DOJ Using Antiquated 1789 'All Writs Act' To Try To Force Phone Manufacturers To Help Unlock Encrypted Phones
from the any-and-all-methods dept
With the ongoing fight over mobile encryption in the last few months, it's no secret that law enforcement has been pushing for new laws that require backdoors into encrypted offerings. However, the Wall Street Journal also noted another little trick that the Justice Department appears to be testing out: dumping the problem back on the phone manufacturer, by using a centuries old law to require the [nameless] phone manufacturer to help law enforcement decrypt a phone. And, Ars Technica then found another example of it being used on the very same day in a different case to try to pressure Apple into helping to decrypt a phone.Specifically, the DOJ used the All Writs Act -- a 1789 law, that is now codified as 28 USC 1651. It's pretty straightforward (and broad):
(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.The case the WSJ found is not at all clear in the details. An order was issued to a phone manufacturer -- whose name is redacted to [XXX] Inc. -- saying that it needed to help the DOJ unlock the phone. Federal Court Magistrate Judge Gabriel Gorenstein (in the Southern District of NY) agreed, but issued the public ruling on it, perhaps recognizing that this is diving into slightly questionable territory. While noting that the All Writs Act was also the basis for so called "pen register" orders (recording phone numbers dialed by certain phones based on court orders), Gorenstein points out that this is a similar situation:
(b) An alternative writ or rule nisi may be issued by a justice or judge of a court which has jurisdiction.
the Supreme Court held that a district court had authority under the All Writs Act to issue an order requiring a telephone company to provide technical assistance to the Government in its effort to install a "pen register" — a device for recording the numbers dialed on a telephone.... Thus, we conclude that it is appropriate to order the manufacturer here to attempt to unlock the cellphone so that the warrant may be executed as originally contemplated.However, Gorenstein points out that the All Writs Act isn't without its limits, and thus he provides the phone manufacturer a chance to protest, arguing that the request is too burdensome:
The Government has provided a proposed Order that directs the manufacturer to provide "reasonable technical assistance" in unlocking the device. The proposed Order omits, however, any mention of a process by which the manufacturer may seek to the challenge the Order. Courts have held that due process requires that a third party subject to an order under the All Writs Act be afforded a hearing on the issue of burdensomeness prior to compelling it to provide assistance to the Government.... To the extent the manufacturer believes the order to be unduly burdensome or that it should be reimbursed for expenses, the manufacturer should be given clear notice that it has the opportunity to object to the Order.It's unclear if the manufacturer did object to the order or not. In the other case, in the Northern District of California, Magistrate Judge Kandis Westmore doesn't hide Apple's name, noting that the FBI has the phone and wants Apple's help to decrypt it under the All Writs Act. The request, filed on the same day as the ruling in NY, notes that "in other cases, courts have ordered the unlocking of an iPhone under this authority." In other words, it looks like the DOJ wasted no time using the ruling in NY to suggest this was a common way of forcing the phone manufacturer to help decrypt phones. Though, as others have pointed out, other courts have actually pushed back on attempts by the feds to use the All Writs Act to spy on people like this.
Either way, Westmore doesn't go as far as Gorenstein, and rather notes that Apple only need provide "reasonable technical assistance" but "is not required to attempt to decrypt, or otherwise enable law enforcement's attempts to access any encrypted data." Instead:
Apple's reasonable technical assistance may include, but is not limited to, bypassing the iOS Device's user's passcode so that the agents may search the device, extracting data from the Device and copying the data onto an external hard drive or other storage medium that law enforcement agents may search, or otherwise circumventing the Device's security systems to allow law enforcement access to Data and to provide law enforcement with a copy of encrypted data stored on the iOS Device.Westmore's response seems somewhat limited. It basically says that Apple can help getting the (encrypted) data off the device if the FBI can't figure out how, but it shouldn't have to help to decrypt it. The NY case ruling seems much more open ended. It's unclear if the nameless manufacturer in the NY case did push back on the ruling by protesting it. If it did, the efforts are probably sealed up. However, it does suggest that the DOJ is already figuring out a variety of ways to try to pressure even those who lock down information on devices to help the DOJ break those locks.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: all writs act, doj, fbi, gabriel gorenstein, kandis westmore, mobile encryption, phone manufacturers
Reader Comments
Subscribe: RSS
View by: Time | Thread
They're so big at this point i don't think the government would risk a high profile fight with them.
[ link to this | view in thread ]
what is this 'warrant' mentioned in the article? How does a 'warrant' apply here?
[ link to this | view in thread ]
Have the FBI tried searching Google for "ios lock screen bypass"? (Would use a lmgtfy link, but it appears to be down)
[ link to this | view in thread ]
phone hacking = "e-rape"
Hacking into your PC/phone w/o consent = e-rape.
Let's call a spade a spade; NSA is a bunch of perverts.
[ link to this | view in thread ]
Providing technical assistance is not synonymous with success
[ link to this | view in thread ]
1789 or 1911?
[ link to this | view in thread ]
[ link to this | view in thread ]
The stomping all over the Constitution and the rights of citizens has given the government a very bad name and this is going to come back to bite them in the ass. It's just a matter of when. There's a whole lot of fuel been piled on the ground dealing with different issues that congress can not or will not address. People are fed up with working two jobs to make ends barely meet. All it's going to take is a spark similar to Ferguson to set it off. I sure don't wanna be here to see it.
[ link to this | view in thread ]
Shredding services
Now, imagine a shredding service. I take my papers to a UPS store for shredding -- they are not immediately shredded, but instead held in a locked bin for pickup and later shredding.
I "willingly" gave these documents to the UPS store. Is a court order required for law enforcement to access the files that are waiting to be shredded?
[ link to this | view in thread ]
Re: Shredding services
[ link to this | view in thread ]
These 2 are not even close to one another...
Courts are already finding that a persons private data stored on the phone is the same as files stored in a safe in their home or office and require a warrant to get to.
This is their only way to get the data is with a warrant and the court attempting to coerce the owner into decrypting the records.
Any other method is illegal and violates the constitution.
I would say forcing the owner to hand over the decryption code could also be said to be self-incrimination which would also violate the constitution, but apparently some judges just don't care about the law anymore.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Shredding services
The UK would have those open in no time, no warrant, no nothing, then they'd disappear you.
[ link to this | view in thread ]
Re: 1789 or 1911?
The current actual language, as quoted above, dates to 1948 when multiple laws regarding writs were consolidated into 28 USC 1651.
[ link to this | view in thread ]
Re: 1789 or 1911?
The LII 28 USC § 1651 link provided above contains not only the (current) statutory text, but also an informative “notes” tab. The notes tab outlines the legislative history.
In addition, the Wikipedia article on the All Writs Act links to the article on the Judiciary Act of 1789. In that second Wikipedia article, reference 3 links to a Library of Congress webguide. And in that webguide, the first link leads to the text of the 1789 Act.
[ link to this | view in thread ]
Re: Re: 1789 or 1911?
Here's a better copy of the Judiciary Act of 1789, from the Federal Judicial Center.
[ link to this | view in thread ]
USG: We need to crack this encryption.
Reality: Sorry li'l Brosephina, can't be done.
USG: We order you to help crack this phone!
Reality: No.
USG: WE ARE THE LAW OF THE LAND!
Reality: Sorry, brojangles, I am the laws of the universe itself, and possibly other ones too.
USG: FINE! WE'LL JUST DEMAND BACKDOORS IN EVERYTHING!
Reality: Sure thing, Broseph Stalin, tell me how that works out for ya.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: phone hacking = "e-rape"
[ link to this | view in thread ]
Re: Shredding services
If the store decides they want to voluntarily hand them over then no, a court order is not required. The store could, however, take the position that they won't voluntarily hand them over -- in which case a court order would be required.
It all depends on what the store wants to do.
[ link to this | view in thread ]
Re: Re: 1789 or 1911?
1789 text (section 14):
Note the use of—
• “all” “writs”
• “necessary” “their respective jurisdictions”
• “agreeable” “principles” “usages” (alternate word order) “of law.”
[ link to this | view in thread ]
Re: phone hacking = "e-rape"
[ link to this | view in thread ]
Re: Re: Re: 1789 or 1911?
[ link to this | view in thread ]
Sounds like they miss the "good ol' days."
[ link to this | view in thread ]
[ link to this | view in thread ]
So now we know why
Who knows when some government official may someday need to twist and stretch some ancient irrelevant law to achieve some end that cannot honestly be achieved by the intended meaning and purpose of any current modern law.
[ link to this | view in thread ]
Re: Re: Shredding services
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
They're not the biggest fans of those pesky 'Constitution' and 'Bill of Rights' documents for example.
[ link to this | view in thread ]
[ link to this | view in thread ]
Not hard to understand
They 'omitted' that little detail because as far as they're concerned, companies have no such right. The government demands, companies obey no questions asked, that's the end of it according to the DOJ/FBI/NSA.
[ link to this | view in thread ]
Re: Not hard to understand
Technical assistance could be provided, without any success in achieving the objective.
[ link to this | view in thread ]
Re: Re: Not hard to understand
Followed by obstruction of justice charges, seizure of corporate assets of criminal enterprise charges, collusion with kiddie fiddlers, drug dealers and terrorists.
Now, about that "out of the box" hard crypto you were planning on rolling out, ...
[ link to this | view in thread ]
[ link to this | view in thread ]
I don't know why the DOJ is bothering Apple. I suppose the DOJ wants Apple's technical assistance extracting a device-unique secret key called a UID. This UID key is embedded in the cryptographic co-processor called the Secure Enclave.
Once the UID key is extracted from the phone, then supercomputers can be used to bruteforce weak passwords. If the UID key isn't extracted from the phone, then all password guessing attempts must be carried out on the phone itself, which is so slow it's not worth doing.
http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html
Either the DOJ wants technical schematics of phone hardware designs, or they want to know how to get in touch with the chips manufactures to request their assistance in recovering UID key embedded in silicon chip.
[ link to this | view in thread ]
Re: phone hacking = "e-rape"
[ link to this | view in thread ]
Oaths of Office
A. Don't comprehend the oath they utter when taking office, and
B. Regard said oath as a series of predefined sounds they need to make in order to gain office, and
C. Regard said sounds as totally meaningless such as repeating a paragraph, verbatim, in a foreign language.
This will only stop when said parties are held responsible for their actions and for violations of said oath. Until then, chaos will reign.
[ link to this | view in thread ]
So what you're telling me is that we've set up a new revenue stream for these manufacturers to sell the data of private citizens to the government?
Sounds like the manufacturers will be completely incentivised to protect the consumer here. I definitely trust Apple not to snatch up any dime put in front of them.
[ link to this | view in thread ]
If the encryption is properly strong...
I'm pretty sure that offering technical assistance doesn't include prematurely sabotaging the security of the phone so it could be accessible by the justice system.
[ link to this | view in thread ]
Re: If the encryption is properly strong...
So far, the government is only seeking Apple's help in unlocking the phone, not making the data at rest intelligible.
If you have rolled out your own encryption solution, or have used the phone as pure storage device, unlocking the phone will only reveal another encryption layer.
And then the government has wasted a lot of time and paperwork for nothing.
For that reason, I always encrypt with multiple software solutions.
Even if there is a backdoor in one of them, the adversary only gets one layer decrypted.
[ link to this | view in thread ]
Re: Re: Re: Shredding services
I don't like living in a nascent police state.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Shredding
[ link to this | view in thread ]
Once in the public bin, the papers are questionable.
Of course, once the papers entered a collection bin that contained the papers of many, many clients (essentially the same as garbage in a waste-collection truck) there would be the matter of proving in court that each paper used as evidence was authentic, and didn't originally belong to someone else.
Which actually presents a security measure that, say, the CIA or some major company could use, which is to generate bunches of false memorandums to mix in with their refuse, so that if ever a search like this was authenticated, the agency / company could claim that it was one of the false memos.
[ link to this | view in thread ]
Laws never taken off the books
-- James Madison saying "I told you so."
[ link to this | view in thread ]
If the NSA can hack into your phone...
And if your life is exciting enough that the NSA or China or criminal interests would have motivation to hack your phone, then you need to gear up with a secure enough phone that it cannot be easily hacked.
(in this case easily hacked meaning hacking your phone without dedicating either a mainframe to breaking your encryption or a squad of ninjas to break into your house and augment the phone's hardware.)
e.g. If your life is interesting you should be using end-to-end encryption. The NSA can't crack that yet.
[ link to this | view in thread ]
Re: Re: Re: Re: 1789 or 1911?
It may surprise you, but I myself am not entirely convinced that the principle has remained the same. The surface similarity in phrasing and even apparent purpose may mask a substantial change in meaning due to changes in the overall legal context.
It's difficult to convey to a modern lawyer how much of the English law of the 18th century (and even later) was driven by the forms of action. The legal term of art “writ” does not necessarily mean now what it meant in 1789.
(See, generally, F. W. Maitland, The Forms of Action at Common Law, 1909.)
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
All Writs Act and Intent
As a result we can no longer sue a prosecutor in his or her person for offenses of abuse, we can not resist unlawful arrests, we cannot file a petition to the Grand Jury to hear evidence of criminal activity of anyone in office. These were open to the People at one time and the resulting restrictions have deprived us of an entire body of law which is denial of due process and equal protection.
One of the cause of the colonists and major complaint was subjecting them to commercial regulation, "for extend the laws of Admiralty beyond their ancient limits, even within the jurisdiction of a county". Admiralty was any and all things maritime including commercial trade, not the Navy in the historic context.
Another such complaint was, "We are entitled to the Common Law at all times". (Declaration and Resolves, 1774, First Continental Congress) We are being subjected to the same encroaching nature of government that the colonists were. Same thing over again and there has been no amendment authorizing our regulation as commerce when we are pursuing activities of right. As Madison put it:
"I believe there are more instances of the abridgement of freedom of the people by gradual and silent encroachments by those in power than by violent and sudden usurpations."
James Madison
Exactly on point.
[ link to this | view in thread ]