So, signing the code constitutes Apple saying this code is safe to run. But Apple doesn't think this code is safe to run. The argument will be that forcing them to sign the modified code is compelled speech. Interesting.
Is there any reason Apple can't use more than one argument in its defense?
According to USA vs. New York Telephone, "unreasonable burdens may not be imposed". I think Apple will bear quite a burden if it must force its engineers to implement this code. It will be telling them to reverse their work and go against company values. Also, the public is going to know the outcome of this case. If Apple doesn't come out cheering, we will all know its security features have been weakened, which will impact sales.
Hobby Lobby's argument (and the supreme court decision in their favor) involved the element of being "closely held". Apple would need to have over 50% of its stock owned by 5 or fewer individuals to satisfy that requirement.
Amusingly, you're allowed to use multiple, mutually exclusive defenses:
"Say you sue me because you say my dog bit you. Well, now this is my defense: My dog doesn't bite. And second, in the alternative, my dog was tied up that night. And third, I don't believe you really got bit. And fourth, I don't have a dog."
But Phone companies do actually do quite a lot to cooperate with their host countries TLA's - I think Apple is naive to use this defence as the FBI CIA and the NSA will just tell the judge but ATT does XYZ we are asking for a lot less.
Apple should have thought about this before they got into the phone Biz.
That's not the point here Apple are trying to claim this requestby the FBI would be burdensome if ATT etc do far more then that defense is flawed and will not work.
If code is speech, does this mean anyone can write code to perform any kind of task (nefarious or otherwise) and be protected by the First Amendment? It seems difficult to parse that someone could write some code that for example, to break someone's pacemaker or life support machine and that person would be protected by free speech.
Maybe in that scenario, it would be the author who writes that code who would be protected but the person who executes the deadly code who is breaking the law?
Holmes's famous phrase means that not all forms of speech are protected. For example, the First Amendment does not protect obscenity, child pornography, true threats, fighting words, incitement to imminent lawless action, criminal solicitation or defamation.[1]
The ELI5 of free speech is: you can say whatever you want so long as it doesn't come at a cost to another legal entity (normally people, but not always).
One example that I found very demonstrative while trying to intuitively understand FOS was a very extreme one[1]. It's a difficult but worthwhile read. The best way to understand FOS is to read up[2] on how it has been applied.
"Holmes famous phrase" was an emotional argument irrelevant to the facts of the case it was offered in, unsupported by the case law then or now, in one of the most repugnant, anti-free-speech decisions in history, which allowed criminal punishment for pure political speech (and which has since been overturned.)
I agree with you about Schenck, but I'm not sure what this has to do with the broader point at hand. Whatever you might think about Schenck, it is indisputably correct under American law that there are significant categories of speech that can be either proscribed or compelled. Schenck is just one of very many cases that demonstrate this.
Holmes uttered his famous phrase in a Supreme Court opinion upholding the criminalization of criticizing the draft -- which is in more recent times thought to be overstepping the bounds of the 1A.
So while not all speech is protected, the notion of what is protected can change over time -- hopefully in a pro-liberty direction.
> If code is speech, does this mean anyone can write code to perform any kind of task (nefarious or otherwise) and be protected by the First Amendment?
Not a lawyer, but I don't think so. You can't just say anything you want, either (yelling "fire!" in a crowded room, slander, inciting violence, etc).
> You can't just say anything you want, either (yelling "fire!" in a crowded room ...
This is simply not true. Read Trope Two here [0] for a brief overview (although the entire essay is well worth reading), and [1] for a in-depth analysis of the trope.
If I understand correctly, it's not that the force of what I said is incorrect, but just that the specific phrase doesn't mean what I intended? The point is still that not all speech is legal, therefore not all code would be legal, even if code is speech.
> ...just that the specific phrase doesn't mean what I intended?
The point is that the boundaries of where speech loses its First Amendment protections are very clearly defined. Now that you are aware that the "Fire!" example is not an example of unprotected speech, you would do a grave disservice to discourse if you continue to use it as an example of unprotected speech.
I'm not sure that's what is being argued here. I think it's more like if the govt compelled someone to write software to break someone's pacemaker or life support machine, then certify under their name that the software was safe to use.
Of course in this case the person is a corporation; if this defense works I wonder if there will be calls for renewed scrutiny of corporate personhood. This may have been discussed in the article, but I was unable to read very far because I have an ad blocker turned on.
I would certainly hope so: exploit proof-of-concepts that ultimately help to improve computer security are, in fact, tools that perform nefarious things.
> does this mean anyone can write code to perform any kind of task (nefarious or otherwise) and be protected by the First Amendment?
Yes, that's pretty much true, though actually executing that code to perform a nefarious task (or otherwise conspiring to execute the task or encouraging people to that end) may still be illegal.
> Maybe in that scenario, it would be the author who writes that code who would be protected but the person who executes the deadly code who is breaking the law?
How is that not the only sensible outcome?
Telling people about vulnerabilities is the only way they can defend against them. Defenders need actual exploit code to test their countermeasures against.
The person who uses the exploit to kill someone is the person who uses the exploit to kill someone.
> does this mean anyone can write code to perform any kind of task (nefarious or otherwise) and be protected by the First Amendment?
It should. Code is speech, so banning private speech is to create a thought-crime. Unless the author of that code intends it to be used as a weapon and facilitates that use, yes, they ought to be protected. Your hypothetical also probably isn't all that hypothetical. Pacemakers have vulns, and it isn't illegal to create a PoC proving the vuln is real. There are probably real world examples.
Not all speech is protected, but yes writing code is protected, it is executing that code for nefarious purposes that is not. Just like writing down invention designs for a killer robot is protected, but building that robot and using it on people is not.
Don't click Wired links if you don't want to pay them. They have an ad-blocker-blocker that kicks in after you have read half of the article or so - and you get no clear warning before this.
Also when people say "Disable javascript" they don't mean go into Preferences and disable javascript. They probably mean install noscript which allows you to blacklist-by-default and enable js with a button click when needed.
In Chrome you can have javascript disabled by default, then whitelist all of the javascript on individual hosts (it does execute all of the javascript on the page, as compared to noscript).
Then on each host, Chrome starts off with no javascript, and there is an icon in the URL bar to enable it. Thus I can enable all javascript for trusted hosts. And in regular mode, that change is permanent, so I'm not bothered
Additionally, open up an incognito, and allow javascript for a host, and that decision is only valid as long as the incognito window is open.
So the workflow is:
1.) Always surf with javascript disabled
2.) Permanently allow all trusted hosts
3.) When needed, temporarily allow a host via incognito (ex: blogspot sites)
This cat and mouse game has gotten to the point where there are ad-blocker-blocker-blockers. That is, lists for your adblocker that disable adblock detection on websites.
This is a good reminder that "Corporations aren't people!" is something of a know-nothing argument, and also didn't suddenly spring into relevance with Citizens United.
Of course Apple can invoke the First Amendment just like you or I could to avoid compelled speech. They may win or lose that argument, but it's not going to be thrown out just because they're a corporation.
I feel that the anger about the citizens united decision is misdirected.
People speak and act. The fact that they do so on behalf of a corporation is not of primary importance.
By saying that there's "corporate speech" and "personal speech", and that the latter is protected and the former not, is essentially the same reasoning that allows corporations to commit crimes with no personal crimes taking place.
The first amendment argument can be made notwithstanding that corporations are not people. Forcing developers to implement and sign code goes against their first amendment rights.
No developers are being forced to do anything. Any Apple employee who feels like it is more than welcome to quit. Otherwise, they're required to do the job their employer asks them to do which, it turns out, might include modifying iOS on a court order.
I'm not sure if you are being disingenuous with me or you just haven't thought out your argument.
You are essentially claiming that a person's rights aren't violated because they still have a choice between expressing a concept in code or losing their livelihood. This is analagous to saying that a person's fifth amendment rights are not violated because they have a choice between answering questions and going to jail. This is the precise definition of coercion, which is exactly what the US government is forbidden to do except in very limited circumstances.
Furthermore, their employer is not the government so the ultimatum does not exist without coercion. Their manager is a human being who is forced to give them orders or fire them, which is again a first amendment violation. They get their orders from their manager, who was coerced, etc.
> You are essentially claiming that a person's rights aren't violated because they still have a choice between expressing a concept in code
> or losing their livelihood.
I write code for a living(1). I'm pretty sure that if I walked in to work tomorrow and told my boss I wasn't going to write any more code then he would tell me pretty soon thereafter that was fine but he was going to stop paying me to come to work every day.
That's not coercion. That's what a job is.
It's interesting, by the way, that you bring up the 5th amendment. You have it exactly backwards. The government has wide latitude to compel testimony at a trial. If you witness a crime, for example, you aren't allowed to refuse to testify about what you saw because of your first amendment rights. The 5th amendment outlines one of the very few exceptions to the government's ability to compel speech in the context of criminal investigations.
1. Strictly speaking I'm more of a manager these days. But, for the purposes of clarity, let's pretend I'm talking about the "me" from 5 years ago.
That example of you and your boss is not the same as the government forcing you to do/say something. The end result is unemployment in your case, and it is your choice since the decision to take the job in the first place was voluntary. In the case of the government compelling you to work and/or write code, the result of non-compliance is fines, imprisonment for contempt, etc.
And assuming the process that led to the writ being issued in court was fair and followed correctly, you wouldn't be able to just walk away from it. Which is why the first amendment and other laws matter for the government and not for your employer-employee example.
No, you're wrong about fines, imprisonment for contempt, etc.
That might be true for senior officials at Apple (Tim Cook, etc) but definitely not for rank and file employees. Any of them that are asked to implement GovOS (to use Apple's shorthand for the proposed software) could surely quit instead of doing the work.
To be honest, they wouldn't even have to quit. I'm sure there are plenty of people at Apple qualified to do the work. If some of them have moral issues I'm sure they can go work on other things. Apple will have no problem finding a few folks to comment out a few lines of code and recompile the OS.
You're basically repeating FUD spread by Apple and others to make the situation seem worse than it is. Normally this kind of FUD spreading is reviled by the hacker community.
This argument sounds so hokey. Similar to the non-exectation-of-privacy-when-using-tor argument, https://news.ycombinator.com/item?id=11166991 The US legal system appears as a special case
It has to be - our legal system is based on rule of law. You often see lawyers go after First Amendment defenses because the First Amendment is legally part of the constitution, and thus overrides any and all other laws. Of course, a judge has to agree with the argument - and considering when the Bill of Rights was written, that argument is likely going to be a bit roundabout given the progress we've made in ~250 years.
Any modern argument based on laws written 250 years ago is going to necessarily be roundabout. If the problem was straightforward, there would probably be established case law addressing it.
IMO the US intelligence apparatus likely already has Apple's publisher keys (we know they had Microsoft's at one point for Stuxnet, so this is entirely plausible). The FBI is far less advanced than the NSA/CIA on computer crime/crypto, likely to the point the NSA/CIA would not share information with them for fear of its existence being leaked through an overzealous investigation of a mass shooter who almost certainly never interacted with anyone in ISIS of any importance.
This is probably a gambit by the FBI to get access to this type of data for their other criminal investigations. If it is publicly known that the FBI has a way to break iPhones, they can lean on the NSA/CIA to provide more effective methods (without breaking cover of the existence of those methods.)
IMO a better tactic is the one the NSA has taken: let the industry build it, and we will hack it. This is just better tradecraft because it lulls targets into a false sense of security. Look at the engineering behind Stuxnet and the Equation Group viruses - these guys are obviously in another league from the FBI (and likely even from Apple). Given the gap in skills and mission, I don't blame them for not trusting the FBI.
You have some details mixed up there. Stuxnet did not use any domestic certificates. You're likely thinking of Flame, which still did not involve stealing keys or certificates, but rather exploiting a flaw relating to how certificates were issued to the general public.
Well, just remember that when you're dealing with clandestine agencies like CIA/NSA, they can probably either turn or place an asset in one of Apple's security teams and get access that way. Their evidence collection methods don't have to hold up in court.
Yeah, just saying that with Apple's level of access to the information on people's phones, it would be a very attractive target - and the best way to obtain access and keep it would be an insider. The NSA/CIA are spy agencies, after all, and they DEFINITELY have the capability to infiltrate a company like Apple (either through a vendor or by getting an agent on Apple's payroll).
Seems like the NSA does trust other law enforcement agencies at least to a certain level, with the use of parallel construction for illegally obtained evidence [1].
Would it be a reasonable compromise for the FBI to turn the phone over to Apple, allow Apple to access the data using whatever method it deems necessary, transfer whatever data is recovered to the FBI and then destroy the phone along with any custom FW Apple had to develop in the process?
They would have to trust that Apple is acting in good faith. I can't see any incentive or reason for Apple to falsify the data. They already provided the most recent iCloud backup in good faith.
Let's say they try to convict somebody based on data from the phone.
"Your honor, it's a known fact that my client has had a long-standing adversarial relationship with Jack Smith, an employee at Apple. Jack Smith's motive and opportunity to frame my client by falsifying data in this case provides clear reasonable doubt of my client's guilt."
Additionally, let's say they destroy the phone. How can you establish that the evidence hasn't been tampered with after the fact? It's not like you can go pull the files again, the phone has been destroyed. So now you're not only trusting that a) Apple provided the right data, you're trusting that b) the FBI hasn't tampered with the data to frame somebody.
One of the strengths of Apple's arguments is that they do not have software that the government is trying to compel them to provide. The government compelling the creative act of making this software is not something that has occurred under the All Writs Act previously, as far as I am aware, so this would set precedent.
Once the software is already created, it is, at worst, just a question of getting the timing right for the next request in order to make such an order (to provide software to assist in the unlocking of phones) merely ordinary.
Aside from some arcana, what you are proposing is equivalent to the FBI's position, which I think many here disagree with.
Not exactly. My understanding is that the FBI wishes for the phone in question to remain within FBI custody at all times, which makes it more likely that any custom FW Apple develops could be leaked or replicated. What I propose (obviously a compromise) is for everything (FW creation, brute force attack, download of data) to occur within Apple's custody, network, and for Apple to then destroy the phone. Apple would not even need to disclose publicly how they accessed the data on the phone.
That's actually what the FBI is asking for in this case (except for the destroying the phone part). They aren't after control of the modified software themselves they just want the data from this one particular phone.
My understanding is that they still want the actual brute force attack of the phone to occur within FBI custody. Apple could easily do that in-house, inside their own network and then share the data with the FBI.
All this is reminding me not a little of the original crypto wars when Zimmerman was up against the feds in the headlines semmingly every other day.
In the end publishing the source code as a literal, printed book and exporting it from the USA as printed material (Free Speech!) then OCRing the contents in whatever country they wanted to get it to only now we already have a precedent for code is speech and those extra steps might not be necessary.
I have also been wondering if this is the wrong iPhone to take a stand on since it is owned by the employer, not the dead terrorist -- and the employer wants it unlocked.
But I guess this is more about forcing a company to manufacture an ad hoc backdoor than protecting the privacy of the owner of the device (my understanding is that if your employer owns the device, there is no privacy.)
While I would love to see this argument succeed, I doubt it will. Free speech already has limits on both the affirmative and negative sides. Shouting fire in a crowded theatre is not protected, nor is remaining silent if the government decides to label you an "enemy combatant". So I'm not optimistic that Apple's argument will succeed. The fear of drugs, pedophilia and terrorism seems to trump the First Amendment -- and the Fourth, and the Fifth, and the eighth, andthe Forteenth -- pretty reliably nowadays.
You're mixing together quite a few different things. You can't use speech to incite a physical reaction/panic/riot. That crosses the line from simply communicating to taking action. And the right to not speak is protected by the 5th amendment. If you're an "enemy combatant," you're sitting in somewhere in Iraq or Afghanistan, and the 5th amendment doesn't apply because the person isn't a U.S. citizen and they're not on U.S. soil.
> the right to not speak is protected by the 5th amendment
No, it's not. The right not to incriminate yourself is protected by the 5th amendment. People are subpoenaed and forced to speak all the time. That's why Apple isn't making that argument. (They do have a 5th amendment argument too, but it's not based on self-incrimination.)
> If you're an "enemy combatant," you're sitting in somewhere in Iraq or Afghanistan
It has never been put to the test (because the scenario is pretty unrealistic) but do you really think that if a U.S. citizen on U.S. soil made a credible claim to have planted a nuke somewhere in NYC, that the government would not mount an argument that the Constitution allows them to waterboard that person to get them to reveal the location of the bomb? And that they might win?
What if Apple was in the business of safes and built a really strong to crack safe. There would be 10 attempts to open it or all the content would catch on fire.
Is it unheard of that the government would seek the help of that kind of company in similar cases ?
The argument that the newly-developed technique could be stolen by unwanted adversaries is the same. In both cases the government has to get hold of the physical object to crack the (digital) safe.
No safe contains as much value to a person as a phone does. A phone contains everything. Everything. All your texts, all your browsing data, all your apps and the things you record in them, safe from the world behind a passcode.
To apply your argument, your safe is a Narnia portal that brings you access to every facet of someone's life, all to track down the contents that fit on a few pieces of paper.
Equating smartphones with physical safes is ridiculous.
Certainly that's an issue with the scope of the warrant. Similarly to the judge only giving access to the car or the living room. I agree that smartphones are blurring the distinction between the brain and the physical world and the day where devices exist to read our thoughts we will have to make a decision if that is off-limit or not.
Every safe would have a replaceable locking/fire-setting mechanism with a part, machined to uniquely fit that particular safe, and stamped with the builder's guarantee of security.
The important points are these: the mechanism-replacement machine wouldn't be limited to that one safe, and the technician won't install it unless Apple Safes said that it had the same level of security after the alteration. This isn't cracking one safe; it's developing (easily redistributable) instructions for cracking all the safes of that model and marking the modified mechanisms as unmodified, against their will.
How much work can the government require you to do in order to comply with a warrant? There must be limits. When does it become involuntary servitude? Obviously not when we're talking about handing over something in your possession, but how much code can they make you write?
Courts are entitled to reasonable cooperation from third parties to facilitate the administration of justice. Turning over documents, showing up for third-party depositions, testifying in front of a grand jury, drilling into a safe deposit box, etc. In Anglo-American law, that idea predates even the Constitution.
But at some point, cooperation goes beyond reasonable into the area of "unreasonable burden." As a practical matter, the test tends to be one of economics. How much does it cost to comply, and is that cost a reasonable one given the party being compelled?
This makes me want to cry -- not the FBI overreach, but the "This, And Clickbait" sentence structure. Don't they teach how to write headlines any more in journalism school?
If Apple is finally compelled to write this backdoor code, and that backdoor code is used against a lawful customer, what happen if this customer then trie to sue Apple?
Will the DOJ be sued as well as they might be fully responsible? And could Apple sue DOJ as well for irremediable arm against his product safety?
88 comments
[ 5.2 ms ] story [ 89.1 ms ] threadIs there any reason Apple can't use more than one argument in its defense?
According to USA vs. New York Telephone, "unreasonable burdens may not be imposed". I think Apple will bear quite a burden if it must force its engineers to implement this code. It will be telling them to reverse their work and go against company values. Also, the public is going to know the outcome of this case. If Apple doesn't come out cheering, we will all know its security features have been weakened, which will impact sales.
No.
I wonder how it would go down if they said it was against their religion, a la Hobby Lobby.
"Say you sue me because you say my dog bit you. Well, now this is my defense: My dog doesn't bite. And second, in the alternative, my dog was tied up that night. And third, I don't believe you really got bit. And fourth, I don't have a dog."
https://en.wikipedia.org/wiki/Alternative_pleading
Apple should have thought about this before they got into the phone Biz.
Maybe in that scenario, it would be the author who writes that code who would be protected but the person who executes the deadly code who is breaking the law?
Holmes's famous phrase means that not all forms of speech are protected. For example, the First Amendment does not protect obscenity, child pornography, true threats, fighting words, incitement to imminent lawless action, criminal solicitation or defamation.[1]
[1]: http://1forall.us/teach-the-first-amendment/the-first-amendm...
The ELI5 of free speech is: you can say whatever you want so long as it doesn't come at a cost to another legal entity (normally people, but not always).
One example that I found very demonstrative while trying to intuitively understand FOS was a very extreme one[1]. It's a difficult but worthwhile read. The best way to understand FOS is to read up[2] on how it has been applied.
[1]: https://en.wikipedia.org/wiki/National_Socialist_Party_of_Am... [2]: https://en.wikipedia.org/wiki/Category:United_States_Free_Sp...
So while not all speech is protected, the notion of what is protected can change over time -- hopefully in a pro-liberty direction.
Not a lawyer, but I don't think so. You can't just say anything you want, either (yelling "fire!" in a crowded room, slander, inciting violence, etc).
This is simply not true. Read Trope Two here [0] for a brief overview (although the entire essay is well worth reading), and [1] for a in-depth analysis of the trope.
[0] https://popehat.com/2015/05/19/how-to-spot-and-critique-cens...
[1] https://popehat.com/2012/09/19/three-generations-of-a-hackne...
The point is that the boundaries of where speech loses its First Amendment protections are very clearly defined. Now that you are aware that the "Fire!" example is not an example of unprotected speech, you would do a grave disservice to discourse if you continue to use it as an example of unprotected speech.
Of course in this case the person is a corporation; if this defense works I wonder if there will be calls for renewed scrutiny of corporate personhood. This may have been discussed in the article, but I was unable to read very far because I have an ad blocker turned on.
Yes, that's pretty much true, though actually executing that code to perform a nefarious task (or otherwise conspiring to execute the task or encouraging people to that end) may still be illegal.
How is that not the only sensible outcome?
Telling people about vulnerabilities is the only way they can defend against them. Defenders need actual exploit code to test their countermeasures against.
The person who uses the exploit to kill someone is the person who uses the exploit to kill someone.
It should. Code is speech, so banning private speech is to create a thought-crime. Unless the author of that code intends it to be used as a weapon and facilitates that use, yes, they ought to be protected. Your hypothetical also probably isn't all that hypothetical. Pacemakers have vulns, and it isn't illegal to create a PoC proving the vuln is real. There are probably real world examples.
Then on each host, Chrome starts off with no javascript, and there is an icon in the URL bar to enable it. Thus I can enable all javascript for trusted hosts. And in regular mode, that change is permanent, so I'm not bothered
Additionally, open up an incognito, and allow javascript for a host, and that decision is only valid as long as the incognito window is open.
So the workflow is:
1.) Always surf with javascript disabled
2.) Permanently allow all trusted hosts
3.) When needed, temporarily allow a host via incognito (ex: blogspot sites)
This does not require any additional extensions.
For example, https://github.com/reek/anti-adblock-killer
Of course Apple can invoke the First Amendment just like you or I could to avoid compelled speech. They may win or lose that argument, but it's not going to be thrown out just because they're a corporation.
People speak and act. The fact that they do so on behalf of a corporation is not of primary importance.
By saying that there's "corporate speech" and "personal speech", and that the latter is protected and the former not, is essentially the same reasoning that allows corporations to commit crimes with no personal crimes taking place.
You are essentially claiming that a person's rights aren't violated because they still have a choice between expressing a concept in code or losing their livelihood. This is analagous to saying that a person's fifth amendment rights are not violated because they have a choice between answering questions and going to jail. This is the precise definition of coercion, which is exactly what the US government is forbidden to do except in very limited circumstances.
Furthermore, their employer is not the government so the ultimatum does not exist without coercion. Their manager is a human being who is forced to give them orders or fire them, which is again a first amendment violation. They get their orders from their manager, who was coerced, etc.
> or losing their livelihood.
I write code for a living(1). I'm pretty sure that if I walked in to work tomorrow and told my boss I wasn't going to write any more code then he would tell me pretty soon thereafter that was fine but he was going to stop paying me to come to work every day.
That's not coercion. That's what a job is.
It's interesting, by the way, that you bring up the 5th amendment. You have it exactly backwards. The government has wide latitude to compel testimony at a trial. If you witness a crime, for example, you aren't allowed to refuse to testify about what you saw because of your first amendment rights. The 5th amendment outlines one of the very few exceptions to the government's ability to compel speech in the context of criminal investigations.
1. Strictly speaking I'm more of a manager these days. But, for the purposes of clarity, let's pretend I'm talking about the "me" from 5 years ago.
And assuming the process that led to the writ being issued in court was fair and followed correctly, you wouldn't be able to just walk away from it. Which is why the first amendment and other laws matter for the government and not for your employer-employee example.
That might be true for senior officials at Apple (Tim Cook, etc) but definitely not for rank and file employees. Any of them that are asked to implement GovOS (to use Apple's shorthand for the proposed software) could surely quit instead of doing the work.
To be honest, they wouldn't even have to quit. I'm sure there are plenty of people at Apple qualified to do the work. If some of them have moral issues I'm sure they can go work on other things. Apple will have no problem finding a few folks to comment out a few lines of code and recompile the OS.
You're basically repeating FUD spread by Apple and others to make the situation seem worse than it is. Normally this kind of FUD spreading is reviled by the hacker community.
This is probably a gambit by the FBI to get access to this type of data for their other criminal investigations. If it is publicly known that the FBI has a way to break iPhones, they can lean on the NSA/CIA to provide more effective methods (without breaking cover of the existence of those methods.)
IMO a better tactic is the one the NSA has taken: let the industry build it, and we will hack it. This is just better tradecraft because it lulls targets into a false sense of security. Look at the engineering behind Stuxnet and the Equation Group viruses - these guys are obviously in another league from the FBI (and likely even from Apple). Given the gap in skills and mission, I don't blame them for not trusting the FBI.
http://www.bbc.co.uk/programmes/p03jtdn2
1. https://en.wikipedia.org/wiki/Parallel_construction
"Your honor, it's a known fact that my client has had a long-standing adversarial relationship with Jack Smith, an employee at Apple. Jack Smith's motive and opportunity to frame my client by falsifying data in this case provides clear reasonable doubt of my client's guilt."
Additionally, let's say they destroy the phone. How can you establish that the evidence hasn't been tampered with after the fact? It's not like you can go pull the files again, the phone has been destroyed. So now you're not only trusting that a) Apple provided the right data, you're trusting that b) the FBI hasn't tampered with the data to frame somebody.
Once the software is already created, it is, at worst, just a question of getting the timing right for the next request in order to make such an order (to provide software to assist in the unlocking of phones) merely ordinary.
Aside from some arcana, what you are proposing is equivalent to the FBI's position, which I think many here disagree with.
In the end publishing the source code as a literal, printed book and exporting it from the USA as printed material (Free Speech!) then OCRing the contents in whatever country they wanted to get it to only now we already have a precedent for code is speech and those extra steps might not be necessary.
https://en.m.wikipedia.org/wiki/Key_disclosure_law#United_St...
I have also been wondering if this is the wrong iPhone to take a stand on since it is owned by the employer, not the dead terrorist -- and the employer wants it unlocked.
But I guess this is more about forcing a company to manufacture an ad hoc backdoor than protecting the privacy of the owner of the device (my understanding is that if your employer owns the device, there is no privacy.)
Alas.
No, it's not. The right not to incriminate yourself is protected by the 5th amendment. People are subpoenaed and forced to speak all the time. That's why Apple isn't making that argument. (They do have a 5th amendment argument too, but it's not based on self-incrimination.)
> If you're an "enemy combatant," you're sitting in somewhere in Iraq or Afghanistan
It has never been put to the test (because the scenario is pretty unrealistic) but do you really think that if a U.S. citizen on U.S. soil made a credible claim to have planted a nuke somewhere in NYC, that the government would not mount an argument that the Constitution allows them to waterboard that person to get them to reveal the location of the bomb? And that they might win?
The argument that the newly-developed technique could be stolen by unwanted adversaries is the same. In both cases the government has to get hold of the physical object to crack the (digital) safe.
To apply your argument, your safe is a Narnia portal that brings you access to every facet of someone's life, all to track down the contents that fit on a few pieces of paper.
Equating smartphones with physical safes is ridiculous.
The important points are these: the mechanism-replacement machine wouldn't be limited to that one safe, and the technician won't install it unless Apple Safes said that it had the same level of security after the alteration. This isn't cracking one safe; it's developing (easily redistributable) instructions for cracking all the safes of that model and marking the modified mechanisms as unmodified, against their will.
But at some point, cooperation goes beyond reasonable into the area of "unreasonable burden." As a practical matter, the test tends to be one of economics. How much does it cost to comply, and is that cost a reasonable one given the party being compelled?
If Apple is finally compelled to write this backdoor code, and that backdoor code is used against a lawful customer, what happen if this customer then trie to sue Apple?
Will the DOJ be sued as well as they might be fully responsible? And could Apple sue DOJ as well for irremediable arm against his product safety?