On the eve of oral arguments concerning a court order directing Apple to assist the Department of Justice (DOJ) in accessing an iPhone as part of the investigation into the San Bernardino terrorist attack, the DOJ asked federal court to postpone the hearing. The court granted the request. The DOJ told the court that, on March 20, “an outside party” demonstrated a possible way to unlock the iPhone without Apple’s help. The DOJ informed the court it needed time to test the proposed method, but that, if viable, the method “should eliminate the need for the assistance from Apple.”
Such an unexpected development in a case of this importance raises eyebrows. Who or what is this “outside party”? What is this method for unlocking an iPhone the DOJ previously insisted could only be accessed with Apple’s involvement? Why had this party and method only come to DOJ’s attention so late in this unprecedented, contentious, and highly publicized case? Will the method work on other locked iPhones law enforcement agencies seek to access? Will the DOJ share this method of unlocking iPhones with Apple? Does the DOJ’s access to a way of unlocking iPhones without Apple’s assistance or the need for a specific court order create different but still worrying legal and policy concerns?
Postponing the oral arguments shifts attention away from law to whether the method the DOJ will test provides access to the iPhone without damaging data on the device. If the methods works, the court will, with the DOJ’s agreement, vacate the order directing Apple to provide assistance to unlock the iPhone. This outcome would end the showdown between the DOJ and Apple over this iPhone, but this case, and the legal questions it raised, was always about more than one iPhone. These questions will resurface with Apple if the proposed method fails or when the DOJ asks a court to compel a different company to assist law enforcement agents in accessing encrypted information on digital devices.
The existence of a viable method of unlocking this particular iPhone might provide a way to gain access to other iPhones. In opposing the court order directing it to provide assistance, Apple argued the government was forcing it to create a “backdoor” to software that would render other iPhones vulnerable. Now some “outside party” has handed the DOJ a possible backdoor to iPhones about which Apple apparently knows nothing and, thus, cannot address to protect the privacy of its customers. Given the nightmare Apple conjured in its legal briefs about what the DOJ was trying to force it to do, the appearance of a possible way to hack iPhones might be as alarming as any backdoor it would have created under court order.
The positions Apple staked out in its legal briefs mean that it will try to change iPhone software to eliminate vulnerabilities this mysterious method might exploit—and the vulnerabilities will be patched if the DOJ shares the method with Apple. Such counter-measures might make the method effective only for the iPhone connected with the San Bernardino attack. Thus, even if the method proves viable, the legal questions at the heart of the dispute between the DOJ and Apple will remain unanswered and contentious. In addition, use of the method might exacerbate controversies associated with government acquisition, stockpiling, disclosure, and use of software vulnerabilities for law enforcement purposes, such as “lawful hacking.” The encryption conundrum could converge with the software vulnerabilities problem in ways that make effective cybersecurity policy more difficult to achieve.
Postponing oral arguments in the Apple litigation might provide Congress with an opportunity to pass legislation settling controversies the iPhone case has stirred up. However, had oral arguments proceeded as scheduled, the court’s decision would, in all likelihood, have been appealed, potentially all the way to the Supreme Court. Thus, delaying the oral arguments does not produce significantly more time for Congress to act on the questions the litigation spawned and that will remain unanswered whether or not the method the DOJ is testing works.
The world has been watching the Apple case because of its implications for how other governments might handle challenges presented by encrypted devices and data. The legal briefs by Apple and the DOJ laid out the applicable law, the competing interpretations of statutes and constitutional principles, and reinforced the central role of law and an independent judiciary in deciding questions of government power and individual rights. Delaying court proceedings because an unidentified party has provided some unexplained way to hack iPhones seems less transparent, cognizable, and exemplary for people in other countries also struggling with accommodating encryption into their social contract.