Pandora's iPhone
Are computer programs predominantly expressive conduct like a book, or just functional devices like machines? Do computer programs deserve the First Amendment protection of free speech?
These are crucial issues that have arisen in the law due to changes in technology. The California Federal Court will have to address them in the U.S. v. Apple case, where the Federal Bureau of Investigation (“FBI”) requested that Apple access encrypted data on an iPhone used by one of the terrorists in the San Bernardino attack on December 2, 2015.
On December 3, 2015, the U.S. Government obtained from the United States Magistrate Judge David T. Bristow a search warrant regarding the iPhone 5C used by one of the attackers in a terrorist massacre that killed 14 and injured 22 people in San Bernardino, California. This search warrant required Apple’s assistance to access the iPhone to obtain pertinent information about the crime.
Since the order had no practical effects, on February 16, 2016, the Department of Justice (“DOJ”) moved to compel the order against Apple citing the “All Writs Act” — an act that establishes that courts can require actions to comply with their orders in accordance with law principles.
On February 16th, 2016, according to the New York Times, Judge Shery Pym from the United States District Court for the Central District of California ordered Apple to obtain the data required. On the same day, Apple published it’s denial to the order on its website and on February 25, 2016th it officially filed the motion to vacate the judge’s order.
In September of 2014, Apple implemented a default hardware-and-software based encryption for the password contents of all devices running iOS8. This security feature prevents anyone without the passcode from accessing data stored on the device.
Also, Apple created extra safety features that erases the contents of the device after 10 incorrect password attempts. In addition, it now takes more than 5 years to try all the possible combinations of a six-character alphanumeric passcode with lower case letters and numbers.
Although the FBI obtained authorization to search the terrorist’s iPhone, which belonged to his employer, the San Bernardino County Department of Public Health, the FBI does not have the iPhone’s passcode.
Thus, the order obtained by the DOJ compels Apple to create a new operating system (software) to remove the security features and attack the iPhone encryption. This would facilitate unlocking the iPhone by “brute force;” it would try millions of password combinations with the speed of a modern computer. Since the iPhone will recognize only Apple’s cryptographic signature, Apple is the only one that can develop this software.
The DOJ alleges that the request is limited to the San Bernardino case, only this case and this iPhone. The DOJ argues that Apple, rather than assisting in preventing another deadly terrorist attack, is controlling access to the data because of its marketing strategy and business model. The DOJ adds that Apple has the technical skills to obey the order. Since Apple refused voluntary assistance, the DOJ filed a motion to compel.
On the other side, Apple argues in its motion to vacate order that this software can be a back door to the iPhone and it can “provide[] an avenue for criminals and foreign agents to access millions of iPhones.” Also, foreign governments could make the same request. Apple states that this case can serve as a precedent for other prosecutors and judges to ask for the same thing because, according to The New York Times, Apple is fighting the government’s same demand in at least seven of nine other cases.
Apple also fears that following this order, based on the “All Writs Act,” would open the door for future government orders to, for example, write code to activate an iPhone microphone or video camera for surveillance purposes. Apple is concerned with the privacy and security of its customers. Apple added that it hands over data to comply with court orders whenever it can do so, up to now it has received 11,000 requests for information on 60,000 devices, and attended 7,100 cases.
Apple argues that the order to write a software to neutralize safety features with a unique identifier that would only load and execute in the subject device violates the First Amendment, which guarantees freedom of expression and forbids Congress from restricting the rights of individuals to speak freely. Apple cites six precedents that treat computer code as speech under the First Amendment and a precedent from the Supreme Court stating that compelled speech triggers First Amendment Protections.
Apple also contends that the Government violated the Fifth Amendment Due Process Clause, which guarantees that one cannot be deprived of life, liberty and property without due process of law. Apple asserts its substantive due process right to be free from arbitrary deprivation of it’s liberty.
On a factual basis, Apple alleges that the FBI itself foreclosed the alternative of backing up the iPhone to the iCloud when it changed the iCloud passcode, a fact confirmed by the FBI on the New York Times.
Google, Facebook, Amazon and Microsoft stated that they will stand with Apple in this case. According to the Wall Street Journal, Congress is also trying to muster a solution. However, with the presidential elections campaigns and the different opinions among law makers regarding the debate on national security versus individual privacy, Congress will probably take a long time to propose a solution.
There are cases of a similar nature currently going forward in Congress. In December of 2015, Congress approved the Cybersecurity Act, a measure for companies to voluntarily share information on cyber threats.
The judicial system has also already faced similar cases. On February 29, 2016, Judge Orenstein, of the United States District Court Eastern District of New York, ruled in favor of Apple regarding a government order that Apple bypass the passcode security on an iPhone used in a drug trafficking case. The court denied the authority of the All Writs Act to force Apple to break into the iPhone. This denial may influence the U.S. v. Apple case, even though the decision is not binding because it is not from a California appellate court. As for the New York case, the DOJ will ask for a review of the decision.
As we are in the middle of campaigns for the presidential nominations, it is important to know what the possible frontrunners, Hillary Clinton and Donald Trump, think about this case. Donald Trump thinks Apple should comply with the judge’s order to break into the iPhone, while Hillary says the situation is a “difficult dilemma” and that the capability “could be abused by authoritarian regimes like Iran, Russia, and China”.
The next steps of this evolving case are: (i) supporters and opponents will file remarks to the court; (ii) the government will respond to Apple’s motion to vacate order; (iii) after assessing the government’s answer Apple will file its final reply; (iv) on March 22nd, at 1pm the Parties will argue the case before the magistrate-judge, who will rule afterwards. After the court makes a decision, the parties can appeal to the Court of Appeals, then to the California State Supreme Court, and later to the United States Supreme Court, because it involves constitutional issues.
Up to now this case has had several questions and few answers, but an article by Professor Jeanne Fromer from NYU School of Law may offer a possible test the court might apply to solve the puzzle. According to the article, the Supreme Court does not attribute First Amendment protection to every expressive activity, rather the conduct must be “sufficiently imbued with elements of communication” to deserve constitutional protection. Spence v. Washington articulates the test as: (i) is there an “intent to convey a particularized message (sufficiently expressive prong) and a (ii) great likelihood that the message would be understood by those who viewed it”.
In the article, Professor Fromer points out that a source code is sufficiently expressive when it is “directed to a human programmer to understand how to produce an outcome, and not only instruct a machine to produce an outcome.” Professor Fromer also addresses the likelihood that the understanding prong will be satisfied if broadcasted and viewed by the those who understand the code. In the end, Professor Fromer concludes that not all source codes would satisfy the two prongs of the Spence test, so evaluations under this framework are essential to proper rulings.
Under this rationale, the California Federal Court might consider whether the software the DOJ compels Apple to create is expressive or functional. If the code is found to be expressive, it must further be analyzed to determine if it is sufficiently expressive under the two-prong test stated above to receive the First Amendment protection against compelled speech.
This case is at the center of the debate between national security and individual privacy. There are multiple stakeholders on both sides. The court may choose to use the Spence test or it might create a new test, given the sensitivity of the issue and current technological advancements.
 
Fernanda Crispim is a LLM candidate, ’16, at the NYU School of Law.

10 thoughts on “<i>U.S. v. Apple</i>: National Security v. Individual Privacy”
  1. … [Trackback]

    […] There you will find 51958 additional Info to that Topic: jipel.law.nyu.edu/u-s-v-apple-national-security-v-individual-privacy/ […]

Comments are closed.