I suspect that the intelligence and law enforcement communities are afraid that if this case goes to the Supreme Court the All Writs Act may be scaled back or ruled unconstitutional.
The All Writs Act goes back to 1789 and is used for all sorts of things, like wire tapping, obtaining call and ISP records, etc., and now trying to force Apple to make malware for their own phone.
It's definitely a risk for the FBI to fight this battle and potentially lose a tool they use all the time. Since there is probably no new info on the phone, it may not be worth the risk of making this a big fight with a motivated and well-financed adversary like Apple.
> I suspect that the intelligence and law enforcement communities are afraid that if this case goes to the Supreme Court the All Writs Act may be scaled back or ruled unconstitutional.
It's not that the act is unconstitutional, it's that the interpretation of it that the DoJ has been selling to magistrate judges in ex parte hearings is extremely broad and would never survive appeal.
The Supreme Court has made it very clear in multiple rulings that A) The AWA is certainly constitutional and B) it is extremely narrow in its powers and it doesn't grant courts anything even remotely similar to the powers the FBI has been pressuring magistrate judges into believing it has.
So, essentially, by avoiding a highly publicized appeals smackdown, the FBI can still convince magistrates to issue wildly out-of-line AWA writs, and use those writs to pressure companies/people into doing things they wouldn't be held to if they had the time/money to actually appeal.
edit:
> The All Writs Act goes back to 1789 and is used for all sorts of things, like wire tapping, obtaining call and ISP records, etc
Also, I see this mistake a lot (I'm not saying you're making it, but it's a pretty common one). The AWA doesn't actually give the government the power to wire tap things, etc. There are separate statutes that authorize wiretapping. All the AWA does, per the Supreme Court, is give courts the authority to issue common law writs in the course of carrying out powers conferred by some other statute. The AWA is described as being a source of "residual" (secondary) power that only acts to help carry out some primary source of authority.
The DoJ has been pushing an argument that the AWA is a source of primary power in-and-of-itself in any area of law where congress hasn't passed a law saying a court can't do X thing, and the writs don't have to have antecedents in common law. This more-or-less contradicts any number of Supreme Court rulings. They've only been getting away with it because they get a magistrate Judge to issue them by asking for them in "emergency" ex parte hearings, meaning the other side isn't present to offer a competing argument, which the FBI excuses by arguing its a time-sensitive matter (even though it generally isn't). One of the amicus briefs in this case was submitted by 32 law professors, who pointed out that this violates due process.
I understand that in principle, but is that the end of it in reality?
I'm pretty sure NewEgg was recently taken to court by a patent troll, and after the troll realized that NewEgg fights instead of paying, they backed off. Then NewEgg sued to get a judgement that would guarantee this couldn't happen to them again.
I know this is a different venue and there are topical differences. But are you absolutely certain that there is no counter-action Apple (or any company, for that matter) can pursue to get a judgment about this?
Newegg's actions were different, in that the patent owner's dropping the suit didn't actually resolve the question of infringement. It was still out there, and the patent owner could re-file suit at any point in the future. Between now and then, if Newegg were in fact infringing, monetary damages would continue to pile up. So the uncertainty can have a pretty significant impact on business decisions and impair their ability to operate. A request for declaratory judgment seeks to resolve that uncertainty so that both parties can get back to normal.
For Newegg, the request accomplishes a few things. It lets them clear the air, indirectly help solve the resulting from the remaining suits against retailers selling Rosewill products, and it's the legal equivalent of spiking the football and giving the troll a swift kick in the nuts. Minero Digital now gets to defend itself in a Delaware court, absent all of the little advantages of East Texas. It's a rather bad break for them.
Honestly, if I were a patent troll, I'd be scared shitless to send a letter to someone like Newegg. With their stance on patent suits, they're exactly the sort of company that would preemptively file a request for declaratory judgment after they were contacted.
This court case is over. But the fight for encryption was never really in court anyway, it was in Congress and the White House. It became obvious over the past month that there is still a lot of education on encryption that needs to happen.
Boo. IANAL so I can't quite see where the harm may lie in requiring the "moving party" to see through what they started (if the defending party wants it, of course).
I'm all for it. If you bring suit the other party should be allowed to cause you to have to continue if you feel like dropping it. There is some potential for abuse there though, this is not a simple matter.
Counterpoint: if you want to sue everyone in the Unites States for pirating your porn, ask for $50 in settlement for dropping charges, and drop charges for anyone who shows up in court with legal representation, should the judge be sympathetic to you? Isn't a frivolous lawsuit a frivolous lawsuit anymore?
In addition to the counterpoint that newjersey brings up, we could also restrict this power to cases where the plaintiff is the government (local, state, or federal).
While nuisance suits from private actors can totally be ruinous, the potential for harm from government actors is so much greater.
It's not that obvious. Paul Klemperer (auction theorist) covers a similar question: what happens if the losing party has to pay the prevailing party's legal fees? Answer: the same amount will be spent on legal fees and the same cases will be brought forward.
> ...covers a similar question: what happens if the losing party has to pay the prevailing party's legal fees?
That's not at all a similar question. We're talking about staking the following strategy through the heart:
* Some part of USGov makes an overreaching legal demand using a really shaky (perhaps unsupportable) legal argument.
* They get a magistrate to issue an order in an "emergency" ex parte hearing
Now either:
* USGov presents that court order to a small and/or legally clueless business who says: "This is a court order! I have to comply with it, else I get in trouble!". USGov gets what they wanted and gets to bully another unwary victim with the same bullshit tactic
or
* USGov presents that court order to a larger and/or legally savvy business who examines it and says: "No. This is bullshit."
* That company goes to the court and tells the court why the order is bullshit
* The court quietly mumbles: "USGov... they're right, looks like it's bullshit."
* USGov goes: "Oops! We really didn't need that anyway!", withdraws the request, and retries it at a later day with a less savvy victim
So, completely different situations.
If USGov had to keep pushing such cases through if the defendant demanded that they be pushed through, what you'd get is what we get when Newegg fights patent trolls: evisceration of bullies, thugs, and the chicanery that permits them to operate.
The least that should happen in this case is the courts should ask the FBI exactly how did they found an alternative method to crack the iphones. If they don't, its unfair to Apple since they were potentially about to be ordered by the state to exploit a vulnerability themselves. IANAL of course, this is just my informed view based on existing facts.
In this case, moving party didn't drop it so much as stall for time. But, the judge also stayed the order that Apple had to help the FBI which telegraphs her intent. I think the FBI knows it lost this round and needs to find a face-saving way to get out of it.
There's the 'capable of repetition, yet evading review' exception to the mootness doctrine. But I agree this particular case is probably DoA. Maybe Apple can move for sanctions ...
IANAL. Why does the existence of the AWA allow such things that the FBI is trying to do? The AWA seems to be a very small piece of law, and using it in the way it's being used seems against the spirit of it.
It's frustrating enough that code impact is completely unrelated to code size. I would rather our law not be the same way, but who am I to criticize.
> IANAL. Why does the existence of the AWA allow such things that the FBI is trying to do?
Short answer: It really doesn't.
But if you can talk fast and convince magistrate judges to issue writs ex parte (no one is there to oppose you), you can get a lot of mileage out of writs that wouldn't survive an appeal. Most people won't have the time, money, or inclination to challenge them.
Even then, magistrate judges have been pushing back. The FBI's going to get slapped for this in the long run. But the long game here is that Comey was hoping public outrage against Apple would convince them to fold and play along with the writ, or nudge congress into giving it the powers it wants. The former clearly isn't working out, but the latter still may.
> The AWA seems to be a very small piece of law, and using it in the way it's being used seems against the spirit of it.
Bingo. It's also against established case law in the opinion of a very large number of people.
I don't think the Congress is really fond of what Comey's doing. The FBI is basically trying to bypass the legislative power by its own means, and to do that it aimed at a target that's too big. The Cupertino hippies might not be well regarded in Washington, but the fact that they are the biggest American company, the most valued and the most respected all over the world still touches some strings in DC.
The non-controversial part (that even Apple concedes in its briefs) is that the AWA grants courts the power to issue one of several particular forms of writs (court orders) that existed in British Common Law prior to the American Revolution, when it's necessary to do so in service of some other order that the same court has already issued.
The controversial part is what the AWA authorizes (if anything) beyond those pre-existing types of writs. Apple's position was "not much, if anything". The government's was, in effect, "anything not specifically denied by a law passed by Congress" -- which attracted heavy criticism, not only from Apple's lawyers, but also from many highly qualified lawyers who submitted amicus briefs.
But the FBI reports to Obama and Obama being an ex-law professor surely would've told them that their plan would be doomed to failure. Unless Obama wanted them to fail…?
It appears as reading in too much, because nobody knew if Apple would react so strongly and bravely, risking to be presented by the majority of the press as "helping the terrorists." Read, as an example of the view opposite of Apple's, how Bill Gates reacted:
I added that in an edit, but basically, it doesn't grant any powers by itself. It simply aids the court in carrying out its jurisdiction.
So, when it comes to wiretapping, there are specific statutes that authorize wiretapping in such-and-such circumstances. The court can then issue writs as needed to carry that out, provided the writs meet fairly narrow criteria (not overly burdensome, only targeted at an entity "close to" the case at hand, only targeted at an entity whose actions are "necessary" and where there's no other way to carry out the jurisdiction, rather than, say, just convenient) and the writ must have some kind of antecedent in common law, which is a somewhat fuzzy topic, but it boils down to "the writ can't just be pulled out of thin air, there's a set of traditional writs and it should appear to be consistent with that set".
"First, there is a jurisdictional problem. There is no basis in the record for this Court
to assert Article III jurisdiction to issue or enforce the February 16, 2016 Order (“the
Apple Order”). The search warrant’s authority is already exhausted and the government’s
motion to compel recognizes that CALEA (“Communications Assistance for Law
Enforcement Act”) does not provide sufficient authority to support the Apple Order.
Rather, the government’s request rests solely on the All Writs Act. However, the All
Writs Act is not an original source of federal jurisdiction and cannot support the
government’s motion or this Court’s order. The All Writs Act merely provides a source
of residual authority where such jurisdiction independently exists.
Second, the underlying Order is invalid because it deprives Apple of liberty and
property without due process of law. The government initially took the time to seek
Apple’s help outside the judicial process. Only after Apple declined did the government
file its ex parte application, which did not allow Apple an opportunity to respond. Even
though Apple has now had an opportunity to respond to the government’s motion to
compel, the underlying Apple Order itself was issued in violation of due process and must
be vacated.
Third, CALEA and ECPA (“Electronic Communications Privacy Act”) govern the
substantive validity of the Order and set out telecommunications carriers’ obligations to
assist law enforcement. Significantly, when Congress enacted CALEA, it exempted
“information services,” which includes certain services that Apple provides, from that
requirement. The Supreme Court has instructed that where a statutory scheme governs a
particular subject matter, the All Writs Act’s residual power does not.
Finally, no court has ever issued a valid order that imposes an equivalent burden on
a non-party. Our research has not found any case that uses the All Writs Act to require a
third-party private entity to design and create new software. Some courts have compelled
disclosure of already-existing information in cases where the All Writs Act is found
applicable. In contrast, the order the government demands in this case would require
substantial expenditures of time and talent above and beyond what is appropriate under
the All Writs Act. This point is particularly alarming where Apple has made a deliberate
decision to exclude the features that the government now demands."
Last week the former US "cyber czar" Richard Clarke called the FBI out directly for doing it solely for legal precedent, and stated that virtually no one even in the gov't were on their side: http://arstechnica.com/tech-policy/2016/03/former-cyber-czar... >>Clarke noted that Comey and the Justice Department were not getting support in their case from the defense and intelligence communities. "The Justice Department and the FBI are on their own here," he said. "The FBI director [Comey] is exaggerating the need for this, and the Attorney General [Loretta Lynch] is letting him get away with it."<<
But the weird thing is that, from the beginning, most legal experts thought the likely outcome would be that All Writs would be found too broad, so the FBI had to have been suffering from some hubris + bad legal council. So maybe someone with enough muscle finally called them out on it?
I find it more likely that this is simply a tactical decision: they already knew about this "new method", and were holding it in reserve so that they could cancel the proceedings if necessary (i.e., if Apple put up too much of a fight). They will keep trying until they get the precedent.
Truecrypt is still active in the sense that it is both something that can be downloaded and the last security audit showed that there aren't any major flaws. Are you referring to a different service, perhaps?
I don't remember the FBI being involved with TrueCrypt at all, but I don't know.
There was a case where the FBI wanted to force someone to divulge his (I think) TrueCrypt keys, which was found to be a fifth amendment issue, in favor of the defendant.
"No court has ever issued a valid order that imposes an equivalent burden on
a non-party. Our research has not found any case that uses the All Writs Act to require a
third-party private entity to design and create new software. Some courts have compelled
disclosure of already-existing information in cases where the All Writs Act is found
applicable. In contrast, the order the government demands in this case would require
substantial expenditures of time and talent above and beyond what is appropriate under
the All Writs Act. This point is particularly alarming where Apple has made a deliberate
decision to exclude the features that the government now demands."
I assume they are not particularly interested in the phone itself. Rather, that they have been shopping for a situation with the character of this one so as to try their luck at pushing their capture rights.
This one time, this specific case, Apple pushed back. They need to be commended for that, but let's not forget all the other times (and there are very many) when they (and all tech companies) just handed over the data when given a valid warrant.
> Companies will always comply with valid warrants for data in their possession, and it would be ridiculous to expect them to do otherwise.
Remember, the requirement for a warrent doesn't apply to non-US persons outside the USA. Us europeans have no protection from the 4th amendment for data held in US servers. And in fact, the US gov is trying to claim we don't have protection if it's held in a non-US server run by a US company!
"nor shall any State deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws."
Which sounds like all people should have the same protection from unlawful searches ... as I'm a conditional law novice can someone briefly outline why this doesn't stand, what removed the protections for "all people" (note the preceding section refers to citizens, so all people is clearly a distinct class).
Is it that the federal nature of the FBI means they are above state law?
This could be a good starting point for research: A 2015 study from the European Parliament - "The US legal system on data protection in the field of law enforcement. Safeguards, rights and remedies for EU citizens"[1]
Specifically it says:
> With regard to EU citizens, the [US] Supreme Court has held that foreign citizens resident abroad are not covered by the Fourth Amendment.
It appears to be based on this Supreme Court case[2]: United States v. Verdugo-Urquidez
The 14th amendment is not relevant to actions taken by the FBI. It's an arm of the federal government, and the 14th amendment serves mostly to clarify that state governments (in addition to the federal government) must refrain from violating rights granted to US citizens through the constitution.
However, the FBI must abide by the 4th amendment, which specifies that warrants are needed for searches. The issue of whether data of foreigners located on US soil is subject to warrant-less search/inspection is a matter of interpreting the 4th amendment.
So data from a foreign national held in a computer in a particular State isn't within that states jurisdiction?
If the 4th requires warrants and the 14th requires state to treat all people as having equal protection under the law in their jurisdiction I don't see where the FBI can go [legally speaking] to do warrantless search of foreign nationals.
In short, how then can a State allow the FBI to operate within its jurisdiction in a way that doesn't provide all people equal legal protections. The State would have to prevent the FBI from operating?
> However, the FBI must abide by the 4th amendment, which specifies that warrants are needed for searches. The issue of whether data of foreigners located on US soil is subject to warrant-less search/inspection is a matter of interpreting the 4th amendment.
And the interpretation is that a warrent isn't needed. The 4th doesn't protect me.
Sure, but watch how the message will change from "Company obviously hands over data when given a warrant" to "company doesn't hand over data when given a warrant; they really care about privacy".
What is the alternative available to Apple, or any other technology company, when given a valid warrant for someone's data that isn't blatantly ignoring the law? I'm honestly not sure what you are suggesting.
Apple has already given them Farook's iCloud backups, just not recent ones since they don't exist. If Alice was murdered, and Bob was circumstantially implicated, but had an iPhone that had some kind of data recorded that placed him at the time and location of the murder, what law exists for Apple to protect Bob's data if that data was uploaded to Apple for backup purposes?
This discussion is a bit confused. There are plenty of "valid" subpoenas or search warrants which are squashed after being opposed in court. I'm not sure if the other commenters really believe that no company should ever oppose a search warrant, or if they think "valid" search warrants can't be opposed, or what. But opposing an over-broad or otherwise screwed up "valid" subpoena or search warrant is a necessary part of the American legal system.
Correct. That's what I was trying to deduce, the difference between a valid warrant (eg, a warrant following CALEA for communications data stored on a third party server), and a warrant that is currently being argued as invalid (eg, a warrant for Apple to create software that allows some party to brute force a PIN without restriction).
Sure, it would be nice for Apple to oppose even "valid" warrants for iCloud data backups, because I trust them to keep my data safe on my device, so why should I have a reduced expectation of privacy when using their services. After all, they have billions in cash in some Scrooge McDuck mansion just waiting to be spent on lawyer fees, right? /s
Sorry, do you think the first example shouldn't be subject to opposition? The search warrant could still be over-broad or defective in one way or another, even if it jumps through the CALEA hoops and was signed by a judge. The concept of "valid" that you're using is fuzzy and unclear.
I agree that the second case - court order to create new software - is a lot more obvious and clear, and deserves opposition in court.
The reason I'm being so pedantic is that it's important to disagree with the notion that corporations should roll over in any situation that involves claims of terrorism. Lots of people think that, but it throws away an important part of our legal system.
Absolutely. But if the court challenges fail over this hypothetical warrant, there's a reasonable expectation for compliance. We live in a rule-based society. It works because people, and especially the government itself, are expected to follow those rules.
Apple got a valid warrant here! But they fought back against this one.
I'm not saying they're wrong to obey court orders.
I'm saying that people will be saying that Apple fight against court orders when in fact they don't usually fight the court orders. They normally give out the information.
No - in this case it was clear to Apple that the warrant was not legal, which is why they chose to fight.
When warrants are clearly legal, there is nothing they can do to fight them.
They only give out the information they are legally forced to do, and are doing everything in their legal and technical power to reduce that as much as possible.
Yes. Exactly. Apple and every one else (company or individual) is required, by law, to comply with valid warrants. When one receives a warrant or any kind of legal request that they feel is invalid, the only way to challenge that potentially illegal or invalid request is to not comply and then let the courts decide. If there is existing precedent then they could be held in contempt. If there isn't precedent then hopefully one will be made by the result of the challenge.
The idea that the Govt can only issue "valid" warrants is flawed. The Government is just people, and like everyday citizens like myself, we're perfectly capable of breaking laws, either unintentionally (eg, giving a lift to a friend who has undisclosed controlled substances on their person (state dependent)) or intentionally (eg, murder).
I definitely expect Apple to comply with valid warrants to the extent possible. Is there a serious belief that Apple should flout the law? Is there a company in the world that obstructs justice in their home country?
Some technologists hold an anarchist view that the government is evil and should be displaced.
There are extremists within any group. These folks do not want to bother fighting the government for rights because they think the public is too dumb and the government will win that fight. In thinking this way, they become apathetic themselves.
They're not all bad. Some of them contributed a lot to free software. But some times the ideas are toxic and hold people back from their best.
For example, many believe Snowden deserves a full pardon, and anything short of that is wrong. Well, Snowden himself has said he would return to face a fair trial. So it seems we are divided on some issues, and that can weaken our side in fighting for digital rights.
Well, the USG considers Linux users to be extremists also. I think the phrase "One person's terrorist is another person's freedom fighter" applies. There should be no moderation in freedom (outside of the absolutes of killing another or dispossessing them of their property).
My response to these types of comments is precisely - when it is demonstrated that people make laws rather than governments in collusion with corporations - then I will pay attention.
> There should be no moderation in freedom (outside of the absolutes of killing another or dispossessing them of their property).
Why the focus on property rights? Much libertarian thought is expended on equating freedom to how you/others interact with property. It hardly gives credence to other man made rights that should be equally, if not more, recognized.
When you look at the group of people it dogmatically and absolutely resolves, and who funds think-tanks promoting the ideology, it is the well-propertied.
I find it hard to believe that all other freedom can be derived from and ensured by deifying property rights.
> Well, the USG considers Linux users to be extremists also.
That's interesting, since the National Laboratories employ tens of thousands of people who not only use Linux, but use Linux at work. Perhaps you should let the FBI know about this so they can revoke their security clearances?
> My response to these types of comments is precisely - when it is demonstrated that people make laws rather than governments in collusion with corporations - then I will pay attention.
This sounds like an excuse to selectively not follow any laws you don't like. The core law surrounding warrants in the US, which is sufficient for a lot of cases (no All Writs Act or FISA needed), are in the Constitution and some very early bills. Were these also made by collusions between the government and the corporations?
A lot of the big tech companies had an inside look at the growing surveillance state far before the average citizen did. I think an argument can be made that the should have done more to inform the public.
Are you suggesting they go out of business like Lavabit? That is the stand you're taking when you disobey orders to keep government requests secret. And, I'm not sure a large corporation has that option. How could shareholders accept a fine for which they're not permitted to know the details?
Remember when Snowden first revealed the Prism program? All the tech companies issued similar statements saying they want to tell people more, but did not have permission from the US government. For example, Apple said,
> Like several other companies, we have asked the U.S. government for permission to report how many requests we receive related to national security and how we handle them. We have been authorized to share some of that data, and we are providing it here in the interest of transparency. [1]
Also, I'm sure Yahoo would've loved to rally support from its users when the government was threatening to fine them $250,000 per day for refusing to hand over data, but they were not allowed to tell anyone [2]
I do believe the government was doing what they thought was right to protect public safety. However, they don't understand technology. Ted Lieu is about the only guy in Congress who does. We need a bit more representation there to have our voices heard, whether through electing Congressmen with CS backgrounds, independent lobbying like the EFF, or just better tech reporting and questioning in the White House daily briefs.
The existence of the FISA courts is something we should be scrutinizing more. Former NSA Director Hayden pointed out in one interview that we're the only country who has such secret courts. With these courts, democracy is circumvented. Currently, the public is not able to participate in the discussion of what's right on some major issues that have far reaching impact.
I'm only suggesting that Apple and others could have taken a stand in favor of privacy much earlier, and that their decision to do so now likely has more to do with their bottom line than any genuine concern for public welfare. BTW, hi Rob! You know me from the PPUA :)
Hi! =). Apple is free to design products as they wish, right? If their products still have security issues, the tech community will call them out on that. I bet the public will pay more attention to such critiques on Apple's security now too.
My understanding is people who are serious about security do not currently depend on Apple. Those folks use open source software and build it themselves. That said, I'm still interested in defending Apple's position (and not necessarily Apple) because I want our government to understand how to maintain public safety. Relying on access to people's phones, going forward, is not the right way to do that. You could argue that I am advocating privacy, but I'd say I am more in support of security.
Definitely, the US government can ban or backdoor every commercial encryption product on the planet, and those that are serious about security will still be using GPG, Tor, Linux/BSD, etc.
At a certain point, civil disobedience becomes a moral responsibility.
Plus, extremely large and powerful companies do not play by the same rules as the rest of us. You aren't going to see the government risk serious economic damage just to enforce some laws. Wall Street is a case in point. When huge companies decide whether to fight unjust laws or acquiesce, their choices have a major impact on the political equation.
I wouldn't be surprised. The fact that we don't hear about companies standing up like this every couple of weeks might imply that the standard response is compliance.
This was probably the best possible case for them to try this with. They had a terrorist attack on American soil, and one involving Islamic extremists at that. Not only is there less than zero sympathy for the attackers, there's also an element of fear that you have here as well to go along with the hatred people tend to feel towards terrorists and mass shooters.
They probably thought that if it came down to a PR battle, assuming Apple didn't just roll over for fear of the PR consequences of "obstructing a terror investigation," they had it in the bag. Turns out? Not so much.
At the start of this Apple-FBI episode, didn't Apple initially ask the FBI to submit their request for unlocking software under seal? Doesn't that imply that Apple was willing to assist? Why else would Apple want to keep the request secret?
Apple said they would assist in unlocking the phone, not the software, under seal. Apple very well could have said they would not modify the software, prompting the FBI to go public and take the fight to the court of public opinion.
If you had engineers threatening to quit if forced to write "GovtOS", it would make sense that there would be quite a few who wouldn't mind leaking that a behind-the-doors deal was made.
What agreement? Apple doesn't nor should they care what the government does with the phone. If the government drops their suit, Apple has prevailed in their argument.
As in - the government is trying to push "Stuff you Apple, we found another way in" argument.
That isn't good PR for Apple.
Whether the government is just lying, in order to save face, remains to be seen - somebody with more knowledge of the technology at hand may be able to comment.
Hilarious. Since when does the FBI announce when it finds a new vulnerability to exploit?
It's up against the biggest companies in the world, the US public, and the international community. And now it's backing down with its tail btw its legs, and telling a silly story to save face.
The following is the best analysis by far that I've seen about the All Writs Act and its application in these cases. It's from the Just Security blog, out of NYU Law School:
> All Writs Act may be scaled back or ruled unconstitutional
Totally agree with the broader point (I think they're scared of a restrictive precedent), but I don't think a law that's been on the books for two hundred plus years is going to be out and out declared unconstitutional. It's extremely broad in the number of domains of application but that doesn't necessarily mean that it grants overly broad power.
Also, the FBI would have to be able to sell something (their story) better than ... Apple Computer Inc.
If you are in the game of trying to sell something better than Apple, you better have a pack of actual wizards casting spells on your side ala Bewitched.
People love to bring up the fact that this act is rather old, but so are the amendments. I assume it is to say that the writs act is outdated, but what was its original rationale and why is it considered to no longer be constitutional?
I suspect this is a "Strategic Retreat" on the Justice department. The ability to reflash the phone and avoid triggering the unlock erase was a pretty obvious workaround.
So after investing a lot of time and money in trying to get case law to expand the DoJ's power over corporations to conscript them into the War on the 4th Amendment, it become possible that they would see a judgement against them (especially if the Supreme court becomes more liberal with the next appointment).
So I suspect the risk/reward outcomes of pushing this to a conclusion flip flopped into more risk than reward and someone fairly high up said, "Ok kill this whole effort before it makes things worse than they are."
Just an opinion of course but I think it fits the observed actions.
> So after investing a lot of time and money in trying to get case law to expand the DoJ's power over corporations to conscript them into the War on the 4th Amendment, it become possible that they would see a judgement against them (especially if the Supreme court becomes more liberal with the next appointment).
Scalia would have hated the DoJ's argument here, honestly. If the Supreme Court even agreed to hear the government's appeal here it might well have been 9-0 against.
And I say this as someone with a low opinion of Scalia, in general.
Yeah, this is one of those issues where Democrats and Republicans both just assume that their party is the "good guys" and the other party is the "bad guys," when in fact it's not a particularly partisan issue at all.
("Free speech" is another one of those--both parties have been pretty shitty on free speech since 9/11, but everyone plays down their own party's sins and screams about the other's.)
You seem to be unaware, but just FYI, the strongest justice on this kind of privacy right and limited search and seizure is the one who just died, and the candidate being considered to replace him has a well deserved record of cozying up to law enforcement agencies - in particular in the way that the guy who just died found unconstitutional.
This doens't make sense to me. The FBI wants this precident, and they want it badly. I don't buy for a moment that they would back down here.
> The FBI wants this precedent, and they want
> it badly. I don't buy for a moment that they
> would back down here.
They do, they are also very cognizant of the ramifications if their motion is overturned. There is a constant calculus that goes on weighing the odds. It is very common to withdraw when that calculus indicates a possible loss.
> The ability to reflash the phone and avoid triggering the unlock erase was a pretty obvious workaround.
Or just replace one of the off-chip AHB/AXI devices and inject code via DMA. It won't work beyond the iPhone 5C, but I have yet to come up with a plausible reason why it wouldn't work there.
It was discussed in detail here: https://news.ycombinator.com/item?id=11248320 but the TL;DR version, you desolder the NAND flash component (its holding all the secrets) and you copy the contents out. Then you attempt to unlock the phone 9 times, then recopy the contents of the NAND flash chip back into the chip, and do that again, and again. Until the phone unlocks and you have a look around.
Is it possible to screw that up and lose everything? Sure. Would they? No. Could you just send the data from the NAND flash to the NSA and have them brute force it? Maybe. Could you compel Apple to give you a copy of the source code to IOS so that you could write a simulator for yourself? Probably.
J.D. here. The SCOTUS becoming more conservative would have helped your limited-government view (and mine). Not more liberal. On balance the group most likely to find hard limitations on the power of the government to control people, capital, and companies are the originalists.
Sometimes it seems as though in Silicon Valley everyone assumes conservative = bad, liberal = good. The truth is always more complex.
Supposedly it's not possible to reflash the phone without the new code being signed by Apple, which is why the FBI needed Apple to do it in the first place.
The GP isn't talking about flashing an unsigned image. They're talking about physically connecting to the NAND flash chip, making a disk image, and then every 9 attempts, resetting the state of the flash back to its initial state. The image as the phone currently exists is already signed by Apple, so no cooperation from Apple is necessary.
The major weakness with this model of iPhone is that it keeps the number of failed attempts stored in the NAND flash, not on the CPU die, and is therefore vulnerable to having its state reset like this. It's a fairly obvious attack that the FBI must have known about, but failed to mention in order to try and set precedent.
Precisely - this seems (or seemed originally) like a best-case scenario for Justice: it's a terrorist's iPhone, rather than a drug dealer's or some other "lesser" criminal's, where the public's fear might not be on the side of the FBI. It definitely feels like fishing for a precedent for other phones (especially the later models where this attack isn't feasible).
I'm also not sure if the OS would notice if you tied the flash NAND chip's write-enable pin to ground. The OS would almost certainly notice the failed writes, but might try to make a best effort at error recovery and allow you to keep trying PINs.
There's a big difference between the actual details of the case (which few outside of the technology fields understand) and the public perception of the case. To the public, it was:
FBI: We need Apple to hack this terrorist's phone
Apple: We could, but we won't"
This is gonna get spun as "Apple wanted the phone uncracked, FBI cracked it, FBI wins," but that's not accurate: what Apple wanted was not to be forced to crack the phone themselves. If the FBI backs off on that, Apple has unequivocally won.
Yeah, but, they're actually telling the truth here, right?
The iPhone 5C has an unsecured AHB or AXI bus. You can inject arbitrary code via DMA and trigger and interrupt to cause it to run. This went away with TrustZone (present in ARMs with a secure enclave including later iPhones).
For one, you have to try to go after the All Writs Act.
If I were Apple, I'd deploy a billion dollars and buy everyone in DC as necessary. Not exaggerating. Defense contractors, conglomerates, energy companies, etc. spend in the mere millions to get their way on things. Apple should purchase the entire Congress, aggressively, and destroy the All Writs Act as far as this type of situation is concerned, and push for favorable legislation that resolves the broader context of encryption and warrants in a rational way to preempt the FBI's next attempts.
It's not Apple who would take down the All Writs Act, it would be a citizen who had evidence against them obtained via the All Writs Act. They would have to discover that is how the evidence against them was uncovered, argue in court that the specific application of the All Writs Act was not legal, and a court would have to address it in a ruling. The result would be a reduction in scope of the act.
But who would do that, when it's unlikely to help them?
The evidence against them would likely stand, either a matter of inevitable discovery (Evidence gets tossed when it is "fruit of the poisonous tree", but if you can show that you'd have gotten that same evidence a different way, the evidence remains. Just like here: Had Apple folded, given the evidence, and then it was ruled inadmissible due to the methods, the FBI could just argue other hack options were available) or as a matter of "good faith" (where, if the cops didn't know what they were doing was illegal, they get to keep the evidence they obtained under "good faith"). My understanding is that good faith allowances have grown quite large in recent year, to the point of absurdity.
So our suspect, in this case, will only challenge the evidence if the chance of it helping THEM is high enough. They aren't going to do so for the good of society.
I don't like relying on the good will or desperation of suspects that have evidence against them to mold our legal rights.
Apple sues the government for putting them through a frivolous law suit? Then as evidence they demand full details of the exploits, all internal FBI communications, etc etc.
The ACLU showed a plausible path forward by just desoldering the storage and just rewriting it and trying again when the phone wipes it.
John McCafee and others (ex US govt officials IIRC) have mentioned decapping as a serious option for the NSA.
Snowden and Richard Clarke (advisor to bush on cyber security, advisor to Bill Clinton on counter terrorism, etc) have said the NSA has ways without being specific about how.
I don't think this counts as a serious vulnerability. If you have access to the kind of hardware and technical ability the US govt does, Apple probably isn't too concerned about you being able to break one phone at a time with significant effort involved.
The issue was never that the magistrate judge would be setting the precedent. No matter who prevailed, there is going to be an appeal and that's when precedent would be set. Even at that point, a negative ruling wouldn't necessarily be an insurmountable problem for the FBI as it wouldn't be binding until the issue has been decided by higher authority. It could still be cited as an example of persuasive authority (i.e. something other courts may follow) before then, but that's not the same as being binding.
So the FBI would have a lot of time before they had to worry about the consequences of a negative ruling, and they could drop the matter well before any precedent was set. Apple is in a trickier situation, in that once they've done the work, it becomes more likely that they'll face additional demands in other courts, or--and this is the worst case scenario--a few boneheaded legislators try to pass legislation on this issue. They've got a lot less room to work in, so if they could make this go away in front of a district magistrate without ever having to worry about setting any precedent (even if in their favor), they probably would.
That may all be true and I don't dispute the duration and the fact that it wouldn't be binding at this level. However, what the FBI need is something to get the ball rolling, the golden case that would set a precedent; that would almost definitely become binding in the higher court. They want a good foundation from which to proceed and I believe this case is now not it for them. They will wait for something that galvanises the general public and the courts more so than the current case, which will ultimately have a higher likelihood of setting the ball rolling towards a precedent. There's no other reason for this misappropriation of the All Writs Act other than to try and ultimately set a precedent.
Yeah, but this was that case. I made the point in another comment, but this case had all of the emotional pull the FBI could ask for because it was a terrorist attack on US soil. Fear, anger, hate, even elements of Islamophobia combined to slant the PR field significantly in the FBI's favor. Even judges would be hesitant refuse the request unless it was blatantly flawed. Criminal cases aren't going to offer them anywhere near that sort of counterweight to the strong privacy concerns Apple has raised. So unless we're talking about Osama bin Laden's iPhone, and since he's dead that's kind of a non-starter, I don't see there being a better case.
But if there's an alternative method that's been proposed and the FBI is aware of it, the FBI can't claim that forcing Apple to act is the government's last resort. So that's the most likely reason they've halted proceedings and not any fear that they may lose.
Sure, there's an extremely well known vulnerability in the iPhone 5C hardware.
Lacking the features introduced in later ARM releases it has an unsecured AHB or AXI bus allowing any device that can connect to perform arbitrary DMA (which can in turn allow arbitrary code execution).
It would require a certain degree of technical sophistication to execute that attack, but the resources required would be well within the reach of a state-level investigative service.
Hanlon's Razor: "never assume malice when stupidity will suffice"
The possibility that the Bureau is just plain dumb is not on your list. They are on record, many times, and in front ofa very serious congress, being very very stupid. Though I do not believe they are being stupid here, the possibility is not an edge case and should be considered.
Maybe they're willing to consider attacking the hardware now. If you desolder the flash memory then you can bypass the brute force limitations. Just block writes, or equivalently back up the contents and reload them, and the device has no way of knowing that you previously tried any passcodes. This will allow you to make perhaps 2-5 attempts per minute, which worst case will take three or four days to brute force a four-digit passcode.
Given the existence of these is disclosed now and the suspect's iPhone can be prevented from auto updating I think the FBI will have an easier time attacking it?
Looking at the first one itself they might just have to attach a malicious USB device to execute arbitrary code.
While it is likely true that nobody will give zero days to the FBI without charging, it is also basically certain that the NSA has a collection of them. And the NSA has enough interest in this problem, and enough willingness to share with the FBI, that that may be a tractable solution.
Furthermore the FBI certainly doesn't want to create a precedent they don't like, and the fact that we're only in this situation thanks to THEIR incompetence is not helping them.
It doesn't even have to be an undisclosed vulnerability.
iOS 9.3 was released today and included several fixes to vulnerabilities which allowed arbitrary code execution, including one with "kernel privileges" [1]
Now that these vulns are out in the open, maybe someone has offered to help the FBI use them to gain access to the phone.
The guy is eccentric but I don't think he's an idiot and I do think he is likely talented, or at least rich enough to hire those who are.
That being said - he admits he was full of shit [0] and then claims that he has a proper method that isn't full of shit but which he didn't want to disclose. Chances are he's probably full of shit on that one too, given the track record, but who knows?
He is an eccentric idiot. I am just enough not of an idiot not to bet my shoe for dinner that he had nothing to do with this, but I'm really close. If I had smaller feet, I'd take that bet.
In a later statement, McAfee explained that he'd do it in "a half an hour" by finding the location in flash where the passcode is stored. (Never mind that the passcode is used as an encryption key, not as a password.)
Earlier, he claimed he would use social engineering to unlock it, not some technical hacking [1]. Much more believable in my opinion. But the timestamp on the parent's article makes me skeptical that that proposal stood much ground.
It's not an undisclosed vulnerability. The iPhone 5 is not particularly difficult to crack. It requires mucking with the hardware, but a skilled amateur could do it.
Perhaps the FBI has long had an exploit and this is all just an elaborate ruse to make unsuspecting targets feel safe using iPhones. Quite unlikely, but it's in the realm of possibilities.
That's almost certainly not it because it destroys the chip in the process and if the key isn't recovered the data is forever locked (even with Apple's best assistance).
> “Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone,”
It's weird that the offer to help was publicized before any solicitation for offers to help. Assuming that number 3 is the case, that ups the likelihood that the exploit is coming from a government insider (likely NSA, although ex-government security researchers are also likely).
Are you saying that if you were happy to work with them and had the ability to crack that iphone, you wouldn't get in touch with them? You can pretty much set the terms in that case. Everyone knows about this case already, so they don't need to explicitly ask.
Is it possible that Apple could file for a declaratory judgement with respect to the All Writs Act, to remove the potential of the government filing substantially the same request at a later date?
Until that happens, it seems like a very real risk to Apple's security claims.
I just want to point out that lots of HN recently has been saying "Apple would NEVER deal with the FBI, there's too much risk of a leak!".. and yet, with the example of what happened to Manning, Snowden (ETC) -- would you, with a 6 figure salary, want to tell the world of misdeeds when you could toil away comfortably?
"So obvious no one will ever notice"
Apple removed their warrant canary about a year ago timed with press releases about "revamping their privacy policy for better security and user happiness" and a bunch of marketing bullshit. What I saw was the guarantees that they had done everything they could to protect your data was gone, replaced by "we'll follow the law" AKA they will screw you over willingly if they need to.
---
Also, the FBI is NOT dumb. "Poor legal council" was mentioned in this thread. With their budget, why would you not assume they have Grade AAA legal council?
What's interesting about this case is, when it started, the sides were split 50/50 between Apple and the FBI. But as time went on, and Apple's PR, legal, and executive machine spoke and educated more people on the issue, the side tipped towards Apple.
Then the congressional hearing happened, where Issa (R - Calirfornia) knew more about the technical details of the phone than Commey. Given that Commey didn't bring a technical aide with him, and him saying things like 'this software would be obsolete because of newer iPhones, and wouldn't work on the 6 and 6S' were completely false and hard to imagine were made with merely negligence (i.e. He was very clearly lying).
And after all that, and the FBI and DOJ PR machine trying to fight back, it became clear that media was starting to side with Apple (Morning Joe on MSNBC is a perfect example of what a 2-3 week time span can do to an opinion).
I even suspect the Judge would have also sided with Apple and the FBI would be fighting for the appeal, and they would have known that. It's smart for the FBI to drop the case, but timing + intentions to bring up the case in the first place were scummy.
Let's remember that Commey, the director of the FBI, was a NY prosecutor. Given that the current NY prosecutor wanted to unlock phones with ease (as they don't have the resources of the FBI and access to the NSA), Commey was "simply" trying to help a friend by deceiving the public and forcing Apple to do something it didn't want to, that Apple knew it shouldn't. It simply wasn't worth the fight, and I do believe it put the FBI in their place, as even a terror attack couldn't even get them the mandate they sought. This is likely not the end, and the FBI knows that any company that has the reach they need will likely set a precedent against them, so it'll be interesting to see what they do next.
All in all, what the FBI got out of this mess: making a whole lot of devices and services more secure.
> On a conference call with reporters late Monday, a law enforcement official ... said the case was never about setting a precedent, but only about getting information from a dead terrorist’s phone
In some ways I suspect that the FBI's arguments are a smoke-screen to keep us from talking about the fact that unknown 0-days exist and perhaps the NSA even has a few.
How could anyone who pays attention to modern computing not understand that zero-days exist? How can anyone who knows what the NSA is not think that they stockpile them?
I will clue you in: NSA has a lot of vulnerabilities vendors don't know about.
It's not a very good smoke screen, since the most probable interpretation of the filing is that the NSA has an exploit.
At least one security expert reported they were rebuffed by the FBI when they offered to help, so I seriously doubt the "outside party" is outside the government.
There was no reason to think this phone, unlike every other system, was uncrackable. Apple is setting impossible expectations, especially when the attacker has the resources of the U.S. goverment.
May? That's rich. They've always had the ability to circumvent the encryption on Farook's phone since day one. They could have made a byte-by-byte copy of the encrypted drive and bruteforced copies over and over. It's just that they prefer to coerce Apple into making it easier for them by making GovtOS.
Can somebody please point out to me the obvious fact I am missing. Don't Apple design their security such that even they themselves can't crack it? Like storing hashed passwords, they don't want that kind of accountability. The media keeps suggesting that Apple won't do it, I thought it would be the case that Apple can't do it...
Apple did try to design encryption that it can't break. But they also want to be able to fix bugs. So they can update the OS on the phone even if it is locked.
So by writing a new update, they could remove some of the ancillary security features that reinforce short passcodes: the "wipe after 10 tries" feature, and the "progressively longer delay between tries" feature. Without these, a numeric (short) passcode can be brute-forced in a day or two. This is what the FBI has been trying to force them to do: write a new update to remove these features. That's what Apple has been refusing to do.
BTW, if you use a long alphanumeric passcode, then it wouldn't matter if Apple was forced to push this update. A 15 character passcode with upper case, lower case, numbers, and symbols would probably be safe from brute forcing no matter how fast someone tries. But most folks are not willing to remember or type in 15 characters on their phone.
What courses of action are available for private persons to bring questions like this in front of the Supreme Court? Is there something here that a private individual / corporation could find cause for a suit against the USG, so that the high courts have the opportunity to narrow the scope?
Or are we just left to petitioning and lobbying Congress to rewrite parts of it?
Surveillance only works when people believe their communications are private and secure.
The 3rd party was probably NSA and they did not intervene up until because it would reveal the existence of a cracking technique.
What changed is that weighed against a possible court verdict that would tell every terrorist that no U.S. made device or encryption could possibly be secure, (causing targets to avoid using broken crypto) revealing the existence of a possible forensic technique was low risk.
The belief that it is possible to communicate securely is the most important thing for spies to maintain. The FBI wants to discourage people from believing it because they think it will make people less likely to commit crimes. The spies want to encourage the belief because it ensures they can collect the intelligence they need to maintain the status quo.
Beautiful. Congrats to the DOJ for seeing the light.
Will Obama now stop seeking "middle ground" as he mentioned at SXSW? Will Burr-Feinstein halt their work on a backdoor bill? Nothing has changed on this front, and there are still a host of reasons why a backdoor law is a bad idea.
Here's one approach you could use if you had a reliable zero-day at your disposal. I've been out of the jailbreak scene for a while, so I might be way off the mark:
1) Have zero-day ([0]) that can be used to deliver executable payload over SMS (think Stagefright). iOS devices can receive text messages before the filesystem is decrypted. Perhaps Apple should close this vector.
2) Deploy dylib that patches the SpringBoard UI (where the lock screen lives), disabling the code that counts incorrect passcode attempts
Is it normal to refer to the Justice Department as the U.S.? If I understand correctly it is part of the Government, yes, but this whole issue was promoted as FBI vs Apple, not US vs Apple.
Not a native speak, just sounds strange to me.
Let's realize something here that I can attest to being 100% correct; the US government is abysmally behind the curve ball on anything and all things technology. I really even hate stating that because we are operating on a kind of inertial perception of America's cyber might that partially was conjured through movies and perception, but reality is that we are really bad off. We're not just behind the curve ball, we're on a short bus trying to figure out how to get to the damn ballpark.
The problem is a systemic one too, a lack of actual leadership, a personnel problem if you will.
And wouldn't it be ironic if the "outside party", referenced in the article, was Apple itself. Maybe through several layers of indirection. Something to think about, but most probably not the case.
It seems far more likely then most of the conspiracy theories here that the FBI was simply running parallel work for breaking into the phone that has recently yielded results.
Since the All Writs Act has as a test, necessity, to stay within the law they're required to notify the courts if that changes.
It's not, and they did. What I don't understand why so-called "reporters" are regurgitating the blatant trash from "unnamed FBI sources" as if it's fit to print. I would hope at least to see front page NYT and WP editorials blasting the FBI for their obvious failed attempt here to capitalize on a mass murder for their own legal/policy purposes.
A few weeks ago they couldn't figure out how to unlock the phone, when it's blatantly obvious the security weaknesses of the 5c, and today they suddenly have seen the light but it just needs more testing? Department of Homeland Security has been funding research into NAND-blockers for at least 6 years now.
In a fair and adversarial system, the court would somehow sanction the FBI for their prior sworn testimony that they couldn't do this themselves. But of course when Federal agents lie under oath, it's not a crime, just a misunderstanding.
I've always wondered what the FBI really expected to find on the phone, and more importantly, whether what they find will be worth the publicity and debate.
If they find nothing, the perceived motive that they just wanted a backdoor more than the device's data would feel all but confirmed.
Because iOS is closed source, proprietary software, the latest update might as wel include a backdoor. Nobody knows. This isn't an issue about privacy but rather with people comfortably trusting closed source software by the color of Tim Cook's eyes.
I know this is somewhat counterintuitive, but this is potentially good news. It means that we have not established precedent that the government can force a private company to destroy even the illusion of privacy.
What happens when Apple finds a way to secure this new attack vector. Is Apple now actively working against the feds? That is certainly how it will be seen by the US Gov.
This sounds to me like the type of law that appears to solve a problem in this particular case but would open a can of worms in other cases that involve legitimate investigation into faulty business practices.
what if Apple agreed to unlock it (either by custom software or by some other means) but FBI won't say it publicly so Apple gets to save their face and FBI gets what they want.
While the legal maneuvering is interesting, I'd like to talk more about the technical mechanisms. Is it actually possible?
Snowden said the FBI is full of shit[1] and of course the phone is hackable, citing an ACLU report.[2] This report states that one could "easily" bypass the auto-erase-after-10-attempts function by popping out the Flash memory chip, copying its contents into some sort of test rig wired in its place, and then restoring it whenever it gets erased.
This is an interesting modification of an attack scenario laid out in an excellent review of iPhone/iOS8 security by Matthew Green:
"Since only the device itself knows UID -- and the UID can't be removed from the Secure Enclave -- this means all password cracking attempts have to run on the device itself. That rules out the use of FPGA or ASICs to crack passwords. Of course Apple could write a custom firmware that attempts to crack the keys on the device but even in the best case such cracking could be pretty time consuming, thanks to the 80ms PBKDF2 timing."[3]
What this theoretical rig changes is it essentially allows a custom chip to run on the device (namely a delete-proof Flash chip), bypassing the need for Apple to write custom firmware. So a typical 6 digit one would take under a day to crack, based on the 80ms cost per attempt.
So, it does seem possible to crack the pre-A7 phone in question with this rig.
However, and here is where it gets interesting, Apple has said conflicting things about current phones. One the one hand, ever since the A7 they've added a hardware-level escalating time delay between failed passcode attempts:
"On devices with an A7 or later A-series processor, the delays are enforced by the Secure Enclave. If the device is restarted during a timed delay, the delay is still enforced, with the timer starting over for the current period."[4]
This would in theory make it infeasible to attempt this kind of rig on a current iPhone. Even a typical weak passcode would encounter an hour-long delay at least once every 10 attempts. It could take years to bruteforce all but the most predictable passcodes.
However, Apple has also said that "Yes, it is certainly possible to create an entirely new operating system to undermine our security features as the government wants."[5] This would seem to suggest that software alone could enable bruteforcing, and this implication is in stark contrast to the statement on hardware defenses within the secure enclave. (Did they mean possible only on pre-A7 phones? It sure feels like they feel there's more at stake than that.)
So I don't know what to believe at this point. The ACLU seems wrong in suggesting that this particular rig would work on anything but old pre-A7 iPhones, based on the current secure enclave's time delay. But Apple has outright stated that GovtOS could enable the cracking of iPhones. So... how?
There's a lot of cynicism in this thread. Would you prefer that they try to force Apple's hand anyway, even though they might have found another way that makes the issue moot?
> Would you prefer that they try to force Apple's hand anyway, even though they might have found another way that makes the issue moot?
Yes, very much so. That way we can put this behind us rather than to wait for the inevitable re-run with conditions carefully arranged to be more favorable in order to set precedent.
Their legal reasoning heavily relies on Apple being the only party capable of assisting with unlocking the phone. They are talking about compelling someone, so if there's a possibility that it's not necessary, they have a duty to find out. Also, US courts don't rule on abstract ideas or hypothetical cases. No "case or controversy", no judicial standing. If the FBI can unlock the device without compelling Apple, there's no controversy since the FBI agrees Apple wouldn't be required to help in that case.
Yes, but that line of reasoning requires you to believe this was about the phone's contents to begin with and it would take a serious act of suspension of disbelief to go down that particular road with what's known about this whole sordid affair to date. It's simply the FBI using a crisis to attempt to expand their powers.
> Their legal reasoning heavily relies on Apple being the only party capable of assisting with unlocking the phone.
That has been known to be false since day one, as methods of bypassing the reset have long been known that don't require Apple's help. The problem for the FBI is that these methods can't be used on a large scale, or without the targets' knowledge.
They went to a great deal of effort to start this case, it would be preposterous if they hadn't exhausted other routes beforehand. They're quite obviously backing away from it on purpose.
This was never about getting access to that phone's data. It was about getting tools / precedents set so they can use them on every other phone the seize in the future.
Just cause it's cynical does not mean it's not accurate.
The FBI looks as if they are lying about the situation. The lawyers who started this adventure deserve to be jeered. We don't need people like that in our government.
The All Writs Act goes back to 1789 and is used for all sorts of things, like wire tapping, obtaining call and ISP records, etc., and now trying to force Apple to make malware for their own phone.
It's definitely a risk for the FBI to fight this battle and potentially lose a tool they use all the time. Since there is probably no new info on the phone, it may not be worth the risk of making this a big fight with a motivated and well-financed adversary like Apple.