That may be commonplace in authoritarian countries, but liberal democracies ought to avoid doing the same out of an aversion to transgressing against core freedoms.
The order could set a sweeping precedent if it stands.
“If you allow people to be conscripted in this way, as investigative arms of the government,” Julian Sanchez observes, “not just to turn over data, but to help extract data, where the only connection to a case is that they wrote some software the suspect used or made a device the suspect used, you're effectively saying that companies are going to have to start a sideline in helping the government with surveillance.” He adds: “Do we want to accept that courts may compel any software developer, any technology manufacturer, to become a forensic investigator for the government, whether or not the investigation is intrinsically legitimate?"
I do not want to accept that.
Almost every American wants to defeat the menace of terrorism. Apple is certainly invested in that effort and consistently assists the United States government.
Had Syed Rizwan Farook whispered his passcode to me, I’d be the first to alert the FBI. But precisely because support for counterterrorism is so overwhelming, there is a lot to gain and very little to lose from a citizenry that retains the discretion to refuse to cooperate with the government when its requests are overzealous. That is a prudent check to conserve, especially knowing that the counterterrorism mission can corrupt so deeply as to cause U.S. officials to countenance torture, extrajudicial killings of U.S. citizens, and forced rectal feedings of prisoners.
Even if you don’t buy that argument, what the FBI is doing with this order should trouble you. It’s opportunistically using the most unpopular possible target, a dead terrorist, to create other precedents that Nicholas Weaver correctly dubs catastrophic.
As he writes at Lawfare:
The same logic behind what the FBI seeks could just as easily apply to a mandate forcing Microsoft, Google, Apple, and others to push malicious code to a device through automatic updates when the device isn't yet in law enforcement's hand. So the precedent the FBI seeks doesn't represent just "create and install malcode for this device in Law Enforcement possession" but rather "create and install malcode for this device".
Let us assume that the FBI wins in court and gains this precedent. This does indeed solve the "going dark" problem as now the FBI can go to Apple, Cisco, Microsoft, or Google with a warrant and say "push out an update to this target". Once the target's device starts running the FBI's update then encryption no longer matters, even the much stronger security present in the latest Apple devices. So as long as the FBI identifies the target's devices before arrest there is no problem with any encryption.
But at what cost?
Currently, hacking a target has a substantial cost: it takes effort and resources. This is one reason why I don't worry (much) about the FBI's Network Investigative Technique (NIT) malcode, they can only use it on suitably high value targets. But what happens in a world where "hacking" by law enforcement is as simple as filling out some paperwork?
Almost immediately, the NSA is going to secretly request the same authority through the Foreign Intelligence Surveillance Court using a combination of 702 to justify targeting and the All Writs Act to mandate the necessary assistance. How many honestly believe the FISC wouldn't rule in the NSA's favor after the FBI succeeds in getting the authority?
The NSA's admittedly restrictive definition of "foreign intelligence" target is not actually all that restrictive due to the "diplomatic" catch-all, a now unfortunately public cataloging of targets, and a close association with the GCHQ. So already foreign universities, energy companies, financial firms, computer system vendors, governments, and even high net worth individuals could not trust US technology products as they would be suceptible to malicious updates demanded by the NSA.
And the problems don’t end there. In the Washington Post, security technologist Bruce Schneier argues:
Either everyone gets access or no one does.
The current case is about a single iPhone 5c, but the precedent it sets will apply to all smartphones, computers, cars and everything the Internet of Things promises. The danger is that the court’s demands will pave the way to the FBI forcing Apple and others to reduce the security levels of their smart phones and computers, as well as the security of cars, medical devices, homes, and everything else... The FBI may be targeting the iPhone of the San Bernardino shooter, but its actions imperil us all.