Apple Wins NY iPhone Ruling, Makes Case At Congressional HearingApple Wins NY iPhone Ruling, Makes Case At Congressional Hearing

iPhone Encryption: 5 Ways It's Changed Over Time

Apple on Monday won a favorable ruling from a Brooklyn magistrate judge that denies a US government demand to compel the company to assist in a drug investigation by bypassing the security on a defendant's iPhone.

The decision has no direct effect on the company's higher profile legal battle in California to take a similar stance in the FBI's investigation of last year's San Bernardino terrorist attack. But it provides support for its legal arguments as these cases move through appeals and their ultimate resolution, which may be in the US Supreme Court.

In the New York drug case and the California terrorism case, the government cited the All Writs Act as the legal justification for its demand. But where the magistrate judge in California granted the government's motion to force Apple to help the FBI, prompting an effort to reverse that order, Magistrate Judge James Orenstein took the opposite stance.

"In arguing [that its demand is 'agreeable to the usages and principles of law'], the government posits a reading of the latter phrase so expansive -- and in particular, in such tension with the doctrine of separation of powers -- as to cast doubt on the [All Writs Act's] constitutionality if adopted," wrote Orenstein in his decision.

With release of iOS 8 in September 2014, Apple turned on device data encryption by default, thereby limiting its ability to access that data. That change and subsequent security improvements are frustrating law enforcement in a growing number cases. Though Apple continues to respond to lawful demands for customer data in its possession, the company now faces multiple demands for assistance from US government attorneys that seek to force it to undo the security measures that put on-device data beyond prosecutors' reach.

On Tuesday, the House Judiciary Committee held a hearing related to Apple's legal battles, called The Encryption Tightrope: Balancing Americans' Security and Privacy. In response to questions about whether the FBI has seen other instances where investigations have run into problems accessing data, FBI Director James Comey said, "This is a problem law enforcement is seeing all over the country."

Comey stressed that the FBI's effort to force Apple to disable the security features on the San Bernardino shooter's iPhone is about that specific case, even as he subsequently acknowledged that the court's decision has the potential to set a precedent.

Reading from prepared remarks, Apple senior VP and general counsel Bruce Sewell said that Comey and New York District Attorney Cyrus Vance Jr. have acknowledged that the California case is about more than one phone. Creating a backdoor for the San Bernardino shooter's iPhone "would not affect just one iPhone," said Sewell. "It would weaken the security for all of them."

Congressman Darrell Issa (R-CA), who has a background in automotive security technology, pressed Comey on why the FBI couldn't extract the iPhone's non-volatile memory, clone it, and conduct as many attacks as necessary to crack the passcode. Comey had no satisfactory answer, prompting skepticism from Issa about whether the FBI had truly exhausted all other avenues to access the device.

Issa, along with Congresswoman Zoe Lofgren (D-CA), co-authored an op-ed in the Los Angeles Times that appeared on Tuesday. The column opposes the US government's demand to force Apple to assist the FBI. "Allowing the government 'backdoor' access to just this one phone would undo years of technological advances in online security," wrote Issa and Lofgren.

[Read Apple Should Have Same Confidentiality Rights as Attorneys, Priests.]

For all the testimony, many of those speaking at the hearing apart from Comey suggested that Congress will have to address the issue in order to define the legal access options available in an era of increasingly fortified security.

It's an era that troubles Comey. "We're moving to a place where there are warrant-proof places in our lives," said Comey. "... That has profound consequences for public safety."

Sewell, in his testimony, outlined the questions Congress will have to answer. "Do we want to put a limit on the technology that protects our data, and therefore our privacy and our safety, in the face of increasingly sophisticated cyber-attacks?" he said. "Should the FBI be allowed to stop Apple, or any company, from offering the American people the safest and most secure product it can make? Should the FBI have the right to compel a company to produce a product it doesn't already make, to the FBI's exact specifications and for the FBI's use?"

One of the more illuminating moments about the contradiction inherent in the notion of encrypted devices that can be made to divulge their secret on demand, Congressman Jerrold Nadler (D-NY) asked, "So what you're saying is we're really debating something that's undoable?"

Worcester Polytechnic Institute professor Susan Landau, a technical expert in encryption, answered, "That's right."

Rising stars wanted. Are you an IT professional under age 30 who's making a major contribution to the field? Do you know someone who fits that description? Submit your entry now for information's Pearl Award. Full details and a submission form can be found here.