[Cryptography] EFF amicus brief in support of Apple

Wed Mar 9 15:30:09 EST 2016

> I've already commented here about the speech aspects of the code itself (I think that needs to be determined on a case-by-case basis based on the specific content, form and intent of the code), so I won't repeat that here in detail.  With regard to the "signature":
> 
> ...[T]he “signature” at issue in this case is simply a numeric value that computer scientists have decided to call a “digital signature”....  There is nothing expressive about the unpublished "signature" that Apple is being asked to provide in this case.  It is simply a numeric code that opens a "smart lock".  [I]f Apple wanted to strengthen its position for future cases, instead of signing the code, it could include with the code a declaration that read "I, Apple Corporation, do hereby affirm under penalty of perjury that the attached code which hashes to the value 0x746547493947363748 was prepared by and is endorsed by this Corporation to run on an iPhone model XXX.  Signed this 8th day of March, 2016, by Apple Corporation /Digital Signature/"
This argument might have been persuasive in the first third of the 20th century.  Since then, the Supreme Court has held that First Amendment protections apply to obscenities on tee shirts, to simple physical presence as a means of protest, to *not* having to carry a 4-word, state-defined phrase on your state-issued license plate - even to nude dancing.

Does the Amendment *definitely* apply to a digital signature, or to code simply as an executable?  No, because as far as I know there's no case on this point.  There are cases that are close, but this one raises new issues.  But given that Apple explicitly adds this signature for the purpose of expressing "this is code we approve of", and explicitly configures its software to outright reject and report as untrustworthy, any updates that are not so signed - the argument that the presence of such a signature is an expression of Apple's opinions about the signed software seems very strong.  If you want, you could say that it's *the rejection or acceptance of the patch*, that's Apple's protected speech:  It communicates information from Apple to a human individual about Apple's opinion concerning the software.  The machinery in between is irrelevant - it's just a means for transmitting that message.

Apple advances many distinct theories as to why they should not be required to build the unlock software.  The basic ones - that the All Writs Act does not apply for any of a variety of reasons - might be enough to get the current order tossed; but Congress could turn around pass a new law to allow such orders.  (Given the current Congress, that seems unlikely right now, but who can say for sure.)  The advantage of a holding that such an order is disallowed under the First Amendment (or others - there are a couple of theories floating around) is, of course, that it can't be overridden by Congress.

Depending on what you want to accomplish, you can choose different strategies.  The hazard of advancing both the Constitutional claims, and the All Writs Act-specific claims, is that a lower court could hand you a victory on the latter, it could be upheld by higher courts - and then the Supreme Court could decide to stay out as no Constitutional question is involved.  So you might win, but have to fight again if Congress changes the law.  Of course, if you advance only the Constitutional arguments ... who knows, perhaps the courts will decide that a digital signature, or code, or some combination thereof, are not "speech" within the meaning of the First Amendment, which would be a huge loss.  Clearly Apple and its lawyers think they have a strong Constitutional case - but they're taking the cautious approach of also including the lower-level defenses.

                                                        -- Jerry