Apple versus the FBI: Lessons from my MBA class
The terrorist attacks and deaths in San Bernardino last year were tragic and deserve justice. In the FBI’s efforts to investigate the case, they are pursuing every method they can to gather information about the culprits. Toward that end, the FBI has been working with Apple to unlock an iPhone owned by one of the terrorists. What started as a joint effort has degenerated into a stand-off between Apple and the FBI. The FBI has obtained a court order demanding Apple to create an alternative operating system for the iPhone that can be installed as an update, that opens a backdoor method for the FBI to break into the phone. On the one hand, the FBI wants the tools necessary to complete their investigation. On the other, Apple sees such a tool as a fundamental security breach and refuses to comply. Why? It may be difficult to see Apple’s reasons, but I believe there are two key lessons that I teach my MBA students that can help distill some of the complexity in this case and present why I think Apple is not only correct but should be actively supported. First, software is an information good, which has fundamental differences to physical goods, especially when it comes to security. Second, software is a written opinion, with implications for copyright and free speech. Let me explain.
Why won’t Apple write the new operating system voluntarily? As CEO Tim Cook says, once the change is made, it fundamentally weakens the security of their phones. To understand why he might say this, consider what it means when I say software is an information good. As I mentioned in my last post on Apple’s fight for your privacy, information goods have characteristics fundamentally different from physical goods, such as the ability to make infinite copies at virtually no cost and the ability to distribute those copies at virtually no cost. Furthermore, once the code is created, it isn’t used up by use like food might be. This is why, in software development, security weaknesses are never ever purposefully created, even if just for a one time project. 70 years of experience in software development has led to the principle of security. Inevitably, these one-off projects are just as dangerous. Knowledge that such a possibility even exists are enough for hackers find it, build it, duplicate it, and/or share it with all of their friends. This is why Tim Cook calls this request the software equivalent to cancer.
Furthermore, despite the director’s FBI claims to the contrary, this is not just a one-off case. That’s not how our legal system works. America is founded on this common law principle, meaning that once precedent is set it is binding on all further cases. Once precedent has been set that a government agency can force a technology company to rewrite their code – it can do it in other cases as well. As more agencies make similar requests (as they already seem to be champing at the bit to do), more copies will be distributed. Even if each and every one of these agencies promise to destroy their copy after using it, all it takes is one instance of failure (whether by accident or intent) for the code to be released into the wild. And then… well, the security of each and every iPhone in the world will be compromised. Even if we assume that those government agencies are honest, hackers are not. Hackers that obtain the code could gain access to your private messages, your health information, and perhaps even your banking information.
We know data breaches are not uncommon. We hear about them every day. Just because a government agency promises to destroy the code, doesn’t mean hackers can break into their systems, find the code, and use it.
And even if you individually are super careful not to use your iPhone (or any other smart phone) to store any personal information, there is no reason to deny others the right to use their iPhone to use such information. Apple promised end-to-end encryption and stiff security to help protect that data if your phone is ever stolen. Like software, your personal information is also an information good. These security features of the iPhone are a good thing.
It is for these reasons, that I believe Apple refused to voluntarily write this code. The concept of information goods allows us to understand why security in an operating system is so incredibly important for our personal information and why creating security holes in an operating system is so fundamentally dangerous. Apple is right to refuse this.
But can the government force Apple to do so? No, they shouldn’t. To understand why not, consider a second principle I teach to my MBA students, that software is an opinion. For users of software, this may not be immediately obvious. Often they see just the end product and assume that’s the way it has to be. It isn’t and it doesn’t. During the development of a piece of software, computer programmers, computer designers, and system analysts must make decisions about what is important to include, what to exclude, how to position things, what to call things, and a whole host of value judgments about what is important and what isn’t. These are opinions. That’s why companies have many competing products. Do a search for “web development tools” or “project management software” and you’ll find 100s of different software tools that offer slightly different ways to accomplish the same thing. Furthermore, these opinions are written in a computer language. While these languages may not be like most common spoken languages, they do exhibit the rules of syntax and semantics that structure the thoughts and instructions for how a piece of software should function. Because software is a written opinion, it is considered a creative work and protected by copyright law. The U.S. codified those principles in a number of laws, most recently the Digital Millennium Copyright Act.
So how does that apply to the Apple-FBI dispute. Let’s use another copyright object as an analogy – a book. Suppose an author decides to kill off a main character in their story (author’s such as Shakespeare or George Martin certainly come to mind). Does the government, for whatever reason, have the right to force the author to rewrite the story so the main character stays alive? No! We as a nation protect free speech (whether we agree with the speech or not), so we can say (and write) what we want. We agree that forcing others to say something other than what they believe is wrong. In this case, Apple believes (and for reasons discussed above) that deep security should be integrated with their software operating system. It is their opinion. And is protected by copyright law. And copyright law is based on an even more fundamental principle – our right to free speech as defined in the constitution. Apple and it’s software developers have a right to free speech and a right to write in the manner they best see fit – including write software. Forcing them to do otherwise would be forcing them to do something they fundamental believe is wrong. It amounts to forcing them to write (and hence think) exactly like the government wants them to write (and think).
Certainly software is an opinion, but that does not give the government nor the popular opinion of the nation the right to force them to change that opinion. Especially to create something that violates that opinion. That’s not the same as restricting some speech in cases where lies might cause severe damage – like the classic case of yelling “Fire” in a crowded theater when in fact there is no fire. But those limitations are negative in manner – referring to what you cannot do or say – not positive in manner, such as forcing you to say something you don’t want to. The danger of such a precedent is extremely dangerous. Dystopian novels such as 1984 by George Orwell come to mind. The government should NOT be allowed to negate the principle of free speech, and hence should not force Apple to write an alternative software program even if only for one use.
I have read online in various posts that all the government really wants is for the phone to be “unlocked” so that information can be accessed. There have been arguments that this is a PR move for Apple and that they can stir up some media attention. I am a fan of conspiracy theories, and thus I have been contemplating this as justification for Apple’s actions (or lack thereof). This is a bit of a power struggle and I think Apple is testing their limits when it comes to dealing with and taking on the government. I believe Apple is indeed an extremely powerful company, maybe even more powerful than many would like to admit. They have so much control over personal information, and I’m sure the government would love to get their hands on it. With the coverage of wire tapping and those who believe that the government is spying on us 24/7, giving backdoor access to the government doesn’t exactly come off as comforting. Many citizens may feel that Apple is defending terrorism, when in reality they are defending human rights and the right to privacy of personal information. This instance will indeed set a precedent moving forward, and it is very interesting to see who THINKS they are in control. The government can always level sanctions and force Apple to comply, but Apple can continue to bolster it’s image if this drags on.
Professor – I disagree with the thought that the FBI is “forcing” Apple to change the security of their operating system. The Government’s argument is that Apple needs to comply with a willful order given by a Federally appointed Judge in a case of National Security. Let’s look at the case 2 other ways – First, if the unfortunate events of that fateful day had occurred in an Apple facility somewhere in the world, Apple would be demanding the FBI and other Government agencies do everything they can to gather as much detail as possible to prevent another case in the future. Secondly, The Government is not asking Apple to turn over the code or a new IOS version to the Government, but is asking that it be developed so the FBI can provide the physical device to Apple, in Apple’s secure lab, and have the ability to guess the user’s security code. This is no different then accessing an encrypted hard drive they obtain in a raid or any other type of encrypted media, which is already precedent in case law. If Apple is concerned with the code falling into the wrong hands, they have no faith in their own physical security or that of their data systems. Additionally, the threat of being hacked is real for any organization, and should it occur at Apple, they again would call upon the same Federal law enforcement agencies to investigate the crime as they are now doing battle with. Finally, the Government has an obligation to protect the American people here and abroad from terror. If an organization refuses to provide access to critical national security related detail, they should be prevented to sell the product within the borders of the United States, which is well within the rights of the Federal Government to demand. Would they, probably not – but they can prevent Apple from selling their devices through an Injunction fairly easily, all in the name of National Security.
Let’s also remember that it was Tim Cook that made this National news. The Government did not broadcast to the news media the idea of removing the auto-wipe feature, Apple did. They have brought this controversy upon themselves. Had they simply complied and kept it top secret as any matter of National Security is, the public would be none the wiser that the ability is even possible.
As an alternative, the FBI should be able to access the code for the IOS version in question in the copyright office that Apple is wanting Government protections for, and develop the work around themselves. As you mention, the code is no different from a book or other intellectual work that is protected by copyright, but to get that copyright, you need to provide a complete copy of the work to the Office so it can be protected. The Government already has a copy, but needs Apple’s expertise in applying the requested fix.
As another alternative, why can’t Apple develop a small application that can be used to check if the auto-wipe feature is enabled on the phone? That is after all the only piece the FBI needs Apple for. Not to break the security or hack the phone, but to tell if the data will be wiped after 10 attempts at the password guess. Wouldn’t that be easier then going through all the difficulty of the issue at hand? In Apple’s case, any publicity is good.. and they are looking to sell more devices for which once the terrorists know they can be secure, and transmit encrypted detail that even Governments cannot access, we’re all in a lot more trouble. To quote a favorite movie, A Few Good Men.. “All you did was weaken a Country today…”
I agree that Apple should not be forced to create the code to unlock iPhones. As a long-time iPhone user, I want to be assured that the information on my phone is secure. If we lived in a perfect world with no hackers, what the FBI is trying to force Apple to do would be no big deal. However, we all know this is not the case.
One of my friends has had her credit card information stolen twice from two different luxury hotels. It is amazing how easy the hackers were able to obtain this information. Similarly, if the code were created by Apple to unlock iPhones, no iPhone user could ever feel that their information was safe and secure.
In Tim Cook’s letter to Apple customers, he compared the creation of a backdoor to the creation of a master key that would unlock millions of locks from businesses to homes (http://www.apple.com/customer-letter/). His letter is quite interesting. Tim Cook makes the case for this being a threat to data security, as well as setting a dangerous precedent.
Even though the events leading up to this discussion were tragic, Apple should be able to have the right to dictate what it can do with its products and services without interference from the government.
Nolan, Mike, and Thomas,
Thank you for taking the time to comment. And I love that Mike gave a thoughtful comment that was critical of my post. I still disagree, but I don’t have time to go into all the details today. Let’s just add, that the physical device is still in the hands of the FBI. They could, should they want to hire some other company or use the FBI’s own IT personnel to hack into the phone. This would not violate any of the issues I raised in my original post.
I read your article and found it very interesting. This topic is one that I have been following in the news myself. This federal overreach, becoming ever apparent and encroaching, saddens me deeply. Not only does this case represent an increasingly common threat to the 5th and 1st amendments of the Constitution, it is a display of a shift in the way the federal government has decided to throw its weight around. It seems long gone, or at least almost gone, are the days that “We have the right to refuse service to anyone.” Don’t want to bake a cake for a wedding, too bad. Don’t feel like you need health insurance, too bad. Don’t want to destroy your own software and compromise your global business, too bad. I like your points about how software is protected free speech and I agree the argument can be made, however the argument can be made that it is also commercial in nature and therefore can be regulated. Time and time again the government finds ways to regulate and circumvent the constitution, many times using a twisted and distorted view of the interstate commerce clause. What Apple is being asked to do is basically destroy or jeopardize their creation. You cannot be forced to create and you cannot be forced to destroy. Any privacy or legal argument aside, the U.S. has proven that is incapable or unwilling to protect data and information, so even if Apple didn’t have legitimate constitutional concerns and was willing to create a backdoor, they still should not do it. Unless they want to set a dangerous precedent and risk their business, Apple should remain strong. That being said, If there is a way that this single phone can be accessed for the FBI to use without compromising other phones or creating a “backdoor,” then this phone should be treated as evidence as it would in any other case where a warrant, which is specific in nature, has been issued.