COMMENTARY

A Small Battle for FBI,

a Gigantic War for Privacy Rights
Deconstructing the Apple v FBI Saga
Agnidipto Tarafder, Arindrajit Basu

An exploration of the evolving

contours of the right to privacy
by sketching the trajectory of
the saga between Apple and the
Federal Bureau of Investigation.
By refusing to comply with the
FBIs request to create a backdoor
into the iPhone, Apple has taken a
robust stance that could influence
the actions of many other
tech firms worldwide. While
Apples stand marks a victory
for the privacy lobby, judicial
intervention defining this right
can facilitate its crystallisation
and harmonious coexistence
with other objectives such as
national security.

Agnidipto Tarafder (agnidipto.tarafder@gmail.

com) is a lawyer and teaches at the West Bengal
National University of Juridical Sciences,
Kolkata. He specialises in and publishes
extensively on international law, privacy and
security studies. Arindrajit Basu (basu.arindrajit@
gmail.com) is a fourth year student at the West
Bengal National University of Juridical Sciences,
Kolkata and has worked as a researcher with
the Observer Research Foundation, New Delhi.
He writes extensively on international law,
cyber security, armed conflict, space law
and privacy.
Economic & Political Weekly

EPW

april 23, 2016

he Apple v Federal Bureau of

Investigation (FBI) saga has been
heralded as a key tussle in the
battle on the right to privacy. The outcome
of this battle could shape the essence of
the right to privacy in an era defined by
conflicting paradigms of increasing technological intrusions into our personal
lives, coupled with unique threats to
national security posed by the ubiquitous
presence of transnational terrorism. Yet,
the prevailing discourse in the case, both
in academic and judicial circles, has
focused excessively on Apples right to
not create a backdoor that would unlock
Syed Rizwan Farooqs iPhone to the
occlusion of discourse on the invasion of
privacy involved with tapping into an
individuals personal data. Such occlusion
has led to the degeneration of the tussle
between privacy and national security
into a clash of two Goliaths: giant corporations on the one hand, and law enforcement agencies on the other. Approaching the dispute from this angle might
lead to a temporary stalemate.
Notwithstanding the unfolding events,
this article attempts to critique the argumentation put forward by both parties
in the saga, and add a new dimension to
this debate by analysing both legal and
theoretical foundations of an individuals
right to privacy.
Primer on the Dispute
The aftermath of former National Security
Agency (NSA) contractor Edward Snowdens revelation of mass surveillance
undertaken by the NSA under the aegis of
its PRISM programme fuelled increasing
discussion on governmental intrusion
into the private lives of individuals
(Economist 2013). Soon, all tech firms,
including Microsoft and Google, got

vol lI no 17

embroiled in these controversies as the

nature of their tasks involved the storage of data. As the obtaining of data is
the single most valuable tool in counterterrorism intelligence operations, the
United States (US) government has for
years tried to subtly strong-arm its way
into collecting as much data as possible.
In response to these developments, tech
firms have taken various measures to
protect their customers privacy. Microsoft,
for instance, recently developed a data
trustee model, which enabled the data
stored on their European servers to be held
in trust by a German telecom company,
thereby keeping it out of reach of the US
government authorities (Basu 2015).
The need to protect private data as an
integral limb of the right to privacy has
also been given judicial recognition. In
particular, the European Court of Justices
invalidation of the long-standing safe
harbour agreement, which allowed free
flow of data between the US and the
European Union (EU), was recognised as
an epoch-changing victory for the right
to privacy. The court held that the free
flow of data can be permitted only to a
country that provides at least the same
data protection standards as those prevailing in the EU. According to the court,
the US would not be able to provide the
requisite standards as such protection
would constantly conflict with their national security interests.
The present matter commenced with
the FBI forcing Apple to assist its efforts
to gain access to the iPhone belonging
to Syed Farooq. Along with his wife,
Farooq had killed 14 individuals in San
Bernandino in December 2015, and professed to have links to the Islamic State.
Apple lost the battle in the US district
court for the Central District of California
last year. The order mandated Apple to
create software (a backdoor) that would
allow the FBI access to the dead terrorists
iPhone. The chief executive officer (CEO)
of Apple, Tim Cook, vehemently opposed
this order claiming that they would have
to produce software that was the equivalent of cancer. According to him, the significance of this issue extends far beyond
the mere unlocking of one iPhone, as
13

COMMENTARY

the creation of a backdoor would render

the personal data of millions of Apples
customers vulnerable to government
encroachment.
Amidst this ongoing tussle, US Magistrate James Orenstein passed an order,
at the New York district court (US District
Court Eastern District of New York 2016),
recognised as one that may aid Apples
cause. This case revolved around very
similar facts as the FBI had compelled
Apple to provide it access into the iPhone
of convicted drug dealer, Jun Feng. Over
the course of the hearing, it emerged
that there are 12 other such requests
pending with Apple.
The statute invoked by the government in this case was the All Writs Act,
1789, a draconian 18th century law that
is also being utilised by them in the San
Bernandino case. The key provision in
this statute reads (28 USC, Section 1651[a]):
The Supreme Court and all courts
established by Act of Congress may issue
all writs necessary or appropriate in aid of
their respective jurisdictions and agreeable to the usages and principles of law.
The broad question, according to Orenstein was whether it was acceptable for the
FBI to compel Applea private party
with no involvement in Fengs criminal
activitiesto undertake a task for the
government against its will. In order to
justify the FBIs non-compliance with the
parameters outlined in this section, Orenstein looks into three salient questions.
On the first question of proximity
between Fengs criminal activity and
Apple, it was stated that Feng engaged
in criminal activity using a phone that
was his own property and not that of
Apple. The government had argued that
as Apple reaped profits not only from
selling devices, but also from licensing
the software, it had a corollary duty to
assist the government and not thwart
the investigation whenever the device or
the software was used for engaging in
criminal activity. Orenstein responded
to this contention by holding that Apple
was not thwarting the investigation, but
merely refusing to render assistance.
While such corporations may at best
have a moral duty in such instances, no
legal duty, either statutory or judicial,
can be discerned.
14

On the second question of burdensomeness, the court held that Apple, as

a private corporation, owes obligations
largely to its shareholders than to the
public. This is where the court distinguished the present case from the 1977
ruling United States v New York Telephone Co (1977), which had stated that
law enforcement agencies may obtain a
court order in order to install a pen register to obtain data from a specific telephone. The difference was that the New
York Telephone Co was a highly regulated public utility and thus much more
accountable to the government. Orenstein concluded the burdensomeness
prong by stating that Apple was constantly competing in the market with
rival firms. A corporations ability to protect privacy has become one of the overarching concerns of many consumers. A
trust deficit on this aspect between
Apple and its consumers would have
detrimental impact on the prospects of
Apples sales.
Finally, the court recognised that the
imposition on Apple can be termed necessary only if the government can prove
that it does not provide adequate resources to create the backdoor itself. The
burden of proof, therefore, shifts to the
government in such cases. While this
ruling is a positive one for Apple, it does
little for the ongoing battle for the definition and cementing of an individuals
right to privacy.
Boost for Apple
Despite this failing, the judgment served as
a major boost for Apple as they geared
up for their 22 March 2016 hearing at a
California court, which would rule on
the Farooq case. In a dramatic turn of
events, at the eleventh hour, however,
the FBI on 21 March requested and was
granted a delay as they claimed that a
third party had come up with a possible
way to unlock the said iPhone (Groll 2016).
On 28 March, the Department of Justice
dropped the lawsuit against Apple claiming that they had unlocked the iPhone with
the said third partys help (Groll 2016).
The identity of this third party or the
nature of the intrusion has not yet been
disclosed by the FBI, although there has
been speculation that the third party

may be the Israeli police technologymaker Cellebrite (Dave 2016).

While this may seem like a winwin
situation for both parties concerned, we
believe that this has been a lost opportunity to arrive at a judicial resolution for
one of the most significant tussles in the
21st century. The identity of the third
party is crucial in the current scenario
because the unfettered ability in the
hands of a private party to intrude into
private devices could have severe consequences not just on the right to privacy,
but also for the personal safety of
individuals. The means used to hack the
iPhone is of equal significance. Experts
have identified three possible ways that
may have been used to invade the
iPhone (Fowler and Bailey 2016).
The first method known as back up
and attack involves the creation of multiple copies of the iPhones flash memory,
using it to restore the phones data in
case the phone self-destructs as they
try various permutations and combinations of the passcode. The second approach, known as chip de-capping calls
for the physical removal of the casing of
the iPhones processor chip by using acid
or a laser drill, and installing electronic
probes capable of reading the phones
unique identification code bit by bit from
the juncture at which the code is fused
into the hardware.
The third method, which has the gravest
consequences for the right to privacy,
is the possible creation of a brand-new
Zero Day. Even a minuscule flaw in the
software unknown to the softwares
creatorknown as a Zero Daycould
provide the government a way into any
iPhone. This flaw in the software has
been used by hackers in the past who
often sell this information to intelligence
agencies for gathering data. While the
first two measures require physical
access to each iPhone, which would only
be available after obtaining a warrant
for the same, the identification of a Zero
Day flaw could give the law enforcement agencies access to the iPhones of
all and sundry.
Unfortunately, experts believe that due
to the lack of successful usage of the first
two methods to date, the most probable
means of invasion is the identification of

april 23, 2016

vol lI no 17

EPW

Economic & Political Weekly

COMMENTARY

the Zero Day flaw. The fact that the government has such a tool at its disposal
poses sinister threats to human existence in the present day. These threats
can only be engaged with by answering
several pressing questions, from which
the judiciary and the legislature have
shied away.
Questions Left Unanswered
In a historic Harvard Law Review article
in 1890, Samuel Warren and Louis
Brandeis extended classical liberal theory
to conceptualise a right to privacy that
has its foundations in a right to be
let alone (Warren and Brandeis 1890).
This article was a response to the rise of
the free press that created greater intrusion into the lives of public figures, without the development of a legal regime
that offered adequate protection.
Bhairav Acharya has constructed three
aspects of the right to privacy (Acharya
2015), all of which have arguably been
violated by the FBIs present claims. The
first aspect is privacy from state surveillance, both in respect of privacy and
communication. The second rests on the
premise of privacy being integral to decisional autonomy, as excessive intrusion of surveillance has an effect on the
fundamental choices made by people
about themselves. The final privacy claim
is that of information privacy. Personal
information is any information that can
cause the identification of an individual,
either directly or in symbiosis with other
information. The uncontrolled obtaining
of these personal details fundamentally
violates the right to be let alone.
The purpose of creating the software
is, by definition, repeated use. Therefore,
this issue cannot be restricted to a question of whether it is acceptable to create
a backdoor into the data owned by a
deceased terrorist. There seems to be no
means of verifying or enforcing the governments claims that the backdoor will
not be used again. Further, if Apple is
made to comply with the governments
demands, this sets a precedent both for
courts of law and administrative authorities to repeatedly intrude into the private
lives of individuals by using the trump
card argument of national security
(Chandler 2009; Richards 2013).
Economic & Political Weekly

EPW

april 23, 2016

The deeper ideological issue is equally

disconcerting. Creating a backdoor into
a phone, a device which has today come
to replace most other electronic devices
in our everyday lives, gives the holder
the key to unlock data regarding, not
one, but all aspects of an individuals
life. His bank account, correspondence,
private moments captured through lens,
and material choices would lay bare
within moments before the watchful
eyes of an agency operative. While it
may be argued that such means of surveillance already exist, it has to be
remembered that in order to accumulate
the same amount of data about an individual, several subpoenas need to be
served to multiple players: internet service
providors (ISPs), Google, Citibank, and the
like. The backdoor relaxes this process
substantially by becoming the one-stop
solution to FBIs surveillance problems.
Further, a phone being the most personal
item individuals own nowadays, it provides a glance of the individual beyond
what the information from the aforementioned sources may be able to. The
idea of privacy as intimacy stands endangered by such a step, which, once violated,
cannot be restored.
The software may also provide information in excess of what is required for
the purposes of the investigation. This is
problematic because while most corporations maintain their own team, which
scrutinises the applications made to them
by governments and reverts with only
the requisite information to the questions asked, there would be no check on
the adequacy of information revealed
in case the agencies have access to an
iPhone. Much like the Orwellian surveillance state described in 1984, this could
lead to the government monitoring behavioural patterns and opinions of the
public, and using these techniques to
stifle dissent.
Defining the Right to Privacy
The US has a rather well-defined right to
privacy, which began with the famous
dissenting opinion by Justice Louis
Brandeis in the Olmstead v United States
(1928). By extending the analysis in his
Harvard Law Review article, Brandeis
posited the right to be let alone as the
vol lI no 17

founding stone for the evolution of the

right to privacy in the US. Although
no express mention of privacy exists in
the US Constitution or the Bill of Rights,
several Supreme Court decisions have
upheld an ambivalent interpretation of
the right; from Griswold v Connecticut
(1965) to Roe v Wade (1973) (Posner 1979).
In fact, though the US does not have
separate legislation on the subject, the
framework for protection does exist
through provisions of several municipal
laws. On the relevancy of data collected
through mass surveillance, the US judiciary has also portrayed a dubious stance.
In American Civil Liberties Union et al v
James R Clapper et al (2013) and Klayman
et al v Obama et al (2013) it was held that
data is relevant as long as it enables the
government to make connections. Statutes
that deal with wiretapping fail to incorporate parameters of the nature and
extent of the data that may be collected.
The New York court in the Apple case
found there was no provision that could
require Apple to assist law enforcement
authorities with regard to creating such
a backdoor, and noted that under the
Communications Assistance for Law
Enforcement Act (CALEA) 1994, Apple
could not be compelled to adopt or
restrict the usage of any equipment, facility, or service which they are otherwise
lawfully permitted.
Commentators agree that if a similar
case were to arise in India, Apple, a company incorporated in the US, could simply
ignore such a request (Sukumar 2016).
However, the larger concerns of the
privacy lobby remain, especially in the
absence of a legal framework for protection of consumer privacy in the country.
None of the issues we raise in this article
have clear answers, and presently the very
existence of a fundamental right to privacy is being challenged in the Supreme
Court by the current government.
In India, the right to privacy has been
almost exclusively a judicial construct.
Beginning (coincidentally) with a dissenting opinion by Justice K Subba Rao
in the Kharak Singh v State of Uttar
Pradesh and Others (1964), the Supreme
Court was initially opposed to accepting
the right to privacy on the grounds that
it finds no mention in the Fundamental
15

COMMENTARY

Rights chapter of the Constitution. However, various later benches of the Apex
Court held privacy as an integral part of
Article 21, the Right to Life and Personal
Liberty. In fact, the issue of surveillance
in criminal investigation and telephone
tapping was specifically addressed in
this regard by the Court in Peoples Union
for Civil Liberties v Union of India and
Another (1997), where the Court upheld
the right as applicable in India. However,
little or no enforcement followed, and
the Information Technology Act 2000
(and the associated rules) continued the
laissez-faire scenario with overarching
powers to intelligence agencies to carry
on surveillance exercises.
Subsequent developments include the
introduction of a biometric database in
the garb of welfare schemes (Aadhaar),
and shoddily-drafted bills on data
protection and privacy (both of which
were suitably criticised and, consequently,
withdrawn). The recently reintroduced
Aadhaar (Targeted Delivery of Financial
and Other Subsidies, Benefits and Services) Bill, 2016 was passed through a
voice vote in the Lok Sabha after minimal discussion, guised as a money bill to
avoid a showdown with the opposition
in the Rajya Sabha (Tarafder and Sen
2016). Despite the general consensus
that the current bill is an improvement
over its former version mooted by the
United Progressive Alliance II in 2010,
the questionable practice of offering law
enforcement a free hand in carrying on
surveillance programmes with little or
no accountability is continued in the
current bill. Commentators characterise
the lack of security in cyberspace as a
real threat, and feel that the new bill
does not reflect a positive attitude towards
the protection of individual privacy in
the country (Narayanan 2016; Arun 2016).
A constitutional bench of the Apex
Court is about to hear and decide on
whether the right to privacy exists as a
fundamental right in India, in order to
conclude the legal conundrum that was
very much the Courts own creation, by
repeatedly ignoring the doctrine of stare
decisis, or the law of precedent. The
Court should use this opportunity to
carve out a well-defined right to privacy,
which could preserve the constitutionally
16

guaranteed democratic ideals that have

supposedly become the edifice of human
existence.
Conclusions
The evolution of technology has unlocked hitherto unforeseen conveniences
to human existence. It has simultaneously also made possible the conflicting
development of transnational terrorism
that has challenged human existence
like never before. What we must remember is that the predominance of terrorism lies in creating a sense of fear in the
human mind and challenging values
that the liberal, free world cherishes. An
unnecessary clampdown on these liberties or overt intrusion into the personal
space threatens the feeling of security
and freedom that these measures seek to
protect. Hence, balancing the two supposedly conflicting tenets of privacy and
national security is essential to develop
a society where individuals truly feel
they can exercise the rights and liberties
given to them at birth.
A judicial conceptualisation of this
balance is critical for an equitable implementation of this right. In an age when
much of our personal lives are stored in
the gadgets we own, the approach of
the California court is critical in the
ongoing tussle. If it follows the lead of
the New York court and limits its analysis
only to Apples rights and obligations, it
will lose out on a crucial opportunity
to strike a severe blow in favour of the
privacy lobby.
References
Acharya, Bhairav (2015): The Four Parts of Privacy
in India, Economic & Political Weekly, Vol 50,
No 22, pp 3238.
Arun, Chinmayi (2016): Privacy Is a Fundamental
Right, Hindu, 18 March, viewed on 4 April,
http://www.thehindu.com/opinion /lead/lead
-article-on-aadhaar-bill-by-chinmayi-arun-privacy-is-a-fundamental-right/article8366413.ece.
Basu, Arindrajit (2015): Why Microsofts Data
Trustee Model Is a Potential Game-Changer in
the Privacy War, Wire, 17 November, viewed
on 4 April 2016, http://thewire.in/2015/11/17/
why-microsofts-data-trustee-model-is-a-poten
tial-game-changer-in-the-privacy-war-15735/.
Chandler, Jennifer (2009): Privacy versus National Security: Clarifying the Trade-off, Lessons
from the Identity Trail: Anonymity, Privacy and
Identity in a Networked Society, I R Kerr,
V M Steeves and Carole Lucock (eds), Oxford:
Oxford University Press, pp 12138.
Dave, Paresh (2016): Apple Wants the FBI to
Reveal How It Hacked the San Benardino

Killers iPhone, Los Angeles Times, 29 March,

viewed on 4 April 2016, http://www.latimes.
com/business/technology/la-fi-tn-apple-nextsteps-20160330-story.html.
Economist (2013): In the Secret State, 3 August,
viewed on 4 April 2016, http://www.economist.com/news/united-states/21582536-publicopinion-may-be-shifting-last-against-government-intrusiveness-secret.
Fowler, Bree and Brandon Bailey (2016): Four
Ways the FBI Could Hack an iPhone, Business
Sun Journal, 23 March, viewed on 4 April,
http://www.sunjournal.com/news/0001/11/
30/four-options-hacking-iphone/1894020.
Groll, Elias (2016): FBI Hacks Terrorists iPhone
Defusing Standoff with Apple, Foreign Policy,
28 March, viewed on 4 April, http://foreignpolicy.com/2016/03/28/fbi-hacks-terrorists-iphone-defusing-stand-off-with-apple/.
Narayanan, M K (2016): The Cyberthreat Is Very
Real, Hindu, 19 March, viewed on 4 April,
http://www.thehindu.com/opinion/lead/lead
-article-by-mk-narayanan-on-aadhaar-bill-thecyberthreat-is-very-real/article8371335.ece.
Posner, Richard (1979): The Uncertain Protection
of Privacy by the Supreme Court, Supreme
Court Review, Vol 1979, pp 173216.
Richards, Neil (2013): The Dangers of Surveillance, Harvard Law Review, Vol 126, No 7,
pp 193465.
Sukumar, Arun Mohan (2016): What Apple vs FBI
Means for India, Hindu, 24 February, viewed on
4 April 2016, http://www.thehindu.com/opinion/
op-ed/what-apple-versus-fbi-means-for-india/
article827 2521.ece.
Tarafder, Agnidipto and Shameek Sen (2016):
Wolf in Sheeps Clothing?, Statesman, 24 March,
viewed on 4 April 2016, http://epaper.
thestatesman.com/m/758010/StatesmanDelhi/24-03-2016#issue /14/1.
Warren, Samuel and Louis Brandeis (1890): The
Right to Privacy, Harvard Law Review, Vol 4,
No 5, pp 193220.

Cases Referred
American Civil Liberties Union et al v James R Clapper
et al (2013): 959 F Supp 2d, p 724, SDNY.
Griswold v Connecticut (1965): The US, 381, p 479.
Kharak Singh v State of Uttar Pradesh and Others
(1964): SCR, SC, 1, p 332.
Klayman et al v Obama et al (2013): 957 F Supp 2d,
p 1.
Olmstead v United States (1928): The US, 277, p 438.
Peoples Union for Civil Liberties v Union of India and
Another (1997): AIR, SC, p 568.
Roe v Wade (1973): The US, 410, p 113.
United States v New York Telephone Co (1977): The
US, 434, p 159.
US District Court Eastern District of New York
(2016): In Re Order Requiring Apple Inc to
Assist in the Execution of a Search Warrant
Issued by This Court Case, Memorandum and
Order 15MC1902 (JO), 29 February.

april 23, 2016

available at

CNA Enterprises Pvt Ltd

27/13 Ground Floor
Chinna Reddy Street, Egmore
Chennai 600 008
Ph: 44-45508212/13
vol lI no 17

EPW

Economic & Political Weekly