The real issues and Apple v. FBI

So there is much ado over a judge's order in the San Bernardino terrorist shooting.  It's now gotten to that special place where facts and reason are trumped by emotion and PR.  That is more than just unfortunate since there are some real and very important issues that really should be examined.

Some background

Briefly, on December 2, 2015, 14 people were killed and 22 were seriously injured in a terrorist attack at the Inland Regional Center in San Bernardino, California.  A description of the events and aftermath can be found on Wikipedia.

As part of an ongoing investigation into the original events the FBI ask Apple to assist in unlocking one of the terrorist phones.  This led to the issuance of a court order to compel Apple to assist and considerable public controversy .  A description  of the order events and the some of the subsequent controversy can be found in Wikipedia entries.

Much of the public controversy has centered on privacy and encryption in the context of cell phones.  Among the claims made are

• customer data stored on cell phones is private and should not be subject to government examination
• the court order is an attempt by government to gain universal access to all cell phones
• the court order is an attempt to weaken encryption and provide the government with a key that can subvert encryption
• the court order is an attempt by the government to in appropriately force Apple into government service

Briefly what is wrong with the current controversy

Consider the following:

• Is individual data on a cell phone immune to warrants for its recovery?  The short answer is no.  Such data is fundamentally no different from other data stored elsewhere and is no more or less subject to warrant search.
• Is the court order an attempt to secure a back door to gain universal to all cell phones?  The short answer is no.  Here the details of the order and the technology involved are significant.  Specifically the order provides that Apple assist the FBI to unlock this specific phone by modifying the login delay and excessive login failure delete feature of IOS in a fashion that is unique to this specific phone, that the phone may be under Apple's control during this process, that Apple need not provide the software to accomplish this to the FBI, and that Apple is free to dispose of the software after the phone is unlocked.  The net consequence  of this is that no universal method ever exist to unlock all cell phones and that the limited ability to unlock a specific phone may be destroyed after the phone is unlocked.
• Does the court order weaken encryption?  The short answer is no.  Rather the court order seeks Apple's assistance in exploiting a specific design characteristic (weakness) of Apple's product on this and other Apple cell phones (though not all).  While the details are somewhat technical, Apple's design provides that once the phone is unlocked the encryption key for Apple provided encryption of user data on this specific phone is available and encrypted data on the phone may then be accessed.  Unlock protection for the phone is provided by the two features the judge's order requires Apple to bypass.  
• Is Apple being inappropriately forced into government service?  The short answer is no.  It is well established law that companies and individuals are subject to judicial orders that require them to do something.  Apple is entitled for compensation for its work.  The law and order provide for such compensation.

What is significant here is that there is little to nothing that is unique, exceptional, or fundamentally controversial about the order or its effect.  The design defect in Apple's products is doubtless embarrassing to Apple given their market positioning but the legal and technical issues are actually narrow and clear.

Real issues and why they matter

Notwithstanding all the controversy, almost all of it misses the most important issues.

• Is there a legitimate societal interest in the data at issue? In user data on cell phones generally?
• Should some data be immune to warrants?  Should cell phone data specifically?  
• Do users have a reasonable expectation of data protection and privacy on cell phones?
• Should manufacturers be compelled to use weak encryption?
• Should manufacturers be subject to court orders that subvert manufacturer provides electronic locking (not encryption) when the technical mechanism to do so exist? 

There are doubtless other real issues.

If we allow ourselves to be distracted from real issues they do not get addressed.  If they do not get addressed we end up with unsolved problems and bad laws.  It's really rather simple.