November 24, 2017

Apple/FBI: Freedom of speech vs. compulsion to sign

This week I signed the Electronic Frontier Foundation’s amicus (friend-of-the-court) brief in the Apple/FBI  iPhone-unlocking lawsuit.  Many prominent computer scientists and cryptographers signed: Josh Aas, Hal Abelson, Judy Anderson, Andrew Appel, Tom Ball (the Google one, not the Microsoft one), Boaz Barak, Brian Behlendorf, Rich Belgard, Dan Bernstein, Matt Bishop, Josh Bloch, Fred Brooks, Mark Davis, Jeff Dean, Peter Deutsch, David Dill, Les Earnest, Brendan Eich, David Farber, Joan Feigenbaum, Michael Fischer, Bryan Ford, Matt Franklin, Matt Green, Alex Halderman, Martin Hellman, Nadia Heninger, Miguel de Icaza, Tanja Lange, Ed Lazowska, George Ledin, Patrick McDaniel, David Patterson, Vern Paxson, Thomas Ristenpart, Ron Rivest, Phillip Rogaway, Greg Rose, Guido van Rossum, Tom Shrimpton, Barbara Simons, Gene Spafford, Dan Wallach, Nickolai Zeldovich, Yan Zhu, Phil Zimmerman. (See also the EFF’s blog post.)

The technical and legal argument is based on the First Amendment: (1) Computer programs are a form of speech; (2) the Government cannot compel you to “say” something any more than it can prohibit you from expressing something.  Also, (3) digital signatures are a form of signature; (4) the government cannot compel or coerce you to sign a statement that you don’t believe, a statement that is inconsistent with your values.  Each of these four statements has ample precedent in Federal law.  Combined together, (1) and (2) mean that Apple cannot be compelled to write a specific computer program.  (3) and (4) mean that even if the FBI wrote the program (instead of forcing Apple to write it), Apple could not be compelled to sign it with its secret signing key.  The brief argues,

By compelling Apple to write and then digitally sign new code, the Order forces Apple to first write a message to the government’s specifications, and then adopt, verify and endorse that message as its own, despite its strong disagreement with that message. The Court’s Order is thus akin to the government dictating a letter endorsing its preferred position and forcing Apple to transcribe it and sign its unique and forgery-proof name at the bottom.

There are millions of iPhones that rely on Apple’s considered opinion about whether it’s a good idea to install a software update.  Or, if you like, there are millions of iPhone owners who rely on Apple’s considered opinion about what software updates are safe and advisable to install on their phones, and who have deliberately purchased phones that implement this personal reliance by the mechanism of public-key authentication.  The FBI seeks to force Apple to sign a statement in contradiction with its values.  But “compelled speech doctrine prevents the government from forcing its citizens [and corporations] to be hypocrites.”

Regarding whether (1) computer programs are a form of speech, the EFF’s brief cites three previous Federal cases where appellate courts have upheld this principle:

It is long settled that computer code, including the code that makes up Apple’s iOS operating system and its security features including encryption, is a form of protected speech under the First Amendment. Universal City Studios, Inc. v. Corley (2d Cir. 2001); Junger v. Daley (6th Cir. 2000); Bernstein v. DOJ (9th Cir. 1999).  Code consistently receives First Amendment protection because code, like a written musical score, “is an expressive means for the exchange of information and ideas.” (Junger, 209 F.3d at 484.) In Corley, which similarly considered code that could be used to undermine security, the Second Circuit held that “[c]ommunication does not lose constitutional protection as ‘speech’ simply because it is expressed in the language of computer code. Mathematical formulae and musical scores are written in ‘code,’ i.e., symbolic notations not comprehensible to the uninitiated, and yet both are covered by the First Amendment.” (273 F.3d at 445–46.) [citations abridged.]

I am proud to have participated in each of these three cases.  In Bernstein v. Daley I wrote this declaration in 1996 (a form of written testimony about facts), saying, “yes, we scholars publish computer programs just like we publish natural-language papers; I have been publishing open-source software since 1988.”  In Junger v. Daley I wrote this similar declaration in 1997.  These two cases were the foundation of the 1990s victories in “freedom of cryptography” in the United States.

In Universal City Studios, Inc. v. Corley I not only wrote a declaration, I testified as a witness in Federal Court in New York. The “DMCA police” mostly won that case, unfortunately, but even so, the judges at both levels (district court and appellate court) agreed that source code is speech.

Professor Richards has argued that the “Code=Speech” argument is problematic, that this is not the best argument in favor of Apple’s position.  He says, even if Code is Speech, there are other restrictions on speech that (the courts have held) are consistent with freedom of expression.  But he does agree with the digital-signature argument:

“making Apple write and disseminate this particular code—making it lie to one of its customers—could be seen as a kind of compelled speech, and that could violate the First Amendment. But this wouldn’t be the case merely because (as Apple assumes) Code = Speech and the FBI was compelling the creation of code. Instead, it would be offensive to the First Amendment because the particular act being compelled—authenticating a security update as true when it was false—would be compelled false communication in a relationship of trust. The law on this narrow question is underdeveloped, but it could allow Apple to win on free speech grounds.”

Other amicus briefs in support of Apple focus on other important and excellent arguments.  The brief from Stanford, signed by Dino Dai Zovi, Dan Boneh, Charlie Miller, Hovav Shacham, Bruce Schneier, Dan Wallach and Jonathan Zdziarski, argues that “[f]orcing device manufacturers to create forensic capabilities for U.S. investigators creates security risks” and “security breaches are all but certain when law mandates government access.”  I agree completely with this brief as well (but one can’t sign every brief!).

The ACLU’s brief argues, “The All Writs Act does not authorize the government” to compel Apple to do this, in part because “Congress has deliberately withheld the authority sought here;” and that “the order the government seeks violates the Fifth Amendment.”  I quite agree with the ACLU, of which I have been a member since 1988; but I am a computer scientist, not a lawyer, so on that amicus brief my computer-security and computer-science expertise does not specifically apply.

 

 

Comments

  1. I am totally and completely ashamed of my profession and the false academic claims being made. Software is not “free speech”. Software is a set of descriptions which ultimately specify the physical states to be assumed by computing machinery (processors). By definition over time those processor states form one or more physical processes. That is the basis of software being eligible for patents. Patents may only apply to physical processes. Furthermore, to be meaningful software it must actually be possible for physical machines to assume those states, i.e. the software must be “constructive”, or it is not software at all, just mathematics at best, or a description of a collection of useless bits also known as vaporware.

    By the standards proposed, the brand of spark plug used in a car is “free speech”. Grinding brake rotors is “free speech.” A set of guidelines to torque bolts is “free speech”. The assembly of gears in a trans-axel is “free speech”. The pixels on a screen are “free speech”. Making pottery is “free speech” and the pottery itself for that matter. Plowing a field is “free speech” (of course only if done by a trans-global agribusiness planting Frankenfood with cryptographically encoded genes). Oh yes academic corporate toadies, we are well down this road with mangling genetic codes, which, hell, are just another form of software to which you don’t have the right even to one that makes you up. Hell, a personal atomic bomb and the instruction to make it is “free speech”. Simple – just encode it in software, and ipso facto all knowledge becomes “free speech”. Not to far to stretch that if you simulated it in software, you own the right to whatever you simulate.

    That is not academic purity, it is pure sophism. And who knew, apparently it is possible to patent “free speech” after all. Thanks knee jerk academics, know we can all pay royalties on our very thoughts. There is no ‘fair use’ on patents. Me, I think I will patent the notion that shareholders should bleed society dry. Don’t laugh – US has moved to the first to file rule. Just think Wall Street crooks will owe me a fortune. Then I will file on the notion of tenure, and all those academics can pay me for the license to be tenured. Just image “one click tenure”. Way to go learned members of academia. Well at least I will never have to fill out another tax form. And if I use tax software, the EFF itself will defend my right to refuse or maybe since it is software they will advocate my right to change the tax rules to whatever I please. Oh one more thing, since I can’t be forced to say anything I don’t want, no more of those pesky assignment ever, because by god nothing is more important than “free speech”(sm). Which remains me, time to file my patent on the notion of “free speech”…

    The danger of degrading the meaning of free speech is extreme. We have seen the oligarchs turn money into “free speech” which is a strong candidate for the most ironic oxymoron of all time on the most levels at once, until descriptions of the physical states of machines took over the title. Good to know that people from this country fought and died to preserve the right to create software. How heartening to see all of this concern in service of trans-global corporations and the 58 oligarchs who own the bulk of them to place themselves forever above the law. The same people who have terminated personal privacy with extreme prejudice. Who literally have gone beyond anything Orwell could have imagined at his most extreme. You really want to be in bed with them. Above the law. Wow.

    This kind of absurdity is exactly what is opening this country to outright Fascism. It is actually Fascism in itself. Way to go, oh noble learned ones. Way to turn the 1st into trash.

    No, I am not impressed.

    • You just made good arguments as to why software should NOT be patentable. In fact, I would argue, that software should only be copyrightable.

      The entire US Patent system is currently a joke anyway. It is quite possible with a cleverly written patent, to patent the invention of the wheel. I have seen patents on “software” that pretty much are just a rewrite of already invented software; software patents are completely unreasonable. But, I have also seen patents on physical machinery that is identical to creating a box of XYZ dimensions and of a common metal, and yet somehow someone got the patent through. Clever wording is all it takes to get a patent these days.

      Not only is, as the people on this blog say, software is speech, or “expression” as the supreme court has upheld the term “speech” to mean. It shouldn’t be held exclusive to individuals either. It is my personal opinion that not only should software not be patentable, but that the copyright should only apply to the actual CODE, and not the style, design, function, UI, etc. etc. For instance, if I want to create a blog website, I should be allowed to without having to pay royalties to whomever invented blogs.

      But, then, who am I to get into real world politics. I have no money, so I have no political weight.

      • And yet another patent… saw headlines today: “Supreme Court will hear Samsung-Apple patent dispute” in the details apparently the courts up to this point have upheld a patent on the design features of Apple’s iPhone, absolutely nothing about “physical processes” only based on physical appearances. The patent has been issued to iPhone for “the flat screen, the rectangular shape with rounded corners, a rim and a screen of icons.”

        The pretty much sums up nearly every computing device for decades. How is it possible that such basic geometric shapes and visual feedback that provide no function beyond aesthetics can be patented?

        What a joke is the US Patent system and laws.

  2. Oh digital signature and trust. Let’s see the court is asking Apple to make a fake digital signal. No, that’s not it. The digital signature will be quite valid using the right cryptographic key designating Apple by whatever key authority Apple uses. Well they are violating the rights of ownership and license agreement. Hmm…where in the license agreement was this proscribed. No, that’s not it. Oh, oh, it is because the owner is dead and being a mass murdered who engaged in a work place slaughter one may infer he would object. No, that’s not it, oh yeah, actually the Country owns the device, is the licensee as well, and would like to know what use was made of its property in the process of killing 14 of its employees. In fact the owner has the absolute right to know what its employee, mass murder or not, did with its property. Apple is actually blocking the rightful owner of the information from accessing it – that isn’t free speech, it is suppressing free speech.

    My god do you people know neither reason or decency. You truly make me ashamed.

    • Hello, have you not read anything? The “owner” of the cell phone (San Bernadino County) had every chance in the world to gain access to the device. But they purposely and knowingly decided they didn’t WANT to have any such access to the device that they handed to their employee at the time, and further they destroyed their ability to access it after the fact when they had the password forcefully changed.

      Apple isn’t blocking anyone access to the information. The device has security feature that blocks access–or rather than may destroy information if access is forcefully attempted. But, Apple has no more access than anyone else here.

      The question is whether or not Apple should post-facto, grant new special government access to all of their devices, because the FBI claims they want information on this one device. Despite the fact that there is ZERO likelihood that any information on that device has anything to do with the crimes perpetrated by the user of that device.

  3. insubordinatio says:

    RJD > “That is the basis of software being eligible for patents. Patents may only apply to physical processes.”

    I couldn’t agree more – which is why software shouldn’t be patentable: it is 100% speech.

    Software and hardware are fundamentally different – in the same sense thoughts and actions are different – and I don’t have any right to compel you to speak, let alone via threats, even if I really really want you to. That goes for Apple too.

  4. John Millington says:

    “the Order forces Apple to first write a message to the government’s specifications, and then adopt, verify and endorse that message as its own, despite its strong disagreement with that message.”

    Suppose a partner and I are doing “Chinese Wall” reverse engineering of something (e.g. BIOS) and I determine that the design requires some lookup table (or even a _string_, such as “Copyright 1980 International Business Machines”), where I am going to have a bunch of data that is exactly the same as the thing that I’m reverse engineering.

    If I were accused of copyright infringement, I would argue that the data in question is not merely an expression, but that it is more of a _functional_ nature. The interface simply does not work unless the required data is there. The data cannot possibly vary and therefore its expressive nature is questionable.

    That is the argument I would use if I were the government, addressing the issue of signing. They aren’t trying to compel Apple to sign in the _endorsement_ sense. They are trying to compel Apple to sign in a _functional_ sense. *Nobody* is going to mistakenly view Apple’s signature as an endorsement of ideas that Apple disagrees with.

    If you disagree, then I wonder if you would also find me guilty of copyright infringement in a situation where I have to copy a string just to satisfy some kind of challenge/response interface.

    Furthermore..

    “There are millions of iPhones that rely on Apple’s considered opinion about whether it’s a good idea to install a software update.”

    Oh, c’mon. That is not about Apple’s opinion, or about good ideas. It’s about Apple’s _desire_, and whether or not it serves Apple’s interests for your phone to run the software in question. Sometimes this is directly _contrary_ to the user’s interests (i.e. it’s more of a bad idea than a good idea), as might be the case with jailbreaking.

    If I were to somehow _forge_ Apple’s signature so that I could sell software for iPhones, nobody would say I’m putting words into Apple’s mouth. They’d say I’d be doing a functional thing in order to make the iPhone market available to me. If that happened, _you_ might even speak up on my behalf, no?

    • John Millington says:

      I brought up RE to suggest that some things which might at first seem to be someone’s expression, aren’t really.

      You’re watching a video where a nervous hostage tells the camera, “they’re treating me well.” Do you believe him? Or did the hostage express _nothing?_ I say: his words are completely empty. I do not blame him for anything he says, nor do I trust anything he says. I am hearing the hostage-taker speak through a puppet.

      We all know that Apple has a figurative gun to their head. It’s well-publicized. Their signature will not signify anything about their values or opinions. Apple would not be testifying “this software is good software, per our values.” They would be generating some bytes to trick a machine. We the public aren’t being tricked, nor are Apple’s customers.

      It would be a lot more interesting, if the signature did more than trick a machine. (e.g. if they were forced to mis-certify a PGP key, where humans might look at the fraudulent certification to make trust decisions.) But that isn’t happening here, is it?

  5. @John Millington

    Reverse-engineering doesn’t require FORCING anyone to help you, so you functional/endorsement distinguishment isn’t applicable. If I know where the gold is, beating it out of me still isn’t moral, even if it’s “more of a _functional_ nature.”

  6. All so called intelectual property is fraud. it is a set of privileges granted by the state mafia to the industrial mafia.