Why Apple hack is a bad idea: ex-FBI advisor

How to resolve the present legal conflict between Apple and the federal government?

First, let me frame the issues: Apple says that if it were to comply with the federal government's request, it would facilitate further erosions of individual privacy and marketability of its products.

The federal government has obtained an enforceable judicial order to compel Apple to assist it in retrieving data from a cellphone used by a perpetrator of the San Bernardino massacre.

The government says that if it were to attempt to penetrate the encryption of the cellphone, it would risk triggering the application of an auto-erase program that could have been enabled by the perpetrator.

Valuable data would then be presumably irretrievably lost. The usefulness of such data has not been clearly established, and the alternative means, if any, of obtaining such data have not been subjected to robust independent and impartial examination.

Second, the conflict is not about preventing the San Bernardino massacre or prosecuting the two perpetrators, who are deceased. This is important because whatever the digital contents of the cellphone, the tragedy is murderously complete, and the perpetrators cannot practicably be punished by any court in these United States.

The government may speculate as to the usefulness digital contents, using whatever logic it chooses – from detecting a broader criminal conspiracy to developing helpful profiles on the personalities, habits, associates, etc. of terrorists.

Such logic would also support individually invasive programs such as Terrorism Information Awareness Program, which would undoubtedly assist the government with some objectives, though the cost would be borne by individuals specifically (e.g., loss of privacy) and commercial entities generally (e.g., loss of consumer confidence in Apple's products).

Third, the conflict has been subjected to overstatements on both sides: Apple, if it were to assist the federal government in accessing the digital data on the cellphone at issue, would not be initiating the collapse of individual privacy, and the government, which if it were to succeed in this endeavor, would not likely obtain otherwise unavailable leverage to take down the threats of ISIS and other terrorist factions based on whatever data are stored on the cellphone.

Increasingly, exaggeration is not only a marketing strategy but an investigative strategy. This is important because though the easy, quick answer may be to require Apple to breach the encryption of this cellphone, this makes bad law and policy.

Certainly, it does not seem an appropriate decision for a judicial appointee based on the vaguest and all-empowering of federal statutes (viz., the All Writs Act of 1789) – legislation that conceivably authorizes anything in support of usage and law in the particular jurisdiction, and legislation that has not been substantively updated for numerous decades. It needs other legal support; it cannot stand on its own.

Fourth, the conflict is about who controls electronically stored data that is not communicated. While the government may allege that it is seeking communications, whether through Facebook or otherwise, it is really seeking something much broader and intimate than communications.

After all, communications may be seized under other legal theories (e.g., the Communications Assistance for Law Enforcement Act of 1994). The government seeks the judicially imposed right to data that have not been communicated and to compel third parties (viz., Apple) to assist it in getting these data notwithstanding the absence of an active criminal investigation.

What is sought is speculative intelligence about terrorism and not hard evidence of criminal activity.

Hypothetically, the cellphone may contain files listing every associate in terrorism known by the perpetrator. If he communicated these files, they are likely available to the government on other legal grounds. If he did not communicate these files, they may be forcefully seized, if the government's argument sways.

However, we should be careful about quick, easy cases involving heinous individuals such as the perpetrator. What is created judicially often becomes public policy rendering all of our notes, observations, doubts, jottings, etc. available to the government (and likely foreign governments under me-too reasoning that companies such as Apple are likely to face).

As unpopular as the dead, murdering perpetrator's right to privacy is, this should not support erosions of others' privacy, or Apple's ability to dedicate resources to improving features on devices that consumers want (e.g., enhanced encryption).

Commentary by David M. Shapiro, an assistant professor in the Dept. of Public Management at John Jay College of Criminal Justice, where he is also the deputy director of the Advanced Certificate in Forensic Accounting. Previously, he worked as senior executive, management consultant, corporate investigator, certified public accountant, assistant (county) prosecutor, and special agent – assistant legal advisor with the F.B.I. Follow him on Twitter @dshapiro32.

For more insight from CNBC contributors, follow @CNBCopinion on Twitter.