alliance, the Consumer Technology Association, the Information Technology Industry Council, and TechNet—filed a joint amicus brief on Thursday that touched on many of the major legal arguments and business concerns that Apple raised.
The industry groups—whose combined membership includes tech titans like Amazon, Facebook, Google, Microsoft, and Yahoo—argued that the order would “create a very reality security risk” for users of iPhones running the same operating system as the targeted phone, because the custom code “could fall into the wrong hands.” They also argued that, by forcing Apple to write this code, the government was forcing Apple to “undermine the hard-earned trust of its customers.
Amazon, Cisco, Dropbox, Evernote, Facebook, Google, Microsoft, Mozilla, Snapchat, Yahoo, and several other companies also filed a separate brief to “reject the government’s unsupported assertion that the law allows it to commandeer a company’s own engineers to undermine their products’ data security features.”
Social-media giant Twitter also joined the case on Apple’s side, filing a brief with 16 other Internet companies that called the government’s demand “extraordinary and unprecedented” and said it “threatens the core principles of privacy, security, and transparency that underlie the fabric of the Internet.”
The tech industry received support from civil-society organizations and the nation’s most accomplished cryptography experts. The Center for Democracy and Technology, the Electronic Privacy Information Center, Privacy International, and the American Civil Liberties Union filed briefs, as did the Electronic Frontier Foundation (with 46 experts, including the co-creator of a major encryption protocol) and Stanford’s Center for Internet and Society (with seven experts, including the preeminent security specialist Bruce Schneier).
The industry trade groups argued in their brief that the government’s demand—based on a broad law called the All Writs Act that lets courts issue any orders necessary to effectuate their rulings—had “no limiting principles.” Accepting the government’s argument, the groups said, would open the door to more burdensome and dangerous demands.
Twitter and its fellow Web companies agreed. “By circumventing the procedures adopted by Congress, and thereby overturning the careful weighing of policy considerations they reflect,” the companies argued, “the government is seeking to enlist the judiciary in re-writing laws without engaging in an essential public debate.”
Echoing what the industry groups said about limiting principles, the Web companies said in their brief that, using its current interpretation of the All Writs Act, “the government could require companies to break other aspects of their agreements with users—by collecting more information than disclosed, sharing the data in undisclosed or unintended ways, or even surreptitiously forcing users to download code mandated by the government to weaken the privacy and safety protections promised to users.”
The industry groups noted that Congress had considered and rejected legislation to require the kind of assistance sought in this case, and they suggested that the history of a wiretapping law called the Communications Assistance for Law Enforcement Act (CALEA) painted a picture of congressional intent that specifically excluded this type of demand.
“This Court should not transform the general language of the All Writs Act into all-purpose authority for compelling the very sorts of assistance from private companies that Congress has required only pursuant to detailed laws that carefully balance all of the relevant interests,” the groups said in their brief.
“Congress did not intend,” Twitter and its allies argued, “to give the government a blank check to compel law-enforcement assistance from third parties—the precise consequence of the government’s interpretation of the All Writs Act.”
AT&T and Intel filed separate briefs backing Apple.
“Even if Congress had not already made the judgment in CALEA to withhold such authority from the government, it would be bad policy to permit the government to compel companies to weaken the security features of their products in order to assist law enforcement,” Intel argued. “Companies such as Intel are in the business of improving the security of their technology products, not undermining it. Requiring companies such as Intel to weaken the security of their products would have serious repercussions for personal privacy and the security of the digital infrastructure.”
The security company added that “evaluating these competing and important policy considerations is a matter for Congress in the first instance.”
AT&T’s brief used comparatively softer language and spent more time acknowledging the law-enforcement perspective, but it nonetheless concluded that “the government’s proposed order compels Apple to take quite unusual and significant actions.”
Despite the tech industry’s public support for Apple, some tech executives privately harbor doubts about the optics of the case. The New York Times, citing unnamed executives, reported that “the worries centered not only on whether this was the right case for challenging the government but also on how public perceptions of the fight might reflect on the rest of the industry, according to tech executives involved in the discussions.”
Indeed, polls have shown that Americans do not overwhelmingly oppose government efforts to fight terrorism that infringe on privacy rights. Tech-industry leaders likely do not want to be seen as standing in the way of public-safety initiatives.
Silicon Valley firms may also fear jeopardizing their business relations with the federal government, one of the largest buyers of technology products and services. None of Apple’s hardware rivals would tell the Daily Dot what they thought of the legal fight, suggesting a desire to preserve lucrative contracts and duck privacy issues that some consider too esoteric to resonate loudly.
The battle between Washington and Silicon Valley over the iPhone of San Bernardino shooter Syed Rizwan Farook is part of a much larger debate about how tech companies should help the government investigate crimes and terrorism in an era of ubiquitous encryption that protects innocent Americans and lawbreakers alike.
In the wake of revelations by former NSA contractor Edward Snowden about surveillance programs targeting their customers’ data—including hacking into the cables that linked their data centers—America’s tech giants bolstered their internal security and added new forms of encryption to their products.
Apple provoked the most ire inside the government by adding full-disk encryption to iOS 8 in September 2014, which prevented its own engineers from breaking into new iPhones to give the government data. By consciously eliminating its ability to comply with search warrants, Apple had taken a step into legally uncharted waters.
Some senior law-enforcement and intelligence officials want tech companies to design their encryption with built-in holes that they can use to bypass the encryption if agencies serve them with search warrants. Technologists and privacy advocates warn that weakening encryption with these so-called “backdoors” would undermine individual, corporate, and government security and push legitimate and malicious users to unregulatable foreign platforms.
The White House considered and rejected various backdoor proposals, but in the wake of 2015 terrorist attacks like the San Bernardino shooting, lawmakers took matters into their own hands. The leaders of the Senate Intelligence Committee are planning a bill to mandate guaranteed-access solutions in encryption, while a bipartisan pair of lawmakers have introduced one to establish a fact-finding commission.
Update 3:00pm CT, March 3: Added Twitter’s brief.
Update 3:44pm CT, March 3: Added civil-society briefs.
Update 4:14pm CT, March 3: Added AT&T and Intel briefs.
Update 5:09pm CT, March 3: Corrected link to a brief.
Update 5:33pm CT, March 3: Added Access and Internet Association briefs.
Update 6:15pm CT, March 3: Added link to brief from group of tech companies.
Update 7:23pm CT, March 3: Added link to Privacy International brief.
Update 10:25pm CT, March 3: Added link to EPIC brief.
Illustration by Max Fleishman