DOJ’s Clear Threat to Go After Apple’s Source Code

Oops: My post URLs crossed. Here’s where If Trump’s Protestors Didn’t Exist He Would Have to Invent Them is.

In a rather unfortunate section heading the government used in their brief responding to Apple last week, DOJ asserted “There Is No Due Process Right Not to Develop Source Code.” The heading seemed designed to make Lavabit’s point about such requests being involuntary servitude.

I’d like to elaborate on this post to look at what DOJ has to say about source code — because I think the filing was meant to be an explicit threat that DOJ can — and may well, even if Apple were to capitulate here — demand Apple’s source code.

The government’s filing mentions “source code” nine ten different times [see update]. The bulk of those mentions appear in DOJ’s rebuttal to Apple’s assertion of a First Amendment claim about having to write code that violates its own beliefs, as in these three passages (there is one more purportedly addressing First Amendment issues I discuss below).

Incidentally Requiring a Corporation to Add Functional Source Code to a Commercial Product Does Not Violate the First Amendment

Apple asserts that functional source code in a corporation’s commercial product is core protected speech, such that asking it to modify that software on one device—to permit the execution of a lawful warrant—is compelled speech in violation of the First Amendment.

[snip]
There is reason to doubt that functional programming is even entitled to traditional speech protections. See, e.g., Universal City Studios, Inc. v. Corley, 273 F.3d 429, 454 (2d Cir. 2001) (recognizing that source code’s “functional capability is not speech within the meaning of the First Amendment”).

[snip]

To the extent Apple’s software includes expressive elements—such as variable names and comments—the Order permits Apple to express whatever it wants, so long as the software functions. Cf. Karn v. United States Department of State, 925 F. Supp. 1, 9- 10 (D.D.C. 1996) (assuming, without deciding, that source code was speech because it had English comments interspersed).

Most people aside from EFF think Apple’s First Amendment claim is the weakest part of its argument. I’m not so sure that, in the hands of the guy who argued Citizens United before SCOTUS, it will end up that weak. Nevertheless, DOJ focused closely on it, especially as compared to its treatment of Apple’s Fifth Amendment argument, which is where that dumb heading came in. This is the entirety of DOJ’s response to that part of Apple’s argument.

There Is No Due Process Right Not to Develop Source Code

Apple lastly asserts that the Order violates its Fifth Amendment right to due process. Apple is currently availing itself of the considerable process our legal system provides, and it is ludicrous to describe the government’s actions here as “arbitrary.” (Opp. 34); see County of Sacramento v. Lewis, 523 U.S. 833, 846-49 (1998). If Apple is asking for a Lochner-style holding that businesses have a substantive due process right against interference with its marketing strategy or against being asked to develop source code, that claim finds no support in any precedent, let alone “in the traditions and conscience of our people,” “the concept of ordered liberty,” or “this Nation’s history.” Washington v. Glucksberg, 521 U.S. 702, 721 (1997).

Though admittedly, that’s about how much Apple included in its brief.

The Fifth Amendment’s Due Process Clause Prohibits The Government From Compelling Apple To Create The Request [sic] Code

In addition to violating the First Amendment, the government’s requested order, by conscripting a private party with an extraordinarily attenuated connection to the crime to do the government’s bidding in a way that is statutorily unauthorized, highly burdensome, and contrary to the party’s core principles, violates Apple’s substantive due process right to be free from “‘arbitrary deprivation of [its] liberty by government.’” Costanich v. Dep’t of Soc. & Health Servs., 627 F.3d 1101, 1110 (9th Cir. 2010) (citation omitted); see also, e.g., Cnty. of Sacramento v. Lewis, 523 U.S. 833, 845-46 (1998) (“We have emphasized time and again that ‘[t]he touchstone of due process is protection of the individual against arbitrary action of government,’ . . . [including] the exercise of power without any reasonable justification in the service of a legitimate governmental objective.” (citations omitted)); cf. id. at 850 (“Rules of due process are not . . . subject to mechanical application in unfamiliar territory.”).

In other words, both Apple and DOJ appear to have a placeholder for discussions about takings (one that Lavabit argued from a Thirteenth Amendment perspective).

Those constitutional arguments, however, all seem to pertain the contested order requiring Apple to create source code that doesn’t currently exist. Or do they?

As I noted in my earlier Lavabit post, the DOJ argument doesn’t focus entirely on writing code that doesn’t already exists. As part of its argument for necessity, DOJ pretends to take Apple at its word that the US government could not disable the features (as if that’s what they would do if they had source code!) themselves.

Without Apple’s assistance, the government cannot carry out the search of Farook’s iPhone authorized by the search warrant. Apple has ensured that its assistance is necessary by requiring its electronic signature to run any program on the iPhone. Even if the Court ordered Apple to provide the government with Apple’s cryptographic keys and source code, Apple itself has implied that the government could not disable the requisite features because it “would have insufficient knowledge of Apple’s software and design protocols to be effective.”  (Neuenschwander Decl. ¶ 23.)

Note DOJ claims to source that claim to Apple Manager of User Privacy Erik Neuenschwander’s declaration (which is included with their motion). But he wasn’t addressing whether the government would be able to reverse-engineer Apple’s source code at all. Instead, that language came from a passage where he explained why experienced engineers would have to be involved in writing the new source code.

New employees could not be hired to perform these tasks, as they would have insufficient knowledge of Apple’s software and design protocols to be effective in designing and coding the software without significant training.

So the discussion of what the government could do with if it had Apple’s source code is just as off point as the passage invoking the Lavabit case (which involved an SSL key, but not source code). Here’s that full passage:

The government has always been willing to work with Apple to attempt to reduce any burden of providing access to the evidence on Farook’s iPhone. See Mountain Bell, 616 F.2d at 1124 (noting parties’ collaboration to reduce perceived burdens). Before seeking the Order, the government requested voluntary technical assistance from Apple, and provided the details of its proposal. (Supp. Pluhar Decl. ¶ 12.) Apple refused to discuss the proposal’s feasibility and instead directed the FBI to methods of access that the FBI had already tried without success. (Compare Neuenschwander Decl. ¶¶ 54-61, with Supp. Pluhar Decl. ¶ 12.) The government turned to the Court only as a last resort and sought relief on narrow grounds meant to reduce possible burdens on Apple. The Order allows Apple flexibility in how to assist the FBI. (Order ¶ 4.) The government remains willing to seek a modification of the Order, if Apple can propose a less burdensome or more agreeable way for the FBI to access Farook’s iPhone.9

9 For the reasons discussed above, the FBI cannot itself modify the software on Farook’s iPhone without access to the source code and Apple’s private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers. See In re Under Seal, 749 F.3d 276, 281-83 (4th Cir. 2014) (affirming contempt sanctions imposed for failure to comply with order requiring the company to assist law enforcement with effecting a pen register on encrypted e-mail content which included producing private SSL encryption key).

Effectively, having invented a discussion about whether the government would be able to use Apple’s source code out of thin air, DOJ returns to that possibility here, implying that that would be the least burdensome way of getting what it wanted and then reminding that it has succeeded in the past in demanding that a provider expose all of its users to government snooping, even at the cost of shutting down the business, even after Ladar Levison (after some complaining) had offered to provide decrypted information himself.

Significantly, the government obtained a warrant for Lavabit’s keys as a way of avoiding the question of whether the “technical assistance” language in the Pen/Trap statute extended to sharing keys, but Levison was ultimately held in contempt for all the orders served on him, including the Pen/Trap order and its language about technical assistance. The Fourth Circuit avoided ruling on whether that assistance language in Pen/Trap orders extended to encryption keys by finding that Levison had not raised it prior to appeal and that the District Court had not clearly erred, which effectively delayed consideration of the same kinds of issues at issue (though under a different set of laws) in the Apple encryption cases.

In making his statement against turning over the encryption keys to the Government, Levison offered only a one-sentence remark: “I have only ever objected to turning over the SSL keys because that would compromise all of the secure communications in and out of my network, including my own administrative traffic.” (J.A. 42.) This statement — which we recite here verbatim — constituted the sum total of the only objection that Lavabit ever raised to the turnover of the keys under the Pen/Trap Order. We cannot refashion this vague statement of personal preference into anything remotely close to the argument that Lavabit now raises on appeal: a statutory-text-based challenge to the district court’s fundamental authority under the Pen/Trap Statute. Levison’s statement to the district court simply reflected his personal angst over complying with the Pen/Trap Order, not his present appellate argument that questions whether the district court possessed the authority to act at all.

[snip]

The Government, however, never stopped contending that the Pen/Trap Order, in and of itself, also required Lavabit to turn over the encryption keys. For example, the Government specifically invoked the Pen/Trap Order in its written response to Lavabit’s motion to quash by noting that “four separate legal obligations” required Lavabit to provide its encryption keys, including the Pen/Trap Order and the June 28 Order.

[snip]

In view of Lavabit’s waiver of its appellate arguments by failing to raise them in the district court, and its failure to raise the issue of fundamental or plain error review, there is no cognizable basis upon which to challenge the Pen/Trap Order. The district court did not err, then, in finding Lavabit and Levison in contempt once they admittedly violated that order.

In other words, the Lavabit reference, like the invention of an Apple discussion about what the government could do with its source code (any such discussion would have been interesting in and of itself, because I’d bet Apple would be more confident FBI couldn’t do much with its source code than that NSA couldn’t), was off point. But in introducing both references, DOJ laid the groundwork for a demand for source code to be the fallback, least burdensome position.

And, as I noted, in the Lavabit case, the government justified demanding a key based on the presumption that Edward Snowden would have a more complicated password than Syed Rizwan Farook’s 4-digit numerical passcode. That is, in that case, the government tied a more intrusive demand to the difficulty of accessing a target’s communications, not to the law itself, which suggests they’d be happy to do so in the future if they were faced with an Apple phone with a passcode too complex to brute force in 26 minutes, as FBI claims it could do here.

All of which brings me to one more citation of source code in DOJ’s extended First Amendment discussion: a reference to a civil case where Apple was able to obtain the source code of a competitor.

This form of “compelled speech” runs throughout both the criminal and civil justice systems, from grand jury and trial subpoenas to interrogatories and depositions. See, e.g., Apple Inc.’s Motion to Compel in Apple Inc. v. Samsung Electronics, Docket No. 467 in Case No. 11–cv–1846–LHK, at 11 (N.D. Cal. Dec. 8, 2011) (Apple’s seeking court order compelling Samsung to produce source code to facilitate its compelled deposition of witnesses about that source code).

Note, this is not a case about Apple (or Samsung, in this case) being compelled to write new code at all. Rather, it is a case about handing over the source code a company already had. In another off point passage, then, DOJ pointed to a time when Apple itself successfully argued the provision of source code could be compelled, even in a civil case.

Through a variety of means, DOJ went well out of its way to introduce the specter of a demand for Apple’s source code into its response. They are clearly suggesting that if Apple refuses to write code that doesn’t exist, the government will happily take code that does.

Loretta Lynch claimed, under oath last week, that the government doesn’t want a back door into Apple products. That’s not what her lawyers have suggested in this brief. Not at all.

Update: Here’s how Apple treated this in its Reply:

The government also implicitly threatens that if Apple does not acquiesce, the government will seek to compel Apple to turn over its source code and private electronic signature. Opp. 22 n.9. The catastrophic security implications of that threat only highlight the government’s fundamental misunderstanding or reckless disregard of the technology at issue and the security risks implicated by its suggestion.

Also, in writing this post, I realized there’s one more reference to source code in the government’s Response, one that admits Apple’s source code is “the keys to the kingdom.”

For example, Apple currently protects (1) the source code to iOS and other core Apple software and (2) Apple’s electronic signature, which as described above allows software to be run on Apple hardware. (Hanna Decl. Ex. DD at 62-64 (code and signature are “the most confidential trade secrets [Apple] has”).) Those —which the government has not requested—are the keys to the kingdom. If Apple can guard them, it can guard this.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

29 replies
  1. Bardi says:

    “the government doesn’t want a back door into Apple products. That’s not what her lawyers have suggested in this brief. Not at all.”

    Seems the “government” has a pretty narrow focus on what constitutes a “back door”. I would consider that source code opens up the entire house, why use the back door when one can walk in the unlocked front.

  2. P J Evans says:

    I’d be really tempted to use the source-code maneuver that a friend used with Adventure: you can see the source after you finish the game and get all the points.

  3. SpaceLifeForm says:

    It is clear to me that the DOJ/FBI lawyers are really trying
    to create as many arguments as possible in the hopes that
    one may stck enough to confuse a non-tech SCOTUS.

    Ultimately, this is an attack on free software.

  4. orionATL says:

    typical doj prosecutorial brutality:

    accept a plea-bargain for 5 years (even though you profess innocence) or we prosecute for 30 yrs time in a supermax.

    i can’t wait ’til the doj gets its political comeuppance.

    • orionATL says:

      doj’s source code threat makes me wonder if it is the case that the doj does not have great confidence in it’s client’s (the fbi) case if that case were to go to trial.

    • martin says:

      quote”i can’t wait ’til the doj gets its political comeuppance.”unquote

      I can’t wait till the winner of a bloody civil war are trouncing through the bloody halls of a bullet ridden DOJ, emptying file cabinets and harddrives, lighting fires, and hanging scumbag DOJ traitors from the lamp posts.

  5. lefty665 says:

    Chilling that this has transformed into an argument that Apple should hand over its OS source code. Seems DOJ is escalating the stakes with each filing. Do what we want or we’ll hit you with a bigger bludgeon. What’s the next step, threatening Apple with the Espionage Act?
    .
    The argument has certainly expanded beyond “We only want access to this one little phone”. This is an argument about whether there should be any doors at all. It goes back at least to the Data Encryption Standard (DES) wars of the ’70’s.
    .
    Of course there’s the practical hurdle that someone at FBI would actually have to be able to do something with source, FBI is not an agency with national technical means. Guess that’s why DOJ preferred to compel Apple to write a backdoor.

    • sir1963 says:

      I think Apple should come out with:
      The US government and its law enforcement officers believe that US citizens should only be allowed the 2nd best protection of your personal data that also has an FBI backdoor.
      IF we are forced to create this back door, we will continue to supply the rest of the world world leading best practice, safe and secure products, something we can no longer supply to the US. And it will not be just us, Android, Facebook, Dropbox, every US company will be forced to offer you only 2nd best.
      And when, not if, but when, criminals find that back door it will only be US citizens at risk. Our customers in India, Australia,Sudan, Brazil,Canada, Mexico, and other countries will continue being safe by having the best security we can devise.

      • Ian says:

        And if Apple & the rest of the USA’s-based “High-Tech industries” make that announcement just imagine the number of Canadian & Mexican border towns that start promoting “Full-Strength” products to US visitors,–so that Washington will have to prohibit not only Michigan senior citizens medicines/pharmaceuticals [George W. Bush broke his Texas 2 month long vacation for 1 day to sign that bill] but Michigan non-senior citizens electronic devices as well.
        .
        The Custom’s Service numbers will need to be increased & so on & so on

  6. P J Evans says:

    the Data Encryption Standard (DES) wars of the ’70’s

    When I took a crypto class as an elective for CS, many of the people in it assumed NSA either had back-doored DES or could break it.

  7. jerryy says:

    .
    There is something about this that is not clear…
    .
    Apple has plenty of patents and copyrights surrounding iOS (just ask Samsung!).
    .
    In order to get the protections in courts, of those patents and copyrights, you have to give the government a copy of your code and screensots when you register it
    .

    • P J Evans says:

      They may have a lot as proprietary information or trade secrets. That’s how they keep the critical stuff from getting out.

    • Denis says:

      jerryy: “In order to get the protections in courts,
      of those patents and copyrights, you have to give
      the government a copy of your code and
      screensots when you register it”
      .
      Uh . . . mostly, no.
      .
      The US patent statutes, regulations, and case law do not
      require an inventor to include source code with the
      application. What is important is describing the
      functions of the invention in a way that anyone skilled
      in software could reproduce the invention without
      undue experimentation. Normally that is done by
      including in the application flow charts depicting
      the novel algorithms along with a written description
      of what the program does and how it works as a whole.
      .
      I’m not sure about Japan and Europe patent offices,
      but I think they’re the same as USPTO in not requiring
      source code. It may be even prohibited.
      .
      Yes, one can register a computer program for
      copyright protection, but in the US you only
      submit the first and last 25 pages. You can
      also register GUI or screen output by submitting
      screen shots. I don’t think either would be
      of any help in cracking these iPhones.
      .
      I would be shocked if Apple is registering
      copyrights for much, if any, of its s/w.

  8. Ian says:

    Washington v Apple & the USA’s “High Tech” industry
    .
    EMPTYWHEEL(Marcy)’s Eagle Eyes have worked again— in spotting the gentle suggestion from Washington (via the FBI & the DOJ) that the USA should require the “submission for review” of Apple’s source code & thereby bring this country up to the latest of International standards & trends for dealing with the potentially very dangerous devices increasingly referred to as “mobile devices”.
    .
    The moderator had allowed me to post Saturday night & Sunday morning March 12 & 13,2016 a section of a longer post listing a number of published reports where:
    .
    a) the claim was made through the ACLU website by By Daniel Kahn Gillmor, Technology Fellow, ACLU Speech, Privacy, and Technology Project that both Apple & the FBI likely knew that the actual programs didn’t work in the way Apple’s Marketing Dept said they did & the ACLU’s Technology Fellow had suggested a hardware & software ability to bypass the iPhone’s password software restrictions
    .
    b) The British Government allows telecommunication carriers in the UK to use [Chinese manufacturer] Huawei [pronounced Hee-Way it seems] networking & telecom equipment provided Huawei pay for what you might call the Huawei Center for British Government security certification (if you will) which is facility in Great Britain staffed by ex-GCHQ staffers & the manufacturer is required to allow its “source code” to be examined closely by those ex-GCHQ staff prior to the government issue a certificate which a network & telecom provider in Great Britain must hold in order to continue in business in that country. If by some strange chance the ex-GCHQ staffers should tell their old employers how to bypass the security/privacy procedures embedded in Huawei’s source code, well who is to say that this is wrong?.
    With the NSA & GCHQ celebrating their 75th year of co-operation 8 Feb 1941-8 Feb 2016 I assume the NSA has a copy of their reports—no?.
    THE LINK was to:
    http://www.theguardian.com/technology/2012/oct/10/huawei-international-blacklisting
    .
    c) Silent Circle(TM) with its Blackphone & Silentphone Smartphone products (the Gold Standard of Secrecy/Privacy in Smartphones) gained US DOD acceptance because they also submitted their source code to their customers review
    .
    In the 1980’s IBM Mainframes Division accused Japanese computer manufacturer Fujitsu of stealing much of the operating system used to run Fujitsu’s IBM-compatible mainframe’s & as part of the agreement to settle IBM agreed to allow its own Operating System to be reviewed by Fujitsu programmers in a “Secure Facility”
    Marcy tells us that Apple themselves were proposing that style of action in the various disputes with Samsung about who invented what, when & where
    .
    I am aware of several other examples around the world of a similar nature—register your software with the relevant authorities & let them figure out how to get round what barriers you have constructed under their local laws & procedures.
    .
    Because I was aware in the 1980’s of set of reports in the Wall St Journal & also in the monthly magazine Texas Monthly about the routine willingness of the FBI’s expert witness’s to “imagine”, while on the witness stand & under oath ,the science behind “hair sample analysis” in various State & Federal court cases (often of the most serious nature, in many Texas cases, capital cases) and because I am aware that the FBI has only in 2015 started the task of notifying the various counsels of the “mistaken” testimony presented I had NOT recommended the task of deciding what to do with Apple’s “registered” source code should be left to the FBI but had suggested that one of the National Academies should be used to create the needed “forensic” tools.
    .
    When Janet Reno was the US Attorney-General & the Oklahoma City bombing took place she insisted that the analysis of the explosive substances used should be done by two sets of analysts—the FBI laboratory in Washington DC—and the British Ministry of Defence (sic) Research function which had dealt with thousands of Irish explosions.
    .
    Finally, while everyone gets very excited about the US Constitution & exactly which
    Clause of that august document should be argued over—can I remind all Marcy’s readers of the story all over the world concerning the introduction of a new & different technology than default encryption—the transition of the “picked flowers & produce transport” industries from moving such delicate items around the world-say 20 years ago –in containers, ships, airplanes that were CHILLED to a worldwide industry where such delicate items were carried in containers filled with a specific gas to stop the items from growing & therefore dying & thus destroying the economic value of the produce or flowers. The gas involved, while stopping living things from growing also kills human beings—including firefighters responding to a fire in a warehouse filled with flowers & produce. So, all over the world, Fire Depts ordered-in-law such warehouse, ports, container terminals to open their doors & engage in practice sessions/exercises where the local Fire Dept would figure out what to do—do you fight the fire with all firefighters involved breathing nothing but oxygen or equipped for full scale germ warfare—do you evacuate all humans for 10 miles around?

    Congratulations to EMPTYWHEEL( Marcy) once again for spotting what, I suggest, Washington is likely working towards.

  9. Denis says:

    Yes, this US Aty in Riverside seems to be
    quite liberal in her veiled threats, and
    I’m not sure she couldn’t get her tush
    in a spot of trouble if she keeps it up.
    .
    I read that DoJ brief as implying that
    Apple should seriously consider that
    obstruction of justice criminal charges
    may be around the corner if they
    don’t shape up. A threat like that
    could be a violation of attorney ethics.
    .
    But we need to be clear on what the
    FBI is (overtly) asking for. Certainly
    not source code, at least at this point.
    .
    They want Apple to take Farook’s iPhone
    to Apple’s shop and modify the OS there
    so that the 10 strikes and you’re out
    fxn is disabled. No FBI personal present.
    No FBI will even see the code required
    to by-pass the 10 strikes fxn.
    .
    Then the FBI will connect to the phone
    remotely while it is still in Apple’s shop so
    they (FBI) can do the brute force hack.
    .
    If Apple agrees to do that, or if they are
    forced to, then the flood-gates open and
    every redneck sheriff in the country will
    be demanding Apple comply with orders
    from everything from traffic courts, to
    Judge Judy, to the SPCA.
    .
    iOS9 as I understand it cannot be breached
    by even Apple. So I don’t know how all of
    this plays out 2 years down the road. I
    mean these cases will still be smoldering
    in the circuit courts of appeal when the tech
    has moved on.
    .
    “The dogs bark, but the caravan moves on.”

    • emptywheel says:

      I’ve covered that repeatedly in other posts. The point of this one (and my Lavabit one) is that their filing includes a lot of stuff that doesn’t support their existing case at all, and which may therefore be understood as either 1) bad lawyering or 2) a message (and partly an attempt to introduce an issue, like source code, for appeal).

      I suspect they’ve shared that message privately in more explicit language but want it to be implicit here.

  10. martin says:

    Meanwhile, to all the comment authors above, bravo. Best comments I’ve read in a long time. ..not counting my own.

  11. lefty665 says:

    In a recent interview Wm Binney suggested it was easy to get into the phone. That confirms this has been smokescreen for access to everything all the time. Either that or the FBI really is profoundly dumb.
    .
    Binney’s suggestion was to clone the phone, set up as many virtual copies as needed, then run the brute force attack on them sequentially until it unlocks. This isn’t the first time anyone has had to deal with the problem. One would expect that an agency with actual skills automated the exploit long ago. Plug the phone in, hit run, sit back and pretty quickly the key pops up on the screen. It would take a little cheap disk space, but not much processing horsepower.

    • Denis says:

      Yesterday Richard Clarke added his voice to the growing
      number who say the USG has the capability to crack the
      Farook iPhone.

      http://arstechnica.com/tech-policy/2016/03/former-cyber-czar-says-nsa-could-crack-the-san-bernadino-shooters-phone/

      .
      DoJ has argued that Apple is the only entity that can open
      the iPhone. That is almost certainly a falsehood, in which
      case the DoJ lawyers should be sanctioned.
      .
      Apple has touched on this question tangentially in its
      arguments: Can the USG force an innocent, unconnected,
      private player to expend resources to help effectuate a
      search warrant when one or more agencies of the USG
      could resolve the problem? You know, is the purpose
      of the All Writs Act to push the cost of enforcing
      search warrants off onto the private sector? Private
      individuals already have to pay the cost of replacing
      busted down doors and cleaning up trashed houses.
      .
      The DoJ’s position is that it doesn’t matter what NSA
      can or can’t do, the issue is that the FBI can’t bust
      the iPhone.
      .
      Binney’s approach would require no more than 1000 copies
      of the cloned phone. That sounds very do-able to me.
      One wouldn’t have to make all the copies up front —
      make a new copy each time 10 tries have been made
      on the previous copy.
      .
      My guess is Farook wasn’t the tallest minaret in town,
      intellectually speaking. The code is probably 1234 or 2580.

  12. jerryy says:

    If the FBI – DOJ are successful against Apple, they will have effectively completed a hostile takeover of the judicial branch.

    First, some tidbits.
    .
    1.) As I mentioned before it is strange that the DOJ is threatening to get the source code, which most likely they already have. Apple surrounds its products with patents and copyrights. I listed some examples where they have exerted those in courts. I did not list any links to the struggles with Samsung because the reporting in the press on those cases is often misleading. People that should know better are turning copying patented items into copyright violations which is a different kettle of fish. But the information is out there if you wish to use your favorite search engine to get the reporting and then sift through the stuff.
    .
    In general though, people tend to try to patent equipment and copyright software (though there are many attempts to patent software out there, IBM had a large portfolio at one time, they have been selling it off). There are a couple of reasons; copyright currently lasts longer and software may end up at some point not being patentable. Computers are known as ‘finite state machines’. They have a limited number of inputs and outputs, the outputs are predictable based upon the inputs. They (finite state machines) are studied in Computer Science courses obviously, but also under the Combinatorics / Graph Theory branches of Mathematics. Which means they are part of the mathematical ideas that cannot be patented as per our Constitution. The courts have not finished ruling yet on whether patents are allowable or not — the Supreme Court has not directly heard any cases where the patents are challenged, but the cases that sort of get at the question have seen the patent favoring folks given a cold shoulder. (In spite of that, I do not think Justice Roberts wants to touch the subject with a the foot pole). Currently the claim that has allowed the patents to stand so far is that the equipment cannot run without the controlling software it is supposed to be uniquely part of the process. However, those same languages are nowadays platform independent, so this argument is less and less persuasive.
    .
    The catch about the DOJ requesting Apple’s source code is that this is a useless cudgel. If you become an iPhone developer, Apple will give you all kinds of information about how the os works so that you can build apps that work correctly. This includes emulator software that runs on your computer that acts exactly as an iPhone would so you can test your applications. Also, you get lists and lists of the toolboxes the os has built-in as well as information on how to use them.
    .
    Additionally, there are reports that Apple allows inspection of its source code by governments to ensure there are no backdoors (this is a sticking point for other countries that do not want the US spying on them).
    .
    The source code is out there. The DOJ could have asked for it any time. or in the time they have already wasted they can have just used a dis-assembler / de-compiler to get the source code.
    .
    2.) Computer Code is Protected Speech:
    .
    This holds a review of issues involving computer code as speech:
    .
    http://www.ljean.com/files/CODE_FEDERALISM.pdf
    .
    If the FBI – DOJ are successful, then as Marcy and Rayne have noted there is more than opening a phone or two or a thousand, third parties can be coerced into giving their resources into doing the FBI’s job for it. Without oversight. Marcy and Rayne do not push it far enough. Remember this is the gang that issues NSLs to pretty much do as it pleases.
    .
    http://arstechnica.com/tech-policy/2008/04/latest-revelations-on-fbi-nsl-misuse-raise-fresh-questions/
    .
    Essentially there will be carte blanche for going after people with an All Writs Act and a NSL. No more need for parallel construction because you can be drafted to spy on your neighbors and if spying is not enough to find the needed evidence, well that All Writs Act that says you have to cooperate could mean you have to make it look bad.
    .
    p.s. Sorry it took a while to get back to this. The time change really does not give you longer days.

  13. Ryan says:

    “To the extent Apple’s software includes expressive elements—such as variable names and comments—the Order permits Apple to express whatever it wants, so long as the software functions.”

    That’s like compelling a reporter to write an article praising the FBI’s efforts to stop terrorism, and claiming it’s not compelled speech because the author was free to express whatever she wants, provided it produced an article praising the FBI’s efforts to stop terrorism.

  14. Marcos El Malo says:

    jerryy,

    The FBI is also threatening to seize the private signature. Source code + signature is really game over. FBI is saying, a front door is as good as a backdoor when you have the key that signs updates.

    Reminds me of that Darth Vader line in The Empire Strikes Back. “I am altering the deal. Pray I don’t alter it further.”

    Also, look at the bright side. If every third or forth person becomes a paid government informant, we’d be past full employment. The surveillance state might be really good for the economy. ;-) Just like in E. Germany!

    • jerryy says:

      The signing key is the real issue, the source code is not. Having the code is not really helpful no more than having the code to the web-site secure server. Lots of folks have similar code so that things work with eqch other, but each signing key makes the sepaarate connection secure.
      .
      Sounds like a solid reason to upgrade to new phones with stronger better security, since the old ones would be compromised — I guess the FBI was rushing a bit when they said Apple was only protecting its business plan in that the FBI forgot to say they were helping Apple motivate the folks hanging on to those old phones get moving to new ones.
      .
      Why think the local spies will get paid? They probably will not even beable to taie a deduction on their taxes. Paul Ryan has not said anything about including fees for such services in his bidget.
      .

Comments are closed.