If Apple can build the software and tooling in question (and as far as I've seen nobody disputes that they can, the question is simply whether they will), then they are already unable to truthfully say "we can't do that."
Lets put it a slightly different way, lets say you make safes for protecting valuables. And you make your safe so that any attempt to break into it without the combination would destroy the contents, or make it so that the only way to open it, like cutting into the steel with a torch, would destroy the contents.
The FBI can (and does) hire locksmiths and safe crackers to get into safes where they believe there is valuable information inside, but they don't compel the manufacturer of the safe to create a capability of bypassing its safeguards, but if they did criminals would seek it out so they could rob those safes, and customers would stop buying that safe because they knew criminals could probably get their hands on the same tools the government could to break into and defeat its countermeasures.
So having the government able to order a safe maker to build a safe that can be broken into, the safe maker loses customers and business because their customers don't want a safe that can be broken into, they want one that protects their valuables from everyone.
In this case, the government isn't ordering a safe maker to build a safe that can be broken into. The safe maker already built a safe that can be broken into. The government is just ordering the safe maker to take advantage of that fact and break into it.
Many people equate this to demanding that Apple create a security vulnerability, and I don't get it. The vulnerability is already there. The iPhone 5c is already insecure against an attack by Apple. The government is just ordering Apple to exploit that existing insecurity.
There are compelling problems with that too, but it's not the same as requiring Apple to build something insecure.
Perfect. To fix your analogy and make it more accurate, it's more like the safe making company has the ability to make a device that can disable the self destruct capability for a single safe.
If the safe company simply hadn't built in that capability, there would be nothing the FBI could demand of them, because it wouldn't be possible.
The fundamental question is whether a federal court can require a private company to do new work, to assist a federal investigation.
The answer now is no. Companies must provide access to information if they possess it, but that's not the same as writing new software to enable access to information they don't possess.
Once that Rubicon has been crossed, it is unclear what the legal test would be to limit the work that can be requested. If a court can require Apple to write some piece of software, why couldn't it require Apple to write some other piece of software? Or take any other affirmative action that might assist the FBI?
I know this might sound crazy but this is how common law works. Court decisions create precedents, which are often in the form of heuristics for constraining future decisions.
A very famous example is the Supreme Court precedent on abortion: before a fetus is viable, the government does not have a legal basis for considering it to have independent rights. Whether or not one agrees with it, the rule is clear.
Right now the rule is clear for what companies must do under court order. If the FBI succeeds in applying the All Writs Act in this case, that clear rule will be gone. What will take its place?
Edit to add a concrete example:
Apple announces that iOS 10 cannot be broken even by Apple. The FBI goes to court and says that they are tracking known terrorists who are using iPhones. If those terrorists get iOS 10 as announced, the FBI will be impeded. So Apple must alter iOS 10 to ensure that they can deliver retroactive access to phone contents in some way.
This would be the smartphone equivalent to CALEA, which requires network operators to build their networks in a way that permits wiretapping. The big difference is that CALEA was passed by Congress, whereas the FBI would only need a court order for smartphones!
I understand the idea of setting a precedent, I just don't see how the precent set here could translate into preventing Apple from building secure devices.
The current request is for Apple to build a special version of their OS which can be loaded onto the suspect's phone. It seems to me that the precent this would create would be for similar actions: providing custom software. The gulf between that and altering the public builds of iOS is vast, and I don't see how the former precent could possibly lead to the latter. In fact, the order in question explicitly states that the software provided by Apple must be tied to the specific iPhone the FBI wants to crack.
The precent of providing custom software for a specific device could very well be dangerous in and of itself. This comment does a good job of discussing the possibilities there:
In short, the precent set here could very well lead to requiring Apple to turn on suspects' microphones remotely, or loading software that scrapes data as the user uses it. That could certainly be bad. But it's a huge leap from that to somehow preventing Apple from ever building and selling secure systems.
Edit: thinking about this a bit more, here's what I see as the really simple version of it all. The FBI's order is compelling Apple to build something, and the worry is that it sets a precedent for building more. But forcing Apple to build insecure devices in the future is not the same; that would be preventing Apple from building secure software and hardware, not compelling them to build something insecure.
The way I view it is that it sets the stage for the FBI to request from the court that Apple retain the ability to build software that can break into all future iPhones. IMO, that gulf is much smaller to cross than alter public builds in the future. It is more like, don't add this feature.
Basically, the FBI can argue that Apple did this before and must keep doing it in the future. Making the device such that they cannot respond to a request could be viewed as going against the court. "I'd love to give you that document again, but now I burn them all so you cannot have them."
I don't understand why requiring an action which is feasible today implies that this action must be kept feasible in the future. If the FBI demands that you open a door for them, does that imply you're not allowed to brick up the entrance later on?
It implies that, because the power to require Apple to take action today is on the same side of Rubicon as requiring them to take some other action in the future.
Once we permit the FBI to task private companies via court order, there's no way to predict how far that tasking will be permitted to go.
> If the FBI demands that you open a door for them, does that imply you're not allowed to brick up the entrance later on?
The FBI is not demanding that Apple open a door, it is demanding that Apple build a custom software system for them. If the FBI can tell Apple how to build software today, then the FBI can probably tell Apple how to build software tomorrow.
The FBI isn't quite telling Apple how to build software in general. They're trying to make Apple build a specific piece of software for the FBI.
If they do this today, they can probably do it tomorrow, yes. But "this" doesn't mean compromising all iPhone hardware or software. It means building a special copy of the software to attack already insecure hardware and software.
Let's say Apple makes the iPhone 7 completely invulnerable to attack even from Apple. How does this precedent play out? The FBI goes to Apple and says, "Do that thing you did before." Apple replies, "Sorry, but we literally can't do it for this phone." How does the existing precedent cause a problem?
This whole line of argument feels too much like, "The FBI can demand something, this is something, therefore the FBI can demand this." People keep saying there's a connection and I just don't see it. When I ask what it is, people just reiterate that it's there.
Then they request a warrant that requires future iOS versions to permit similar access.
By what argument would Apple fight that warrant? The previous case would have already established that such access is necessary, that Apple can provide it, and that the court has the legal power to force them to.
In terms of the burden on Apple, the staff time burden to write software that will run on 50 million iPhones is no greater than software that will run on one iPhone. Code is code.
In terms of damage to the Apple brand, the FBI has already argued that that should not matter:
That warrant isn't targeted and affects Apple customers who are unrelated to any criminal investigation. I see no reason why it would be granted.
Consider more traditional warrants. The police ask for a warrant to search your house. They get that warrant. Then afterwards they ask for another warrant, this time to enter everybody's house. Does the precedent set by the first warrant make a judge likely to grant the second one? I don't think so. Certainly I've never heard of any such warrant being issued by an American court (excluding the ridiculous FISA court, anyway), even though police would surely love to have one, and the precedent of search warrants for individual houses is extremely long standing.
Complying with any request for anything by the FBI costs money and time. There's no difference between that and making a trivial backdoor for one phone.
