The battle of privacy vs. security is incendiary. U.S. nationals who are security professionals are torn on the Apple v. FBI situation. On one hand, data security #sheepdogs understand how critical it is to obtain intelligence to thwart (cyber) attacks. On the other hand, a deep mistrust of the government runs in technology circles and any pressure from law enforcement on tech companies is fear-inducing and violates privacy. I believe that in cases where terrorist attacks are carried out state-side, it is vital that any intelligence that may be obtained leading to capture of complicit parties or disruption of future attacks be obtained swiftly and that the terrorist has opted out of the assumed right to privacy.
Intelligence has a limited shelf life. From the moment that data are created, the clock is ticking on the intelligence value as it decays rapidly. A common argument in information security is that digital forensics are nearly useless because by the time forensics are conducted, the adversary already has accomplished their objective. Similarly in this case, burner phones, email accounts, servers, and other digital evidence that the subject’s handlers may have used are becoming less and less likely to be useful as the trail becomes cold.
If the Fourth Amendment assumed right to privacy were to apply in this case, the Supreme Court has found that this right does not extend to the dead (see Maritote vs. Desilu Productions, Inc. and James vs. Screen Gems, Inc.).
Those who believe that the FBI request of Apple violates privacy tend to see this as a “slippery slope” and a “dangerous precedent”. If this were to establish precedent, then I believe that pre-conditions such as a terrorist attack taking place on U.S. soil by a dead terrorist who owns the mobile device is a narrow enough scope that this is less than likely to be abused by courts in the future.
As such, I believe that Apple should immediately comply with the FBI request or work with the Department of Justice to re-draft the warrant with Apple engineers to focus on how to bypass the associated UID, GID and Secure Enclave controls.