Published February 18, 2016 by Frank Miniter
After the San Bernardino terrorist Syed Rizwan Farook was shot and killed, the FBI got his iPhone. They knew Farook’s phone might have information that could prevent another terrorist attack, but Apple’s encryption technology has since kept the FBI out of the phone. The FBI approached Apple for help, but Apple refused to hack the phone for them. The federal government then took Apple to court. Now a federal magistrate judge in California has ordered Apple to hack the phone.
That all seems very simple and if this were merely an instance where a court order is needed to satisfy Fourth Amendment protections then the FBI would now get the data. But in this case Apple doesn’t have the data or the passcode to get the data. To get it Apple would have to write code that would bypass a security feature designed to erase the iPhone’s contents if the wrong passcode is entered 10 times. If Apple did this it would enable the FBI to bombard the phone with passcodes until they found the right four numbers to unlock the phone’s encryption.
This is exactly what the court is ordering Apple to do. They’ve ordered Apple to write code.
Apple’s CEO Tim Cook has refused. In an open letter to customers, Cook says the FBI’s actions would be an “unprecedented step which threatens the security of our customers.”
Apple has a strong constitutional case to resist this court order because code has been ruled by U.S. courts to be speech and speech has very robust First Amendment protections. The government can’t force a person or private entity to speak.
The trouble for the FBI—even though everyone, including Apple’s CEO, would like the FBI to have the dead terrorist’s information—is this fight has been going on for decades and the U.S. Government has been losing the fights in the courts.
Phil Zimmermann’s “Pretty Good Privacy” (PGP) encryption
This became a hot topic in 1991 when Phil Zimmermann created the first version of “Pretty Good Privacy” (PGP) encryption. He quickly ran into opposition from the National Security Agency (NSA), which then viewed encryption as a state secret.
Zimmermann’s PGP used a symmetric-key algorithm that protected the privacy of emails and other data. Pretty Good Privacy soon found its way onto the Internet and began to be used by political dissidents in totalitarian countries. In February 1993, Zimmermann became the formal target of a criminal investigation by the U.S. Government for “munitions export without a license.”
Cryptosystems using keys larger than 40 bits (Apple’s now uses 256 bits) were then considered to be “munitions.” PGP has never used keys smaller than 128 bits so it qualified at that time. The NSA wanted to keep the technology for the government, but as the Internet grew and a real need for the protection of financial and other transactions became apparent, the NSA found it couldn’t keep good encryption off the market.
Zimmermann had challenged the laws designed to keep the private economy in the dark ages by publishing the entire source code of PGP in a hardback book. Anyone who wished to build their own copy of PGP could buy the book, cut off the covers, separate the pages, and scan them using an OCR program, which would create a set of source code text files. A savvy person could then build the application using the freely available “GNU Compiler Collection.” As it was in a book, it had strong First Amendment protections.
Cryptographic software source code is speech protected by the First Amendment
This First Amendment question was never tested in court. Two federal appeals courts, however, established the rule that cryptographic software source code is speech protected by the First Amendment.
In Bernstein v. United States, a set of court cases brought by Daniel J. Bernstein, Bernstein challenged restrictions on the export of encryption software. In 1995 Bernstein was a student at the University of California at Berkeley. He wanted to publish a paper and associated source code for his encryption system. After four years he won a landmark decision from the Ninth Circuit Court of Appeals that determined that software source code is speech protected by the First Amendment.
The government then modified its regulations. When Bernstein challenged them again in court, the case was dismissed in 2003 and the court told Bernstein to wait until the government made a “concrete threat” to impede his First Amendment rights.
Meanwhile, in 2000, a Sixth Circuit Court of Appeals case, Junger v. Daley, also found that software source code is protected by the First Amendment.
The cost to freedom
Now this attempt to force Apple to write code might force other courts, and potentially the U.S. Supreme Court, to answer whether code is speech and then if in such a case the government can force someone to speak.
The government, however, might drop this case when it realizes it can’t win the technological battle this way anyway. After all, there are now apps that allow people to encrypt data on their smartphones. Also, even if Apple is forced—either legally or through the weight of public opinion—to build a “backdoor” to bypass its security software, this wouldn’t prevent a foreign company from writing software without a backdoor for the FBI to use—and for hackers to find. The U.S. Government can’t fight this technology all across the planet.