Apple Fight Could Lead To "Virtually Limitless" Surveillance Powers, Judge Warns
At stake in Apple's fight against government orders to break open locked iPhones could be the legal authorization for “virtually limitless” surveillance under the Internet of Things, according to a federal judge's order rejecting a government request in a New York drug case yesterday. Midway through his lengthy opinion, Magistrate Judge James Orenstein made that point clear as he dismantled the staggering government claim that Apple's software licensing arrangement was proof that the company was “sufficiently close” to consumer devices that it could be compelled to unlock them.
In layman's terms, the government was arguing that you don't own your iPhone—that, at least in some sense, Apple does. We at EFF have plenty of problems with end-user license agreements generally, and we didn't think that argument had much merit when the government first offered it. Apple quickly filed a brief matching our position.
Still, it's worth considering the chilling implications of the government's argument in an environment of technological advances, as Judge Orenstein does in a footnote:
As constantly increasing computing power is continually squeezed into ever smaller storage devices, the category of consumer products containing licensed software will continue to grow. In a world in which so many devices, not just smartphones, will be connected to the Internet of Things, the government's theory that a licensing agreement allows it to compel the manufacturers of such products to help it surveil the products' users will result in a virtually limitless expansion of the government's legal authority to surreptitiously intrude on personal privacy.
Think about that. In the courtroom, the government argues that the All Writs Act already gives it the legal power to surveil people through the devices they own. Meanwhile, the government also argues for expanded technical capabilities to do so, via mandatory crypto backdoors. If neither the law nor the technology can be a check on government spying, what can?
The idea that an Internet of Things you don't control will become an Internet of Things that spy on you is not exclusive to EFF and federal judges, either. As former EFF activist Trevor Timm noted in his Guardian column, Director of National Intelligence James Clapper made the same argument in testimony to a Senate panel last month: “In the future, intelligence services might use the [Internet of Things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”
The countervailing force here is user autonomy. Users need to have ownership of their technology. That means resisting efforts to diminish user control, whether they come through restrictive license agreements on embedded software, digital rights management technology or the anti-circumvention provisions that give it legal teeth, or mandated backdoors that would give companies or governments access to personal data.