DOJ dismisses Apple’s arguments against decrypting iOS communications

Does Apple’s ownership of iOS make it responsible for all user-encrypted data?

The U.S. government rejected Apple’s arguments in federal court that unlocking iOS devices for police would damage the tech giant’s public image and overburden its employees and resources.

Federal courts should require Apple to unlock encrypted data because the operating system is “licensed, not sold,” to customers, the Justice Department argued in a reply brief in the U.S. District Court for the Eastern District of New York.

“To the contrary, Apple demonstrates why any cumulative burden is minimal and likely to decrease…”

“Apple designed, manufactured, and sold [the phone] that is the subject of the search warrant,” the government told U.S. Magistrate Judge James Orenstein. “But that is only the beginning of Apple’s relationship to the phone and to this matter. Apple wrote and owns the software that runs the phone, and this software is thwarting the execution of the warrant.”

The Justice Department filing, in a case involving an iPhone discovered on a suspect indicted for methamphetamine possession, reflects the broader battle between government and industry over law-enforcement access to encrypted communications. This debate, known as the “Crypto Wars,” has pitted technology companies and privacy groups against police and intelligence agencies since at least the 1990s.

The government noted in its reply that Apple has openly admitted that it licenses iOS, meaning it does not fully transfer the attendant rights and responsibilities of ownership to its customers. “Apple’s software licensing agreement specifies that iOS 7 software is ‘licensed, not sold’ and that users are merely granted “a limited non-exclusive license to use the iOS Software,” the brief said.

Apple filed a brief of its own on Monday saying that, “in most cases now and in the future,” it would be “impossible” for it to extract encrypted data from an iOS device. Every device running at least iOS 8, released in late 2014, encrypts and stores all of its communications in a way that Apple cannot reverse-engineer. But the defendant in the New York drug case is not among the approximately 90 percent of Apple device owners running at least iOS 8, so Apple retains the technical ability to provide the suspect’s communications to police.

But Apple argued in its brief that, while decrypting a single phone was not particularly onerous, doing so would set a precedent that would unduly burden the company in the future. Routinely aiding law enforcement, the company said, would substantially tax its resources, diverting employees, software, and equipment from daily operations. “This burden,” it argued, “increases as the number of government requests increases.”

The Justice Department dismissed this argument. “Apple asserts that its burden ‘increases as the number of government requests increases,’” the government replied on Thursday, “but it makes no attempt to quantify this burden or demonstrate that such orders have in fact cumulatively burdened it significantly.

“To the contrary, Apple demonstrates why any cumulative burden is minimal and likely to decrease with regard to the type of relief requested here: by its own measure, Apple retains the ability to bypass the passcode on only the 10 percent of its mobile devices that are ‘pre-iOS 8,’ and that number will continue to shrink as new devices are upgraded and replaced.”

Robert Capers, the author of the Justice Department’s brief, has been nominated by President Barack Obama to succeed Loretta Lynch, now Obama’s attorney general, as the U.S. Attorney for the Eastern District, which includes Brooklyn, Queens, and Staten Island.

Apple had also argued that decrypting user data for police would damage its reputation at a time when “public sensitivity to issues regarding digital privacy and security is at an unprecedented level.” The harm to Apple’s reputation and its relationship with its customers, it said, “could have a longer term economic impact beyond the mere cost of performing the single extraction at issue.”

The government rejected this argument, saying that Apple offered no concrete evidence that reputational concerns constituted an “undue burden” as defined by law.

“The government sort of waved its hand and said ‘those aren’t relevant concerns here.’”

Andrew Crocker, a staff attorney at the Electronic Frontier Foundation, which has filed a brief in the case, said it’s irrational for the court to compel Apple to turn over information it doesn’t already possess. “This is just the government sort of grasping at reasons why Apple is somehow already involved in the case,” he told the Daily Dot by phone.

The Justice Department’s flat-out rejection of Apple’s brand-integrity concerns was dismissed too hastily, says Crocker. “The government sort of waved its hand and said ‘those aren’t relevant concerns here.’”

“The government’s argument is essentially that Apple has never really objected in this case, and in fact they’ve set up guidelines by which they’ll comply—and that might be true—but that doesn’t stop Apple from objecting in any particular case,” Crocker added. “They have the ability to do that here, and clearly the judge was concerned about it too.”

In addition, Apple warned that, if it were forced to routinely decrypt data for law enforcement, its employees could theoretically be subpoenaed in every case to provide expert testimony and endure cross-examination in court.

The company cited a 2012 federal appeals-court case, U.S. v. Cameron, in which a three-judge panel ruled that a convicted child pornographer’s Sixth Amendment rights were violated when he was prevented from confronting in court the Yahoo employee who originally discovered his illicit material. The judges subsequently vacated the district court’s judgement, reversing six of the defendant’s counts.

Apple did not immediately respond to a request for comment.

H/T Nate Cardozo | Photo via Janitors/Flickr (CC BY 2.0)

Dell Cameron

Dell Cameron

Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.