Getting Ahead of the Digital Divide: How State Laws Ensuring Equal and Adequate Access to Education Technology Across School Districts Will Benefit Both Students and Legislatures

By Mark Goldich*

I. Introduction

Although not explicitly guaranteed by the Constitution, public education is upheld under the law as a crucial government service that must be provided equally to all children in the United States.[1]  The Supreme Court has declared public education essential to providing citizens the tools to enjoy and participate in America’s economy.[2]  Technological development in classrooms, meanwhile, has proven crucial in improving teaching and learning to keep pace as the economy modernizes.[3]  Due to the inequitable distribution of vital technology resources across school districts, students in poorer neighborhoods nationwide do not enjoy the benefits of classroom technology to their significant disadvantage.[4]

As states provide for education through their own constitutions and statutes, they are exposed to lawsuits by aggrieved parents and school districts seeking more equitable and robust distribution of education resources. Part II of this Note will review the importance of technology in classrooms, briefly examine a handful of state constitutions providing for public education, and introduce several lawsuits challenging statewide distribution of education funds and resources. Part III will examine the implications of state-level education litigation, and review several recently enacted laws that specifically enhance technology in classrooms. Part IV will recommend that states address the education technology gap head-on by crafting laws ensuring its equitable and adequate dispensation across school districts. Such laws will better serve students, and prevent costly litigation.

II. Background

School systems across America are in a period of transition. Over the past several years, classrooms have shifted from predominantly print-based to digital learning environments.[5]  Access to education technology allows students to connect to learning opportunities worldwide,[6] develop valuable research skills at an early age,[7] and access online courses and supplemental materials to complement their in-school experience.[8]  Results show that access to such technology can boost test scores, while increasing student engagement in project-based learning in classrooms.[9]

Classroom technology also helps prepare students for the modern workforce. Many jobs require at least some use and knowledge of computer technology; students who exit school without adequate training enter the workforce at a marked disadvantage.[10]  By equipping schools with adequate technology, districts better prepare students to compete economically.[11]

As the national education community has awakened to the benefits of classroom technology,[12] some states have accordingly provided such resources to students.[13]  With increasing regularity, school districts are experimenting with online learning programs, and helping schools implement digital curriculum.[14]  In 2002, for example, Maine became the first state to adopt a one-to-one laptop program, providing each student in Maine access to a laptop in the classroom.[15]  Students across America increasingly enjoy access to online classes that supplementing traditional courses, offer dual or advanced credits, or replace traditional high school courses altogether.[16]  In 2008, Florida enacted the first statewide legislation requiring districts to offer full- and part-time virtual course options.[17] Currently, five states (Alabama, Arkansas, Florida, Michigan, and Virginia) have laws requiring students to complete at least one online course in high school.[18]  Such measures reflect the growing understanding that education technology is prudent in the pursuit of producing prepared pupils.

Despite some growth in education technology nationwide, an alarming gap in access to such resources persists between the nation’s wealthy and poor school districts.[19]  This “digital divide” leaves many students from poorer school districts at a severe disadvantage.[20]  The Chicagoland area offers a poignant example of the disparity. In 2012, DuSable High School, located in a poorer neighborhood on the south side of Chicago, offered only twenty-four instructional computers for nearly a thousand students.[21] Many are thus without basic skills, such as the ability to save files to a flash drive, or set margins in Microsoft Word.[22]  In contrast, nearby Deerfield Public Schools District 109, located in a richer neighborhood, currently provides approximately 2,000 computer workstations for its 3,100 students, affording them the chance to develop valuable research and critical thinking skills at an early age.[23]  That students in low-income school districts also often lack access to technology at home only compounds the problem.[24]  Recent studies show only 62% of people in households making less than $30,000 a year use the Internet, compared to 90% in those making $50,000–$74,999.[25] Teachers in low-income neighborhoods note greater difficulty using education technology than their peers in wealthier schools.[26]  Many teachers in low-income schools cite their students’ inadequate access to technology at home as a “major challenge” in attempting to use it in the classroom.[27]

The extent of the digital divide is hard to justify, and flows directly from funding disparities between districts in many states.[28] State and local governments in twenty-three states spend less per student in their poorest school districts than they do in their wealthiest counterparts.[29] On average, states and municipalities nationwide spend 15% less on students in the poorest school districts than they do in the most affluent.[30]  Former Education Secretary Arne Duncan lamented as to the findings: “we have, in many places, school systems that are separate and unequal. Money by itself is never the only answer, but giving kids who start out already behind in life, giving them less resources is unconscionable, and it’s far too common.”[31]

Such large disparities in funding and resource distribution often give rise to state-level litigation, wherein aggrieved students, parents, and districts challenge state funding methods under state constitutional provisions. The state constitution of Kansas, for example, provides, “the legislature shall make suitable provision for finance of the educational interests of the state.”[32]  The Kansas Supreme Court clarified the provision requires the state to guarantee equitable and adequate distribution of school funds and resources statewide.[33]  Since 2012, the state has been mired in litigation—Gannon v. State of Kansas—over its funding formula. In Gannon, a collection of districts, parents, and students argue the current formula does not meet the Kansas Supreme Court’s equity and adequacy requirements.[34]  The court has repeatedly scolded state legislators for attempting to shirk their constitutional mandate, maintaining, “school districts must have reasonably equal access to substantially similar educational opportunity through similar tax effort.”[35]  The court also clarified, “regardless of the source or amount of funding, total spending is not the touchstone for adequacy.”[36]  In so holding, the court required the state to provide school districts with adequate support and resources in addition to a mere dollar amount.

In New York, according to its highest court, the state constitution guarantees “a sound basic education” to all students.[37]  Like the Kansas court in Gannon, the New York court made clear this requirement cannot be met with funding alone: “A sound basic education is gauged by the resources afforded students and by their performance, not by the amount of funds provided to schools.”[38]  In Campaign for Fiscal Equity v. State of New York, the court noted:

For at least a decade it has been the position of [State Education Department] that instructional technology—computers, related hardware such as printers and modems, and appropriate software—is an essential resource for students . . . . Defendants correctly point out that in the last three years there has been an infusion of funds devoted to increasing schools’ use of instructional technology. However, these funds have failed to remedy New York City public schools’ technological deficit. Moreover, it is unclear whether funding for technological improvements in New York City public schools will continue.[39]

In Ohio, the Supreme Court summarized the state’s constitutional education mandate as follows:

The mission of education is to prepare students of all ages to meet, to the best of their abilities, the academic, social, civic, and employment needs of the twenty-first century, by providing high-quality programs that emphasize the lifelong skills necessary to continue learning, . . . use information and technology effectively, and enjoy productive employment.[40]

In DeRolph v. State of Ohio, the court held that the state’s school funding formula failed to pass constitutional muster,[41] lamenting:

None of the appellant school districts is financially able to keep up with the technological training needs of the students in the districts. The districts lack sufficient computers, computer labs, hands-on computer training, software, and related supplies to properly serve the students’ needs. In this regard, it does not appear likely that the children in the appellant school districts will be able to compete in the job market against those students with sufficient technological training.[42]

The courts in Kansas, New York, and Ohio suggest that providing adequate technological resources to its school districts is a minimum requirement states must meet to defeat education-funding challenges.

III. Analysis

Cases like those discussed above have often proven successful for plaintiffs, and warn of future battles for state legislatures.[43] Such cases often span years, and require states to expend valuable resources defending legislation. Gannon, for example, represents the culmination of years of political tug-of-war over school funding in Kansas.[44]

After the court found for the plaintiffs in 2012, the state legislature re-tooled the state’s per-pupil funding formula, adding approximately $130 million to its school budget to address inadequacy and inequity.[45]  The court approved the legislature’s remedies, but left the matter open to allow plaintiffs to raise future concerns if the state failed to uphold its promises.[46]  As it became clear that the state’s corrective measures would cost more than anticipated, the legislature scaled back on the additional aid it promised to poorer districts, passing a new, block-grant formula designed to shield the state from school funding increases.[47]  Not surprisingly, the Gannon plaintiffs immediately challenged the state’s maneuver.[48]  The ongoing litigation has been a significant thorn in lawmakers’ sides, as many expected the case to disappear with their initial appeasement promises.[49]  Disgruntled state representatives have lashed out, arguing courts should stay out of state budget determinations; some have threatened to alter the state’s judicial selection process in retaliation against the court’s “activism.”[50]  The Ohio Supreme Court’s decision in DeRolph precipitated similarly ugly political fallout in Ohio. Though the case began in 1991, the Ohio Supreme Court did not hand down a decision for the plaintiffs until March 1997.[51]  Since then, the Ohio Supreme Court has declared the state’s school funding formula unconstitutional three additional times.[52]

Long, bitter adequacy suits are costly to states in several ways. The most obvious costs are those imposed by courts, requiring states to spend greater sums on education. The initial Gannon decision led Kansas to announce a $130 million increase in annual education spending.[53]  The Ohio legislature, as a result of the DeRolph decisions, “spent billions on new schools, increased per-student aid 66 percent, and spent hundreds of millions in extra money for poor schools.”[54]  While such increases represent boons for poorer public school districts, they are jarring for state legislatures, as they require massive budget reallocation on the fly. Further, extended battles in state court are not cheap. The plaintiffs in DeRolph, for example, reported litigation costs of over $3.6 million annually prior to winning the case.[55]  At various points throughout the lengthy litigation, the court ordered the state to pay the coalition’s costs, on top of the approximately $2 million it spent on its own legal defense.[56]

Such lawsuits, culminating with the state’s highest court declaring the state’s youth under-served, also represent considerable embarrassments to state legislatures. Given public education’s position as “the most important function of state and local governments,”[57] one can only surmise the meticulous condemnation of a state’s public school system would not mark a proud moment for lawmakers. Although any state’s greatest incentive to equally provide its students with adequate education technology is to best prepare its young people; avoiding lengthy lawsuits, jarring fiscal mandates, and public embarrassment provide additional incentive for states to satisfying their constitutional duties.

Some states have shown early leadership in the fight to close the digital divide, passing statutes specifically aimed to equip schools with adequate education technology. For example, in 2014, North Carolina passed two new laws designed to transition classrooms from traditional textbooks to digital learning platforms.[58]  Similarly, the Georgia legislature recently passed the “Digital Classroom Act,” designed to provide digital textbooks and learning tools in classrooms across Georgia.[59]  The law provides a laptop, tablet, or other wireless electronic device to all students above the third grade who cannot provide their own for reading or accessing instructional material. [60]

In 2015, the Delaware Legislature established a task force devoted to making Delaware “the premier state for utilizing technology in pre- kindergarten to grade 12 education.”[61]  One of its primary mandates is to equalize access to education technology across districts statewide.[62]  While such provisions benefit students by ensuring access to essential learning tools; the state’s proactive, statutory approach to providing education technology signals its commitment to offering a modern and robust education equally to all students, and addresses an issue that has proven central to many state education lawsuits.[63]

IV. Recommendation

Given the importance of providing students access to education technology, states should follow the lead of North Carolina, Georgia, and Delaware, and address the digital divide head-on with legislation. Each of the recently passed provisions discussed above take different approaches to improving education technology within the respective states. As states implement new education technology plans and experiment with methods, others should watch closely, identify best practices, and scale up the most effective methods.

By passing laws ensuring equal and adequate access to education technology, states commit to providing students a rich and relevant education better suited for a technology-driven economy.[64]  States additionally benefit from avoiding ugly, lengthy, and expensive education-funding litigation.[65]  State courts have shown their willingness to interpret and strictly enforce the duties imposed by state constitutions, and poor or unequal provision of education technology is a major factor considered. Passing such legislation represents a positive, worthwhile investment in any state’s students, and lends credibility to any state arguing before its highest court that it is meeting its constitutional requirements.

V. Conclusion

Education technology is only becoming more essential and more ingrained in classrooms nationwide.[66]  To best serve students and legislatures alike, states should pass laws ensuring all students enjoy the benefits of a modern education; not just those from wealthier school districts. In perpetuating the digital divide, states breach their constitutional duties to provide equal and adequate public education to their citizens, inviting courts to hold state legislatures accountable. State lawmakers should show courage by investing in education technology, and help level the playing field between rich and poor districts.


*Mark Goldich, J.D. Candidate ’17, University of Illinois College of Law. Many thanks to MP, Geoff, Meredith, Ellen, and everyone who took the time to read this (yes: you).

[1] See Plyler v. Doe, 457 U.S. 202, 221 (1982) (“Public education is not a ‘right’ granted to individuals by the Constitution. . . . [E]ducation has a fundamental role in maintaining the fabric of our society. We cannot ignore the significant social costs borne by our Nation when select groups are denied the means to absorb the values and skills upon which our social order rests.”).

[2] See id. (“[E]ducation provides the basic tools by which individuals might lead economically productive lives to the benefit of us all.”).

[3] See Saomya Saxena, Using Technology in Education: Does It Improve Anything?, EdTechReview (Oct. 8, 2013), http://edtechreview.in/news/681-technology-in-education (discussing ways technology has improved education in recent years).

[4] See Nick Pandolfo, As Some School Plunge into Technology, Poor Schools Are Left Behind: Quickening Pace of Technology Widens the Digital Divide, Chi. Tribune (Jan. 25, 2012), http://articles.chicagotribune.com/2012-01-25/news/ct-x-digital-divide-0125-20120125_1_computers-consortium-for-school-networking-poor-schools/2 (highlighting the growing disparity in access to education technology between the nation’s wealthiest and poorest districts).

[5] Arne Duncan, U.S. Sec’y of Educ., The Digital Transformation in Education: Remarks at the State Educational Technology Directors Association Education Forum (Nov. 9, 2010), http://www.ed.gov/news/speeches/digital-transformation-education-us-secretary-education-arne-duncans-remarks-state-educational-technology-directors-association-education-forum. Some school districts, for example, have begun using digital tablets with educational software in classrooms to deliver curriculum in more innovative ways. See A Bold New Vision For Instruction Should Ignite the Move to 1:1, Off. Educ. Tech., U.S. Dep’t Educ., http://tech.ed.gov/stories/a-bold-vision-for-instruction-should-ignite-the-move-to-11/?back=%2Fstories%2Fstory_tag%2Fpersonalized-learning%2F (last visited Nov. 14, 2016) (describing a recent initiative in Virginia providing each student with tablet for in-class and at-home use).

[6] Duncan, supra note 5.

[7] Saxena, supra note 3.

[8] Pandolfo, supra note 4.

[9] Id.

[10] U.S. Dep’t of Educ., Getting America’s Students Ready for the 21st Century: Meeting the Technology Literacy Challenge 19 (1996), http://files.eric.ed.gov/fulltext/ED398899.pdf (explaining that employers are likely to prefer candidates with technological proficiency).

[11] Id.

[12] Pandolfo, supra note 4.

[13] Duncan, supra note 5.

[14] See Evergreen Educ. Grp., Keeping Pace With K-12 Digital Learning: An Annual Review of Policy and Practice 11, 12 (2015), http://www.kpk12.com/wp-content/uploads/Evergreen_KeepingPace_2015.pdf (describing nationwide increases in education technology).

[15] Katie Ash, State Laptop Program Progresses in Maine amid Tight Budgets, Educ. Wk. (Sept. 1, 2009), http://www.edweek.org/ew/articles/2009/09/02/02laptop.h29.html (last visited Nov. 14, 2016).

[16] See Evergreen Educ. Grp., supra note 14, at 14 (noting the nationwide proliferation of online courses).

[17] Fla. Stat. § 1002.45 (2008).

[18] Evergreen Educ. Grp., supra note 14, at 106.

[19] See Pandolfo, supra note 4 (highlighting the growing disparity in access to education technology between the nation’s wealthiest and poorest districts).

[20] See id. (describing the impacts the digital divide has on low-income school districts).

[21] Id.

[22] Id.

[23] Id.

[24] See Liz Soltan, Digital Divide: The Technology Gap Between the Rich and Poor, Digital Responsibility, http://www.digitalresponsibility.org/digital-divide-the-technology-gap-between-rich-and-poor/ (last visited Nov. 14, 2016) (discussing the correlation between lack of technology at school and lack of technology in homes in low-income school districts).

[25] Id.

[26] Id.

[27] Id.

[28] See Emma Brown, In 23 States, Richer School Districts Get More Local Funding than Poorer Districts, Wash. Post (Mar. 12, 2015), https://www.washingtonpost.com/news/local/wp/2015/03/12/in-23-states-richer-school-districts-get-more-local-funding-than-poorer-districts/ (discussing alarming funding gaps between the nation’s wealthiest and poorest school districts).

[29] Id.

[30] Id.

[31] Id.

[32] Kan. Const. art. VI, § 6.

[33] See Gannon v. State, 319 P.3d 1196, 1226 (Kan. 2014) (“[T]he ordinary understanding of the term ‘suitable’ encompasses minimum requirements of adequacy and equity.”).

[34] Id. at 1204; see also Kyle Palmer & Sam Zeff, Kansas to Court: Stay Out of School Funding, KCUR 89.3 (Nov. 24, 2015), http://kcur.org/post/kansas-court-stay-out-school-funding#stream/0 (describing the timeline of the ongoing Gannon litigation).

[35] Gannon, 319 P.3d 1196 at 1109.

[36] Id. at 1237.

[37] Campaign for Fiscal Equity v. State of New York, 719 N.Y.S.2d 475 (N.Y. Sup. Ct. 2001).

[38] Id. at 534.

[39] Id. at 513–14.

[40] DeRolph v. State, 677 N.E.2d 733, 740 (Ohio 1997).

[41] Id. at 781.

[42] Id. at 744.

[43] A 1997 survey of state-level litigation found that plaintiffs won 74% of all adequacy suits (suits where concerned parents, school districts, and interested parties contend some students are not receiving an education of the quality demanded by their state constitution) before state supreme courts. See Jessica Malman, Connecting Students to “the Net”: Guiding Principles from State Constitutions, 7 Geo. J. on Poverty L. & Pol’y 53, 103 (2000).

[44] See Sam Zeff, A Primer on the School Funding Case Before the Kansas Supreme Court, KCUR 89.3 (Nov. 5, 2015), http://kcur.org/post/primer-school-funding-case-kansas-supreme-court#stream/0 (“On Friday morning, the Kansas Supreme Court hears arguments in a school funding case that’s gone on for years and could lead to the Legislature being ordered to spend hundreds of millions of dollars more on public education.”).

[45] Gannon Explained, Mainstream Coalition (Mar. 10, 2014), http://www.mainstreamcoalition.org/gannon_explained.

[46] Id.

[47] John Eligon, Kansas Schools Fight Plays Out Against Backdrop of Debate on Judiciary, N.Y. Times (Mar. 22, 2015), http://www.nytimes.com/2015/03/23/us/kansas-schools-fight-plays-out-against-backdrop-of-debate-on-judiciary.html?_r=0.

[48] Id.

[49] Zeff, supra note 44.

[50] Id.

[51] Eric Albrecht, What Went On in the Supreme Court, Columbus Dispatch (March 24, 2007, 3:54 PM), http://www.dispatch.com/content/stories/local/2007/03/18/SUPREMES.ART_ART_03-18-07_A1_OK638N7.html.

[52] Sandra McKinley, The Journey to Adequacy: The DeRolph Saga, 30 J. Educ. Fin. 321, 321 (2005).

[53] Gannon Explained, supra note 45.

[54] Albrecht, supra note 51.

[55] See James Drew, Coalition Legal Fees $3.6M and Growing Ohio Taxpayers Foot Bills for Columbus Firm’s Work, Toledo Blade (June 17, 2001), http://www.toledoblade.com/State/2001/06/17/Coalition-legal-fees-3-6M-and-growing-Ohio-taxpayers-foot-bills-for-Columbus-firm-s-work.html (“The coalition challenging Ohio’s school-funding system has used $3.6 million in tax dollars to pay for legal fees over the last decade—and the meter keeps running.”).

[56] Id.

[57] Brown v. Bd. of Educ., 347 U.S. 483, 493 (1954).

[58] Id.

[59] 2015 Ga. Laws 171 (S.B. 89).

[60] Id.

[61] S.C.R. 22, 148th Gen. Assemb., Reg. Sess. (Del. 2015), http://legis.delaware.gov/BillDetail?LegislationId=23843.

[62] Id.

[63] Campaign for Fiscal Equity v. State of New York, 719 N.Y.S.2d 475, 513–14 (N.Y. Sup. Ct. 2001); DeRolph v. State, 677 N.E.2d 733, 740 (Ohio 1997); McDuffy v. Sec’y of Exec. Office of Educ., 615 N.E.2d 516, 553 (Mass. 1993).

[64] See Monica Herk, The Skills Gap and the Seven Skill Sets that Employers Want: Building the Ideal New Hire, Comm. For Econ. Dev. (June 11, 2015), https://www.ced.org/blog/entry/the-skills-gap-and-the-seven-skill-sets-that-employers-want-building-the-id (explaining the importance employers place on technological proficiency in seeking prospective hires).

[65] Associated Press, Kansas Officials Want School Funding on Hold, Wichita Eagle (June 29, 2015, 3:39 PM), http://www.kansas.com/news/politics-government/article25777900.html; Drew, supra note 55; Gannon Explained, supra note 45.

[66] See Evergreen Educ. Grp., supra note 14 (describing nationwide increases in education technology).

Segmenting Cyberwarfare to Aid in the Formation of Ethical Policy and Law

By Scott Van Hoy*

Introduction

Breaching computer infrastructure has become a relatively easy task for skilled hackers, making cybersecurity an increasingly hot topic. The importance of the information stored on computer systems and society’s overall reliance on computer systems is substantial, leading to concerns regarding how to manage the security of technology. If a hacker gains access to government networks, the resulting damage may cause greater disruption than physical damage to property or people. A skilled hacker can also alter computer systems in ways that result in physical damage to humans or machines. A cyberattack and the subsequent cyberdefense when used as part of a military strategy is referred to as cyberwarfare.

Cyberwarfare has become the all-encompassing term for cyberattacks. Cyberwar and conventional war are often discussed under the same ethical and legal frameworks, masking the type of cyberattack beneath the term. Addressing cyberwarfare as a general term for a high-tech war could result in ethical dilemma considering the legal frameworks of war would not adapt to the technology’s capabilities. In order to aid in ethical decision making during cyberconflict, cyberwarfare should be addressed as three different types of war: conventional cyberwarfare, infrastructural cyberwarfare, and information cyberwarfare. Only after policy and lawmakers acknowledge this segmentation can cyberwarfare be addressed ethically among the international community.

Background

Cyberwarfare has posed a unique set of challenges to military and government leaders over the last few decades, and continues to be an ongoing discussion worldwide. From cars to our electrical power grid, computers control the world around us. The capabilities to hack and recode technology create a new domain of warfare that has already been tested and proven in the international community.[1]

In 1982, a Soviet Trans-Siberian oil pipeline explosion was observed by a United States infrared satellite.[2]  This explosion was the most violent non-nuclear explosion ever observed by satellite, and was the equivalent of three kilotons of TNT.[3]  It is accepted that the explosion was caused by the United States’ Central Intelligence Agency (CIA).[4]  The CIA supposedly hacked into the pipeline’s control system and altered the pressure specifications for the pumps, values, and turbines.[5] The resulting high pressure caused the explosion.[6]  There were no human casualties recorded.[7]

In 2005 and 2007, Brazil experienced power outages in two of its largest cities.[8]  Over three million residents lost power for two days, and the cause was proven to be a result of hackers breaching Brazil’s energy infrastructure.[9]  Cyberweapons can be used without the victim ever knowing who committed the attack, and entire cities can be plunged into darkness without leaving a trace of who committed the attack, or why the attack was committed.[10]

When Iran’s uranium enrichment capability increased in the early 2000s, the United States developed a digital weapon to slow Iran’s production.[11] In 2009, the United States deployed Stuxnet, a program designed to increase the revolutions per minute of the centrifuges that enriched the uranium. Centrifuges began to fail, and in the first five months Iran’s centrifuge count was reduced from 4,592 to 3,936 due to Stuxnet.[12])

Then in 2015, the United States’ Office of Personnel Management (OPM) was hacked.[13]  The OPM attack compromised the personal information of 22.1 million government employees, including their social security numbers, performance evaluations, and names of friends and family.[14]  The Washington Post reported that U.S. officials believe this breach is potentially the most damaging “cyber heist” in U.S. government history.[15]  China has not been officially named as the OPM attacker; however, the common narrative among government officials is that China is conducting “traditional espionage” via cyber means against the United States.[16]

International Interpretations

There is a human element to cyberwarfare that is not as clear as the 1s and 0s of the cyber world. Some ethical and legal frameworks of conventional warfare that have been established and accepted may no longer be valid in the digital age. For example, the rightful application of just war theory is debatable when trying to determine if a cyberattack is considered an armed attack.[17]  One argument is that a cyberattack with no human casualties will never justify war because an armed attack results in, and could be defined by, physical harm or loss of life.[18]  Another argument is that a malicious attack, whether it physically harms a person or not, is considered an armed attack due to the unknown second and third order effects, thus justifying war.[19]

Debates such as the just war theory discussion could continue for decades only to result in uncertain ethical responses to cyberwarfare. So long as governments treat cyberwarfare and conventional warfare within the same legal and ethical frameworks, government officials will struggle to agree on an ethical way to manage new cybertechnologies. For example, the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE), which includes the United States, focuses on connecting humanitarian and international law to identify what actions are just in a cyberwar.[20] The CCDCOE defines a cyberattack as “a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects,”[21] and recognizes cyberwarfare as a cyberattack authorized by state actors.[22]  Combining the definitions, cyberwarfare is considered to be an extension of conventional war with loss of human life and infrastructure, placing cyberwar within the current just war theory and the law of armed conflict. However, the CCDCOE’s Tallinn Manual, the leading manual on the “international law applicable to cyber warfare,” states that the application of the law of armed conflict can be problematic due to the difficulty in identifying the originator, the intent, and the outcome of the attack.[23]

The Shanghai Cooperation Organisation (SCO) consists of six member states including Russia and China.[24] The SCO defines cyberwarfare as “the dissemination of information ‘harmful to the spiritual, moral, and cultural spheres of other states.’”[25] The SCO’s member states have concerns over the concept of uncontrolled information exchange,[26] an idea that when combined with their definition of cyberwar, may lead to unethical responses to cyberattacks. If a country were to hack into an SCO country’s television stations and modify service, this disruption would fall within the SCO’s definition of cyberwar. Since the SCO does not define the barriers between cyberwar and conventional war, a cybertelevision attack may justify war the same as if it were a kinetic attack.

Cyberwarfare Segmentation

The different interpretations of cyberwarfare in the international community will not likely be resolved in the near future due to the dissimilar opinions of the SCO, CCDCOE, and other supranational organizations. Each of the definitions lead to different outcomes and reactions to cyberwar, none of which will fall perfectly within current international law. In order to attempt to justify what is and is not ethical during a cyberwar, cyberwarfare should be broken down into three different categories of cyberwarfare, which can be referred to as the cyberwarfare segmentation model. The first category is conventional cyberwarfare, the second is infrastructural cyberwarfare, and the third is information cyberwarfare.

Conventional cyberwarfare best represents the CCDCOE’s definition of cyberwar, where cyberwarfare is an extension of conventional warfare.[27] Conventional cyberwarfare assumes that a cyberattack will result in the direct or indirect death or physical harm to humans.[28] When there is no longer physical harm to people, but instead physical infrastructure is damaged and widespread disruption occurs, the result is infrastructural cyberwar.[29] The Brazilian power outage, oil pipeline explosion, and the Stuxnet cases show the effectiveness of infrastructural cyberattacks. These same attacks also had the potential to initiate conventional cyberwar. For example, if the Siberian oil pipeline explosion killed the operator, or the power outage directly led to civilian deaths, then it would be an example of conventional cyberwar.[30]

Information cyberwarfare is the act of cyberespionage or information disruption.[31] When hackers gained access into the OPM database and captured the personal information of 22.1 million U.S. government employees, the hackers conducted an information cyberattack on the United States. No human lives were lost and there was no infrastructural damage or physical disruption; thus, only cyberespionage and information disruption occurred.

The lack of segmentation in international law results in both legal yet unethical responses, and illegal yet ethical responses to cyberwar. The United Nations Charter Article 51 declares that self-defense is the only justification for an armed attack, making preemptive strikes illegal.[32]  In addition, the International Committee of the Red Cross (ICRC) and the law of armed conflict declare that civilians are protected and must never be targeted.[33]  With the changing ethical landscape of just war, it is debated that information cyberwar can be used preemptively and target noncombatants if used responsibly to prevent conventional war, which according to the ICRC and the U.N. Charter is unlawful. In the Stuxnet case, the cyberattack on Iran could be considered an armed attack if the attack is not segmented and realized as an infrastructural cyberattack. Thus, by the U.N. Charter, Iran could have responded legally, but not ethically, with a kinetic attack. Without segmentation, the U.N. Charter also infers Stuxnet was an illegal armed attack against Iran, thus the United States was ethically, but not legally, conducting a preemptive strike.

The Shanghai Cooperation Organisation has a much broader definition of cyberwarfare and uses different ethical and legal frameworks for determining what is and is not legal war.[34]  Although the SCO cooperates with the international laws set forth by the United Nations,[35] its broad definition of cyberwarfare leaves room for a broad interpretation of legality, especially for the definition of “armed attack.”[36]  This open interpretation of the U.N. Charter could lead to a response that is legal yet unethical. If the SCO adopts the cyberwarfare segmentation model, it would lay a foundation for further discussion about how to create ethical policies and laws for how to respond to each type of cyberattack, rather than using one term to justify the legality of war.

Both the Stuxnet and SCO examples are derived from the open interpretation of international law set forth by the United Nations. The changing ethical landscape of war resulting from cyberwarfare is consequently changing the legal landscape of war, and the United Nations has not yet taken significant steps to adapt to this form of 21st century conflict. International law often attempts to relate cyberwarfare to conventional warfare, creating laws that may lead to unethical responses to cyberattacks. To ensure ethical laws are established to regulate cyberwarfare, the U.N.’s CCDCOE and the SCO should adopt the cyberwarfare segmentation model to help reevaluate the morality of current international law.

 


*Scott Van Hoy. University of Illinois, MS Technology Management, 2016.

[1] Chris Domas, The 1s and 0s Behind Cyber Warfare, TED (Oct. 2013), https://www.ted.com/talks/chris_domas_the_1s_and_0s_behind_cyber_warfare.

[2] Johann Rost & Robert L. Glass, The Dark Side of Software Engineering: Evil on Computing Projects 118 (2011).

[3] Id.

[4] Id.

[5] Id. at 119.

[6] Id.

[7] Id.

[8] Kevin Poulsen, Report: Cyber Attacks Caused Power Outages in Brazil (Nov. 7, 2009, 12:55 AM), www.wired.com/2009/11/brazil/.

[9] Id.

[10] Guy-Philippe Goldstein, How Cyberattacks Threaten Real-World Peace, TED (Jan. 2010), https://www.ted.com/talks/guy_philippe_goldstein_how_cyberattacks_threaten_real_world_peace.

[11] Kim Zetter, An Unprecedented Look at Stuxnet, the World’s First Digital Weapon, WIRED (Nov. 3, 2014, 6:30 AM), www.wired.com/2014/11/countdown-to-zero-day-stuxnet/.

[12] Id.

[13] Ellen Nakashima, Hacks of OPM Databases Compromised 22.1 Million People, Federal Authorities Say, Wash. Post (July 9, 2015), www.washingtonpost.com/news/federal-eye/wp/2015/07/09/hack-of-security-clearance-system-affected-21-5-million-people-federal-authorities-say/.

[14] Id.

[15] Id.

[16] Id.

[17] Michael N. Schmitt, “Attack” as a Term of Art in International Law: The Cyber Operations Context, 4th Int’l Conf. on Cyber Conflict 283, 290–93 (2012), https://ccdcoe.org/publications/2012proceedings/5_2_Schmitt_AttackAsATermOfArt.pdf.

[18] Id.

[19] Patrick Lin et al., Is it Possible to Wage a Just Cyberwar?, Atlantic (June 5, 2012), www.theatlantic.com/technology/archive/2012/06/is-it-possible-to-wage-a-just-cyberwar/258106/.

[20] About Us, NATO Cooperative Cyber Defence Centre of Excellence, https://ccdcoe.org/about-us.html (last visited Sept. 27, 2016).

[21] Michael N. Schmitt, Tallinn Manual on the International Law Applicable to Cyber Warfare 106 (2013).

[22] CCDCOE, Cyber Definitions, https://ccdcoe.org/cyber-definitions.html

[23] Schmitt, supra note 21, at 77.

[24] Shanghai Cooperation Organization (SCO), GlobalSecurity.org, http://www.globalsecurity.org/military/world/int/sco.htm (last visited Sept. 27, 2016).

[25] Activities, Shanghai Cooperation Org., http://www.infosco.eu/index.php/aboutsco/activities (last updated Jan. 23, 2013).

[26] Keir Giles, Russia’s Public Stance on Cyberspace Issues, 4th Int’l Conf. on Cyber Conflict 63, 65 (2012), https://ccdcoe.org/publications/2012proceedings/2_1_Giles_RussiasPublicStanceOnCyberInformationWarfare.pdf.

[27] Gal Beckerman, Is cyberwar really war?, The Boston Globe https://www.bostonglobe.com/ideas/2013/09/15/cyberwar-really-war/4lffEBgkf50GjqvmV1HlsO/story.html (last visited Sept. 28, 2016).

 

[28] Nuclear Futures Lab, Cyberwarfare: On Whose Authority?, http://nuclearfutures.princeton.edu/wws353-2015-blog-week09-2/ (last visited Sept. 28, 2016).

[29] Lee Rainie Et al, Cyber Attacks Likely to Increase, Pew Research Center, http://www.pewinternet.org/2014/10/29/cyber-attacks-likely-to-increase/ (last visited Sept. 28, 2016).

[30] Ellyne Phneah, Cyberwarfare Not Theoretical, Can Actually Kill, ZDNet (Nov. 17, 2011, 10:26 AM), www.zdnet.com/article/cyber-warfare-not-theoretical-can-actually-kill.

[31] Fred Schreier, On Cyberwarfare, https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=8&ved=0ahUKEwjjg-fAprLPAhXMy4MKHXidA2UQFghLMAc&url=http%3A%2F%2Fwww.dcaf.ch%2Fcontent%2Fdownload%2F67316%2F1025687%2Ffile%2FOnCyberwarfare-Schreier.pdf&usg=AFQjCNHSti4VD11zqhHbyC36ASV-0RLJ8g&sig2=ynFsHCTuEw0Ev6SaIDl41w (last visited Sept. 28, 2016).

[32] U.N. Charter ch. VII, art. 51, www.un.org/en/sections/un-charter/chapter-vii/.

[33] Protected Persons: Civilians, Int’l Committee of the Red Cross, https://www.icrc.org/en/war-and-law/protected-persons/civilians.

 

[34] Andrew Jones & Gerald Kovacich, Global Information Warfare: The New Digital Battlefield 33 (2015).

[35] United Nations, Cooperation Between UN, Shanghai Cooperation Organization Dynamically Expanding, in Shared Quest for Peace, Prosperity, Says Secretary-General, in Message, http://www.un.org/press/en/2010/sgsm12953.doc.htm (last visited Sept. 28, 2016).

[36] Schmitt, supra note 21.

Apple Tells the Government to “Think Different” on Encryption

By Matt Weber*

Introduction

On December 2, 2015, a San Bernardino County Department of Health employee and his wife perpetrated the deadliest mass shooting since Newtown, killing 14 of his co-workers and injuring 21.[1]  Following the shooting, police investigated and pursued the suspects, eventually engaging in a firefight, killing both shooters.[2]  In the days and weeks following the shooting, law enforcement investigated the shooting, both to find the motive behind the shooting and to find any possible coconspirators.

On December 3, 2015, U.S. Magistrate Judge David Bristow issued a search warrant, giving law enforcement the power to search the shooters’ home and car. In the ensuing search, law enforcement officers found, among other things, an Apple iPhone 5c, which they later found to have been issued to one of the shooters by his San Bernardino County employer.[3]  Like they had done many times before, the FBI approached Apple with the iPhone it found in the suspect’s car, requesting that Apple extract the data from the seized iPhone—except this time, Apple could not comply with the request.[4]  Apple was unable to comply with the FBI’s request due to changes it had made to the iPhone Operating System (iOS) a year before, positioning Apple and the Federal Government for a clash that both had been preparing for since 2014.[5]

Background

Following Edward Snowden’s release of National Security Agency (NSA) files related to the U.S. Government’s mass surveillance of American citizens, American tech companies increased security on consumer devices.[6]  In September 2014, Apple unveiled iOS 8 (an upgrade to the iPhone and iPad operating system), which for the first time offered default encryption to its users.[7] Apple’s encryption allows a user to set a passcode that, once set, is entangled with the iPhone’s Unique ID (UID),”[8]  which together, form the phone’s encryption key.[9] Because the encryption key is based on both the user’s passcode and the iPhone’s UID, it is unknown to Apple, and virtually impossible to crack.[10]  Understanding the relative impossibility of cracking encryption on consumer devices, the U.S. Government began to attempt to convince tech companies to provide law enforcement with assistance in unlocking encrypted phones (subject to a court order), something that most tech companies have thus far been unwilling to do.[11]  Because Apple’s method of encryption includes the user selected passcode in the key, Apple cannot decrypt a suspect’s phone.[12]

The iPhone

On February 16, 2016, the United States Attorney requested an order (that was later granted[13]) compelling Apple to assist in the unlocking of the San Bernardino shooter’s phone.[14]  Instead of obtaining an order for Apple to break its encryption (an order the FBI understands that Apple would be technically incapable of complying with), the FBI requested an order requiring Apple to assist in the unlocking of the phone.[15]  The court order compels Apple to write software that bypasses two of the iPhone’s security features, (1) a delay introduced when an incorrect passcode is entered,[16] and (2) a self-destruct feature by which an iPhone destroys its data after 10 incorrect passcode attempts.[17]

This order—if complied with—would allow the FBI to connect the shooter’s updated[18] iPhone to a computer, which has a program capable of guessing all the possible passcode combinations[19], without the delay or possibility of wiping.[20]  Apple has decided to fight the order, though it should be noted that Apple has assisted the FBI’s investigation, providing the Bureau with all the data the shooter backed-up to the iCloud[21] prior to turning off the iPhone’s auto-backup to the cloud.[22]

The order compelling Apple to write the above referenced software is based primarily on the 1789 All Writs Act (“the Act”), which allows courts to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”[23]  In this case, the government requests that the court compel Apple to assist in the satisfying of a lawful search warrant, by which the court gave the government the power to search the suspect’s iPhone 5c.[24]  This order—which Apple CEO Tim Cook has argued to be unprecedented in a statement released on the company’s website[25]—set the government and Apple on a collision course, in a battle that both the tech industry and law enforcement community had been expecting since tech companies began offering relatively unbreakable encryption on consumer devices.[26]

Issue: Using the All Writs Act

Historically, the Act has been used by courts to effectuate their lawful orders when there has been no statutory framework to follow.[27] The government’s motion cites cases in which the Act was used by courts to compel parties to assist in the effecting of court orders—suggesting that Apple be similarly required to assist technically in the search of the phone, pursuant to the court’s order.[28] Unlike the cases cited by the government, Apple in this case is being required to create a new operating system, pursuant to the government’s unique specifications.[29] The government argues that because Apple’s devices cannot be updated without a unique “digital signature,”[30] it has ensured that it cannot be seen as “far removed”[31] from the matter. The government notes in the memorandum of points and authorities to its motion to compel, that Apple’s assistance is necessary based on its unique ability to “cryptographically sign code,”[32] leading the government to request that Apple write the specific code, and upload it onto the iPhone in question.

Analysis

Government Arguments

In its application for an order compelling Apple’s assistance in unlocking the seized iPhone, the Government argued that the Act gave the court the power to mandate Apple’s assistance[33]  The Government argued that the Act can require “a third party to provide nonburdensome technical assistance,” citing the Supreme Court in United States v. New York Telephone Co.[34]  The Court in that case created a three factor test for determining whether it could compel action by a third party using the Act, (1) whether a party is far removed from the controversy, (2) whether requiring action would impose an undue burden on the part, and (3) whether the assistance from the party was necessary for the successful fulfilling of the underlying court order (in this case a search warrant for the iPhone).[35]

The government argued that it met the three step test imposed by the Court in New York Telephone Co., first arguing that Apple was not far removed from the unlocking of the iPhone.[36]  The government argued that because Apple “designed, manufactured and sold the [iPhone] and wrote and owns the [operating system],” it cannot be seen as far removed from the controversy.[37]  The government further argues that Apple cannot be far removed because it is the only party able to update the software[38]  in a way that would comply with the court’s order.[39] The government’s argument is supported by the Supreme Court’s decision in New York Telephone Co., which held that a non-governmental third party can be compelled to act when its “facilities were being employed to facilitate a criminal enterprise.”[40]

The government next argues that the order is not unduly burdensome for Apple. The government points to Apple’s regular business of writing software code to suggest that it cannot now claim that writing a specific code would impose an undue burden.[41]

Lastly, the Government argues that it meets the necessity requirement because Apple has created a situation whereby it is the only entity that can write software to update its iOS.[42]  Because iPhones require Apple’s crypto-signature, Apple’s assistance is required to effectuate the search warrant. The government notes that it is not requesting that Apple provide the unencrypted contents of the phone, but instead that it simply assist in the Government’s testing of passcodes to unlock the phone.[43]

Apple Arguments

Apple responded to the Government’s motion to compel by arguing that it should not be required to further comply with the governments request.[44]  Because it (1) relies on a misapplication of the Act, (2) violates the First Amendment by compelling speech by Apple, and (3) violates the Fifth Amendment’s due process clause.[45]

Apple’s argument is generally centered on the Government’s improper application of the Act. When deciding whether to apply the Act, the Supreme Court held that when a statute addresses an underlying issue specifically, that statute, and not the Act is “controlling.”[46]  Apple first argues that the Act cannot require the action requested by the Government, suggesting that the Act allows for courts to “fill in gaps in the law” to exercise the power they already have, but not the “free-wheeling” ability to change existing law.[47] Apple argues that the court lacks the authority to compel it to comply with the order because Congress contemplated (when passing the Communications Assistance for Law Enforcement Act) bestowing upon courts the power to require such a compulsion, but ultimately chose to exempt manufacturers of telecommunications equipment[48] from implementing “any specific design of equipment . . . features, or system configurations.”[49]

Facing new challenges to law enforcement’s ability to fight crime, Congress, in 1994, passed the Communications Assistance for Law Enforcement Act (“CALEA”).[50]  CALEA grants law enforcement investigative powers, but also limits what can be required from manufacturers and service providers.[51] When passing CALEA, Congress had the chance address whether it would require companies to assist law enforcement in the in the manner being requested by the FBI—but ultimately chose not to make any such requirement. In fact, CALEA provides that telecommunications carriers (which Apple points out that it is not) are not required to decrypt or “ensur[e] the government’s ability to decrypt” unless the communication was encrypted by the carrier (and even then the carrier must “possesses the information necessary to decrypt”—which Apple does not).[52]  Congress’ inclusion of some language related to encryption but omission of requirements to compel assistance in decryption implies that it considered such a compulsion but ultimately rejected it.

Apple argues that CALEA specifically addresses whether to require manufacturers and service providers to aid decryption.[53]  Because CALEA speaks on the specific matter, the Act should not be the statute to rule, but instead should be trumped by CALEA’s provisions. The Supreme Court held in Pennsylvania Bureau of Corrections v. U.S. Marshall Service that the Act does not allow courts to issue writs when compliance with existing statutes would be simply “inconvenient or less appropriate,”[54] as CALEA would be in this situation.

Apple next addresses the Government’s use of United States v. New York Telephone Co., ultimately drawing distinctions between the government’s requests here and those of the Telephone Company in New York Telephone Co.[55]  Apple argues that the government does not show that it satisfies the three-part test provided by the Court in New York Telephone.

First, Apple is too far removed from the underlying case. Unlike the the telephone company, which owned the lines being allegedly used to “facilitate a criminal enterprise on a continuing basis,”[56] Apple contends that it is a private company that does not own the phones or have any connection to the data on the phone. Second, the government’s request would impose an “unprecedented and oppressive burden” on Apple. While the telephone company was required assist the government in their installing of pen registers[57]–a device that telephone companies used frequently in conducting their normal business[58]–  in the instant case, the government is asking Apple to create an entirely new operating system in an effort to assist the government’s attempts to unlock the phone. Apple asserts that such an undertaking violated the Act’s prohibition against adversely affecting the third party or imposing an under burden. Third, Apple contends that its assistance is only necessary because of the actions of the FBI earlier in its investigation.[59] While the court suggested in New York Telephone that there was “no conceivable way” for the FBI to successfully carry out its court-ordered investigation, Apple argues that here, the FBI did not face such a situation, but instead, through its own actions created a need to turn to the Act.

Conclusion

It seems that both Apple and the government foresaw this potential clash coming since Apple (and other tech companies) began encrypting devices sold to consumers. Many in the media have questioned if this was the right test case for either side.[60]  For the government, it seems to be a good test case because the crime is question is terrorism related, and the underlying crime was well reported and remains in the minds of the American public.[61]  Unfortunately, for the government, there is no time issue—while the phone might help in the investigation of a crime, there does not seem to be a pressing need for the phone to be unlocked immediately.[62] For Apple, the case does not seem to the best test case for whether it should be required to assist in the unlocking of one of its devices because the suspect is widely assumed to be guilty of the heinous murder of 14 co-workers.[63] It has also been noted that this particular iPhone model is not one which Apple should be fighting over as it is not the most up-to-date phone or software, and the government-requested solution would not work on future iPhone models.[64]

At least in public opinion, Apple may benefit from standing by its customers, claiming that writing the software requested by the government would unnecessarily put all iOS users at risk,[65] Tim Cook noted in his open letter to customers that “They have asked us to build a backdoor to the iPhone.”[66]

On March 21, 2016 (the day before the hearing on the order), the Government submitted an ex parte application for a continuance, requesting that the court continue the hearing to April 5, 2016.[67] The Government requested the continuance because, since initially requesting the hearing, a third party approached the FBI suggesting that the party had a different method to unlock the phone.[68]  This new method, if successful, would not only make Apple’s assistance unnecessary, but destroy the Government’s argument under the Act. The Government requested additional time to test the new method before deciding whether it has eliminated the need for Apple’s assistance.

While this might appear to be an opportunity for both sides to take a step back and devise a procedure moving forward, it is likely only pushing this issue down the road. Apple’s newest phones are not as easy to break into (at least not using this type of method),[69]which might lead the government to move towards mandating backdoors. While it is unclear where either party goes moving forward, it is clear that this fight is far from over, it is all but certain that the Government will come back with another request for Apple to build, as Tim Cook described it, “something . . . too dangerous to create.”[70]

 


*Matt Weber. University of Illinois College of Law, J.D. candidate, Class of 2017. Many thanks to my parents, my sister Ashley and her husband Leigh. Thanks to JLTP Editors Iman Naim and Winston Zishu for their help and guidance. Gracias también a los Xeneizes and Albiceleste.

[1] Erik Ortiz, San Bernardino Shooting: Timeline of How the Rampage Unfolded, NBCNews (Dec. 3, 2015, 11:28 PM), http://www.nbcnews.com/storyline/san-bernardino-shooting/san-bernardino-shooting-timeline-how-rampage-unfolded-n473501.

[2] Id.

[3] Elliot Hannon, Judge Orders Apple to Help FBI Hack San Bernardino Shooter’s Phone, Slate (FEB. 16, 2016, 8:43 PM), http://www.slate.com/blogs/the_slatest/2016/02/16/judge_orders_apple_to_help_fbi_unlock_san_bernardino_shooter_s_phone.html; Fred Kaplan, How Apple’s Stand Against the FBI Could Backfire, Slate (Feb. 19, 2016, 6:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/how_apple_ceo_tim_cook_s_stand_against_the_fbi_could_backfire.html.

[4] Will Oremus, Apple vs. The FBI, Slate (Feb. 17, 2016, 7:44 PM), http://www.slate.com/articles/technology/future_tense/2016/02/apple_s_stand_against_the_fbi_is_courageous_it_s_also_good_for_apple.html; Ben Thompson, Apple Versus the FBI, Understanding iPhone Encryption, the Risks for Apple and Encryption, stratechery (Feb. 17, 2016), https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption.

[5] Apple Statement; Marcy Wheeler, Why This iPhone?, Slate (Feb. 19, 2016, 1:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/the_apple_fbi_encryption_battle_is_over_an_iphone_unlikely_to_yield_critical.html.

[6] Danny Yadron, Spencer Ackerman and Sam Thielman, Inside the FBI’s Encryption Battle with Apple, The Guardian (Feb. 18, 2016), http://www.theguardian.com/technology/2016/feb/17/inside-the-fbis-encryption-battle-with-apple.

[7] Cyrus Farivar, Apple Expands Data Encryption Under iOS 8, Making Handover to Cops Moot, arstechnica (Sep. 17, 2014, 9:57 PM), http://arstechnica.com/apple/2014/09/apple-expands-data-encryption-under-ios-8-making-handover-to-cops-moot/.

[8] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://assets.documentcloud.org/documents/1302613/ios-security-guide-sept-2014.pdf (describing the UID as a number, set during the manufacturing process that Apple itself does not record); Ben Thompson, Apple Versus the FBI, Understanding iPhone Encryption, the Risks for Apple and Encryption, stratechery (Feb. 17, 2016), https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption.

[9] Ben Thompson, Apple Versus the FBI, Understanding iPhone Encryption, the Risks for Apple and Encryption, stratechery (Feb. 17, 2016), https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption.

[10] See, Mohit Arora, How Secure is AES Against Brute Force Attacks?, EETimes (May, 7, 2012, 5:29 PM), http://www.eetimes.com/document.asp?doc_id=1279619. (Explaining that using AES 256, an encryption key used by the iPhone would be 256 characters long, meaning there are 2256 combinations. Assuming a computer powerful enough to guess 33.86 X 1012/second (using the world’s fastest super computer, the Tianhe-2), it would take about 1.03 X 1055 years on average to crack an AES 256 key. For perspective, the Earth is 4.5 X 109 years old.).

[11] Andrew Crocker, Judge to DOJ: Not All Writs, Electronic Frontier Foundation (Oct. 12, 2015), https://www.eff.org/deeplinks/2015/10/judge-doj-not-all-writs.

[12] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://assets.documentcloud.org/documents/1302613/ios-security-guide-sept-2014.pdf (explaining that the user-selected passcode is entangled with the UID to create an encryption key, that Apple does not have access to); Dan Guido, Apple Can Comply with the FBI Court Order, Trail of Bits Blog (Feb. 17, 2016), http://blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order; Ben Thompson, Apple Versus the FBI, Understanding iPhone Encryption, the Risks for Apple and Encryption, stratechery (Feb. 17, 2016), https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption.

[13] Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[14] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[15] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[16] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://www.apple.com/business/docs/iOS_Security_Guide.pdf, 12 (explaining key security features, the delay, triggered after 4 incorrect passcode attempts imposes a 1-minute delay after the 5th incorrect attempt, a 5-minute delay after the 6th incorrect attempt, a 15-minute delay after the 7th and 8th incorrect attempts, and a 1-hour delay after the 9th incorrect attempt.).

[17] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://www.apple.com/business/docs/iOS_Security_Guide.pdf, 12 (explaining key security features, the iPhone can be set to wipe all its data after the 10th incorrect passcode attempt. This wipe is achieved by discarding the encryption key from accessible memory, making the entire hard-disk unintelligible.).

[18] Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016) (Apple would upload a custom operating system to the shooter’s phone modifying security settings—though not specifically decrypting.).

[19] 10,000 possible combinations for a 4-digit numeric passcode, or 1 Million possible combinations for a 6-digit numeric passcode.

[20] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://www.apple.com/business/docs/iOS_Security_Guide.pdf, 12 (explaining that even without the delay, the iteration counter imposes an 80 millisecond delay, therefore, all the possible combinations could theoretically be guessed in under 5 hours.).

[21] Apple Inc’s Motion to Vacate Order Compelling Apple Inc. To Assist Agents in Search at 11, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016); Amy Davidson, The Dangerous All Writs Act Precedent in the Apple Encryption Case, The New Yorker (Feb. 19, 2016), http://www.newyorker.com/news/amy-davidson/a-dangerous-all-writ-precedent-in-the-apple-case.

[22] Amy Davidson, The Dangerous All Writs Act Precedent in the Apple Encryption Case, The New Yorker (Feb. 19, 2016), http://www.newyorker.com/news/amy-davidson/a-dangerous-all-writ-precedent-in-the-apple-case.

[23] 28 U.S.C. § 1651 (2012).

[24] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[25] Tim Cook, Customer Letter, Apple Inc. (Feb. 16, 2016) http://www.apple.com/customer-letter/ (“The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.”).

[26] Danny Yadron, Spencer Ackerman and Sam Thielman, Inside the FBI’s Encryption Battle with Apple, The Guardian (Feb. 18, 2016), http://www.theguardian.com/technology/2016/feb/17/inside-the-fbis-encryption-battle-with-apple.

[27] Andrew Crocker, Judge to DOJ: Not All Writs, Electronic Frontier Foundation (Oct. 12, 2015), https://www.eff.org/deeplinks/2015/10/judge-doj-not-all-writs.

[28] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[29] Id.

[30] Apple’s unique encryption key—without which, a phone cannot be updated.

[31] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016) (pointing to United States v. New York Tel. Co., 434 U.S. 159, 174 (1977).).

[32] Government’s Motion to Compel Apple Inc. To Comply with this Court’s February 16, 2016 Order Compelling Assistance in Search, at 17, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[33] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 17, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[34] Government’s Motion to Compel Apple Inc. To Comply with this Court’s February 16, 2016 Order Compelling Assistance in Search, at 11-12, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[35] United States v. New York Tel. Co., 434 U.S. 159, 175-75 (1977).

[36] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 13, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[37] Id.

[38] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 13, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016) (“The same software Apple is uniquely able to modify . . . Especially but not only because iPhones will only run software cryptographically signed by Apple . . .”).

[39] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 13, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[40] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 13-14, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016) (quoting New York Telephone Co., 434 U.S. at 174); Government’s Motion to Compel Apple Inc. To Comply with this Court’s February 16, 2016 Order Compelling Assistance in Search, at 8, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[41] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 14-16, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[42] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 16, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[43] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[44] Apple notes that it has already assisted the government in their investigation; Mikey Campbell, FBI Contacted Apple, Received Data Related to San Bernardino Case 3 days After Shooting, appleinsider (Feb. 27, 2016, 12:39 AM), http://appleinsider.com/articles/16/02/27/fbi-contacted-apple-received-data-related-to-san-bernardino-case-3-days-after-shooting-.

[45] Apple Inc’s Motion to Vacate Oder Compelling Apple Inc to Assist Agents in Search, and Opposition to Government’s Motion to Compel Assistance, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[46] Pa. Bureau of Corr. v. United States Marshals Serv., 474 U.S. 34, 43 (1985) (“The All Writs Act is a residual source of authority to issue writs that are not otherwise covered by statute. Where a statute specifically addresses the particular issue at hand, it is that authority, and not the All Writs Act, that is controlling. Although that Act empowers federal courts to fashion extraordinary remedies when the need arises, it does not authorize them to issue ad hoc writs whenever compliance with statutory procedures appears inconvenient or less appropriate.”).

[47] Apple Inc’s Motion to Vacate Oder Compelling Apple Inc to Assist Agents in Search, and Opposition to Government’s Motion to Compel Assistance, at 14, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[48] Apple Inc’s Motion to Vacate Oder Compelling Apple Inc to Assist Agents in Search, and Opposition to Government’s Motion to Compel Assistance, at 16, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[49] 47 U.S.C. § 1002(b)(1) (2012). (“This subchapter does not authorize any law enforcement agency or officer—

(A) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services; or

(B) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.”) [emphasis added].

[50] Id.

[51] 47 U.S.C. § 1002(b) (2012).

[52] 47 U.S.C. § 1002(b)(3) (2012).

[53] Apple Inc’s Motion to Vacate Oder Compelling Apple Inc to Assist Agents in Search, and Opposition to Government’s Motion to Compel Assistance, at 6-8, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[54] Pa. Bureau of Corr. v. United States Marshals Serv., 474 U.S. 34, 43 (1985).

[55] New York Telephone Co., 434 U.S. at 159.

[56] Id. at 174.

[57] A device used to record phone numbers dialed on specific phone lines.

[58] New York Telephone Co., 434 U.S. at 174-75 (Court notes that the phone company regularly used pen registers in normal operations).

[59] Apple Inc’s Motion to Vacate Oder Compelling Apple Inc to Assist Agents in Search, and Opposition to Government’s Motion to Compel Assistance, at 11, fn. 21, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).(The FBI has acknowledged that it worked with the phone’s owner (San Bernardino County) to reset the the iCloud password in an effort to unlock the iCloud backup. Apple argues that had the county and the FBI not reset the password, “this litigation may not have been necessary,” as it could have initiated a remote backup of the phone and subsequently produced an updated backup to investigators.).

[60] Fred Kaplan, How Apple’s Stand Against the FBI Could Backfire, Slate (Feb. 19, 2016, 6:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/how_apple_ceo_tim_cook_s_stand_against_the_fbi_could_backfire.html; Marcy Wheeler, Why This iPhone?, Slate (Feb. 19, 2016, 1:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/the_apple_fbi_encryption_battle_is_over_an_iphone_unlikely_to_yield_critical.html.

[61] Id.

[62] Tim Cook, Customer Letter, Apple Inc. (Feb. 16, 2016) http://www.apple.com/customer-letter/; Marcy Wheeler, Why This iPhone?, Slate (Feb. 19, 2016, 1:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/the_apple_fbi_encryption_battle_is_over_an_iphone_unlikely_to_yield_critical.html.

[63] Fred Kaplan, How Apple’s Stand Against the FBI Could Backfire, Slate (Feb. 19, 2016, 6:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/how_apple_ceo_tim_cook_s_stand_against_the_fbi_could_backfire.html; Will Oremus, Irate DOJ Dismisses Apple’s Fight with the FBI as a “Brand Marketing Strategy”, Slate (Feb. 19, 2016, 6:02 PM), http://www.slate.com/blogs/future_tense/2016/02/19/department_of_justice_motion_mocks_apple_s_fbi_fight_as_a_brand_marketing.html; Kaveh Waddell, The Optics of Apple’s Encryption Fight, The Atlantic (Feb. 17, 2016), http://www.theatlantic.com/technology/archive/2016/02/why-apple-is-fighting-the-fbi/463260.

[64] Dan Guido, Apple Can Comply with the FBI Court Order, Trail of Bits Blog (Feb. 17, 2016), http://blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order; Ben Thompson, Apple Versus the FBI, Understanding iPhone Encryption, the Risks for Apple and Encryption, stratechery (Feb. 17, 2016), https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption.

[65] Tim Cook, Customer Letter, Apple Inc. (Feb. 16, 2016) http://www.apple.com/customer-letter/; Will Oremus, Apple vs. The FBI, Slate (Feb. 17, 2016, 7:44 PM), http://www.slate.com/articles/technology/future_tense/2016/02/apple_s_stand_against_the_fbi_is_courageous_it_s_also_good_for_apple.html.

[66] Tim Cook, Customer Letter, Apple Inc. (Feb. 16, 2016) http://www.apple.com/customer-letter/.

[67] Government’s Ex Parte Application for a Continuance, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[68] Id.

[69] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://www.apple.com/business/docs/iOS_Security_Guide.pdf, 4-7 (describing the “Secure Enclave” on newer iOS devices).

[70] Tim Cook, Customer Letter, Apple Inc. (Feb. 16, 2016) http://www.apple.com/customer-letter/.