The Department of Justice and Apple are set to continue butting heads over how Apple should handle user data. The Department of Justice has once again come out against Apple’s decision to encrypt user data, saying that the company should provide a way for law enforcement officials to unlock user data.
At the heart of the case is an instance in which an iPhone 5s was being used by someone called Jun “Kevin” Feng, who is being charged with possession and distribution of meth. The prosecutors say that someone sent the iPhone an “erase command” however the device was offline at that point in time, so none of the data was actually erased. Since the phone was encrypted, however, the DOJ wants Apple to “unlock” the device without having any of the data destroyed.
There’s only one problem with that – Apple says that it’s technically impossible to unlock an iPhone running iOS 8 or later because of the fact that the “keys” to unlock the device aren’t available to anyone except for the user who set up the encryption. Apple did, however, say that iPhones running older versions of iOS could be unlocked in the way that the DOJ suggests. Given this, the DOJ wants to convince the judge that Apple should cooperate. It’s important to note that the iPhone in question runs an older operating system than iOS 8.
The DOJ also made a somewhat novel argument on a legal level, saying that because of the fact that Apple sells iOS under iOS, rather than under a true sale, Apple maintains controlling interest over iOS and should therefor be required to help. Of course, civil groups suggest that not only is is that argument somewhat of a stretch, but that Apple is perfectly within its legal limits to refuse to help the government in unlocking a phone.
“Just because a company has voluntarily complied with law enforcement in the past doesn’t mean it’s obligated to do so in the future. Offering encrypted devices is lawful and companies are entitled to prioritize their customers and their security,” said Esha Bhandari, a civil attorney at the American Civil Liberties Union, in an interview with Ars Technica.
Apple itself argues that the government cannot keep using an 18th century law to require the company’s assistance. The law is called the All Writs Act, and basically enables the court to issue a writ, or an order, which compels an individual or a company to do something. It’s important to note that this law has been used in the past to compel tech companies to bypass security measures on smartphones, so Apple’s argument is valid.
Ken Dreifrach, an attorney representing Apple, also argues that the fact that Apple has complied to previous demands should not have any effect on this particular case. At the core of Apple’s argument is the fact that continuously unlocking a user’s phone would erode user trust in the company, which is certainly a valid argument. Many people are far more privacy-aware following Edward Snowden’s revelations related to NSA spying, and if Apple were to “unlock” an encrypted phone, the more privacy-aware Apple users would probably switch to another platform.
Apple’s attorneys have also compared requests by the DOJ to asking a drug company to take part in a lethal injection against its wishes.
Because of the issue of user trust, Apple suggests that continuing to offer a way to unlock user phones would be “burdensome,” however the DOJ counters that by saying that Apple has been involved with a number of cases in the past. The DOJ then requested that Apple explain its change of heart, however the company simply said that it had become more concerned about user data in light of recent high-profile data breaches.
Basically, the DOJ may certainly win this case when it comes to this particular phone, however in the long run it will no longer be able to make requests such as this, as fewer and fewer people have devices with operating systems that can be decrypted by Apple or other smartphone manufacturers. Whether or not the DOJ and other entities force Apple to once again carry the keys is another matter, however if that does happen, it will likely have side-spread implications for customer privacy as a whole.