The high-profile legal standoff between Apple and the FBI recently came to an end when the government unlocked a terrorist’s iPhone without Apple’s assistance, but new data confirms that this single showdown is just one of dozens of cases where the federal government has successfully used a more than 225-year-old law to compel Apple or Google to aid authorities in bypassing smartphone security measures.
At the center of the recently concluded Apple vs. FBI dispute is the All Writs Act, which allows a judge to compel a person or group to assist in the enforcement of a court order — but only if that assistance is both necessary and “agreeable to the usages and principles of law.”
In February, the federal government successfully sought a court order under the All Writs Act, compelling Apple to aid the FBI in unlocking an iPhone that had belonged to Syed Farook, one of the shooters who killed 14 people in San Bernardino, CA, on Dec. 2, 2015.
Apple fought back against the court order, arguing that this use of the All Writs Act was unprecedented, and the government’s request was not “about one isolated iPhone,” but instead a case of “the Department of Justice and the FBI seeking through the courts a dangerous power that Congress and the American people have withheld: the ability to force companies like Apple to undermine the basic security and privacy interests of hundreds of millions of individuals around the globe.”
However, in another Apple-related case in a New York federal court (one in which the judge sided with Apple), the DOJ told the court that it had previously used the All Writs Act dozens of times to compel Apple’s assistance and that the company had not balked.
This assertion led the American Civil Liberties Union to root around to see just how widespread the government’s use of the All Writs Act had been in recent years.
According to data released today by the ACLU, the group turned up court documents for 63 cases — plus at least another 13 without docket numbers — in 22 states since 2008 where the government applied for a court order under the Act to compel the assistance of either Apple or Google.
Most of the court orders involve either password resets or lock-screen bypasses, and many of them occurred before Apple and Google updated their operating systems in 2014 to remove previously existing backdoors.
Even those court orders coming after the security upgrades seem to involve phones seized before those changes went into place. For example, in 2015 the Department of Homeland Security sought a court order for Google’s assistance in resetting the password for a Samsung smartphone belonging to a man arrested on child pornography charges. However, that phone had been seized in 2012, long before Google made it more difficult to assist in unlocking devices.
Similarly, a 2015 court order obtained by the FBI is for an Android device seized in a drug-related case a year earlier.
Speaking to the Wall Street Journal, a rep for Google acknowledges that the company has obliged court orders, but that it has “never received an All Writs Act order like the one Apple recently fought that demands we build new tools that actively compromise our products’ security.”
If Google were to receive this sort of demand — compelling the company to weaken the security of the operating system it creates — the rep says, “We would strongly object to such an order.”
FBI’s success in getting through iPhone security without Apple’s assistance is only going to make Apple, Google, and others tighten their privacy measures further, both to prevent any third parties from using the FBI’s work-around and to ensure security-minded customers that their data is protected.
The iPhone maker is reportedly already working on a device that would prevent the company from pushing software updates to locked iPhones, meaning Apple would not be able to help law enforcement by replacing a secure operating system with a less-secure version.
by Chris Morran via Consumerist
No comments:
Post a Comment