Apple said yesterday that its legal battle with the FBI has such far-reaching consequences that it should be settled by Congress rather than by the courts – but if that tack is unsuccessful, Bloomberg reports that the company will be putting forward a rather unusual argument in court. Apple will argue that the digital signature it uses to validate code is protected by the First Amendment as free speech, which cannot be compelled in law.
Before you download a new game or messaging app on your iPhone, the device checks for a digital signature tucked within the lines of code on the app. All applications sold through the App Store are approved by Apple and have this cryptographic autograph from the company telling your iPhone it’s safe. In the FBI case, some privacy advocates believe the company has a strong First Amendment case because it’s being asked to add that signature, against its will, to software that would aid the government.
In other words, even if the government could force Apple to write code that would remove the passcode protections, it shouldn’t be allowed to force Apple to sign the code – and if Apple doesn’t sign it, the iPhone won’t accept it …
“That’s a fundamental First Amendment problem because it can’t compel speech,” said David Rivkin, a constitutional litigator at BakerHostetler.
The free speech argument won’t form the main thrust of Apple’s defence, according to an anonymous Apple executive cited by Bloomberg: that will be that the government is pushing the centuries-old All Writs Act into territory far beyond its original scope, and therefore doesn’t have the legal authority to compel Apple to write the compromised code. But the First Amendment argument will form a secondary element of Apple’s case.
Washington University law professor Neil Richards said that courts are likely to be very wary of accepting the free speech argument because of the precedent it would set. He believes Apple already has a compelling defence without resorting to this.
“The argument is if all software is speech and all data flows are protected, then everything we do with communication is protected, and any regulation of the digital society becomes impossible,” said Richards, who sides with Apple in this case. “If we’re not careful we could end up a society that strikes a terrible balance.”
The idea that code is protected free speech is not entirely without existing precedent, however.
In the 1990s, a graduate student at the University of California at Berkeley wrote an encryption program for his own research that he wanted to make public. Under federal regulations, a coder must get a license to publish cryptography tools, and the government denied the student’s license. In 1999, the U.S. Court of Appeals in San Francisco ruled for the first time that source code was protected as speech, and the student, Dan Bernstein, who is now an instructor at the University of Illinois at Chicago, was allowed to share the code freely.
But other judges have ruled that code is not protected by the First Amendment, so we could be in for an extremely interesting court battle!
You can read all our coverage of the case in the links below.
- U.S. judge orders Apple to help FBI access data on San Bernardino gunman’s iPhone 5c
- Apple publishes letter responding to FBI iPhone unlock demand: ‘an unprecedented step which threatens the security of our customers’
- Google CEO Pichai appears to side with Apple in series of vague tweets on FBI encryption battle
- Security firm shows how Apple could bypass iPhone security to comply with FBI request
- Opinion: How likely is Apple to succeed in resisting the FBI court order?
- Should Apple comply with FBI request to bypass San Bernardino gunman’s iPhone? [Poll]
- Civil rights groups and tech companies express support for Apple’s stand against the FBI
- Opinion: Why an iPhone master key is better than a backdoor, but still too dangerous
- Petition urges White House to support Apple in blocking government access to locked iPhones
- Senate Intelligence Committee considering bill to penalize companies refusing to decrypt user device
- Report: Apple to get more time to formally respond to government’s request for access to locked iPhone
- Apple/FBI fight looks destined to go all the way to the Supreme Court as more background is revealed
- Department of Justice files motion to force Apple to comply with FBI iPhone backdoor request
- Apple implies FBI screwup: iPhone Apple ID password changed in govt possession, backdoor unnecessary
- FBI explains why it changed Apple ID password in iPhone unlock case, retrieved iCloud backups up to October 19 but wants more
- San Bernardino victims divided on iPhone issue as FBI claims not trying to set a precedent
- Edward Snowden describes how the FBI could physically extract passcode from iPhone chip without Apple’s help
- Apple/FBI: Tim Cook sends memo to employees, wants government to drop All Writs Act demands, posts customer FAQ
- Mark Zuckerberg sides w/ Apple in encryption battle as poll suggests public supports FBI
- Report says DOJ seeking data from ‘about’ 12 other iPhones as Bill Gates sides with FBI
- http://viptest.9to5mac.com/2016/02/23/apple-to-take-encryption-battle-to-congress/
FTC: We use income earning auto affiliate links. More.
This very argument was posted several days ago by 2 attorneys who are very familiar with Constitutional Law. I truly hope, for everyone’s sake, it is successful!
I do find it somewhat ironic the lengths these technology companies go to ‘protect’ our data and yet if there is any kind of technical/systems failure suddenly the onus is on us about the security/availability of that data
Back up your phone, computers and devices.
Exactly its our responsibility ….. although backing up cloud email is tricky …. Which ever side of the fence you sit I don’t think it’s healthy we have commercial companies un-elected self interest trying to control democratically elected governments
Not exactly true. Apple has already handed over all the data it can, but is drawing the line at creating a back door into iOS. There was a case over a year ago involving nude photos that were leaked of Jennifer Lawrence, but iCloud wasn’t hacked by someone to obtain these photos.
*those.
(Damn, no editing is annoying!)
A post from last Wednesday by Nicolas Weaver, from the Lawfare.com website:
“The request to Apple is accurately paraphrased as “Create malcode designed to subvert security protections, with additional forensic protections, customized for a particular target’s phone, cryptographically sign that malcode so the target’s phone accepts it as legitimate, and run that customized version through the update mechanism”. (I speak of malcode in the technical sense of “code designed to subvert a security protection or compromise the device”, not in intent.)
The same logic behind what the FBI seeks could just as easily apply to a mandate forcing Microsoft, Google, Apple, and others to push malicious code to a device through automatic updates when the device isn’t yet in law enforcement’s hand. So the precedent the FBI seeks doesn’t represent just “create and install malcode for this device in Law Enforcement possession” but rather “create and install malcode for this device”.
Almost immediately, the NSA is going to secretly request the same authority through the Foreign Intelligence Surveillance Court using a combination of 702 to justify targeting and the All Writs Act to mandate the necessary assistance. How many honestly believe the FISC wouldn’t rule in the NSA’s favor after the FBI succeeds in getting the authority?
The NSA’s admittedly restrictive definition of “foreign intelligence” target is not actually all that restrictive due to the “diplomatic” catch-all, a now unfortunately public cataloging of targets, and a close association with the GCHQ. So already foreign universities, energy companies, financial firms, computer system vendors, governments, and even high net worth individuals could not trust US technology products as they would be suceptible to malicious updates demanded by the NSA.”
Nicholas Weaver is a senior staff researcher focusing on computer security at the International Computer Science Institute in Berkeley, California. All opinions are his own
The complete post is at https://lawfareblog.com/not-slippery-slope-jump-cliff
So, to be clear, they will argue that their ‘digital signature’ is protected under the first amendment. Not all of their code.
Yes – which I think is a clever way to argue it.
The FBI will just have to ask the Chinese to get the information for them. Shouldn’t take long.
#StandWithApple
If you’d like to support #StandWithApple and its stance on privacy, there is a White House petition at
https://petitions.whitehouse.gov/petition/apple-privacy-petition
Considering that they successfully argued that iTunes was music and did not constitute an entry into music in their lawsuit with Apple Music/The Beatles I think they have good shot at this.
I don’t think that Apple is trying to argue that all code is protected as free speech. I think they are trying to argue that the signing software with the cryptographic autograph is the equivalent of Apple officially stating: “This software is safe”. But since Apple does not believe that GovtOS is safe it cannot be forced to sign it.