This week a fed­eral judge ordered Apple to help the FBI unlock a work-​​issued iPhone used by a gunman in December’s deadly San Bernardino, Cal­i­fornia, shoot­ings. But Apple opposed the ruling, objecting to building what it calls a “back­door.” In a mes­sage posted on the company’s web­site, CEO Tim Cook said that while the com­pany believes the FBI’s inten­tions are good, this demand is an “unprece­dented step” that “threatens the secu­rity of our cus­tomers.” The case is raising the stakes in a com­plex and long-​​running standoff between gov­ern­ment and Sil­icon Valley over access to encrypted data—one that involves bal­ancing con­sumers’ dig­ital pri­vacy with the author­i­ties’ ability to inves­ti­gate crime or terrorism.

Andrea Matwyshyn, pro­fessor in the School of Law, studies tech­nology inno­va­tion and its legal impli­ca­tions. We asked her to examine how this case might play out, with a par­tic­ular focus on its poten­tial impact on future fed­eral inves­ti­ga­tions, the average iPhone user’s pri­vacy, and the global market.

In a mes­sage to cus­tomers, Apple CEO Tim Cook wrote that while the gov­ern­ment may argue that using this back­door would be lim­ited to this case, “there is no way to guar­antee such con­trol.” He added that the gov­ern­ment could extend this “breach of pri­vacy” to demand that Apple create sur­veil­lance tech­nology and other soft­ware to access users’ phones without their knowl­edge. Are these fears jus­ti­fied, and if a so-​​called “master key” is cre­ated, how broad could its usage be by the government?

Cer­tainly any case law arising from this ex parte demand by the Depart­ment of Jus­tice would create prece­dent that other courts would regard as instruc­tive for sim­ilar future law enforce­ment demands. It’s fair to worry about a slip­pery slope arising from the out­come of this dis­pute: If pri­vate sector enti­ties become con­scripted as unwilling agents of law enforce­ment and are no longer free to design their own prod­ucts to meet the demands of their cus­tomers, our innovation-​​driven economy will be per­ma­nently damaged.

To date, Con­gress has been unwilling to leg­is­late on the point of requiring tech­nology com­pa­nies to alter their product designs to include law enforce­ment “back­doors,” despite aggres­sive lob­bying efforts from law enforce­ment. This ex parte order against Apple poten­tially rep­re­sents law enforcement’s attempt to cir­cum­vent this con­gres­sional impasse by achieving a func­tion­ally sim­ilar result incre­men­tally through the courts.

What could this case mean for average iPhone users and their pri­vacy? Should they be concerned?

Yes, they should be con­cerned. Leading tech­nology com­pa­nies such as Apple and Google have been pro­gres­sively increasing the secu­rity built into their prod­ucts for con­sumer pro­tec­tion rea­sons. Sim­i­larly, the Fed­eral Trade Com­mis­sion and Euro­pean data pro­tec­tion author­i­ties view encryp­tion as a key tool to combat iden­tity theft. The FBI’s demands, if granted, would damage these con­sumer pro­tec­tion efforts. As explained by leading com­puter secu­rity experts, cre­ating a new “master key”—whether it be to alter user-​​designated set­tings or to break encryp­tion in a device—would weaken existing secu­rity mea­sures and place con­sumers at increased—and avoidable—risk. Par­tic­u­larly in light of the many high-​​profile data breaches suf­fered by fed­eral agen­cies in the past five years, it is also unfor­tu­nately entirely pos­sible that law enforce­ment would lose con­trol of any such master key, thereby allowing crim­i­nals easier access into mil­lions of con­sumer devices for nefar­ious pur­poses more effi­ciently than before the exis­tence of the master key.

It’s fair to worry about a slip­pery slope arising from the out­come of this dis­pute.
— Law pro­fessor Andrea Matwyshyn

Sen. Ron Wyden of Oregon, a leading leg­is­lator on pri­vacy and tech issues, told The Guardian that “This move by the FBI could snow­ball around the world.” What are the broader impli­ca­tions of this case for the tech­nology sector and beyond the U.S.?

Demands such as these fuel inter­na­tional pri­vacy con­cerns about U.S. law enforce­ment over­reach, which arose par­tially from the Edward Snowden rev­e­la­tions regarding the National Secu­rity Agency’s information-​​gathering program’s col­lec­tion of data on our Euro­pean allies, their heads of state, and their cit­i­zens. Because pri­vacy is viewed more aggres­sively as a dig­ni­tary interest and human right in other coun­tries, con­sumers in those other coun­tries would poten­tially avoid pur­chasing U.S. tech­nology prod­ucts because they come with back­doors. U.S. tech­nology com­pa­nies’ global market share would drop, as would share price and rev­enues. The crown jewel sector of our national economy would be harmed.

Cook and sup­porters of Apple’s stance have pointed, in part, to what they call an over­reach of gov­ern­ment authority. Do you see ways, whether they are new laws or other avenues, to help fed­eral pros­e­cu­tors nav­i­gate our evolving dig­ital land­scape and inves­ti­gate cases?

The FBI’s argu­ments that new tech­nolo­gies are frus­trating some tra­di­tional forms of evidence-​​gathering, while true, are not new. With each prior gen­er­a­tion of tech­nology, law enforce­ment has suc­cess­fully adapted to the chal­lenges of evidence-​​gathering pre­sented by changed cir­cum­stances. For example, burner phones undoubt­edly also pre­sented chal­lenges for law enforce­ment in the 1990s, yet law enforce­ment adapted suc­cess­fully. Law enforce­ment is now chal­lenged by more pri­vacy and security-​​protective product models that assist con­sumers in defending them­selves against iden­tity theft and phone theft—compelling con­sumer pro­tec­tion concerns.

The bigger-​​picture answer here again is likely through a “per­sonnel is policy” approach, just as it has been in the past: Law enforce­ment needs to hire staff with the req­ui­site tech­nical skills and offer addi­tional tech­nical training to agents. Com­pelling coop­er­a­tion from tech­nology com­pa­nies is an inef­fi­cient approach—even assuming it to be tech­no­log­i­cally pos­sible: It is not cost-effective—particularly when time is of the essence in investigations—for law enforce­ment to seek court orders, exter­nalize law enforce­ment oper­ating expenses onto the pri­vate sector on a case-​​by-​​case basis, and ask com­pa­nies to “break” their more inno­v­a­tive and consumer-​​protective product models.

The FBI’s argu­ments that new tech­nolo­gies are frus­trating some tra­di­tional forms of evidence-​​gathering, while true, are not new. With each prior gen­er­a­tion of tech­nology, law enforce­ment has suc­cess­fully adapted to the chal­lenges of evidence-​​gathering pre­sented by changed cir­cum­stances.
— Law pro­fessor Andrea Matwyshyn

Apple’s refusal to comply sets up a major show­down with the fed­eral gov­ern­ment. And there seems to be some debate as to the appro­priate case law, with some citing the All Writs Act of 1789 and others the Com­mu­ni­ca­tions Assis­tance for Law Enforce­ment Act of 1994. What are the next legal steps, and do you think Apple or the gov­ern­ment will ulti­mately prevail?

In this case, law enforce­ment asked the court to compel Apple to dis­able par­tic­ular user-​​calibrated dele­tion fea­tures on an older iPhone, which may frus­trate their attempts to crack into the phone. The court, instead, offered Apple sev­eral paths to engage in “rea­son­able tech­nical assistance”—to pro­vide a tech­nical tool, to direct the FBI to other resources to accom­plish its desired task, or to show cause for its inability to comply. A close reading of the order indi­cates that the court appears aware that the FBI’s request may not be tech­no­log­i­cally pos­sible based on product design, and the court stopped short of demanding that Apple accom­plish the tech­no­log­i­cally impos­sible. The court also made note that costs asso­ci­ated with com­pli­ance would be imposed on Apple, instructing Apple to “advise the gov­ern­ment of the rea­son­able cost of pro­viding this ser­vice.” Apple will now undoubt­edly present evi­dence to the court regarding tech­no­log­ical fea­si­bility as it con­tests the order.

The next legal step is Apple’s argu­ment before the mag­is­trate judge regarding the tech­nical fea­si­bility of the demands made by law enforce­ment, likely fol­lowed by an appeal in dis­trict court. I expect nei­ther side to back down. Stay tuned.