The US government and Apple are locked in a legal battle over unlocking an iPhone used by one of the San Bernardino shooters. But a new court order is throwing a law that dates to the days of the founding fathers into a high-tech debate over digital security.
This week, a US magistrate judge in California ordered Apple to provide “reasonable technical assistance” to the government as it tries to bypass security features built into its products based on an interpretation of the “All Writs Act.”
The original form of that statute dates to the Judiciary Act of 1789, centuries before the iPhone was a twinkle in Steve Jobs’ eye. In its current form, the law gives federal courts the power to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”
(Also see: Apple Being Asked for Access to Just One iPhone, Says White House)
Basically, it’s “a very short, cryptic statute” that gives the courts “all sorts of incidental powers” to require things not specifically covered by other laws, according to Stephen Vladeck, a law professor at American University.
In the past, the act has been used to compel non-parties – like service providers of tech companies – to help in criminal investigations, Vladeck said. But that help has typically been limited to straightforward requests, like activating or turning off particular features and using systems that are already in place, he said.
(Also see: What Apple and the US Government Are Fighting Over)
The new order is different: It tells Apple to help the government by creating an entirely new software to help investigators bypasses security features. “That requires Apple to go much further than any company has ever been required to go in one of these cases,” said Vladeck.
In a motion requesting the order, the government argued that its request wouldn’t be an “unreasonable burden” to Apple because the company “writes software as part of its regular business” and said that electronic communications providers and remote computing services are sometimes “required to write code to gather information in response to subpoenas or other processes.”
But to Vladeck, the real question raised by the case is just how far the government can stretch orders issued under the All Writs Act. “What is its stopping point?” Vladeck asked.
The order against Apple isn’t “remotely responsive to that concern,” according to Vladeck, so he’s skeptical the current form will withstand the challenge that Apple has already committed to bringing.
(Also see: Why Even the FBI Can’t Hack the iPhone)
But if the judge’s order is upheld, some fear that it will have broad implications, potentially even allowing the government to force companies into writing spyware dedicated to undermining their own products.
“If the government wanted to eavesdrop on your home, it would be a lot easier to get Apple to just push out an OS X or iOS update that turns the microphone in your device on for them than going in to plant their own bug,” said Julian Sanchez, a senior fellow focused on technology and civil liberties at the Cato Institute.
Apple itself made this argument in chief executive Tim Cook’s response to the order:
“If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”
(Also see: Facebook, Twitter Support Apple on Encryption Dispute With FBI)
Speaking to this particular case, Cook said that complying with the order would force Apple to create a technique that it would be practically impossible to prevent being used again in the future – leaving the security of its users permanently compromised.
But if the government’s theory of how the All Writs Act should work succeeds here, it could also set up some uncomfortable incentives on security for tech companies, according to Sanchez.
“If you make the system more secure, what you may be doing as a company is increasing the burden on yourself down the road if the government is going to order you to break it later,” he said.