The Justice Department’s dispute with Apple related to encryption on the iPhone used by one of the San Bernardino shooters has reinvigorated the national debate on digital privacy. Though it is not clear how the California District Court will rule on pending motions by the Government and Apple, the case has breathed new life into a longstanding debate on the balance of law enforcement and privacy protections for U.S. citizens.
The debate is raising questions as to whether technology companies are really creating “warrant poof zones” in the digital world, or whether the FBI and other government agency cyber-investigative competencies are simply too weak. Over a dozen amicus briefs have been filed by technology companies, digital rights organizations, civil rights organizations, and others supporting Apple’s position based on various arguments surrounding privacy and security.
However, organizations on both sides of the debate seem to agree the issue of government access to encrypted data on devices should be settled by lawmakers. In 1994, Congress passed the Communications Assistance for Law Enforcement Act (CALEA) to address the needs of law enforcement and privacy. The purpose of CALEA is to enhance the ability of law enforcement to conduct electronic surveillance and specifies when a company has an obligation to assist the government with decryption of communications. Since it was passed, CALEA has been expanded to include broadband Internet and VoIP traffic.
In 2013, the FBI considered expansion of CALEA (commonly referred to as CALEA II) to require software vendors to build intercept functionality into their products. In response, leading technology companies, including Apple, as well as public interest organizations like the ACLU and Human Rights Watch, urged President Obama to reject the proposal; ultimately, CALEA II was not pursued. Since then, Congress has left CALEA untouched. Relevant to the Apple case, CALEA makes clear that a company has no obligation to assist the government with decryption of communications where the company does not retain a copy of the decryption key.
In response to the debate, the House Judiciary Committee is examining encryption and the questions it raises for Americans and lawmakers and held a hearing March 1 titled “The Encryption Tightrope: Balancing Americans’ Security and Privacy.” At the hearing, New York County District Attorney Cyrus Vance stated that just his own office is currently locked out of 175 Apple devices obtained in investigations of a murder, sexual child abuse, sex trafficking, child pornography, assault and robbery. The House Judiciary Committee is continuing its research with the goal of finding a solution that allows law enforcement to effectively enforce the law without harming the competitiveness of U.S. encryption providers or the privacy protections of U.S. citizens. In addition, House Homeland Security Committee Chairman Michael McCaul (R-TX) and Senator Mark Warner (D-VA) introduced the National Commission on Security and Technology Challenges on February 29, 2016. The legislation establishes the McCaul-Warner Commission on Digital Security, the stated purpose of which is to collectively address the larger issue of protecting national security and digital security, without letting encrypted communications become a safe haven for terrorists.
The debate is certainly not unique to the U.S. and there is recent indication China may be revisiting its decision at the end of last year to pass a cybersecurity law that would not require companies to build back doors to encryption software. Recent news also broke that Pakistan may be banning encryption software and issued notice to all ISPs to inform the Pakistan Telecommunications Authority if any of their customers are using VPNs to browse the Internet.
To recap where things stand for those who haven’t been following the controversy, the Justice Department is taking on Apple for its refusal to comply with a court order requiring Apple to assist the FBI in unlocking an iPhone used by one of the shooters in last year’s San Bernardino massacre. In short, the FBI obtained a warrant to search the iPhone but has been unable to execute on the warrant as the phone is password encrypted. The government sought Apple’s assistance, and after Apple refused, the government obtained a court order requiring Apple to assist the FBI. Apple refused to obey the order and on February 19 the Justice Department filed a motion to compel Apple to comply. On February 25, Apple filed its own motion requesting the court vacate the order compelling Apple to assist with the search. In its motion, Apple admits there are “two important and legitimate interests in this case: the needs of law enforcement and the privacy and personal safety interests of the public,” but takes issue with the method through with the government obtained the Order. Apple also contends the requirement that it create new software with functions to remove security features from the iPhone (rather than just disabling existing code functionality) amounts to a violation of the First Amendment. In addition, Apple addresses its concerns over the data privacy of millions of citizens and raises the specter that foreign governments may demand similar tools from tech companies once developed for the U.S. government.
U.S. attorneys are due to respond to Apple’s latest filing by March 10, and a court hearing is scheduled for March 22.