NordVPN Promotion

Home / Blogs

Three Reasons Why Apple Didn’t Have to Unlock a Phone

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

The US government is demanding Apple unlock iPhones in about a dozen cases beside the San Bernardino one. In a strikingly similar case, Judge James Orenstein in Brooklyn rejected the government’s request for three separate reasons. In the decision the judge refers several times to the San Bernardino case, and it is clear he expects this decision to be an important precedent for that one.

In June 2014 the government arrested Jun Feng in Queens NY on drug charges and confiscated his iPhone 5S. Over a year later, in July 2015 got a warrant to search the phone and found that it was locked. In October they filed a proposed order under the 1789 All Writs Act (AWA) to have Apple unlock the phone. It appears that Apple initially cooperated and suggested some of the language in the proposed order, but if so they changed their minds and opposed it.

Shortly afterward Feng pled guilty. As in San Bernardino, the phone no longer has any relevance to the original case, but only as a possible source of information about others, and also as in San Bernardino, whatever is on the phone has been there for quite a while.

The judge then turns to the application of the AWA and comes to its requirement that writs be “agreeable to the usages and principles of law.” The government argues that means they can do anything that Congress hasn’t specifically forbidden to “fill gaps” in the law. The judge found no relevant case law, so he has to look at the intent of the law, and found that argument utterly unpersuasive. The AWA was one of the first laws passed by the First Congress, which contained many of the same people who’d written and ratified the Constitution. He found it utterly implausible that a year after hammering out the separation of powers in the Constitution, they’d hand a blank check to the courts to invent stuff. Agreeable means consistent with the laws that exist, and he looked at CALEA debated at great length and passed in 1994 to update the requirements for technology companies to assist law enforcement. CALEA puts a lot of requirements on phone companies, but specifically says that the government cannot “require any specific design” of equipment or services, or “prohibit the adoption” of any equipment or service. It further says that CALEA does not apply to “information services” which everyone agrees covers things like iTunes and other Apple online services. So there’s no gap to be filled here, Congress thought about what the government wants in this case and said no. Hence the government cannot require the court to grant the writ under the AWA and Apple wins.

A case cited by both sides as precedent is the 1977 United States vs. New York Telephone Co in which a closely divided Supreme Court found that the government could use the AWA to require N.Y. Tel. to install a pen register (a device that records dialed phone numbers) for a gambling investigation where there was no place the government could install its own device, but N.Y. Tel. had spare wires and its own pen registers it routinely used for auditing and similar purposes. The government argued that this case is just like N.Y. Tel, Apple argued that it’s completely different, and the court noted that the decision gives it some discretionary factors to decide whether to grant AWA writs, so it looks at those.

One factor is how closely related to the crime the subject of the writ is. In the N.Y. Tel. case, the telco was quite close because the crooks were already using phones and wires owned by the telco. In the Feng case, Apple’s only connection is that it had earlier sold a phone to Feng, just like it sold phones to millions of other people. The government argues that Apple “thwarts” (a term from N.Y. Tel.) their investigation, which the judge rejects—Apple is not impeding the government, they’re just not helping them, which they have no obligation to do.

Another discretionary factor is “burdensomeness.” In N.Y. Tel, all parties agree it was not a big deal to send someone out to install a pen register, since it’s something the highly regulated telco routinely did for other reasons, and N.Y. Tel had already offered to show the government how to do it. In Feng, Apple is not highly regulated, they would not otherwise build the software the government demands, and that software is now “offensive to it,” so there’s no way they’ll tell the government or anyone else how to do it. The court notes that Apple used to be more cooperative but so what, they’re allowed to change their minds. He also observes that there are many similar requests in the pipeline, so if this one is granted, the burden of the rest of them will likely follow. In short, Apple is not close to the defendant, the burden is excessive, Apple still wins.

The final discretionary factor is necessity, can the government get what they need any other way. The government claims in this case that they can’t. But two months earlier in another case, Djibo, the government claimed that they could unlock an iPhone. When the judge asked at a hearing how both could be true, the government claimed it was highly device specific and this one was much riskier, so only Apple could do it. But Djibo had an iPhone 5 with iOS 8.1.2 while Feng had iOS 7, which everyone agrees is easier to crack than iOS 8. The judge found that the government statements were “unreliable”, and hence they had not established that they needed Apple’s help. So Apple still wins, three for three.

In the conclusion he has no opinion whether:

the government’s legitimate interest in ensuring that no door is too strong to resist lawful entry should prevail against the equally legitimate societal interests arrayed against it here.

That is a question for the Congress to decide, not judges, and not under the All Writs Act.

This is a clear and comprehensive decision with many details that I left out due to its 50 page length. The judge in California will surely be looking at it closely and deciding what in that case might be different and what might not.

By John Levine, Author, Consultant & Speaker

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

NordVPN Promotion