Apple has been given potentially crucial backing from a New York judge as it battles the FBI over whether it must decrypt the iPhone of San Bernardino shooter Syed Rizwan Farook.
Brooklyn judge James Orenstein has ruled that Apple can ignore a US Justice Department plea to unlock an iPhone seized from a suspected drugs trafficker in 2014.
The two cases are separate, but Apple believes Orenstein's ruling has strengthened its hand as it resists FBI calls to likewise decrypt the iPhone 5c of Farook, who with his wife Tashfeen Malik killed 14 people and injured 22 in San Bernardino, California in December.
In both cases the FBI and US Government have tried to use the so-called ‘All Writs' law to compel Apple. But Judge Orenstein has said this legislation, which is over 200 years old, is not suitable.
Apple feels the San Bernardino magistrate, who has so far backed the FBI, will now “carefully analyse” the New York ruling.
UK security expert Professor Alan Woodward of Surrey University agrees. He told SCMagazineUK.com: “I think this ruling will have an impact on the other case because it's the All Writs Act they've tried to use in the San Bernardino case. That could scupper their case if the judge takes this case law into account, which they normally do.”
But the encryption versus privacy debate is already moving to a higher level, in both the US and UK.
A US Congressional Committee is today hearing from experts including Apple chief lawyer Bruce Sewell, as it decides whether Congress needs to step in to clarify the laws governing encryption.
In written testimony to the US House Judiciary Committee, Sewell is calling for “an honest conversation” on privacy versus security.
He argues: “The FBI has asked a Court to create a backdoor into the iPhone — to build a software tool that can break the encryption system which protects personal information on every iPhone. Hackers and cyber-criminals could use this to wreak havoc on our privacy and personal safety.”
But in the other corner, New York District Attorney Cyrus Vance is arguing that the current level of encryption "cripples even the most basic steps of a criminal investigation".
He says in his testimony: “The real-world effect is that Apple's encryption policy frustrates the ability of law enforcement to prevent, investigate and prosecute criminals, including the very hackers that Apple claims it wants to protect users against."
Vance's office is currently locked out of 175 Apple devices relating to investigations into crimes including child sexual abuse, sex trafficking, assault, robbery and identity theft.
Meanwhile, in the UK, the Government has already stepped into the privacy versus security minefield, with its revised Investigatory Powers Bill on encryption, security and privacy being presented in the Commons today.
SC is reporting on the so-called ‘Snoopers Charter' in full, but the Home Office has confirmed the new law will address concerns raised by Apple and other tech giants about encryption.
The law will make clear “beyond doubt” that tech companies will not be forced to fit backdoors to phones. They will only be asked to remove encryption that they themselves have applied, and only where it is "practicable" for them to do so.
Alan Woodward agrees it is right for lawmakers to step in now, and said the UK Government has already accepted that “they've got to live with encryption”.
However, he pointed out that different tech firms “take radically different approaches to how they employ encryption” and called for a public debate and decisions by lawmakers on the rights and wrongs.
Woodward told SC: “You've got companies like Apple who are really at one extreme, saying ‘we want to be in a position where we cannot be forced to unencrypt'. If someone uses a six or eight-character passcode on their iPhone today, it would take centuries to unlock it using brute-forcing.
“Whereas Microsoft takes a different approach, They've got a tool called COFEE (Computer Online Forensic Evidence Extractor) which helps with forensic examination of all Microsoft equipment.”
Woodward added: “Personally I find it strange that a technology company is dictating in some way public policy. The balance of power has been switched from government to technology companies and that's worrying in its own right.
“I think there should be a proper debate and public policy formulated and technology companies will then have to follow the law, whatever the law is. The legally elected representatives have to decide what that is.”Other commentators have sided with Apple's position in the debate. Katie Moussouris, formerly a senior security strategist with Microsoft and now chief policy officer at HackerOne and an ISO editor, tweeted: