There is something in a safe deposit box in a bank vault. The box requires two keys to unlock. The customer holds one. The bank holds the other. When the customer wants to access the box they must show the bank that they are entitle to access the box and present their key. The bank will unlock the vault, allow the customer to enter the vault, insert the bank's key into the box locks and allow the customer to use the customer's key to unlock the box so that the contents may be accessed.
Now suppose the FBI wants to access the contents of this safe deposit box. The FBI must ask a judge to issue an order to the bank. The judge listens to the FBI's arguments and if the judge finds they have sufficient merit, the judge will issue an order that requires the bank to open the safe deposit box. To do so the bank must unlock the bank's vault, provide the bank's key to the safe deposit box, and allow the FBI to drill the customer's lock causing damage to the bank's box.This situation occurs with surprisingly regularity. It is well established law that the bank is obliged to obey the judge's order and cooperate with the FBI to open the safe deposit box at issue.
The fact pattern surrounding the current controversy over the San Bernardino cell phone almost perfectly parallels the fact pattern above. The cell phone is equivalent to the safe deposit box. Apple is the bank. Apple's software is the vault. Apple's IOS signing key is the bank's safe deposit key. Once that key is turned the FBI may execute a brute force attack equivalent to drilling the user's lock.
It is significant that the fact pattern in the Apple controversy is not new nor unique in any way. It is significant that the law is well established for dealing with this sort of issue.
No comments:
Post a Comment