Welcome!

Mobile IoT Authors: Liz McMillan, Zakia Bouachraoui, Elizabeth White, Yeshim Deniz, Dana Gardner

Related Topics: @CloudExpo, Mobile IoT, Cloud Security

@CloudExpo: Blog Post

Apple vs FBI - The Basics, Explained By @BobGourley | @CloudExpo #Cloud

An update on the ongoing battle between Apple and the U.S. government regarding Syed Rizwan Farook's iPhone

#AppleVsFBI – #FBIVsApple – The Basics, Explained, with Links to Original Documents

This post provides an update on the ongoing battle between Apple and the  U.S. government regarding Syed Rizwan Farook's iPhone, recovered by police after the horrific massacre in San Bernadino on December 2, 2015.

It is just days before the March 22, 2016, hearing in this long-running, highly publicized dispute between the FBI and Apple, with the FBI’s demands of Apple being variously termed “jailbreak,” put a backdoor into, brute force access, compromise security of, or any number of other descriptors, in the case officially known as In the Matter of the Search of an Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus IS300, California License Plate 35KGD203. It is a good time, among all the massive press coverage and legal wrangling, to get back to some of the basics of the legal proceedings.

On February 9, 2016, FBI Director James Comey announced that the FBI was unable to unlock the iPhone and requests Apple to help. Apple concluded it could not help to the extent required to access the phone data. After attempting to resolve the matter out of court, Apple was ordered by U.S. Magistrate (Central District of California) Sheri Pym on Feb. 16 to assist the FBI in accessing Farook’s iPhone. On Feb. 25, Apple filed a motion to have the court vacate the order. Apple’s motion to vacate is supported by a who’s who of the security and tech law fields, in the form of amicus briefs filed last week by numerous influential individuals, companies and NGOs.

General overview of the law
Technology companies have obligations under (and subject to the conditions of) U.S. law to produce data related to criminal proceedings in their possession. However there are statutory obligations (known as the All Writs Act) that put limits on those obligations. Apple argues in its motion, as do the many tech and public interest companies that have filed friends of the court briefs in this case, that the FBI is exceeding the statutory limits in its request of Apple to help the FBI provide access to the potentially relevant data that may be stored on the SB killer’s phone.

In essence, Apple and friends argue, the government’s demands in this case exceed the intent of the All Writs Act.  Apple and its supporters also contend that the government’s request violate the constitutional rights of Apple. Which specific constitutional rights are asserted to be violated differs somewhat among the briefs, and there hasn’t been time to review and inventory the arguments of all briefs.

Below is an outline of the law under which the Government has obtained an order to compel Apple to “unlock” Farook’s iPhone, and Apple’s defense to that Order.

The order

All Writs Act
The order at issue in this case was made pursuant to the All Writs Act, § 28 U.S.C. 1651 (“AWA”). The AWA says that a court may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.” Basically this law has great latitude in its application, and thus has the potential for abuse. That is, it has vast potential to be used to issue writs (orders) that are not “appropriate in aid of their respective jurisdiction” or “agreeable to the usages and principles of law.”

As pointed out in the amicus brief of 32 Law Professors (in support of Apple), “the AWA tasked the federal courts with a role that was “somewhat constrained.” This provision should not be construed so broadly as to essentially endow courts with legislative authority.  Nor should it be used to give the district court a roving commission” to enlist third parties into law enforcement.” This professors’ amicus brief (as well as Apple’s and many others, argue that overreaching is what the court would do if it does not vacate the order.

Specific demands of the Order
The court’s order requires Apple to perform a very specific and extensive set of tasks. By way of example, the first two parts of those orders are the following:

  1. Apple shall assist in enabling the search of a cellular telephone, Apple make: iPhone 5C, Model: A1532, on the Verizon Network, (the “SUBJECT DEVICE) pursuant to a warrant of this Court by providing reasonable technical assistance to assist law enforcement agents in obtaining access to the data on the SUBJECT DEVICE.
  1. Apple's reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.

Those first two specific orders—and the remaining five—go beyond mere technical assistance. The court order is in essence a work order requiring Apple to perform specific deliverables.

Motion to Vacate and supporting arguments of Apple and Amici
In its Motion to Vacate, Apple objects to these directives because it believes them to be unreasonable (and thus outside the court’s powers under AWA) and because no other views on “reasonableness” (in particular, Apple’s) were considered by the court in making its “reasonableness” determination. Apple begins with arguing that “[T]he software envisioned by the government simply does not exist today.”

The Table of Contents of Apple’s motion to vacate goes on to very clearly outline Apple’s argument why the order should be vacated. That is, the Motion to Vacate explains in great detail why Apple believes the order requires Apple to provide unreasonable assistance and thus, runs afoul of the AWA. In addition to exceeding the scope of the AWA, the order if not vacated would, Apple further argues, violate Apple’s constitutional rights to free speech and due process.

Apple’s Motion to Vacate the order compelling it to assist the FBI makes the following arguments. In crafting its Motion to Vacate, Apple’s own words are clearer than any third pary (such as mine) summation.

  1. The All Writs Act Does Not Provide A Basis To Conscript Apple To Create Software Enabling The Government To Hack Into iPhones. [because]
    1. The All Writs Act Does Not Grant Authority To Compel Assistance Where Congress Has Considered But Chosen Not To Confer Such Authority
    2. The All Writs Act Does Not Authorize Courts To Compel The Unprecedented And Unreasonably Burdensome Conscription Of Apple That The Government Seeks
      1. Apple’s Connection To The Underlying Case Is “Far Removed” And Too Attenuated To Compel Its Assistance
      2. The Order Requested By The Government Would Impose An Unprecedented And Oppressive Burden On Apple And Citizens Who Use The iPhone
      3. The Government Has Not Demonstrated Apple’s Assistance Was Necessary To Effectuating The Warrant.
    3. Other Cases The Government Cites Do Not Support The Type Of Compelled Action Sought Here.
  2. The Order Would Violate The First Amendment And The Fifth Amendment’s Due Process Clause
    1. The First Amendment Prohibits The Government From Compelling Apple To Create Code
    2. The Fifth Amendment’s Due Process Clause Prohibits The Government From Compelling Apple To Create The Request Code

That, in essence, is the core of In the Matter of the Search of an Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus IS300, California License Plate 35KGD203.

Of course many other issues are raised in the amicus filings, and ther are additional related filings that have occurred that are relevant to this matter, such as ongoing proceedings in a similar case in Brooklyn, New York, and a recently-released report of the Congressional Research Service that covers the California proceeding (as well as analgous actions if an individual owner of the data/phone is being compelled to provide law enforcement.  I summarize that report here.  There is no paucity of widely available information about this case on the Internet. When in doubt about, it is best to stick to the original documents such as those I have linked in this article.

Apple’s request to vacate the order will be heard on March 22, 2016.

The following are the Amicus Briefs in Support of Apple

  • 32 Law Professors
  • Access Now and Wickr Foundation
  • ACT/The App Association
  • Airbnb, Atlassian, Automattic, CloudFlare, eBay, GitHub, Kickstarter, LinkedIn, Mapbox, Medium, Meetup, Reddit, Square, Squarespace, Twilio, Twitter and Wickr
  • Amazon, Box, Cisco, Dropbox, Evernote, Facebook, Google, Microsoft, Mozilla, Nest, Pinterest, Slack, Snapchat, WhatsApp, and Yahoo
  • American Civil Liberties Union, ACLU of Northern California, ACLU of Southern California, and ACLU of San Diego and Imperial Counties
  • AT&T
  • AVG Technologies, Data Foundry, Golden Frog, the Computer & Communications Industry Association (CCIA), the Internet Association, and the Internet Infrastructure Coalition
  • BSA,The Software Alliance, the Consumer Technology Association, the Information Technology Industry Council, and TechNet
  • Center for Democracy & Technology
  • Electronic Frontier Foundation and 46 technologists, researchers, and cryptographers
  • Electronic Privacy Information Center (EPIC) and eight consumer privacy organizations
  • Intel
  • iPhone security and applied cryptography experts including Dino Dai Zovi, Dan Boneh (Stanford), Charlie Miller, Dr. Hovav Shacham (UC San Diego), Bruce Schneier (Harvard), Dan Wallach (Rice) and Jonathan Zdziarski
  • Lavabit
  • The Media Institute
  • Privacy International and Human Rights Watch

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

IoT & Smart Cities Stories
Machine Learning helps make complex systems more efficient. By applying advanced Machine Learning techniques such as Cognitive Fingerprinting, wind project operators can utilize these tools to learn from collected data, detect regular patterns, and optimize their own operations. In his session at 18th Cloud Expo, Stuart Gillen, Director of Business Development at SparkCognition, discussed how research has demonstrated the value of Machine Learning in delivering next generation analytics to impr...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and sh...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
What are the new priorities for the connected business? First: businesses need to think differently about the types of connections they will need to make – these span well beyond the traditional app to app into more modern forms of integration including SaaS integrations, mobile integrations, APIs, device integration and Big Data integration. It’s important these are unified together vs. doing them all piecemeal. Second, these types of connections need to be simple to design, adapt and configure...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and Bi...
Contextual Analytics of various threat data provides a deeper understanding of a given threat and enables identification of unknown threat vectors. In his session at @ThingsExpo, David Dufour, Head of Security Architecture, IoT, Webroot, Inc., discussed how through the use of Big Data analytics and deep data correlation across different threat types, it is possible to gain a better understanding of where, how and to what level of danger a malicious actor poses to an organization, and to determin...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
The Founder of NostaLab and a member of the Google Health Advisory Board, John is a unique combination of strategic thinker, marketer and entrepreneur. His career was built on the "science of advertising" combining strategy, creativity and marketing for industry-leading results. Combined with his ability to communicate complicated scientific concepts in a way that consumers and scientists alike can appreciate, John is a sought-after speaker for conferences on the forefront of healthcare science,...