USDOJ: Make Apple Fix Their ‘Brand Marketing Strategy’ for Our Needs

(Note: I drafted the following piece Friday after the USDOJ filed its latest motion, but before the latest revelation of law enforcement’s handling of the iPhone at the heart of the case. I’ve added an additional remark set off with emphasis after the disclosure. And now this afternoon’s new development? I can’t with this stuff. ~smh~)

You may imagine me agog after reading the Department of Justice’s motion filed today in the case of San Bernardino shooter Syed Farook’s iPhone. USDOJ believes Apple’s repudiation of its demands to write code in order to allow USDOJ to access the phone’s content by brute forcing the pin “to be based on its concern for its business model and public brand marketing strategy …”

Does the USDOJ understand what a smartphone is, and how it differs from a plain old telephone or even a vanilla cellphone? Are they just screwing with us, or do they simply not understand that smartphones aren’t just communications tools?

Wallet_EW-blog<<– For example, this device is designed to contain materials that are important and valuable to its user, including identity documentation, money and other means of payment, keys to access other devices and locations, possibly papers with important notes.

Imagine the USDOJ insisting the wallet’s designer must allocate personnel and resources to redesign and apply a new closure on a single device so that content caught in it will not be destroyed when the closure is opened by USDOJ.

Ridiculous.

.

.

Wallet-2_EW-blog

<<– Compare now to this device, designed to contain materials that are important and valuable to its user, including identity documentation, money and other means of payment, keys to access other devices and locations, possibly papers with important notes. Only this device may contain entire libraries and businesses.

Imagine the USDOJ insisting the device’s designer must allocate personnel and resources to redesign and apply a new closure on a single device so that content caught in it will not be destroyed when the closure is opened by USDOJ.

Users rely on this device’s inherent closure integrity to secure its contents. This is not merely a “public brand strategy” — it is the essence of the device’s utility, its fundamental nature. The only thing different between these devices is communications capability in the latter, not the former. But users rely on the content of messages to be treated like the content of notes one might put in their wallet or purse — private and secure. Users seeking wallets and smartphones don’t buy them because they are insecure. Smartphone buyers aren’t shelling out $20 for a wallet, and they’re not buying just a communications device. They’re spending hundreds of dollars buying a digital portmanteau to replace their wallet/purse containing their laptop/books/files/photo album/audio player/more. It must be secure for that reason. The investment of time and money reflects this.

Which is why it seems to me — and I am not a lawyer — the government’s demands on Apple to allocate business resources to create an insecurity in a device designed to be secure is unreasonable, even if the insecurity demanded will be used one time as the USDOJ claims.

Worse, this demand by USDOJ is an attempt to remedy a case of bad device management. The specific iPhone in question, used by Syed Farook, was issued by his employer — San Bernardino County. Why didn’t the county issue devices with an administrative override? It’s like issuing a company car but not retaining a spare set of keys if the employee was suddenly terminated. Why should Apple undermine the inherent integrity of its product to resolve a poor case of asset management?

EDIT: And why should Apple invest private resources into compelled speech as software to rectify a screw-up on the part of San Bernardino County and the USDOJ in their inept handling of the single iPhone in question once the device had been retrieved from the suspect?

It doesn’t matter if, as USDOJ swears, this compelled reverse engineering is written and applied only once. That it would have been done at all establishes a precedent, allowing the U.S. government (and others!) a foothold to demand companies allocate resources to service the government, while undermining the inherent integrity of their products.

What might this do over the long run to Apple’s investment in Apple Pay — literally a wallet-alternative payment technology based on iPhone?

A wallet that retains its contents isn’t just “brand marketing strategy.” It’s the innate purpose of a wallet — and the same with devices we now use as digital wallets.

There is another larger conversation we must have about the evolution of technology and the inability of our laws to keep apace.
Consider Maryland Attorney General Brian E. Frosh’s recent brief in which he maintained persons carrying a cellphone into a store had no expectation of privacy, “because [the suspect Andrews] chose to keep his cell phone on, he was voluntarily sharing the location of his cell phone with third parties.” But cellphones — more specifically, smartphones — are the convergence of our entire desks. We do not expect by keeping them turned on that we have given third parties entrée to our desks unless we have pointedly been asked and given permission. People don’t just walk around holding their wallets and backpacks open for inspection by anyone who chooses to snoop.

But smartphones are the convergence of our entire desks. We do not expect by keeping them turned on that we have given third parties entrée to our desks unless we have pointedly been asked and given permission. People don’t just walk around holding their wallets and backpacks open for inspection by anyone who chooses to snoop.

Unfortunately, we the people have not negotiated our expectations by way of legislation. Law enforcement and the military both are operating in the gap we’ve left in our social contract, a hole where our expectations have not been established. Are we suffering from future shock about the technology we expect and use? More than likely, and our legal system is slower than we are, suffering even more so. But because no law clearly tells them, “This is a personal desk with access to remote files — both node ends and the transmission between are private,” law enforcement and the military will simply assume they can ask anything they want.

This includes demanding a smartphone manufacture to create an insecurity in digital wallet technology.
__________
Here are a few articles related to the USDOJ’s demand on Apple I find particularly interesting:

(Disclosure: I own shares of AAPL. Adder: IMO, the embedded video is already anachronistic, behind technological evolution. Many of us, including myself, do most of their work on smartphones/phablets/tablets.)

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.
42 replies
  1. Bitter Angry Drunk says:

    I think even debating this you fall into the government’s trap. This is techie Shock Doctrine: A totally made-up crisis (given that it was his work phone and it’s highly unlikely it holds any real evidence) being exploited for a power grab. These assholes believe they’re entitled to all communications, and this is yet another attempt to scare us into handing them over.

  2. orionATL says:

    “… You may imagine me agog after reading the Department of Justice’s motion filed today in the case of San Bernardino shooter Syed Farook’s iPhone. USDOJ believes Apple’s repudiation of its demands to write code in order to allow USDOJ to access the phone’s content by brute forcing the pin “to be based on its concern for its business model and public brand marketing strategy …”

    when i first read this doj “charge” i understood it to be a political statement, not a legal argument. this is precisely the pejorative language you would expect one political candidate to use against an opponent. or an ad to apply against a competitor.

    the doj is conducting a political/public relations pressure campaign against apple. they are probably doing this in hopes apple will cave before their own legal argument, in which they clearly have no confidence, is rejected at some appeals level.

    • orionATL says:

      let me point out that the doj’s sneering reference to apple being concerned about its business model (whatever the hell that means here) and marketing strategy is in no way inconsistent with apple acting in the public interest. to the extent apple acts in its self interest to protect mine and my fellow citizens’ privacy, it is acting in thee public interest.

      furthermore, it is acting in the public interest by opposing the doj/fbi’s rapacious “all available means” policing surveillance business model for dealing with criminal behavior, which is directly at odds with constitutional guarantees and past american policing custom.

  3. Rayne says:

    Bitter Angry Drunk (5:57) — We’ll agree to disagree. I think our society’s future shock stems from a lack of education and debate about our technology. We simply buy it, rarely ever ask ourselves what the negative consequences are. We have old images stuck in our heads about the future and what it looks like — robots, for example, are anthropomorphized machines, not drones and wearables like FitBits and self-driving cars and WiFi-enabled slow cookers which piecemeal do everything we ever expected robots to do — so we’ve missed the future when it arrived and subsumed us as it has.

    Computer science is still not a mandatory part of K-12 public education, yet every damned household in the U.S. is in some way impacted by computers. We don’t ask how computing is integrated into our lives apart from the now-anachronistic desktop we used in the 1990s. Now we have these handheld devices with 100X more computing capability than the Apollo mission had when it landed on the moon, and we just thoughtlessly put on our headphones and blithely go about listening to Spotify while reading the news and checking the stockmarket and our health and our kids’ school schedules…and we’re *shocked!* when technology is turned on us like the hospital held ransom this past couple of weeks. ~sigh~

    We are all Montag’s wife.

    • Bitter Angry Drunk says:

      Not sure how you took that as an indictment of learning about computer science. Obviously most of us should know much more about this stuff than we do, and obviously the FBI/NSA, et al, routinely exploit the technological ignorance most serving in Congress.

      My point is that not enough attention is being given to the FBI’s obviously bullshit claims. To frame Apple v. FBI as some sort of constitutional debate (and this is my reaction to the coverage in general) obscures the government’s treachery.

      • Bardi says:

        “My point is that not enough attention is being given to the FBI’s obviously bullshit claims.”

        Exactly. Their incompetence is legend and has to be covered with BS.

    • martin says:

      After reading the “assessment” on Zdziarski’s blog, I read his “about me” profile. Now his “assessment” takes on a different level of authority. Thanks for the link. Also, thanks for the link to that “anthropomorphized machines” page. Great graphics of the time. I remember seeing that book somewhere around the time it was published, as I had just gained an interest in science fiction after seeing the original War of the Worlds film. And then I found 1984. At the time, like most people probably, the premise of totalitarianism and future tech sounded impossible. Notwithstanding everything that has happened since 9/11, this current Apple/FBI debacle highlights, for me at least, how close we are to Orwell’s vision. It doesn’t sound like science fiction anymore. In fact…given the coming AI revolution, and the Internet of Things.. I’d submit our grandchildren will live in a time that may look much like the picture on that book. Don’t discount walking drones either. Especially military and LE. Darpa and all that shit you know. All I know is I’m glad I won’t see it. I just wish my grandchildren were facing a different world than the one that is emerging. What I do know though..is they’ll spit on our graves for not stopping it now.

  4. omp says:

    @Rayne:
    Thanks for posting on the weekend. Way too much disinformation being spread elsewhere.
    Bruce Schneier’s blog has many useful entries. Blog post from Oct 2014 on

    skirmish is iPhone encryption and FBI reaction:”>just one part of the Second Crypto War.

    A history of the First Crypto War:

    Tweet last night by San Bernardino County, clarifying the password reset:

    “The County was working cooperatively with the FBI when it reset the iCloud password at the FBI’s request.”
    Note: Not the county’s fault, just following orders.

    Reuters story saying that the county had an app on some iPhones (but not this one) that would allow the county to access the data:

    I don’t think most readers of this blog are too interested in the underlying technology, but for any who are, these seem to be good technical explanations of what can and can’t be done:

    • bmaz says:

      Thank you for the comment. But, please, do not bust our margins with serial overlong URLs that are not in the form of hyperlinks.
      .
      I fixed it this time, but won’t the next time.

      • omphaloscepsis says:

        @bmaz:
        My apologies. I don’t see any tools on the displayed page using Firefox, and tried Explorer with no evident difference. Pointer to a page or source for formatting would be appreciated.

        • P J Evans says:

          Try
          [a href=”URL”]text[/a]
          This is the usual method of creating a link to a URL. Sub angle brackets for the square brackets.

    • orionATL says:

      thanks for the comments; they are very informative.

      on occasion i have had the same problem with very long url’s. i have never been able to predict that they will turn out that way when posted onto the emptywheel site. nor have i been able to figure out how to fix them.

      but bmaz knows.

  5. Ian says:

    RAYNE SAYS:
    Unfortunately, We the People [of the United States of America] have not negotiated our expectations by way of legislation

    I SAY:
    YOU ARE CORRECT—however that does not mean that the thoughts & opinions of the 510 million people,27-nations & many Institutions of the European Union [the EU] & the countries that align their Privacy Laws & Data Protection/Privacy Laws with EU-invented standards & practices [The Dominion of Canada & the Commonwealth of Australia most obviously visible in this country] might not be of value to the population & electorate of the USA.

    BE AWARE that during 2015 the EU Institution called the EUROPEAN DATA PROTECTION SUPERVISOR tasked with combining all the National Data Protection Authorities decided that the global changes in the data or digital industries [the Internet,the Internet-of-Things,Mass-Surveillance of one’s own citizenry for no-good reason [the NSA’s excuse is ?????] must be compared to the medical breakthroughs in medicine during the 1960s [test-tube babies; patients brain-dead but not legally dead, routine availability of abortion & morning-after pills, premature babies born only weeks after conception, new-face transplants] & as such any Governmental entity must be prepared to instigate/commission the Data/Digital equivalent to the Bio-Medicine Ethical committees or groups found in many Major US Hospitals & Universities.

    Rightly, or wrongly, when the EU agency announced the membership of the ETHICS ADVISORY GROUP(*) they advised that it would take 2 years of consultations before they could produce all their thinking—at which point the relevant committee of the (British) House of Commons produced its own suggestion & timetable (**) to beat Brussels “to-the-draw” for a British Government sponsored Data Ethics Council—& protect the UK-based Big Data industry as well.
    *
    [As an aside the British public has never allowed their NSA [called GCHQ] to spend the time & money chasing after fictional enemies-of-the-state, unlike their US-counterpart, and their “sworn peace officers” are stopped from employing “agent provocateurs”—British judges—like their French counterparts—-insist on either prosecuting the police officer who commissioned the “small crime” to facilitate/identify the “major crime” committed by a major criminal-or set the accused free—so the malicious prosecutions brought by numerous US Attorney’s/AUSA’s over the centuries & a power-mad FBI.[whose head for many years was an un-indicted serial felon(Mr Hoover) will NOT be solved by European report writers-only US citizens can do that.

    FINALLY BE AWARE:
    Part of the EU’s Institution mission is to “train” the non-EU portions of the planet to bring themselves up to European Standards—commanding, if necessary, the likes of an Apple or a Facebook or a Google to install EU invented standards & practices created under a EU-invented sense of ethics regarding Privacy & all things Digital—upon pain of being locked out of the EU marketplace–& if by some strange chance you might want to insist that, though you carry a US passport, you also wish to have a European sense of privacy & ethics—well, who is say that is wrong?
    *
    Anyway, for anyone interested, many of the questions raised by Rayne will likely be addressed in Europe & the relevant reading material[all in English] is to be found at:

    APPOINTMENT OF EU’s DATA ETHICS ADVISORY BOARD:
    (*)https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/PressNews/Press/2016/EDPS-2016-05-EDPS_Ethics_Advisory_Group_EN.pdf
    5-YEAR FRAMEWORK BEING FOLLOWED BY EU DATA PRIVACY FUNCTION:
    https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/Publications/Strategy/15-07-30_Strategy_2015_2019_Update_EN.pdf
    PROPOSAL TO APPOINT A DATA ETHICS GROUP:
    https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2015/15-09-11_Data_Ethics_EN.pdf

    BRITISH DOCUMENTS:
    (**) http://www.parliament.uk/business/committees/committees-a-z/commons-select/science-and-technology-committee/news-parliament-2015/big-data-dilemma-report-published-15-16/
    TECHNICAL PRESS’s EXPLANATION OF UK PARLIAMENTS CALL FOR A BRITISH DATA ETHICS COUNCIL BEFORE EU INSTITUTION REPORTS IN 2017/2018:
    http://www.computerweekly.com/news/4500272963/House-of-Commons-Science-and-Technology-Committee-calls-for-Data-Ethics-Council

  6. pdaly says:

    Thinking out loud here. Do I have the correct?
    .
    The iCloud IS readable by the FBI (despite Apple using encryption). The shooters in the SB incident stopped updating the iPhone for a period of time before the shooting so the iCloud back might be missing data in that timeframe in the sunup to the shooting–so says the FBI.
    .
    The owner of an iPhone can do a remote wipe of the phone presumably from the iCloud. So I assume the FBI kept the recovered iPhone in a Faraday cage upon recovering it after the shootout–preserving its data.
    .
    The FBI asked the county to change the password to the iCloud account.
    .
    Now the locked iPhone in the FBI’s possession CANNOY backup itself to the iCloud (which is presumably readable to the FBI even though Apple encrypts the iCloud)?

      • pdaly says:

        But the Faraday cage, by design, would keep the phone from communicating with the outside world –especially if the phone were left on.
        .
        I think the battery would deplete faster in such a situation, too, because the iPhone, in the Faraday cage, would expend energy trying in vain to establish a link to a cell tower.

        • jerryy says:

          .
          The battery drains a lot faster if Wifi and Bluetooth are also turned on…
          .
          This is overcome easily though by putting power sources in the cage and into the room you move the phone to to do the analysis.
          .
          There must be more information that has not been released to the public yet, it is easy ti think that after the problems arising from those years of ‘parallel construction’ , the DOJ would avoid trying to use tainted evidence to force an issue, and this is now tainted evidence. They are also setting the stage for future failure on a broad scale, all a defense attorney has to to is walk over tona door marked Exit Only, push it open and have someone on the other side walk in to illustrate why these types of backdoors allow any one to fabricate evidence.
          .
          Are they trying to eliminate cell phone usage world-wide?

  7. pdaly says:

    Ugh! typos above. No way to correct them.
    .
    Since we migrated from FDL yrs ago, I too, like omphaloscepsis, don’t know how to create hyperlinks. Never had to learn html markup language…

  8. orionATL says:

    rayne’s cite of zdziarski’s post at #6 – see “his assessment” – is the solid, point-by-point logical argument one needs to confidently oppose the government’s opportunistic gambit to break encryption using the argument that they must have the dead killer’s dead iphone data.

    • orionATL says:

      emptywheel’s slate article makes the case stro gly and also, importantly, puts the fbi’s terrorist phone ploy in a wider historical context.

      the intensely frustrating problem that i have with this government behavior is that there does not seem to be any way, or any washington power center, that will stop the behavior – not the congress, not the judiciary, not the president, and not the lobbyists.

      • orionATL says:

        i keep wondering why we face this incessant push to spy on us in any possible way (children’s toys?) by federal police.

        it’s clearly not about preventing terrorist attacks or dtug supply by spying; despite the gov p. r. these just doesn’t ever seem to be effective.

        i think it may have to do with maintaing police control over 320 million people. by “police control” i am not speaking at the moment of malevolent gov activity, just, literally, standard policing.

        this may be similar to other standard gov activities. imagine a state div of motor vehicles or the social security administration without extensive computer networks and data on individual citizens.

  9. P J Evans says:

    As a summary, I’m getting that the FBI would like Apple to fix the mess that the FBI had the county IT guy create, because the FBI doesn’t understand how that generation of iPhones works and effed it up.

  10. martin says:

    On a side note…bad news in Michigan this morning..gak. 7 people shot to death. Randomly. In Kalamazoo. I just drove through Kalamazoo three days ago. fuck. The world is going mad. More and more I’m getting convinced planet earth has been invaded by brain sucking alien parasites. Either that or ..it’s the water, stupid. Maybe the killer was from Flint.

  11. Rayne says:

    Hey gang — for those of you who don’t know how to embed a link, try this HTML reference page at W3Schools. You can play around safely there with the Try It Yourself link until you master an embedded link. Embedding is great for three reasons: 1) it keeps your content short in both length and width inside the comment field; 2) it ties your remarks directly to the source; 3) it keeps your comments clutter-free and easy to read.

    An alternate to embedded links is using a link shortener. I use goo.gl as it is tied to my Gmail account, saves links I use often. Bit.ly is another popular link shortener, though the caveat is that it relies on a Libyan (.ly) issued domain. Google’s use of (.gl) relies on Greenland, which hasn’t Libya’s history of yanking domains.

  12. Rayne says:

    Bitter Angry Drunk (7:56) — This:

    I think even debating this you fall into the government’s trap.

    with regard to *debating*. We are in a disagreement about debate’s effectiveness. IMO, we fall into the Shock Doctrine when we do not question and merely go along with the government’s demands. But we cannot have a well-reasoned debate if the public as a whole suffers from future shock, having lost basic understanding of the technology they use every day. Their future shock has been nurtured by a lack of appropriate education, including basic computer science.

    Instead, the public has been encouraged to respond reflexively to specific triggers, like “Muslims” and “terrorism” while ignoring the real threats to their security by their own government, deliberately undermining their constitutional rights.

    More simply, you believe FBI’s claims are “obviously bullshit.” Bullshit detection requires education and training before bullshit becomes obvious.

  13. blolopie2 says:

    Good suggestion, but that’s not a well-written page if the intent is to educate someone who knows nothing about code. For example, it says, “Edit this code”. Why? And how much of it? And how do I edit code? Do I just go in and change some of the characters? (I modified the first line and nothing happened.) And why does one of them say “default.asp”? What on earth does that mean? And do I need to edit all the lines, or just one or two “paragraphs”? Totally unclear.
    .
    Better something like this as a teaching aid:
    .
    If you want to write “Sentence with embedded link” and you want the word “embedded” to be the link, type the following, instead of the plain word “embedded”. __[flll in what should be typed]__.
    .
    Explanation: You start out by typing embedded.
    .
    .
    PS I don’t know if that is right, for example, do I need the p stuff at the end? No explanation is given. Can anyone edit my teaching guide and make it right?

  14. lefty665 says:

    32, 33 and 34 don’t work, but 35 does! (Thank goodness we’ve got the exclamation point back now that Jeb! is done using it) Thanks P J @21
    .
    [a href=”URL”]text[/a]
    .
    substitute angle brackets for square
    where a href= is the litteral a href=
    where “URL” is “http://emptywheel.net”
    where text is This is a link to emptywheel too
    .
    Now if we could just edit, I’d clean up my mess.

    • bloopie2 says:

      Reply to cj at 1:59 pm: Oh, perhaps, give them a few years. In the interim, start on this task: Write code that will make unlock the password to make men be good husbands and do what their wives want. I’d give them about one millennium.

    • lefty665 says:

      cg @37 For $100m a copy you want it to work too? Oh, and for that price you can sit on the runway and make jet noises with your mouth because the engine is extra. A helmet is $400k, they apparently think very highly of the liveware. But without an engine it doesn’t much matter if the software works or not does it? Maybe they could bundle each one with a copy of Flight Simulator. Is this a great country or what?

  15. Rayne says:

    bloopie2 (11:45) — Can’t spend a lot of time holding hands here, you’re going to have to take a stab at it. I taught myself HTML before there were online tutorials, made a lot of mistakes on my first site before I figured a few simple tags.

    Suggest you be brave, put on your big gender-of-choice panties, and go to the beginning of W3School’s HTML tutorial. In the list of HTML Tutorials at the left hand side of the page, concentrate on HTML Formatting and HTML Links. The Try It Yourself link is a sandbox in which you can try to copy the code you see, make changes, but without any risk of breaking anything. I wish to hell I’d had a sandbox like that when I first learned HTML.

    And just because IMO there are no YouTube videos with a super simple lesson on HTML links, I’m sharing a HTML link lesson as a graphic.

    • bloopie2 says:

      I’ll give it a whirl, thanks. And on the 26th, I’ll be reading the Apple brief. I’m confident it will be world class.

  16. P J Evans says:

    I learned basic HTML from looking at the code produced by the genealogy program I use, and comparing it to what I saw when I looked at the page. It’s a better HTML generator than Word or [shudder] FrontPage.

Comments are closed.