ACLU Says Fight for Privacy Isn't Over, EFF Urges U.S. to Disclose iPhone Security Bypass

gPhoneThe FBI withdrew its demand for Apple to create a new operating system bypassing security protections on iPhones Monday, but the American Civil Liberties Union (ACLU) and the Electronic Freedom Foundation (EFF) both issued statements saying the fight over privacy wasn't over. The EFF also asked the U.S. Department of Justice to disclose the method used to break into the work iPhone of Syed Farook to Apple.

"This case was never about just one phone," Alex Abdo, staff attorney at the American Civil Liberties Union, said. "It was about an unprecedented power-grab by the government that was a threat to everyone's security and privacy. Unfortunately, this news appears to be just a delay of an inevitable fight over whether the FBI can force Apple to undermine the security of its own products. We would all be more secure if the government ended this reckless effort."

The FBI asked a federal court last week to vacate, or cancel, a hearing in Apple's fight against the FBI's request. The reason given in the court filing was that an unspecified third party (believed to be Israeli firm Cellebrite) had stepped forward with a method for accessing the data on the device in question.

The FBI noted in its filing that if this method worked, it would not need Apple's help. For its part, Apple said that if the method worked, the DOJ should try it on an unrelated iPhone in an unrelated case, and that if it didn't work, Apple would be happy to attempt the method itself, providing the courts would disclose that method.

On Monday, the FBI said the method worked, and it no longer needs Apple's help. That should put an end to the specific request over Syed Farook's work iPhone, but it hardly lays to rest the issue of whether the U.S. can use the All Writs Act of 1789 to compel technology companies to create backdoors in otherwise secure products.

And that's where the EFF comes in, because if there is a method to break into a locked iPhone, it's not really "otherwise secure." The EFF issued a statement noting the issue of privacy remains unsettled, and it urged the DOJ to disclose the method used to unlock the iPhone to Apple.

The EFF's statement:

The FBI has successfully accessed data on an iPhone that has been the subject of a legal battle between the Justice Department and Apple, according to a court filing.

EFF is pleased that the Justice Department has retreated from its dangerous and unconstitutional attempt to force Apple to subvert the security of its iOS operating system. However, we are still calling on President Obama not to undermine security and encryption, and you can add your voice to the chorus.

In addition, this new method of accessing the phone raises questions about the government's apparent use of security vulnerabilities in iOS and whether it will inform Apple about these vulnerabilities. As a panel of experts hand-picked by the White House recognized, any decision to withhold a security vulnerability for intelligence or law enforcement purposes leaves ordinary users at risk from malicious third parties who also may use the vulnerability. Thanks to a lawsuit by EFF, the government has released its official policy for determining when to disclose security vulnerabilities, the Vulnerabilities Equities Process (VEP).

If the FBI used a vulnerability to get into the iPhone in the San Bernardino case, the VEP must apply, meaning that there should be a very strong bias in favor of informing Apple of the vulnerability. That would allow Apple to fix the flaw and protect the security of all its users. We look forward to seeing more transparency on this issue as well.

All of which is to say this fight is far from over. President Barack Obama, the FBI, and the DOJ all believe law enforcement is entitled to backdoor access into encrypted communications, while the tech industry, encryption experts and privacy advocates say that such backdoors make all of us vulnerable to the hackers, criminals, and malicious foreign agents. At the same time, U.S. intelligence services largely side with the tech industry and encryption experts.

Most importantly, the issue of whether the All Writs Act can be used to compel a company like Apple to do what the FBI demanded remains unanswered. As of this writing, the case in New York over an accused drug dealer's iPhone remains open, and in that case a U.S. Magistrate Judge ruled that the government could not use the All Writs Act to compel Apple.

If that case is similarly dismissed, use of the All Writs Act could remain an open question until the U.S. Congress passes new legislation (that is then signed into law by the president) covering this area, or until the U.S. tries to use the All Writs Act for some other device or service. Dollars to donuts says the U.S. will try and secure a precedent involving a company other than Apple before coming after Apple again.

But you never know.