A host of Silicon Valley’s biggest companies said today that if the FBI is allowed to compel Apple to help it hack an iPhone belonging to one of the San Bernardino terrorists, it sets a precedent that would break the trust of internet users around the world.
“This extraordinary and unprecedented effort to compel a private company to become the government’s investigative arm … threatens the core principles of privacy, security, and transparency that underlie the fabric of the internet,” reads the legal brief, filed by Airbnb, Reddit, Twitter, Medium, LinkedIn, eBay, Kickstarter, Square, Squarespace, Automatic (which owns Wordpress), secure messaging app maker Wickr, Meetup, Mapbox, Twilio, and Atlasssian.
Though these companies are not involved in Apple's case, they filed what's known as an "Amicus brief," which is a legal filing from interested parties that believe they will be impacted by the decision. The brief is embedded below.
"Forcing a company to undermine its own security measures provides a powerful disincentive to invest in security"
Apple has made clear that if the FBI’s order is allowed to stand, it would set a precedent that would allow law enforcement in the United States and around the world to conscript the company to hack into any iPhone with a warrant. The tech companies’ amicus brief suggests that the precedent extends far beyond the iPhone, however.
“The government’s demand here, at its core, is unbound by any legal limits,” the companies wrote, adding that it would cause “tangible harm to users, Apple and the industry, and society more generally.”
"Firms could have no confidence that their carefully designed security systems would not be redesigned by court order"
The companies say that they have over 1 billion users worldwide and “handle massive volumes of internet traffic.” In a particularly compelling passage, the companies suggest that if the government’s order is allowed to stand, it will surely cause internet companies to invest less time, money, and effort into designing secure systems for their customers. Apple has top-of-class security—if the government requires it to become its own adversary, what’s the point in spending money designing that security?
“Forcing a company to undermine its own security measures provides a powerful disincentive to invest in security: Firms could have no confidence that their carefully designed security systems would not be redesigned by court order,” the companies wrote.
They also say they worry that if the FBI’s order is allowed to stand, they may be asked to surveil their customers surreptitiously in ways not permitted by their own privacy policies.
“This principle could require companies not just to turn over one user’s information but to weaken security measures created to protect all users,” the companies wrote. “Granting the government such extraordinary authority, without any set rules or legal protections, will not only erode user privacy and security and defeat users’ interest in transparency, it will undermine an existing legislative framework balancing competing interests and policy considerations.”
These are not necessarily legal arguments (the companies’ actual legal arguments mirror Apple’s, which you can read more about here) but it’s instructive to consider the potential future implications of allowing law enforcement to conscript companies to write new software to aid in criminal and terrorist investigations. If it happened to one of the world’s richest companies, who’s to say that it can’t happen to any company that handles user data?