Department of Justice’s own brand of branding:
How today’s court filing in the Apple vs FBI Terrorist Investigation Case is more about the new battle that’s emerged in the court of public opinion than it is about the legal battle in the courtroom.
Finding a United States Court an insufficient venue to argue the merits of privacy versus security, Apple emphatically expanded the case into the Court of Public Opinion with Cook’s February 16 “Message to Our Customers.” Issuing an open letter to its customers insisting that it will fight the U.S. government’s order to provide technical assistance, Apple stated its case and its position as the aegis of its customers’ right to privacy.
Not to be to be left without response, the U.S. government, reaffirming its position as the defender of public safety, issued its own style of press release in the form ofto compel Apple to comply with the Court’s February 16 Order. The twenty-five-page motion is encapsulated in Footnote 3, which – reading between the lines – says there’s no need for this motion, but here it is anyway; and by the way, here’s the DOJ’s counter to Cook’s statements.
Without getting into either the technical or legal aspects of this case, the bottom line is relatively simple: Can Apple meet its significant burden to show that compliance with the Order is “unreasonably burdensome”? The problem for Apple – assuming its argument is basically that compliance could ruin, if not annihilate, its business, is that quantifying the burden is very difficult, and in many ways speculative. In fact, one could argue the current legal battle being played out in the court of public opinion may actually help advance Apple’s integrity with customers by its show of defiance against the U.S. government.
So therein lies Apple’s predicament: In the face of the DOJ’s strong legal argument, can Apple make a specific, detailed showing – one that can survive legal scrutiny? Or, is defying the government simply the best way to drum up goodwill?
On February 22, Apple countered by taking its message to its employees. In an early morning email to employees, Apple CEO Tim Cook reiterated its earlier justifications and urged the DOJ to consider an alternative to the current legal proceeding – one that would evaluate the issue in a larger, more comprehensive manner. Cook proposed that the Obama Administration create a commission, comprised of interests from the intelligence, technology, and civil liberties communities, to examine the competing issues at play in this debate. The problem, of course, is that the alternative ignores the immediacy of the U.S. government’s current request.
UPDATE: February, 23, 2016 - The Less Expensive Cost of Non-Compliance
For those who may not be familiar with Max Schrems (@), he’s an Austrian privacy activist who campaigns against Facebook for privacy violations, including violations of European privacy laws and alleged transfer of personal data to the NSA as part of the NSA's PRISM program.
During a meeting this morning, Schrems discussed his efforts and the competing interests involved. He said two things that resonated with me, both of which have applicability – I think – to the current Apple/DOJ debate.
The first, "too big to shut down" will continue to influence regulators' oversight and enforcement efforts when it comes to data privacy and security violations by large tech companies. And no matter how bad things may appear, it’s highly unlikely regulators will challenge in any meaningful way the market dominance that such tech companies have.
The second, the cost of compliance with EU data protection laws (or any other similar laws, for that matter) is often greater than the cost of violating them. Hence, there can be a built-in incentive for companies to pay less, or minimal, attention to those laws.
Maybe we are seeing some of those thoughts at play here in the Apple/DOJ debate.
UPDATE: February, 24, 2016 - Twin Privacy vs. Safety Matters Play Out In the House
Two privacy vs. safety battles are occurring simultaneously on Capitol Hill, albeit under different circumstances. The first, of course, is Apple vs. FBI. A push in Congress is now under way to end the seeming logjam of priorities. Permitting exceptions to a cyber-security defense inherently weakens it. On the other hand, digital data is just papers and personal effects—searchable with a warrant. Both the Senate and the House are preparing rare bipartisan bills to address the dilemma. The Senate bill, which would effectively codify the court ruling, is not broadly supported. More promising at the moment is the bill in the House. Its stated purpose is to bring both sides to the table to discuss if they can agree on common rules. House Homeland Security Committee Chairman Michael McCaul (R-Texas) and Sen. Mark Warner (D-Va.) are expected to detail some of the bill’s particulars imminently. We will have more updates to come. To learn more, read: http://thehill.com/policy/cybersecurity/overnights/270488-overnight-cybersecurity-lawmakers-close-on-apple-approved-encryption
At the same time, a smaller story in the House is taking place. A string of data breaches have been rattling federal agencies and the time has come to address the concern. Particularly, the Office of Personnel Management disgorged the data of 22 million people last summer. A fresh round of hearings, modestly called “OPM data breach: Part III,” resulted in the resignation of OPM’s CIO and a general scramble at the top. The House Oversight Chair, Jason Chaffetz, announced, "On her watch, whether through negligence or incompetence, millions of Americans lost their privacy and personal data." As OPM’s public beating continues, one wonders what the Apple brass think when they see what happens to those whose cyber-security is breached. To learn more, read:
UPDATE: February, 25, 2016 - Apple’s Battle with The Government Expands
Apple has not only been fighting the search warrant in California, but, across the United States, Apple is questioning the legality of the “All Writs Act.” One of these matters is unfolding in the Eastern District of New York, which just unsealed some correspondence among the Court, Apple, and the Federal Government. Although the phone in question does not have the same encryption standards as the one in California, the Court still found that Apple’s assistance was needed. Considering Apple’s refusal to comply with the All Writs Act, the Court requested that Apple provide it with additional details regarding other All Writs requests it had received while Apple’s case was before the Eastern District, and how Apple had handled them.
The Court specifically asked whether Apple “opposed the request or otherwise sought or obtained an opportunity to be heard on it before it was resolved.” Apple responded, offering a list of orders to which it had objected. However, Apple’s strategy of moving this argument from the courts to the public at large becomes apparent in these correspondences. The U.S. Attorney points out in a response letter, that Apple’s “objections” to these orders have been in the form of ignoring them. That is, Apple never sought legal relief from these orders, but simply did not comply—something unquestionably unlawful.
Now that the San Bernardino case has brought Apple’s legitimate concerns to the fore, Apple seems to be painting a picture that it has always vigorously defended itself against the All Writs Act. It seems more likely that the company has been waiting for the publicity to attach to these cases before Apple truly made its case. Or, simply waiting to be significantly challenged. Whether that is ultimately a good or bad strategy remains to be seen, but it is certainly a peculiar kind of defense as courts tend to disfavor those who disobey their orders.
UPDATE: February, 26, 2016 - Microsoft Joins the Fray in Support of Apple
Microsoft, one of the more “government-friendly” technology companies, announced that it would be filing a legal brief next week in support of Apple. Pointing out that the specific language used for the Judicial Order from the All Writs Act came from 1911, a time when the adding machine was the most advanced computing device, Microsoft’s president joined the clarion call for definitive legislation.
Although no longer with the company, this comes in contrast to a recent statement by Bill Gates. While not a full-throated supporter of the government’s position, he made comments recently that Apple had been, in effect, exaggerating the proportions of the order. Particularly, he noted that the FBI was not asking for a backdoor, but that it was merely asking for access to one iPhone and that Apple is obligated to comply.
Notable about Microsoft’s position now is that it does not address the immediate issue of the San Bernardino iPhone. This most likely points to Microsoft’s highly calibrated Public Relations stance in the ongoing Public Opinion debate. Were it to agree with Mr. Gate’s point of view in any sense, Microsoft would most likely lose legitimacy in the market and have to fight accusations that it is the government’s technology lackey. However, were it to embrace the Apple point of view, as many other technology companies (e.g., Google and Facebook) have, then Microsoft could damage its presumably good relations with government officials while risking getting dragged into the specifics of the case.
Lastly, such posturing could work out quite well for Microsoft. If an All Writs Act equivalent is passed with even mild support, it would give Microsoft a shield to defend itself against complicity with the government and the goodwill associated with developing an agreement, however strong it turns out to be, between Apple and the government. We will have more information on this aspect when Microsoft files its legal brief. For more insight into this new development, visit: http://thehill.com/business-a-lobbying/270747-microsoft-plans-to-back-apple-in-court
UPDATE: March, 4, 2016 - Federal Judge in NY Rules For Apple
“Finally, given the government’s boundless interpretation of the All Writs Act, it is hard to conceive of any limits on the orders the government could obtain in the future.”
Following-up on our February 25th post, the federal Magistrate Judge in the Eastern District of New York ruled yesterday that the All Writs Act was an inappropriate legal tool for the government to compel Apple’s assistance in accessing one of its products.
The case here is different from the San Bernardino case in a number of respects, including that the defendant already had pled guilty to drug related charges, and the iPhone was never encrypted. However, after the guilty plea, the government still claimed that access to the phone was essential to the investigation, and that Apple’s assistance would be required. Because the defendant had already plead guilty, the case seemed to take on a more academic tone as the two sides grappled with the scope of the All Writs Act.
The case took on a heighted scrutiny after Apple splashed the world news, opposing the San Bernardino order. Not wasting the opportunity as the first ruling on the All Writs Act since then, Judge James Orenstein ruled that the Government’s interpretation went too far.
The judge used this opportunity to set out the legal nuances of the pro-privacy argument. He addressed one of the government lynchpins, that Apple licenses (and does not sell) its software, saying, “In a world in which so many devices, not just smartphones, will be connected to the Internet of Things, the government's theory that a licensing agreement allows it to compel the manufacturers of such products to help it surveil the products' users will result in a virtually limitless expansion of the government's legal authority to surreptitiously intrude on personal privacy.”
The judge’s argument is a reflection of Apple own arguments in the San Bernardino case—particularly, when he stated: “Finally, given the government’s boundless interpretation of the All Writs Act, it is hard to conceive of any limits on the orders the government could obtain in the future.”
So, while this case is noteworthy and useful for laying out the legal principals of the pro-privacy argument, it does not work much in resolving the bigger questions in the privacy vs. security debate. The ruling, effectively, merely picked a winning side in the unique circumstances before the court. Thus, while meaningful and persuasive, the ruling does not resolve the debate.
UPDATE: March 11, 2016 - Fault Line Appears in Government Stance
Federal prosecutors filed an unsurprising reply to support their position on Thursday. Coming off the heels of the minor Apple victory in the Eastern District of New York (discussed above), the reply sought to firmly state the government’s unwavering commitment to make Apple unlock a terrorist’s iPhone. The brief, notably more hostile than other court filings, did its best to castigate Apple for making a marketing mission out of an important federal case.
Although the most salacious allegation is that Apple is complicit with China, the most persuasive one is that Apple is perfectly capable of keeping the cat in the bag. The DOJ correctly points out that Apple protects its source code and its electronic signatures so that no one can access them. To date, Apple has successfully protected the crown jewels.
The forcefulness of the reply is somewhat undercut by a now open fissure in the government’s position. Reportedly, on Tuesday a Federal Trade Commissioner, Julie Brill, expressed deep concern that those in law enforcement think that technology can either be hacked in a good way or a bad way and that such thinking was “magical.” She added, “Just to be clear, I’m not against law enforcement. I am law enforcement.”
Another Commissioner, Terrell McSweeny, went on to support Ms. Brill in her frank assessment of the situation. McSweeny said, “If we’re ever going to have effective telemedicine, connected cars or secure financial payment systems, we cannot legislate vulnerabilities into our devices.”
While Apple probably possesses the capability to break into one iPhone one time, is it reasonable to expect that all similarly situated technology companies should do the same, especially when the government is likely to keep coming back with more phones to decrypt?
Sources: Ars Technica and Law 360
"Is Forcing Apple to Bypass Its Own Security Technology “Unreasonably Burdensome”?" http://www.bna.com/forcing-apple-bypass-n57982067672/ - Bloomberg BNA, February 24, 2016
"The FBI vs Apple: What Does the Law Actually Say?" http://www.inc.com/joseph-steinberg/the-fbi-vs-apple-what-does-the-law-actually-say.html - INC.com - February 26, 2016
Stay Tuned: We will be updating this page frequently as more information becomes available.
Do you have any feedback, thoughts, reactions or comments concerning these topics? Feel free to contact Fernando M. Pinguelo and follow his twitter accounts @CyberPinguelo, for timely comments on related issues. If you have any questions about this post or would like assistance with your legal needs, please contact me or the Scarinci Hollenbeck attorney with whom you work.
About Fernando M. Pinguelo:
, a trial attorney and Chair of the firm’s Cyber Security & Data Protection and E-Discovery groups, devotes his practice to complex litigation with an emphasis on cyber security, data privacy, media and employment matters. A former prosecutor, Fernando’s experience addresses all facets of litigation (trial, mediation, arbitration, appellate) in both federal and state courts and he regularly handles “crisis litigation,” including emergency applications with the courts. Most recently, the leading global information services company retained him to address data breach incident reportedly involving the theft of 15 million customers’ sensitive data.
About Kurt M. Watkins, Co-Author:
Kurt M. Watkins is an associate with the firm. Mr. Watkins focuses his practice on Corporate Structuring and Cyber Security Law. Coming from a technology industry background, he is proficient in computer software and hardware and has a concentration in Intellectual Property.