What If Apple Is Wrong? [MIT Tech Review, Brian Bergstein, April 7, 2016]

Before I get started, just a note: MIT’s article is a pretty solid argument for what I see as the “Devil’s Advocate” side of the iPhone privacy debate. So here’s the top 5 most important points that the article makes, and of course, some commentary on each.

1. “Are we certain we want to eliminate an important source of evidence that helps not only cops and prosecutors but also judges, juries, and defense attorneys arrive at the truth?”

Sounds obvious right? Well, to further the devil’s advocate argument, allow me to tell you a story: In Law School, we do this thing called “moot court”. It’s exactly what it sounds like: court where the point is “moot”. That is, the whole exercise doesn’t count. You’re letting students practice their skills without those students’ mistakes resulting in the loss of some poor soul’s life, liberty, or pursuit of happiness.

At my Alma Mater, there is one event per year where groups of students all present the same case (same plaintiff and defendant, same set of witnesses, same set of evidence). They go into different classrooms, and generous members of the community volunteer their time to be jury members. Most of them have watched Law & Order or something similar at some point in their lives, what they do not all necessarily know or realize is that all of the lawyers (students) had access to the same file. The volunteers recognize that the students have to make strategic decisions as to what to argue (See previous note re Law & Order watching experience).

But it is not until after the trials are over and the volunteers from different court rooms are chatting over coffee that they realize that, even with access to exactly the same file, student attorneys told dramatically different stories in their respective courtrooms. Such that a jury which ruled in one direction in one of the court rooms based on the story that that jury heard would have ruled differently in one of the other court rooms based on the way the story was presented in that other court room.

The Devil’s Advocate Encryption Debate

This article focuses on one aspect of the encryption debate which comes down to this: On top of the huge differences in stories and conclusions that occur when all of the parties have the same evidence, now imagine that when our moot court coordinator e-mailed everyone the case file, all of the evidence files were attachments. But, imagine that, by accident, the groups assigned to a few of the court rooms received encrypted copies of those evidence files and couldn’t open the files. And let’s imagine that no one in the groups could get the evidence files decrypted before their moot court “show”. Now those classrooms are doing their entire case without evidence which the other classrooms have. It is highly likely that those jurors will have dramatically difference stories to tell over coffee.

Now back to Apple.

2. “Cyrus Vance Jr., the district attorney of Manhattan, says that since Apple stopped being able to get into its devices, his office has been unable to carry out more than 215 search warrants for iPhones and iPads, in cases that include homicide and sexual abuse of children.” (report available here.)

Homicides and sexual abuses of children certainly are up there with terrorist bombings on the list of crimes which tempt even me to believe that Apple is wrong. But this article is smart enough to go into the grey area.

3. “We’re about to find out whether that will remain true as more and more people do their computing and communicating on a device that is entirely inaccessible to police by default. . . They are not just hindering investigations of certain clever criminals; they’re inhibiting every kind of case.”

Now for two examples:

Darn Diary

“In Baton Rouge, Louisiana, investigators are stuck with about 60 locked devices, including an iPhone belonging to Brittney Mills, a 29-year-old woman who was shot to death at her doorstep one night in 2015, when she was eight months pregnant. The baby was delivered but died soon after. Mills had opened the door for the killer, so she probably knew the person. But police could find little physical evidence, and no eyewitnesses have come forward, according to Hillar Moore III, the East Baton Rouge Parish district attorney. Mills’s nine-year-old daughter was home at the time, but she only heard the shooting and then hid in the bathroom. Police know which people Mills texted and called the day of her death, but they don’t know what was said, and Moore says no suspects stand out in that group.
Mills’s iPhone could offer vital evidence. Her relatives have told investigators that she kept a diary on the device. But she hadn’t backed her phone up to Apple’s iCloud service for three months. No one knows her passcode, and Apple says it can’t open the phone. Whether it holds the kinds of clues that cracked Devon Godfrey’s murder in 2010 might never be known.”

In essence? The evidence the police want from the victim’s phone is the personal information itself on the phone. Of course, it’s also sympathetic that that it is that personal information itself that might help solve her murder.

Unintended Mastermind

“Although locked smartphones have held up a small percentage of cases, Vance is convinced a law is needed before the number climbs much higher. To illustrate his point, he describes a case from 2012. A man in Manhattan was taking a video on his iPhone when he was shot and killed by someone who threatened to go after the eyewitnesses if they talked. Investigators got that video and convicted the killer. Now imagine that shooting happening today. If the victim made the video on a stand-alone digital camera, it would be fair game for cops with a warrant. Why should they be unable to see it just because he used an iPhone?”

The evidence the police would want sounds much more traditional in this case, especially given that the technological community has spent decades explaining why getting a video from a smartphone is different from getting one off of a video camera. Alas, this story is the one that reminded me that the diary story isn’t as simple as it is at first glance.

4. ““Two companies that own 96 percent of the world’s smartphone operating systems have independently decided they’re going to choose where the line between privacy and public safety is to be drawn,” Vance says. “We should ask them to make the same kind of adaptations that we require banks to do.””

And on that note:

5. “just because some officials have overreacted to encryption in the past doesn’t mean we should brush off warnings coming now. The justice system is far from infallible, but it is run by people whose duty is to something more than a set of shareholders.”

That is, it at least should be.