Apple’s big win over the Department of Justice may be short-lived — the federal government has submitted a letter to the court affirming that it still needs Apple’s help in unlocking an iPhone revolving around a Brooklyn drug case.
“The government’s application is not moot and the government continues to require Apple’s assistance in accessing the data that it is authorized to search by warrant,” U.S. Attorney Robert L. Capers writes in the letter.
The government had until April 11 to decide whether it wanted to “modify” its initial bid asking Apple to unlock an iPhone. The Brooklyn case involves a man who pleaded guilty after he was indicted on charges of meth trafficking. Law enforcement believe his iPhone will provide helpful information for the investigation and asked the court for an order requiring Apple to provide a backdoor so they could access it.
The order is similar to the one imposed on Apple in the San Bernardino shooter case, but the FBI dropped its request after it figured out a way to hack the iPhone 5C locked in that investigation, thanks to a third-party.
FBI Director James Comey recently confirmed that the ‘tool’ the government used doesn’t work on the iPhone 5S and Apple’s newer models, which is likely why the government still needs Apple’s aid. The Cupertino company is expected to respond soon.
Feinstein-Burr ‘encryption bill’
But Apple’s not alone in its defense of encryption — a draft of the long-awaited Feinstein-Burr ‘encryption bill’ surfaced late Thursday night and has law and tech experts reeling.
“To uphold both the rule of law and protect the interests and security of the United States, all persons receiving an authorized judicial order for information or data must provide, in a timely manner, responsive, intelligible information or data, or appropriate technical assistance to obtain such information or data,” the discussion draft states.
Well, the Feinstein-Burr bill is pretty much as clueless and unworkable as I expected it would be.
— Matthew Green (@matthew_d_green) April 8, 2016
The draft of the “Compliance with Court Orders Act of 2016” essentially requires any device manufacturer, software manufacturer, electronic communication service, remote computing service providers, “or any person who provides a product or method to facilitate a communication or the processing or storage of data” to comply with court orders and hand over any plain-text communications the government demands.
Tom Mentzer, press secretary for Senator Diane Feinstein, D-CA, who is heading the bill alongside Senator Richard Burr, R-N.C., shared their joint statement to Digital Trends.
“We’re still working on finalizing a discussion draft and as a result can’t comment on language in specific versions of the bill,” according to the statement. “However, the underlying goal is simple: when there’s a court order to render technical assistance to law enforcement or provide decrypted information, that court order is carried out. No individual or company is above the law. We’re still in the process of soliciting input from stakeholders and hope to have final language ready soon.”
But Mentzer also said “nothing has been released by the committee,” meaning the discussion draft will likely be revised greatly before it becomes a bill.
Burr-Feinstein may be the most insane thing I’ve ever seen seriously offered as a piece of legislation. It is “do magic” in legalese.
— Julian Sanchez (@normative) April 8, 2016
Kevin Bankston, director of New America’s Open Technology Institute, said the bill’s draft would be surrendering the U.S.’ cybersecurity, but its tech economy as well as foreign companies would still offer more secure services.
“The fact that this lose-lose proposal is coming from the leaders of our Senate’s intelligence committee, when former heads of the NSA, DHS, the CIA and more are all saying that we are more secure with strong encryption than without it, would be embarrassing if it weren’t so frightening,” Bankston said in a statement.
Forensics expert Jonathan Zdziarski says the draft’s broad wording allows the government to hold anyone responsible for their encrypted services.
“A good parallel to this would be holding a vehicle manufacturer responsible for a customer that drives into a crowd,” Zdziarski writes in his blog. “Only it’s much worse: The proposed legislation would allow the tire manufacturer, as well as the scientists who invented the tires, to be held liable as well.”
Regardless of what the bill will contain, it may be moot as the Obama administration has said it will likely not support any anti-encryption legislation.