Contrary to what the US government might want us to think, we already know that the iPhone tug-of-war with the FBI – abruptly ended when the FBI somehow cracked a terrorist’s phone encryption earlier this week – was about far more than that one phone.
The American Civil Liberties Union (ACLU) has found that in the past eight years, since first blowing the dust off of a 1789 statute, the government has used the antiquated legislation at least 63 times in an effort to get access to customers’ phones with the assistance of Apple, Google and other device manufacturers.
The statute is called the All Writs Act, and it gives courts the authority to issue orders necessary to enforce other lawful orders or decisions.
The ACLU didn’t say how many, if any, of the cases resolved in the government’s favor.
The number of cases will rise: the ACLU knows of an additional 13 cases, Apple has identified 12 pending cases (PDF) whose docket numbers remain unknown, and the ACLU uncovered yet another little-publicized case in Massachusetts.
If you want to know which states are beating tech companies over the head with this creaky old law, you can look it up on the interactive map the ACLU has put up. It shows where the cases have originated, their docket numbers, and which federal agency did the investigation.
If you want details on whose phones the Feds want to unlock, the ACLU also posted the associated public court documents here.
As the court documents show, prosecutors have asked for help to unlock phones in cases that range from child pornography to narcotics.
ACLU Attorney Eliza Sweren-Becker says that what the Feds did in the San Bernadino case was no one-off special: rather, their use of the All Writs Act has become downright commonplace:
The FBI wants you to think that it will use the All Writs Act only in extraordinary cases to force tech companies to assist in the unlocking of phones. Turns out, these kinds of orders have actually become quite ordinary.
When it comes to battling the Feds to fend off their requests to weaken encryption Apple has been front and center ever since the 2015 mass shootings in San Bernadino, California.
Two shooters were involved, a man and his wife. They murdered 14 people before fleeing from the police, only to end up dead in a shootout.
The couple had apparently destroyed their own mobile phones before undertaking the attack. But the work phone of the husband, Syed Rizwan Farook, was technically the property of his employer, the San Bernadino council.
The FBI grabbed the phone, to see what investigative intelligence it could reveal, if any.
That’s what led to the court case, when the FBI found itself stymied in trying to crack the iPhone’s passcode without the phone erasing its data.
Many tech companies, including Google, have come out in support of Apple’s refusal to comply with the court order to help the Feds unlock the terrorists’ phone.
But it turns out that Google itself has been hit up with the same All Writs Act that the government has used on Apple: some 90% of the cases have involved Apple, but 10% of them were aimed at Google, according to the ACLU’s findings.
In spite of its antiquity, some view the statute as being akin to a blank check handed over to the courts to do with as they wish.
But does the law even matter, now that the FBI has quietly slipped off to get the encryption broken on its own?
As it is, the FBI’s already been called in to use its newfound iPhone encryption cracking skills in another murder case.
Given that there’s somebody out there who knows how to unlock the iPhone, how safe should customers feel about their phones’ security?
The answer, as Naked Security’s Paul Ducklin and some readers have noted, is that they can probably still feel pretty safe.
That’s because the technique used by the FBI appears to be pretty hands-on, perhaps involving disassembling the device and even desoldering or piggybacking its flash storage chips.
In other words, not remotely exploitable, not easy, not quick, and unable to be done without the phone’s owner being aware of it.
But criminals, before you relax, you should take note: the law doesn’t have to get all fancy with dissecting your iPhones or shaking a 1789 All Writs Act at your phone manufacturer.
That is because, as Forbes recently discovered, they can just legally compel you to use your fingerprints to unlock a phone.
Forbes has discovered what it thinks is the first executed warrant in a case where a suspect was legally compelled to use their fingerprints to unlock an iPhone.
We don’t know if the Los Angeles Police Department lifted the fingerprints of the individual in question, Paytsar Bkchadzhyan, off a glass or something found in his home (thereby enabling them to trick the Touch ID sensor with a replica fingerprint), or whether they got him to press his finger or thumb to the seized iPhone.
What we do know: the warrant Forbes uncovered gave them the power to do either.