Segmenting Cyberwarfare to Aid in the Formation of Ethical Policy and Law

By Scott Van Hoy*

Introduction

Breaching computer infrastructure has become a relatively easy task for skilled hackers, making cybersecurity an increasingly hot topic. The importance of the information stored on computer systems and society’s overall reliance on computer systems is substantial, leading to concerns regarding how to manage the security of technology. If a hacker gains access to government networks, the resulting damage may cause greater disruption than physical damage to property or people. A skilled hacker can also alter computer systems in ways that result in physical damage to humans or machines. A cyberattack and the subsequent cyberdefense when used as part of a military strategy is referred to as cyberwarfare.

Cyberwarfare has become the all-encompassing term for cyberattacks. Cyberwar and conventional war are often discussed under the same ethical and legal frameworks, masking the type of cyberattack beneath the term. Addressing cyberwarfare as a general term for a high-tech war could result in ethical dilemma considering the legal frameworks of war would not adapt to the technology’s capabilities. In order to aid in ethical decision making during cyberconflict, cyberwarfare should be addressed as three different types of war: conventional cyberwarfare, infrastructural cyberwarfare, and information cyberwarfare. Only after policy and lawmakers acknowledge this segmentation can cyberwarfare be addressed ethically among the international community.

Background

Cyberwarfare has posed a unique set of challenges to military and government leaders over the last few decades, and continues to be an ongoing discussion worldwide. From cars to our electrical power grid, computers control the world around us. The capabilities to hack and recode technology create a new domain of warfare that has already been tested and proven in the international community.[1]

In 1982, a Soviet Trans-Siberian oil pipeline explosion was observed by a United States infrared satellite.[2]  This explosion was the most violent non-nuclear explosion ever observed by satellite, and was the equivalent of three kilotons of TNT.[3]  It is accepted that the explosion was caused by the United States’ Central Intelligence Agency (CIA).[4]  The CIA supposedly hacked into the pipeline’s control system and altered the pressure specifications for the pumps, values, and turbines.[5] The resulting high pressure caused the explosion.[6]  There were no human casualties recorded.[7]

In 2005 and 2007, Brazil experienced power outages in two of its largest cities.[8]  Over three million residents lost power for two days, and the cause was proven to be a result of hackers breaching Brazil’s energy infrastructure.[9]  Cyberweapons can be used without the victim ever knowing who committed the attack, and entire cities can be plunged into darkness without leaving a trace of who committed the attack, or why the attack was committed.[10]

When Iran’s uranium enrichment capability increased in the early 2000s, the United States developed a digital weapon to slow Iran’s production.[11] In 2009, the United States deployed Stuxnet, a program designed to increase the revolutions per minute of the centrifuges that enriched the uranium. Centrifuges began to fail, and in the first five months Iran’s centrifuge count was reduced from 4,592 to 3,936 due to Stuxnet.[12])

Then in 2015, the United States’ Office of Personnel Management (OPM) was hacked.[13]  The OPM attack compromised the personal information of 22.1 million government employees, including their social security numbers, performance evaluations, and names of friends and family.[14]  The Washington Post reported that U.S. officials believe this breach is potentially the most damaging “cyber heist” in U.S. government history.[15]  China has not been officially named as the OPM attacker; however, the common narrative among government officials is that China is conducting “traditional espionage” via cyber means against the United States.[16]

International Interpretations

There is a human element to cyberwarfare that is not as clear as the 1s and 0s of the cyber world. Some ethical and legal frameworks of conventional warfare that have been established and accepted may no longer be valid in the digital age. For example, the rightful application of just war theory is debatable when trying to determine if a cyberattack is considered an armed attack.[17]  One argument is that a cyberattack with no human casualties will never justify war because an armed attack results in, and could be defined by, physical harm or loss of life.[18]  Another argument is that a malicious attack, whether it physically harms a person or not, is considered an armed attack due to the unknown second and third order effects, thus justifying war.[19]

Debates such as the just war theory discussion could continue for decades only to result in uncertain ethical responses to cyberwarfare. So long as governments treat cyberwarfare and conventional warfare within the same legal and ethical frameworks, government officials will struggle to agree on an ethical way to manage new cybertechnologies. For example, the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE), which includes the United States, focuses on connecting humanitarian and international law to identify what actions are just in a cyberwar.[20] The CCDCOE defines a cyberattack as “a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects,”[21] and recognizes cyberwarfare as a cyberattack authorized by state actors.[22]  Combining the definitions, cyberwarfare is considered to be an extension of conventional war with loss of human life and infrastructure, placing cyberwar within the current just war theory and the law of armed conflict. However, the CCDCOE’s Tallinn Manual, the leading manual on the “international law applicable to cyber warfare,” states that the application of the law of armed conflict can be problematic due to the difficulty in identifying the originator, the intent, and the outcome of the attack.[23]

The Shanghai Cooperation Organisation (SCO) consists of six member states including Russia and China.[24] The SCO defines cyberwarfare as “the dissemination of information ‘harmful to the spiritual, moral, and cultural spheres of other states.’”[25] The SCO’s member states have concerns over the concept of uncontrolled information exchange,[26] an idea that when combined with their definition of cyberwar, may lead to unethical responses to cyberattacks. If a country were to hack into an SCO country’s television stations and modify service, this disruption would fall within the SCO’s definition of cyberwar. Since the SCO does not define the barriers between cyberwar and conventional war, a cybertelevision attack may justify war the same as if it were a kinetic attack.

Cyberwarfare Segmentation

The different interpretations of cyberwarfare in the international community will not likely be resolved in the near future due to the dissimilar opinions of the SCO, CCDCOE, and other supranational organizations. Each of the definitions lead to different outcomes and reactions to cyberwar, none of which will fall perfectly within current international law. In order to attempt to justify what is and is not ethical during a cyberwar, cyberwarfare should be broken down into three different categories of cyberwarfare, which can be referred to as the cyberwarfare segmentation model. The first category is conventional cyberwarfare, the second is infrastructural cyberwarfare, and the third is information cyberwarfare.

Conventional cyberwarfare best represents the CCDCOE’s definition of cyberwar, where cyberwarfare is an extension of conventional warfare.[27] Conventional cyberwarfare assumes that a cyberattack will result in the direct or indirect death or physical harm to humans.[28] When there is no longer physical harm to people, but instead physical infrastructure is damaged and widespread disruption occurs, the result is infrastructural cyberwar.[29] The Brazilian power outage, oil pipeline explosion, and the Stuxnet cases show the effectiveness of infrastructural cyberattacks. These same attacks also had the potential to initiate conventional cyberwar. For example, if the Siberian oil pipeline explosion killed the operator, or the power outage directly led to civilian deaths, then it would be an example of conventional cyberwar.[30]

Information cyberwarfare is the act of cyberespionage or information disruption.[31] When hackers gained access into the OPM database and captured the personal information of 22.1 million U.S. government employees, the hackers conducted an information cyberattack on the United States. No human lives were lost and there was no infrastructural damage or physical disruption; thus, only cyberespionage and information disruption occurred.

The lack of segmentation in international law results in both legal yet unethical responses, and illegal yet ethical responses to cyberwar. The United Nations Charter Article 51 declares that self-defense is the only justification for an armed attack, making preemptive strikes illegal.[32]  In addition, the International Committee of the Red Cross (ICRC) and the law of armed conflict declare that civilians are protected and must never be targeted.[33]  With the changing ethical landscape of just war, it is debated that information cyberwar can be used preemptively and target noncombatants if used responsibly to prevent conventional war, which according to the ICRC and the U.N. Charter is unlawful. In the Stuxnet case, the cyberattack on Iran could be considered an armed attack if the attack is not segmented and realized as an infrastructural cyberattack. Thus, by the U.N. Charter, Iran could have responded legally, but not ethically, with a kinetic attack. Without segmentation, the U.N. Charter also infers Stuxnet was an illegal armed attack against Iran, thus the United States was ethically, but not legally, conducting a preemptive strike.

The Shanghai Cooperation Organisation has a much broader definition of cyberwarfare and uses different ethical and legal frameworks for determining what is and is not legal war.[34]  Although the SCO cooperates with the international laws set forth by the United Nations,[35] its broad definition of cyberwarfare leaves room for a broad interpretation of legality, especially for the definition of “armed attack.”[36]  This open interpretation of the U.N. Charter could lead to a response that is legal yet unethical. If the SCO adopts the cyberwarfare segmentation model, it would lay a foundation for further discussion about how to create ethical policies and laws for how to respond to each type of cyberattack, rather than using one term to justify the legality of war.

Both the Stuxnet and SCO examples are derived from the open interpretation of international law set forth by the United Nations. The changing ethical landscape of war resulting from cyberwarfare is consequently changing the legal landscape of war, and the United Nations has not yet taken significant steps to adapt to this form of 21st century conflict. International law often attempts to relate cyberwarfare to conventional warfare, creating laws that may lead to unethical responses to cyberattacks. To ensure ethical laws are established to regulate cyberwarfare, the U.N.’s CCDCOE and the SCO should adopt the cyberwarfare segmentation model to help reevaluate the morality of current international law.

 


*Scott Van Hoy. University of Illinois, MS Technology Management, 2016.

[1] Chris Domas, The 1s and 0s Behind Cyber Warfare, TED (Oct. 2013), https://www.ted.com/talks/chris_domas_the_1s_and_0s_behind_cyber_warfare.

[2] Johann Rost & Robert L. Glass, The Dark Side of Software Engineering: Evil on Computing Projects 118 (2011).

[3] Id.

[4] Id.

[5] Id. at 119.

[6] Id.

[7] Id.

[8] Kevin Poulsen, Report: Cyber Attacks Caused Power Outages in Brazil (Nov. 7, 2009, 12:55 AM), www.wired.com/2009/11/brazil/.

[9] Id.

[10] Guy-Philippe Goldstein, How Cyberattacks Threaten Real-World Peace, TED (Jan. 2010), https://www.ted.com/talks/guy_philippe_goldstein_how_cyberattacks_threaten_real_world_peace.

[11] Kim Zetter, An Unprecedented Look at Stuxnet, the World’s First Digital Weapon, WIRED (Nov. 3, 2014, 6:30 AM), www.wired.com/2014/11/countdown-to-zero-day-stuxnet/.

[12] Id.

[13] Ellen Nakashima, Hacks of OPM Databases Compromised 22.1 Million People, Federal Authorities Say, Wash. Post (July 9, 2015), www.washingtonpost.com/news/federal-eye/wp/2015/07/09/hack-of-security-clearance-system-affected-21-5-million-people-federal-authorities-say/.

[14] Id.

[15] Id.

[16] Id.

[17] Michael N. Schmitt, “Attack” as a Term of Art in International Law: The Cyber Operations Context, 4th Int’l Conf. on Cyber Conflict 283, 290–93 (2012), https://ccdcoe.org/publications/2012proceedings/5_2_Schmitt_AttackAsATermOfArt.pdf.

[18] Id.

[19] Patrick Lin et al., Is it Possible to Wage a Just Cyberwar?, Atlantic (June 5, 2012), www.theatlantic.com/technology/archive/2012/06/is-it-possible-to-wage-a-just-cyberwar/258106/.

[20] About Us, NATO Cooperative Cyber Defence Centre of Excellence, https://ccdcoe.org/about-us.html (last visited Sept. 27, 2016).

[21] Michael N. Schmitt, Tallinn Manual on the International Law Applicable to Cyber Warfare 106 (2013).

[22] CCDCOE, Cyber Definitions, https://ccdcoe.org/cyber-definitions.html

[23] Schmitt, supra note 21, at 77.

[24] Shanghai Cooperation Organization (SCO), GlobalSecurity.org, http://www.globalsecurity.org/military/world/int/sco.htm (last visited Sept. 27, 2016).

[25] Activities, Shanghai Cooperation Org., http://www.infosco.eu/index.php/aboutsco/activities (last updated Jan. 23, 2013).

[26] Keir Giles, Russia’s Public Stance on Cyberspace Issues, 4th Int’l Conf. on Cyber Conflict 63, 65 (2012), https://ccdcoe.org/publications/2012proceedings/2_1_Giles_RussiasPublicStanceOnCyberInformationWarfare.pdf.

[27] Gal Beckerman, Is cyberwar really war?, The Boston Globe https://www.bostonglobe.com/ideas/2013/09/15/cyberwar-really-war/4lffEBgkf50GjqvmV1HlsO/story.html (last visited Sept. 28, 2016).

 

[28] Nuclear Futures Lab, Cyberwarfare: On Whose Authority?, http://nuclearfutures.princeton.edu/wws353-2015-blog-week09-2/ (last visited Sept. 28, 2016).

[29] Lee Rainie Et al, Cyber Attacks Likely to Increase, Pew Research Center, http://www.pewinternet.org/2014/10/29/cyber-attacks-likely-to-increase/ (last visited Sept. 28, 2016).

[30] Ellyne Phneah, Cyberwarfare Not Theoretical, Can Actually Kill, ZDNet (Nov. 17, 2011, 10:26 AM), www.zdnet.com/article/cyber-warfare-not-theoretical-can-actually-kill.

[31] Fred Schreier, On Cyberwarfare, https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=8&ved=0ahUKEwjjg-fAprLPAhXMy4MKHXidA2UQFghLMAc&url=http%3A%2F%2Fwww.dcaf.ch%2Fcontent%2Fdownload%2F67316%2F1025687%2Ffile%2FOnCyberwarfare-Schreier.pdf&usg=AFQjCNHSti4VD11zqhHbyC36ASV-0RLJ8g&sig2=ynFsHCTuEw0Ev6SaIDl41w (last visited Sept. 28, 2016).

[32] U.N. Charter ch. VII, art. 51, www.un.org/en/sections/un-charter/chapter-vii/.

[33] Protected Persons: Civilians, Int’l Committee of the Red Cross, https://www.icrc.org/en/war-and-law/protected-persons/civilians.

 

[34] Andrew Jones & Gerald Kovacich, Global Information Warfare: The New Digital Battlefield 33 (2015).

[35] United Nations, Cooperation Between UN, Shanghai Cooperation Organization Dynamically Expanding, in Shared Quest for Peace, Prosperity, Says Secretary-General, in Message, http://www.un.org/press/en/2010/sgsm12953.doc.htm (last visited Sept. 28, 2016).

[36] Schmitt, supra note 21.

Apple Tells the Government to “Think Different” on Encryption

By Matt Weber*

Introduction

On December 2, 2015, a San Bernardino County Department of Health employee and his wife perpetrated the deadliest mass shooting since Newtown, killing 14 of his co-workers and injuring 21.[1]  Following the shooting, police investigated and pursued the suspects, eventually engaging in a firefight, killing both shooters.[2]  In the days and weeks following the shooting, law enforcement investigated the shooting, both to find the motive behind the shooting and to find any possible coconspirators.

On December 3, 2015, U.S. Magistrate Judge David Bristow issued a search warrant, giving law enforcement the power to search the shooters’ home and car. In the ensuing search, law enforcement officers found, among other things, an Apple iPhone 5c, which they later found to have been issued to one of the shooters by his San Bernardino County employer.[3]  Like they had done many times before, the FBI approached Apple with the iPhone it found in the suspect’s car, requesting that Apple extract the data from the seized iPhone—except this time, Apple could not comply with the request.[4]  Apple was unable to comply with the FBI’s request due to changes it had made to the iPhone Operating System (iOS) a year before, positioning Apple and the Federal Government for a clash that both had been preparing for since 2014.[5]

Background

Following Edward Snowden’s release of National Security Agency (NSA) files related to the U.S. Government’s mass surveillance of American citizens, American tech companies increased security on consumer devices.[6]  In September 2014, Apple unveiled iOS 8 (an upgrade to the iPhone and iPad operating system), which for the first time offered default encryption to its users.[7] Apple’s encryption allows a user to set a passcode that, once set, is entangled with the iPhone’s Unique ID (UID),”[8]  which together, form the phone’s encryption key.[9] Because the encryption key is based on both the user’s passcode and the iPhone’s UID, it is unknown to Apple, and virtually impossible to crack.[10]  Understanding the relative impossibility of cracking encryption on consumer devices, the U.S. Government began to attempt to convince tech companies to provide law enforcement with assistance in unlocking encrypted phones (subject to a court order), something that most tech companies have thus far been unwilling to do.[11]  Because Apple’s method of encryption includes the user selected passcode in the key, Apple cannot decrypt a suspect’s phone.[12]

The iPhone

On February 16, 2016, the United States Attorney requested an order (that was later granted[13]) compelling Apple to assist in the unlocking of the San Bernardino shooter’s phone.[14]  Instead of obtaining an order for Apple to break its encryption (an order the FBI understands that Apple would be technically incapable of complying with), the FBI requested an order requiring Apple to assist in the unlocking of the phone.[15]  The court order compels Apple to write software that bypasses two of the iPhone’s security features, (1) a delay introduced when an incorrect passcode is entered,[16] and (2) a self-destruct feature by which an iPhone destroys its data after 10 incorrect passcode attempts.[17]

This order—if complied with—would allow the FBI to connect the shooter’s updated[18] iPhone to a computer, which has a program capable of guessing all the possible passcode combinations[19], without the delay or possibility of wiping.[20]  Apple has decided to fight the order, though it should be noted that Apple has assisted the FBI’s investigation, providing the Bureau with all the data the shooter backed-up to the iCloud[21] prior to turning off the iPhone’s auto-backup to the cloud.[22]

The order compelling Apple to write the above referenced software is based primarily on the 1789 All Writs Act (“the Act”), which allows courts to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”[23]  In this case, the government requests that the court compel Apple to assist in the satisfying of a lawful search warrant, by which the court gave the government the power to search the suspect’s iPhone 5c.[24]  This order—which Apple CEO Tim Cook has argued to be unprecedented in a statement released on the company’s website[25]—set the government and Apple on a collision course, in a battle that both the tech industry and law enforcement community had been expecting since tech companies began offering relatively unbreakable encryption on consumer devices.[26]

Issue: Using the All Writs Act

Historically, the Act has been used by courts to effectuate their lawful orders when there has been no statutory framework to follow.[27] The government’s motion cites cases in which the Act was used by courts to compel parties to assist in the effecting of court orders—suggesting that Apple be similarly required to assist technically in the search of the phone, pursuant to the court’s order.[28] Unlike the cases cited by the government, Apple in this case is being required to create a new operating system, pursuant to the government’s unique specifications.[29] The government argues that because Apple’s devices cannot be updated without a unique “digital signature,”[30] it has ensured that it cannot be seen as “far removed”[31] from the matter. The government notes in the memorandum of points and authorities to its motion to compel, that Apple’s assistance is necessary based on its unique ability to “cryptographically sign code,”[32] leading the government to request that Apple write the specific code, and upload it onto the iPhone in question.

Analysis

Government Arguments

In its application for an order compelling Apple’s assistance in unlocking the seized iPhone, the Government argued that the Act gave the court the power to mandate Apple’s assistance[33]  The Government argued that the Act can require “a third party to provide nonburdensome technical assistance,” citing the Supreme Court in United States v. New York Telephone Co.[34]  The Court in that case created a three factor test for determining whether it could compel action by a third party using the Act, (1) whether a party is far removed from the controversy, (2) whether requiring action would impose an undue burden on the part, and (3) whether the assistance from the party was necessary for the successful fulfilling of the underlying court order (in this case a search warrant for the iPhone).[35]

The government argued that it met the three step test imposed by the Court in New York Telephone Co., first arguing that Apple was not far removed from the unlocking of the iPhone.[36]  The government argued that because Apple “designed, manufactured and sold the [iPhone] and wrote and owns the [operating system],” it cannot be seen as far removed from the controversy.[37]  The government further argues that Apple cannot be far removed because it is the only party able to update the software[38]  in a way that would comply with the court’s order.[39] The government’s argument is supported by the Supreme Court’s decision in New York Telephone Co., which held that a non-governmental third party can be compelled to act when its “facilities were being employed to facilitate a criminal enterprise.”[40]

The government next argues that the order is not unduly burdensome for Apple. The government points to Apple’s regular business of writing software code to suggest that it cannot now claim that writing a specific code would impose an undue burden.[41]

Lastly, the Government argues that it meets the necessity requirement because Apple has created a situation whereby it is the only entity that can write software to update its iOS.[42]  Because iPhones require Apple’s crypto-signature, Apple’s assistance is required to effectuate the search warrant. The government notes that it is not requesting that Apple provide the unencrypted contents of the phone, but instead that it simply assist in the Government’s testing of passcodes to unlock the phone.[43]

Apple Arguments

Apple responded to the Government’s motion to compel by arguing that it should not be required to further comply with the governments request.[44]  Because it (1) relies on a misapplication of the Act, (2) violates the First Amendment by compelling speech by Apple, and (3) violates the Fifth Amendment’s due process clause.[45]

Apple’s argument is generally centered on the Government’s improper application of the Act. When deciding whether to apply the Act, the Supreme Court held that when a statute addresses an underlying issue specifically, that statute, and not the Act is “controlling.”[46]  Apple first argues that the Act cannot require the action requested by the Government, suggesting that the Act allows for courts to “fill in gaps in the law” to exercise the power they already have, but not the “free-wheeling” ability to change existing law.[47] Apple argues that the court lacks the authority to compel it to comply with the order because Congress contemplated (when passing the Communications Assistance for Law Enforcement Act) bestowing upon courts the power to require such a compulsion, but ultimately chose to exempt manufacturers of telecommunications equipment[48] from implementing “any specific design of equipment . . . features, or system configurations.”[49]

Facing new challenges to law enforcement’s ability to fight crime, Congress, in 1994, passed the Communications Assistance for Law Enforcement Act (“CALEA”).[50]  CALEA grants law enforcement investigative powers, but also limits what can be required from manufacturers and service providers.[51] When passing CALEA, Congress had the chance address whether it would require companies to assist law enforcement in the in the manner being requested by the FBI—but ultimately chose not to make any such requirement. In fact, CALEA provides that telecommunications carriers (which Apple points out that it is not) are not required to decrypt or “ensur[e] the government’s ability to decrypt” unless the communication was encrypted by the carrier (and even then the carrier must “possesses the information necessary to decrypt”—which Apple does not).[52]  Congress’ inclusion of some language related to encryption but omission of requirements to compel assistance in decryption implies that it considered such a compulsion but ultimately rejected it.

Apple argues that CALEA specifically addresses whether to require manufacturers and service providers to aid decryption.[53]  Because CALEA speaks on the specific matter, the Act should not be the statute to rule, but instead should be trumped by CALEA’s provisions. The Supreme Court held in Pennsylvania Bureau of Corrections v. U.S. Marshall Service that the Act does not allow courts to issue writs when compliance with existing statutes would be simply “inconvenient or less appropriate,”[54] as CALEA would be in this situation.

Apple next addresses the Government’s use of United States v. New York Telephone Co., ultimately drawing distinctions between the government’s requests here and those of the Telephone Company in New York Telephone Co.[55]  Apple argues that the government does not show that it satisfies the three-part test provided by the Court in New York Telephone.

First, Apple is too far removed from the underlying case. Unlike the the telephone company, which owned the lines being allegedly used to “facilitate a criminal enterprise on a continuing basis,”[56] Apple contends that it is a private company that does not own the phones or have any connection to the data on the phone. Second, the government’s request would impose an “unprecedented and oppressive burden” on Apple. While the telephone company was required assist the government in their installing of pen registers[57]–a device that telephone companies used frequently in conducting their normal business[58]–  in the instant case, the government is asking Apple to create an entirely new operating system in an effort to assist the government’s attempts to unlock the phone. Apple asserts that such an undertaking violated the Act’s prohibition against adversely affecting the third party or imposing an under burden. Third, Apple contends that its assistance is only necessary because of the actions of the FBI earlier in its investigation.[59] While the court suggested in New York Telephone that there was “no conceivable way” for the FBI to successfully carry out its court-ordered investigation, Apple argues that here, the FBI did not face such a situation, but instead, through its own actions created a need to turn to the Act.

Conclusion

It seems that both Apple and the government foresaw this potential clash coming since Apple (and other tech companies) began encrypting devices sold to consumers. Many in the media have questioned if this was the right test case for either side.[60]  For the government, it seems to be a good test case because the crime is question is terrorism related, and the underlying crime was well reported and remains in the minds of the American public.[61]  Unfortunately, for the government, there is no time issue—while the phone might help in the investigation of a crime, there does not seem to be a pressing need for the phone to be unlocked immediately.[62] For Apple, the case does not seem to the best test case for whether it should be required to assist in the unlocking of one of its devices because the suspect is widely assumed to be guilty of the heinous murder of 14 co-workers.[63] It has also been noted that this particular iPhone model is not one which Apple should be fighting over as it is not the most up-to-date phone or software, and the government-requested solution would not work on future iPhone models.[64]

At least in public opinion, Apple may benefit from standing by its customers, claiming that writing the software requested by the government would unnecessarily put all iOS users at risk,[65] Tim Cook noted in his open letter to customers that “They have asked us to build a backdoor to the iPhone.”[66]

On March 21, 2016 (the day before the hearing on the order), the Government submitted an ex parte application for a continuance, requesting that the court continue the hearing to April 5, 2016.[67] The Government requested the continuance because, since initially requesting the hearing, a third party approached the FBI suggesting that the party had a different method to unlock the phone.[68]  This new method, if successful, would not only make Apple’s assistance unnecessary, but destroy the Government’s argument under the Act. The Government requested additional time to test the new method before deciding whether it has eliminated the need for Apple’s assistance.

While this might appear to be an opportunity for both sides to take a step back and devise a procedure moving forward, it is likely only pushing this issue down the road. Apple’s newest phones are not as easy to break into (at least not using this type of method),[69]which might lead the government to move towards mandating backdoors. While it is unclear where either party goes moving forward, it is clear that this fight is far from over, it is all but certain that the Government will come back with another request for Apple to build, as Tim Cook described it, “something . . . too dangerous to create.”[70]

 


*Matt Weber. University of Illinois College of Law, J.D. candidate, Class of 2017. Many thanks to my parents, my sister Ashley and her husband Leigh. Thanks to JLTP Editors Iman Naim and Winston Zishu for their help and guidance. Gracias también a los Xeneizes and Albiceleste.

[1] Erik Ortiz, San Bernardino Shooting: Timeline of How the Rampage Unfolded, NBCNews (Dec. 3, 2015, 11:28 PM), http://www.nbcnews.com/storyline/san-bernardino-shooting/san-bernardino-shooting-timeline-how-rampage-unfolded-n473501.

[2] Id.

[3] Elliot Hannon, Judge Orders Apple to Help FBI Hack San Bernardino Shooter’s Phone, Slate (FEB. 16, 2016, 8:43 PM), http://www.slate.com/blogs/the_slatest/2016/02/16/judge_orders_apple_to_help_fbi_unlock_san_bernardino_shooter_s_phone.html; Fred Kaplan, How Apple’s Stand Against the FBI Could Backfire, Slate (Feb. 19, 2016, 6:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/how_apple_ceo_tim_cook_s_stand_against_the_fbi_could_backfire.html.

[4] Will Oremus, Apple vs. The FBI, Slate (Feb. 17, 2016, 7:44 PM), http://www.slate.com/articles/technology/future_tense/2016/02/apple_s_stand_against_the_fbi_is_courageous_it_s_also_good_for_apple.html; Ben Thompson, Apple Versus the FBI, Understanding iPhone Encryption, the Risks for Apple and Encryption, stratechery (Feb. 17, 2016), https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption.

[5] Apple Statement; Marcy Wheeler, Why This iPhone?, Slate (Feb. 19, 2016, 1:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/the_apple_fbi_encryption_battle_is_over_an_iphone_unlikely_to_yield_critical.html.

[6] Danny Yadron, Spencer Ackerman and Sam Thielman, Inside the FBI’s Encryption Battle with Apple, The Guardian (Feb. 18, 2016), http://www.theguardian.com/technology/2016/feb/17/inside-the-fbis-encryption-battle-with-apple.

[7] Cyrus Farivar, Apple Expands Data Encryption Under iOS 8, Making Handover to Cops Moot, arstechnica (Sep. 17, 2014, 9:57 PM), http://arstechnica.com/apple/2014/09/apple-expands-data-encryption-under-ios-8-making-handover-to-cops-moot/.

[8] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://assets.documentcloud.org/documents/1302613/ios-security-guide-sept-2014.pdf (describing the UID as a number, set during the manufacturing process that Apple itself does not record); Ben Thompson, Apple Versus the FBI, Understanding iPhone Encryption, the Risks for Apple and Encryption, stratechery (Feb. 17, 2016), https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption.

[9] Ben Thompson, Apple Versus the FBI, Understanding iPhone Encryption, the Risks for Apple and Encryption, stratechery (Feb. 17, 2016), https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption.

[10] See, Mohit Arora, How Secure is AES Against Brute Force Attacks?, EETimes (May, 7, 2012, 5:29 PM), http://www.eetimes.com/document.asp?doc_id=1279619. (Explaining that using AES 256, an encryption key used by the iPhone would be 256 characters long, meaning there are 2256 combinations. Assuming a computer powerful enough to guess 33.86 X 1012/second (using the world’s fastest super computer, the Tianhe-2), it would take about 1.03 X 1055 years on average to crack an AES 256 key. For perspective, the Earth is 4.5 X 109 years old.).

[11] Andrew Crocker, Judge to DOJ: Not All Writs, Electronic Frontier Foundation (Oct. 12, 2015), https://www.eff.org/deeplinks/2015/10/judge-doj-not-all-writs.

[12] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://assets.documentcloud.org/documents/1302613/ios-security-guide-sept-2014.pdf (explaining that the user-selected passcode is entangled with the UID to create an encryption key, that Apple does not have access to); Dan Guido, Apple Can Comply with the FBI Court Order, Trail of Bits Blog (Feb. 17, 2016), http://blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order; Ben Thompson, Apple Versus the FBI, Understanding iPhone Encryption, the Risks for Apple and Encryption, stratechery (Feb. 17, 2016), https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption.

[13] Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[14] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[15] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[16] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://www.apple.com/business/docs/iOS_Security_Guide.pdf, 12 (explaining key security features, the delay, triggered after 4 incorrect passcode attempts imposes a 1-minute delay after the 5th incorrect attempt, a 5-minute delay after the 6th incorrect attempt, a 15-minute delay after the 7th and 8th incorrect attempts, and a 1-hour delay after the 9th incorrect attempt.).

[17] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://www.apple.com/business/docs/iOS_Security_Guide.pdf, 12 (explaining key security features, the iPhone can be set to wipe all its data after the 10th incorrect passcode attempt. This wipe is achieved by discarding the encryption key from accessible memory, making the entire hard-disk unintelligible.).

[18] Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016) (Apple would upload a custom operating system to the shooter’s phone modifying security settings—though not specifically decrypting.).

[19] 10,000 possible combinations for a 4-digit numeric passcode, or 1 Million possible combinations for a 6-digit numeric passcode.

[20] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://www.apple.com/business/docs/iOS_Security_Guide.pdf, 12 (explaining that even without the delay, the iteration counter imposes an 80 millisecond delay, therefore, all the possible combinations could theoretically be guessed in under 5 hours.).

[21] Apple Inc’s Motion to Vacate Order Compelling Apple Inc. To Assist Agents in Search at 11, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016); Amy Davidson, The Dangerous All Writs Act Precedent in the Apple Encryption Case, The New Yorker (Feb. 19, 2016), http://www.newyorker.com/news/amy-davidson/a-dangerous-all-writ-precedent-in-the-apple-case.

[22] Amy Davidson, The Dangerous All Writs Act Precedent in the Apple Encryption Case, The New Yorker (Feb. 19, 2016), http://www.newyorker.com/news/amy-davidson/a-dangerous-all-writ-precedent-in-the-apple-case.

[23] 28 U.S.C. § 1651 (2012).

[24] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[25] Tim Cook, Customer Letter, Apple Inc. (Feb. 16, 2016) http://www.apple.com/customer-letter/ (“The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.”).

[26] Danny Yadron, Spencer Ackerman and Sam Thielman, Inside the FBI’s Encryption Battle with Apple, The Guardian (Feb. 18, 2016), http://www.theguardian.com/technology/2016/feb/17/inside-the-fbis-encryption-battle-with-apple.

[27] Andrew Crocker, Judge to DOJ: Not All Writs, Electronic Frontier Foundation (Oct. 12, 2015), https://www.eff.org/deeplinks/2015/10/judge-doj-not-all-writs.

[28] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[29] Id.

[30] Apple’s unique encryption key—without which, a phone cannot be updated.

[31] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016) (pointing to United States v. New York Tel. Co., 434 U.S. 159, 174 (1977).).

[32] Government’s Motion to Compel Apple Inc. To Comply with this Court’s February 16, 2016 Order Compelling Assistance in Search, at 17, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[33] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 17, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[34] Government’s Motion to Compel Apple Inc. To Comply with this Court’s February 16, 2016 Order Compelling Assistance in Search, at 11-12, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[35] United States v. New York Tel. Co., 434 U.S. 159, 175-75 (1977).

[36] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 13, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[37] Id.

[38] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 13, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016) (“The same software Apple is uniquely able to modify . . . Especially but not only because iPhones will only run software cryptographically signed by Apple . . .”).

[39] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 13, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[40] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 13-14, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016) (quoting New York Telephone Co., 434 U.S. at 174); Government’s Motion to Compel Apple Inc. To Comply with this Court’s February 16, 2016 Order Compelling Assistance in Search, at 8, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[41] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 14-16, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[42] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 16, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[43] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[44] Apple notes that it has already assisted the government in their investigation; Mikey Campbell, FBI Contacted Apple, Received Data Related to San Bernardino Case 3 days After Shooting, appleinsider (Feb. 27, 2016, 12:39 AM), http://appleinsider.com/articles/16/02/27/fbi-contacted-apple-received-data-related-to-san-bernardino-case-3-days-after-shooting-.

[45] Apple Inc’s Motion to Vacate Oder Compelling Apple Inc to Assist Agents in Search, and Opposition to Government’s Motion to Compel Assistance, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[46] Pa. Bureau of Corr. v. United States Marshals Serv., 474 U.S. 34, 43 (1985) (“The All Writs Act is a residual source of authority to issue writs that are not otherwise covered by statute. Where a statute specifically addresses the particular issue at hand, it is that authority, and not the All Writs Act, that is controlling. Although that Act empowers federal courts to fashion extraordinary remedies when the need arises, it does not authorize them to issue ad hoc writs whenever compliance with statutory procedures appears inconvenient or less appropriate.”).

[47] Apple Inc’s Motion to Vacate Oder Compelling Apple Inc to Assist Agents in Search, and Opposition to Government’s Motion to Compel Assistance, at 14, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[48] Apple Inc’s Motion to Vacate Oder Compelling Apple Inc to Assist Agents in Search, and Opposition to Government’s Motion to Compel Assistance, at 16, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[49] 47 U.S.C. § 1002(b)(1) (2012). (“This subchapter does not authorize any law enforcement agency or officer—

(A) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services; or

(B) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.”) [emphasis added].

[50] Id.

[51] 47 U.S.C. § 1002(b) (2012).

[52] 47 U.S.C. § 1002(b)(3) (2012).

[53] Apple Inc’s Motion to Vacate Oder Compelling Apple Inc to Assist Agents in Search, and Opposition to Government’s Motion to Compel Assistance, at 6-8, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[54] Pa. Bureau of Corr. v. United States Marshals Serv., 474 U.S. 34, 43 (1985).

[55] New York Telephone Co., 434 U.S. at 159.

[56] Id. at 174.

[57] A device used to record phone numbers dialed on specific phone lines.

[58] New York Telephone Co., 434 U.S. at 174-75 (Court notes that the phone company regularly used pen registers in normal operations).

[59] Apple Inc’s Motion to Vacate Oder Compelling Apple Inc to Assist Agents in Search, and Opposition to Government’s Motion to Compel Assistance, at 11, fn. 21, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).(The FBI has acknowledged that it worked with the phone’s owner (San Bernardino County) to reset the the iCloud password in an effort to unlock the iCloud backup. Apple argues that had the county and the FBI not reset the password, “this litigation may not have been necessary,” as it could have initiated a remote backup of the phone and subsequently produced an updated backup to investigators.).

[60] Fred Kaplan, How Apple’s Stand Against the FBI Could Backfire, Slate (Feb. 19, 2016, 6:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/how_apple_ceo_tim_cook_s_stand_against_the_fbi_could_backfire.html; Marcy Wheeler, Why This iPhone?, Slate (Feb. 19, 2016, 1:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/the_apple_fbi_encryption_battle_is_over_an_iphone_unlikely_to_yield_critical.html.

[61] Id.

[62] Tim Cook, Customer Letter, Apple Inc. (Feb. 16, 2016) http://www.apple.com/customer-letter/; Marcy Wheeler, Why This iPhone?, Slate (Feb. 19, 2016, 1:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/the_apple_fbi_encryption_battle_is_over_an_iphone_unlikely_to_yield_critical.html.

[63] Fred Kaplan, How Apple’s Stand Against the FBI Could Backfire, Slate (Feb. 19, 2016, 6:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/how_apple_ceo_tim_cook_s_stand_against_the_fbi_could_backfire.html; Will Oremus, Irate DOJ Dismisses Apple’s Fight with the FBI as a “Brand Marketing Strategy”, Slate (Feb. 19, 2016, 6:02 PM), http://www.slate.com/blogs/future_tense/2016/02/19/department_of_justice_motion_mocks_apple_s_fbi_fight_as_a_brand_marketing.html; Kaveh Waddell, The Optics of Apple’s Encryption Fight, The Atlantic (Feb. 17, 2016), http://www.theatlantic.com/technology/archive/2016/02/why-apple-is-fighting-the-fbi/463260.

[64] Dan Guido, Apple Can Comply with the FBI Court Order, Trail of Bits Blog (Feb. 17, 2016), http://blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order; Ben Thompson, Apple Versus the FBI, Understanding iPhone Encryption, the Risks for Apple and Encryption, stratechery (Feb. 17, 2016), https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption.

[65] Tim Cook, Customer Letter, Apple Inc. (Feb. 16, 2016) http://www.apple.com/customer-letter/; Will Oremus, Apple vs. The FBI, Slate (Feb. 17, 2016, 7:44 PM), http://www.slate.com/articles/technology/future_tense/2016/02/apple_s_stand_against_the_fbi_is_courageous_it_s_also_good_for_apple.html.

[66] Tim Cook, Customer Letter, Apple Inc. (Feb. 16, 2016) http://www.apple.com/customer-letter/.

[67] Government’s Ex Parte Application for a Continuance, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[68] Id.

[69] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://www.apple.com/business/docs/iOS_Security_Guide.pdf, 4-7 (describing the “Secure Enclave” on newer iOS devices).

[70] Tim Cook, Customer Letter, Apple Inc. (Feb. 16, 2016) http://www.apple.com/customer-letter/.

Texting While Driving in a New Age of Automobile Advancements: Legal Implications to Be Determined

By Anna Gotfryd and Jacob Vannette

Introduction

We live in a world with “new age automobiles”—where technological advancements increasingly permeate every aspect of vehicles, from those that affect comfort to those that enhance safety. [1]  No longer are such features found solely in high-end models; they are offered in those purchased by the average consumer.[2]  To some, cutting-edge technology in vehicles is seen as a necessity: recent studies show that “connectivity”—such as dashboard features that provide owners with email access—is now a part of consumer expectations.[3]  From 2014 to 2015, 37% of consumers said that they would be willing to switch car brands simply to achieve improved connectivity.[4]  The push for connectivity while driving is not surprising.[5]  Last year, American commuters spent an average of 42 hours stuck in traffic.[6]  While other reports note that up to 20% of drivers have not used many of the technology features in their vehicles,[7] consumers continue to desire automotive technologies “that enhance the driving experience and safety.”[8]  This means that more advancements in car technology, not fewer, are to be expected.[9]

Many technologies that consumers most desire are “built-in,” and serve a range of purposes.[10]  Some are created with an eye toward luxury enjoyment of the vehicle, and even with a nod toward creativity or pure fun.[11]  Other advancements are aimed at practicality and cost efficiency.[12]  Finally, technological developments that are designed to improve safety are wide-ranging.”[13]  Consider “Forward Emergency Braking”—a technology that will sense and stop for pedestrians located in front of a car.[14]  Some car manufacturers have created “camera and sensor systems” that warn drivers when cars are “in the[ir] mirror’s blind spot.”[15]  Autoliv, for example, has developed a technology for thermal imaging of the area surrounding a vehicle.[16]  This system, like its military forebears, allows drivers to see further than their headlights to avoid tragic collisions with pedestrians or wildlife, which they may not otherwise be able to detect.[17]

This article discusses one type of technological advancement purportedly directed at improving safety—integrated hands-free texting.[18]  Perhaps unsurprisingly, integrated hands-free technology elicits tricky issues, explored below.  First, we investigate the problems associated with texting while driving, and how legislators and car manufacturers have responded.  Second, we discuss what integrated hands-free technology is and how it works.  Third, we examine whether it has any impact on safe driving.  Finally, we analyze how legislators have viewed hands-free texting, and how future considerations could affect this area.

The Pervasive Problem of Distracted Driving and Proposed Solutions

Texting and driving, one of the main causes of what is referred to as “distracted driving,” has been labeled an “American epidemic.”[19]  As many as 98% of drivers believe that “[t]exting while driving is dangerous.”[20]  Most, however, do not practice what they preach:”[21] 74% of drivers admit to having texted while driving.[22]  This has resulted in tragic outcomes: every day, distracted driving kills more than 8 people and injures about 1,161.[23]  Some studies go so far as to suggest that distracted driving is worse than drunk driving.[24]  The American public has reacted—in 2009, 80% of American adults favored banning texting while driving”[25]—and legislators have responded.[26]  “46 states, D.C., Puerto Rico, Guam and the U.S. Virgin Islands ban text messaging for all drivers,” and “[o]f the 4 states without an all driver texting ban[,] 2 prohibit text messaging by novice drivers[, and] 1 restricts school bus drivers from texting.””[27]

With consumers demanding greater connectivity in vehicles,[28] and the concurrent public and legislative outcry to the distracted driving craze,[29] car manufacturers are “racing to make driving less distracting.”[30]  One way they have done this is by offering integrated hands-free technology,[31] which allows drivers to stay connected without taking their eyes off of the road or their hands off of the wheel.[32]  We turn now to a discussion of how automotive companies have sought to meet this demand, and how exactly integrated hands-free technology works.

Integrated Hands-Free Technology Explained

This part explains what integrated hands-free technology in cars is. It then discusses different types of hands-free technology systems that consumers may encounter and how the average consumer uses them.

Generally, integrated hands-free technology is a system that is installed directly into a car.[33]  It works by connecting with a driver’s phone using Bluetooth.[34]  It can then tell whether the driver has an incoming call or message.[35]  Through integrated hands-free technology, the driver could choose to answer a phone call or listen to a message.[36]  Additionally, through the use of speech recognition technology, the driver could dictate a reply or choose another course of action.[37]  The specifics of these types of systems, of course, may vary by car make and model.[38]  We examine briefly the systems produced by some of the largest car manufacturers in the world.[39]

“SYNC” is Ford’s version of integrated hands-free technology.[40]  By connecting her phone with the car’s infotainment system[41] via Bluetooth, a driver can use the software’s voice recognition system to make calls, dictate text messages, and search for music on her phone.[42]  The software is compatible with both Apple CarPlay and Android Auto, allowing a driver to engage Siri or Google to make calls, send messages, navigate, and much more—all without reaching for her phone.[43]

Chevrolet’s “MyLink” similarly allows drivers to connect their phones to their car’s infotainment system through Bluetooth.[44]  Hands-free calling is available in multiple models, allowing a driver to simply press a button on the steering wheel and state aloud the callee’s name.[45]  Text Message Alerts notify a driver when he or she has received a new message, too.[46]  Through this feature, a driver can listen to the message, view it when her car is stopped, and reply to it with stock messages.[47]

As a final example, “NissanConnect” also employs Bluetooth to link the driver’s phone to the car’s infotainment system, “keep[ing] [the driver] in touch while [she] stays focused on the road.”[48]  Nissan likewise uses voice recognition technology, through which drivers can “make and answer calls and send pre-loaded text messages—hands free.”[49]  Drivers may input into the system custom messages, increasing the finite list of stock messages at their disposal while driving.[50]  Through the driver’s phone, the system can also access social media networks, including popular sites like Facebook and Twitter, and read aloud posts from those platforms.[51]

Nearly all of the major players in the automotive industry have developed a way for drivers to access and utilize their phones without actually touching them—by calling, texting, and even keeping up with Facebook posts.[52]  The question remains whether integrated hands-free technology actually makes driving safer. We survey current research in the next part.

Hands-Free Texting and Driving As a Safer Alternative

Integrated hands-free technology is still relatively new, and more research on its safety implications may be warranted.[53]  Current studies have found that texting hands-free is just as unsafe as doing so hands-on.[54]  Some studies even show that the use of hands-free technology is more distracting than hands-on use.[55]

According to the Center for Disease Control and Prevention, there are three types of distraction that concern a driver: (1) visual distraction, which involves what a driver can see; (2) manual distraction, which is implicated when a driver takes her hands off of the wheel; and (3) cognitive distraction, which occurs when a driver is not completely focused on the task of driving.[56]

A driver that is looking at the road while on the phone may “fail to see up to 50 percent of the information in their driving environment” due to cognitive distraction.[57]  A study conducted by the American Automobile Association’s Foundation for Traffic Safety investigated the use of hands-free technology while driving and determined “that potentially unsafe levels of mental distraction can last for as long as 27 seconds after completing a distracting task.”[58]  A different study, conducted by the Texas A&M Transportation Institute,[59] compared the effects of both methods of texting—manually and hands-free—on driving.[60]  The researchers concluded that there was no significant difference between the two methods: “Driver response times were significantly delayed no matter which texting method was used.”[61]  The study also determined that drivers spent less time with their eyes on the road regardless of the method through which they composed text messages.[62]

Critics emphasize that this investigation focuses only on cognitive distraction, which is believed to be less dangerous than manual and visual distraction.[63]  Nonetheless, an amplified cognitive load increases the risk of a crash due to slower reaction times and inattention blindness.[64]  Additionally, research conducted by the Virginia Tech Transportation Institute[65] found that the use of hands-free devices “involved visual-manual tasks at least half of the time.”[66]  Significantly, no research has been able to show that integrated hands-free devices improve safety.[67]

When the safety benefits of integrated hands-free technology were completely unknown, experts believed that it “w[ould] become standard within a few years.”[68]  This prediction held true—hands-free communication technology has become “a central competitive focus of the automotive industry”[69]—despite a lack of demonstrated safety benefits.[70]  Meanwhile, researchers have accumulated considerable evidence indicating that this technology poses significant risks.[71]  The next section examines the cognitive dissonance between the existing research on hands-free texting and the law’s treatment of it.

A Mismatch Between Research and How Laws Treat Hands-Free Technology

All over the country, state legislators have noticed the distracted driving epidemic and have racked their brains to find ways that they believe will address the issue.[72]  As discussed above, the vast majority of states have banned texting while driving.[73]  Fourteen states have gone even further, banning any use of hand-held devices for all drivers.[74]  The problem, however, lies in the fact that none of these laws address the concern with hands-free devices,[75] seeming to incorrectly presume that they are a safer alternative.[76]  California, for example, explicitly condoned the use of hands-free devices for texting less than a year after issuing a text messaging ban.[77]  While there have been calls for states to issue bans on the use of hands-free devices, no state has actually done so.[78]

The lack of a legislative response to research demonstrating the dangers of hands-free texting does not, however, mean that states are not seeking novel ways to continue the fight against distracted driving and its dire consequences.[79]  New York legislators, for example, recently introduced a bill (“Evan’s Law”) that arms police officers with a field testing device called a “textalyzer.”[80]  A textalyzer, which is still in development,[81] could check a driver’s phone for recent, unlawful activity.[82]

Setting aside privacy concerns, Evan’s Law and the use of a textalyzer raise additional important, yet unanswered, questions.[83]  Among those is whether the device will have the ability to distinguish between a message sent manually and one sent using hands-free technology.[84]  Hands-free devices are specifically exempted from New York’s texting ban; using them is not a violation of the law.[85]  Some doubt that the textalyzer will be able to differentiate whether a message was sent hands-on or hands-free.[86]  This may complicate the solution by adding, rather than subtracting, steps.[87]  The National Highway Traffic Safety Administration desires a technological solution to the distracted driving problem.[88]  The textalyzer, however, diverges from their vision—one including a device or a vehicle feature that recognizes when a driver is using a phone and deactivates it[89] —and adds procedural requirements.[90]

New York is currently the only state to consider using a device like the textalyzer to combat the distracted driving problem.[91]  If Evan’s Law passes, however, other states may join New York’s lead.[92]  Using technology to combat technology without explicitly considering the new age of automobile advancements and current research assessing their efficacy may prove to further complicate an already difficult area.

Suggestions and Conclusion

Technological advancements in cars are rapid and largely a result of consumer desires.[93]  As car manufacturers and legislators work to find solutions to the distracted driving epidemic,[94] the latter must take a hard look at the adequacy of current measures, while the former should consider its competitive emphasis on integrated hands-free technology.  Importantly, researchers and legislators will need to stop talking past one another, and start comparing notes.

 


[1] New Age Automobiles, Dreams About Car Life of the Future, MURATA, http://www.murata.com/en-us/about/newsroom/techmag/metamorphosis17/special/life (last visited June 7, 2016).

[2] See, e.g., Brian Cooley, Tech Watch: Top 5 Inexpensive High-Tech Cars, CBS SFBayArea (Oct. 2, 2012, 8:58 AM), http://sanfrancisco.cbslocal.com/2012/10/02/tech-watch-top-5-inexpensive-high-tech-cars/; Doug DeMuro, 7 Great High-Tech Cars Under $35,000, AUTOTRADER (Aug. 2014), http://www.autotrader.com/best-cars/7-great-high-tech-cars-under-35000-229215.

[3] Hans-Werner Kaas, Andreas Tschiesner, Dominik Wee & Matthias Kässer, How Carmakers Can Compete for the Connected Consumer, MCKINSEY & COMPANY (Sept. 2015), http://www.mckinsey.com/industries/automotive-and-assembly/our-insights/how-carmakers-can-compete-for-the-connected-consumer.

[4] Id.

[5] Reuters, U.S. Commuters Spend About 42 Hours a Year Stuck in Traffic Jams, NEWSWEEK (Aug. 26, 2015, 12:31 PM), http://www.newsweek.com/us-commuters-spend-about-42-hours-year-stuck-traffic-jams-365970; see also Ashley Halsey III, Automakers Embrace Hands-Free Text-Messaging Technology, WASH. POST (Oct. 24, 2011), https://www.washingtonpost.com/local/automakers-embrace-hands-free-text-messaging-technology/2011/10/19/gIQAg0fjDM_story.html (“The demand for all this comes, in part, because the amount of time Americans spend stuck in traffic has more than doubled since 1982 . . . .”); The Editorial Board, Editorial, Hands-Free Distractions, N.Y. TIMES (June 23, 2013), http://www.nytimes.com/2013/06/24/opinion/hands-free-distractions.html (“A spokeswoman for the auto industry told The Times that ‘people want to be connected in their car just as they are in their home or wherever they may be.’”).

[6] Reuters, supra note 5.

[7] Built-in Connectivity Among Least Used Technologies, Creating Lost Value, J.D. POWER (Aug. 25, 2015), http://www.jdpower.com/press-releases/2015-driver-interactive-vehicle-experience-drive-report (“[A]ccording to the J.D. Power 2015 Driver Interactive Vehicle Experience (DrIVE) Report,” which “measures driver experiences with in-vehicle technology features during the first 90 days of ownership . . . at least 20 percent of new-vehicle owners have never used 16 of the 33 technology features measured.”).

[8] Paul Murrell, The Technology People Want in Their Cars, and What They Don’t . . ., PRACTICAL MOTORING, https://practicalmotoring.com.au/car-news/what-car-tech-people-want-and-what-they-dont/ (last visited June 7, 2016).

[9] John Brandon, 10 Major Tech Advancements in Cars for 2016, COMPUTERWORLD (Jan. 12, 2016, 10:38 AM), http://www.computerworld.com/article/3021856/personal-technology/10-major-tech-advancements-in-cars-for-2016.html.

[10] Id.

[11] See, e.g., id.

[12] Id. Back-up cameras in cars, for example, are a practical advancement that will be mandated by law in any new car produced or sold in the United States after 2018. Wayne Cunningham, U.S. Requiring Back-Up Cameras in Cars by 2018, ROADSHOW BY CNET (Mar. 31, 2014, 11:04 AM), http://www.cnet.com/roadshow/news/u-s-requiring-back-up-cameras-in-cars-by-2018/ (“The rule applies to all road-legal vehicles under 10,000 pounds” and “requires a back-up camera to show a field of vision at least 10 feet wide directly behind the vehicle, going back a minimum of 20 feet.”).

[13] Id.

[14] Id.

[15] Rick Newman, Forget Self-Driving Cars—This Technology Is Way Cooler, YAHOO FINANCE (Apr. 22, 2016, 1:42 PM), http://finance.yahoo.com/news/forget-self-driving-cars-night-vision-technology-is-cooler-162552501.html.

[16] Id. Autoliv is a safety technology company and automotive supplier. AUTOLIV, About Us, https://www.autoliv.com/AboutUs/Pages/default.aspx (last visited June 7, 2016).

[17] Newman, supra note 15.

[18] See, e.g., Halsey III, supra note 5.

[19] Dr. Nina Radcliff, Distracted Driving Is an American Epidemic, WASH. TIMES (Apr. 26, 2015), http://www.washingtontimes.com/news/2015/apr/26/nina-radcliff-distracted-driving-american-epidemic/?page=all.

[20] CTR. FOR INTERNET & TECH. ADDICTION, IT CAN WAIT COMPULSION SURVEY 3, http://about.att.com/content/dam/snrdocs/It%20Can%20Wait%20Compulsion%20Survey%20Key%20Findings_9%207%2014.pdf (last visited June 7, 2016) (using a national telephone survey consisting of 1,004 respondents who meet the following criteria: are between 16-65, own a cell phone, text at least once a day, and drive, at a minimum, almost every day).

[21] Justin Worland, Why People Text and Drive Even When They Know It’s Dangerous, TIME (Nov. 6, 2014), http://time.com/3561413/texting-driving-dangerous/.

[22] CTR. FOR INTERNET & TECH. ADDICTION, supra note 20.

[23] Distracted Driving, CDC, http://www.cdc.gov/motorvehiclesafety/distracted_driving/ (last visited June 7, 2016) (noting that there are three types of distraction: visual, manual, and cognitive).

[24] Radcliff, supra note 19.

[25] Andrew Lavallee, Consumers Favor Texting-While-Driving Ban, WALL ST. J. (Sept. 1, 2009, 8:04 AM), http://blogs.wsj.com/digits/2009/09/01/consumers-favor-texting-while-driving-ban/.

[26] Radcliff, supra note 19.

[27] Distracted Driving Laws, GHSA (Apr. 2016), http://www.ghsa.org/html/stateinfo/laws/cellphone_laws.html.

[28] Kaas et al., supra note 3; Halsey III, supra note 5.

[29] See supra notes 18–26.

[30] Jayne O’Donnell, Some Cars Will Read Texts and E-mails or Take Dictation, USA TODAY (Mar. 28, 2013, 12:06 AM), http://www.usatoday.com/story/news/nation/2013/03/27/some-cars-will-read-texts-and-emails-or-take-dictation/2026823/.

[31] Halsey III, supra note 5.

[32] See, e.g., Ford SYNC Technology, FORD, http://www.ford.com/technology/sync/ (last visited June 7, 2016).

[33] Peter DeMarco, Top 7 Hands-Free Driving Devices, BOSTON.COM, http://www.boston.com/cars/gallery/top_handsfree_driving_apps/ (last visited June 7, 2016).

[34] Id.

[35] Id.

[36] Id.

[37] Id.

[38] See, e.g., Tara Baukus Mello, Rating Hands-Free Calling in Today’s Cars, BANKRATE, http://www.bankrate.com/finance/auto/rating-hands-free-calling-in-todays-cars-1.aspx (last visited June 7, 2016).

[39] Of the 10 largest car manufactures in the world, General Motors is #2, Nissan-Renault #3, and Ford Motor Company #6. See John LeBlanc, The Top 10 Largest Automakers in the World, DRIVING (Apr. 25, 2014), http://driving.ca/toyota/corolla/auto-news/news/the-top-10-largest-automakers-in-the-world.

[40] Ford SYNC Technology, supra note 32 (discussing “SYNC 3 plus Apple CarPlay Support,” which lets owners “use [their] voice to make a call, listen to music, voice-control, select apps with SYNC AppLink and much more,” while “keep[ing] [their] eyes on the road and [their] hands on the wheel”).

[41] See In-Vehicle Infotainment (IVI), WEBOPEDIA, http://www.webopedia.com/TERM/I/in-vehicle-infotainment-ivi.html (last visited June 7, 2016) (“[T]ypical tasks that can be performed with an in-vehicle infotainment system include managing and playing audio content, utilizing navigation for driving, delivering rear-seat entertainment such as movies, games, social networking, etc., listening to incoming and sending outgoing SMS text messages, making phone calls, and accessing Internet-enabled or smartphone-enabled content such as traffic conditions, sports scores and weather forecasts.”).

[42] Ford SYNC Technology, supra note 32.

[43] Id.

[44] Chevrolet MyLink, CHEVROLET, http://www.chevrolet.com/mylink-radio.html (last visited June 7, 2016).

[45] Id.

[46] Id. (noting Text Message Alerts are “available on 2015 Impala models”).

[47] Id.

[48] NissanConnect Features, NISSAN, http://www.nissanusa.com/connect/features-app.html#_features-communication (last visited June 7, 2016).

[49] Id.

[50] Id.

[51] Id.

[52] See supra notes 37–49. Buick, Toyota, Volkswagen, Chrysler, Hyundai, and Mazda all have similar systems. See also New Hands-Free Technologies Pose Hidden Dangers for Drivers, AAA NEWSROOM (Oct. 22, 2015) [hereinafter Hidden Dangers], http://newsroom.aaa.com/2015/10/new-hands-free-technologies-pose-hidden-dangers-for-drivers/.

[53] Peter Bigelow, Feds Recommend Ban of Hands-Free Phone Use to Curb Epidemic of Distracted Driving, AUTOBLOG (Mar. 28, 2012, 10:49 AM), http://www.autoblog.com/2012/03/28/feds-recommend-ban-of-hands-free-phone-use-to-curb-epidemic-of-d/ (“[Department of Transportation Secretary Ray] Lahood has said the issue with hands-free devices needs more research.”).

[54] David Pogue, Hands-Free Texting Is No Safer to Use While Driving, SCIENTIFIC AMERICAN (Nov. 1, 2013), http://www.scientificamerican.com/article/hands-free-texting-is-no-safer-to-use-while-driving/ (discussing a study conducted by the Texas A&M Transportation Institute that examined “people driving a closed course under three conditions: while texting by hand, while texting by voice . . ., and without texting at all,” and finding that there is “no difference whether [one] text[s] hands-free or by voice”). Notably, this study only used 43 subjects. Id.

[55] Hands-Free Is Not Risk-Free, Nat’l Safety Council, http://www.nsc.org/learn/NSC-Initiatives/Pages/distracted-driving-hands-free-is-not-risk-free-infographic.aspx (last visited June 7, 2016) (discussing a study conducted by the AAA Foundation for Traffic Safety).

[56] Distracted Driving, supra note 23.

[57] NAT’L SAFETY COUNCIL, UNDERSTANDING THE DISTRACTED BRAIN: WHY DRIVING WHILE USING HANDS-FREE CELL PHONES IS RISKY BEHAVIOR 2 (2012), http://www.nsc.org/DistractedDrivingDocuments/Cognitive-Distraction-White-Paper.pdf.

[58] Hidden Dangers, supra note 52 (summarizing a study in which 257 drivers between the ages of 21 and 70 tested 2015 model-year vehicles, and 65 other drivers between the ages of 21 and 68 “tested the three phone systems”). The study represented a third phase of the Foundation’s investigation into the effects of hands-free technology use in vehicles on a driver’s cognitive distraction. Id.

[59] The Texas A&M Transportation Institute (TTI) is “one of the premier higher education-affiliated transportation research agencies in the nation,” which “conducts over 600 research projects annually with over 200 sponsors at all levels of government and the private sector.” About TTI, Tex. A&M Transp. Inst., http://tti.tamu.edu/about/ (last visited June 7, 2016). This particular study was sponsored by the Southwest Region University Transportation Center. Voice-to-Text Driver Distraction Study, Tex. A&M Transp. Inst. [hereinafter Distraction Study], https://tti.tamu.edu/enhanced-project/voice-to-text-driver-distraction-study/ (last visited June 7, 2016).

[60] Distraction Study, supra note 59 (summarizing a study in which 43 drivers first drove through a closed course without using any cell phones, then did so “three more times performing a series of texting exercises—once using each of two voice-to-text applications (Siri® for the iPhone and Vlingo® for Android), and once texting manually”).

[61] Id.

[62] Id.

[63] See, e.g., Mitch Bainwol, Letter to the Editor, Using Hands-Free Devices to Chat and Drive, N.Y. Times (July 4, 2013), http://www.nytimes.com/2013/07/05/opinion/using-hands-free-devices-to-chat-and-drive.html.

[64] See RICHARD HARKNESS, SUMMARY OF RESEARCH FINDINGS INDICATE SIGNIFICANT CRASH RISKS ASSOCIATED WITH HANDS-FREE TEXTING WHILE DRIVING 1 (2013), https://www.adeptdriver.com/assets/resources/Hands_free_texting_while_driving_poses_great_crash_risk_4-25-13.pdf.

[65] The Virginia Tech Transportation Institute (VTTI) is “the second largest university-level transportation institute in the U.S. with more than 475 employees.” About VTTI, VA. TECH TRANSP. INST., www.vtti.vt.edu/about/about-vtti.html (last visited June 7, 2016). The institute “has more than $36 million in annual sponsored program research expenditures and is conducting more than 270 active projects.” Id. The study in question was sponsored by the National Highway Traffic Safety Administration. New VTTI Study Results Continue to Highlight the Dangers of Distracted Driving,VA. TECH TRANSP. INST. (May 29, 2013) [hereinafter VTTI Study], http://www.vtti.vt.edu/featured/?p=193.

[66] VTTI Study, supra note 65 (summarizing a study in which cameras and other equipment were used to observe participants in their personal vehicles for a combined total of six million miles driven).

[67] See HARKNESS, supra note 64.

[68] Jenny Che, How Car Companies Are Combatting Texting While Driving, Huffpost Business (June 9, 2015, 6:14 PM), http://www.huffingtonpost.com/entry/how-car-companies-are-combatting-texting-while-driving_us_55771263e4b0317a2afd3fdc.

[69] Robert Rosenberger, The False Sense of Safety Created by Hands-Free Devices in Cars, Slate (March 5, 2012, 3:15 PM), www.slate.com/blogs/future_tense/2012/03/05/hands_free_devices_don_t_make_it_safe_to_talk_text_and_drive_.html.

[70] See HARKNESS, supra note 64.

[71] See id.

[72] Distracted Driving Laws, supra note 27.

[73] Id.

[74] Id. Those states are California, Connecticut, Delaware, Hawaii, Illinois, Maryland, Nevada, New Hampshire, New Jersey, New York, Oregon, Vermont, Washington, and West Virginia. Id. The District of Columbia, Puerto Rico, Guam, and the Virgin Islands also ban hand-held devices while driving. Id.

[75] See generally id.

[76] See, e.g., Halsey III, supra note 5.

[77] Dante D’Orazio, California Passes Bill Legalizing Voice-Activated Hands-Free Texting While Driving, THE VERGE (July 17, 2012, 9:06 PM), http://www.theverge.com/2012/7/17/3165461/california-legalizes-voice-activated-hands-free-texting.

[78] Bigelow, supra note 53.

[79] See Matt Richtel, Texting and Driving? Watch Out for the Textalyzer, N.Y. Times (Apr. 27, 2016), http://www.nytimes.com/2016/04/28/science/driving-texting-safety-textalyzer.html.

[80] Id.

[81] David Kravets, First Came the Breathalyzer, Now Meet the Roadside Police “Textalyzer”, arstechnica (Apr. 11, 2016, 3:00 PM), http://arstechnica.com/tech-policy/2016/04/first-came-the-breathalyzer-now-meet-the-roadside-police-textalyzer/.

[82] Richtel, supra note 79.

[83] See, e.g., Bryan Chaffin, On Being Skeptical of ‘Textalyzer’ Technology to Detect Smartphone Use Before Accidents, MAC OBSERVER (Apr. 12, 2016, 8:25 PM), http://www.macobserver.com/tmo/article/on-being-skeptical-of-textalyzer-technology-to-detect-smartphone-use-before.

[84] The current iteration of Evan’s Law does not provide an answer. See S.B. S6325A 2015–2016 Leg. Sess. (N.Y. 2016).

[85] N.Y. VEH. & TRAF. LAW § 1225-c(3)(c) (Consol. 2016).

[86] Kravets, supra note 81 (stating that further testing will be required to determine whether integrated hands-free technology was the method of phone usage).

[87] Id. (stating that further testing will be required to determine whether integrated hands-free technology was the method of phone usage).

[88] Damon Lavrinc, The Feds’ ‘Ultimate Solution’ to Curb Distracted Driving, WIRED (June 6, 2013, 7:00 PM), http://www.wired.com/2013/06/feds-ultimate-solution/.

[89] Id.

[90] Kravets, supra note 81 (stating that the additional testing “may require a warrant”).

[91] Richtel, supra note 79.

[92] Id.

[93] See, e.g., James Liu, Aluminum in Automotive: This Is Just the Beginning, Novelis, http://novelis.com/aluminium-in-automotive-this-is-just-the-beginning/ (last visited June 7, 2016).

[94] Radcliff, supra note 19.