How Existing Wiretapping Laws Could Save Apple From FBI's Broad Demands

from the calea-to-the-rescue? dept

There are all sorts of interesting (and frustrating and challenging) legal questions raised by the FBI's use of the All Writs Act to try to force Apple to build a system to allow the FBI to hack Apple's customers. But there's one interesting one raised by Albert Gidari that may cut through a lot of the "bigger" questions (especially the Constitutional ones that everyone leaps to) and just makes a pretty simple point: the DOJ is simply wrong that the All Writs Act applies here, rather than the existing wiretapping statute, the Communications Assistance for Law Enforcement Act, or 47 USC 1002, better known by basically everyone as CALEA. CALEA is the law that some (including the DOJ) have wanted "updated" in ways that might force internet companies and mobile phone companies to make their devices more wiretap-ready. But that hasn't happened.

And, as Gidari points out, it seems clear that CALEA preempts the All Writs Act and explicitly forbids what the FBI is requesting here. The DOJ is claiming that CALEA doesn't apply to Apple:
Put simply, CALEA is entirely inapplicable to the present dispute [because] Apple is not acting as a telecommunications carrier, and the Order concerns access to stored data rather than real time interceptions and call-identifying information
But Gidari notes that's misrepresenting CALEA, which also does apply to "manufacturers and providers of telecommunications support services" and Apple could be seen as qualifying, since it's providing the "equipment" here. And then if CALEA, rather than the All Writs Act applies, the DOJ's argument is basically dead on arrival. As many have noted, CALEA already says that you can't force a provider to decrypt encrypted communications:
A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.
Now, some may argue that in this case Apple "possesses the information necessary," but that's not actually the case. Apple doesn't possess the information necessary to decrypt. It's being asked to build a system that would let the FBI then hack the system to decrypt. And that's different. And on that point, there's this in CALEA as well:
(1) Design of features and systems configurations. This subchapter does not authorize any law enforcement agency or office
(a) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services;

(b) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.
In a follow up post, Gidari looks at the legislative history of CALEA as well, and notes that it was a compromise between law enforcement (who wanted access to everything) and telcos (who didn't want to give that much access). And the end result was that CALEA was designed to be clear that, no, law enforcement can't always get anything, and certainly can't force companies to build new tools:
Indeed, Congress outright rejected the government’s initial CALEA proposal to actually prevent deployment of new technologies that didn’t have a wiretap back door. As Congress noted, “[t]his is the exact opposite of the original versions of the legislation, which would have barred introduction of services or features that could not be tapped.” In other words, Congress accepted the fact that some new technologies would put some evidence that law enforcement wanted, needed, and may have had access to in the past, beyond its reach in some cases.

Congress also determined that carriers would have no responsibility to decrypt encrypted communications unless the carrier provided the encryption and could in fact decrypt it. CALEA did not prohibit a carrier from deploying an encryption service for which it did not retain the ability to decrypt communications for law enforcement access, period. Here again, CALEA recognized that some evidence that may be necessary to an investigation will not be available to the government because it is encrypted and the provider lacks the key to access it.

So while CALEA provided law enforcement with some surveillance capabilities on phone networks (which the Federal Communications Commission later extended to broadband Internet access and two-way Voice over IP), it precluded the government from requiring “any specific design of equipment, facilities, services, features, or system configurations to be adopted by any manufacturer of telecommunications equipment.” Requiring Apple by court order to create and implement a work-around for the iPhone’s security features is, in fact, doing what CALEA prohibited.
While a big Constitutional battle may be more interesting (and more long lasting), it's possible that an argument like this one might win the actual lawsuit.

Of course, then the battle will shift back to Congress to try to update CALEA...
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, calea, doj, encryption, fbi, hacking, iphone
Companies: apple


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 24 Feb 2016 @ 2:59pm

    "A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt,..."

    But the government isn't asking for Apple to decrypt anything or to provide a backdoor (a way ensuring the government's ability to decrypt), are they? I thought what the government asked for was unencumbered access to brute force the front door (the phone's PIN). Which means allowing PINs to be entered via a computer (as opposed to using the touchscreen), removal of the time delay between attempts and removal of the auto-erase function if 10 bad PINs are entered.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2016 @ 3:05pm

      Re:

      I would argue that disabling security features that protect the encrypted data is "ensuring the government’s ability to decrypt"

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Feb 2016 @ 5:56pm

        Re: Re:

        I would argue that disabling security features that protect the encrypted data is "ensuring the government’s ability to decrypt"

        The primary security feature, the PIN, still protects the encrypted data even if Apple helps the FBI as requested by disabling security measures designed to help protect the PIN from attack. If Farook used an insecure passcode then the FBI will break it quickly (possible in less than 10 attempts), if Farook used a very secure passcode then the FBI might never be able to break in. Nothing is ensured.

        link to this | view in chronology ]

        • icon
          John Fenderson (profile), 24 Feb 2016 @ 7:15pm

          Re: Re: Re:

          Apple is being asked to disable the security feature that prevents brute-forcing the PIN. Thus, the government is asking Apple to circumvent a security system. That's a back door.

          The strength of the PIN (I'm not sure what makes some PINs stronger than others, aside perhaps from how often people choose them) is irrelevant here. If the Feds get what they want, they can easily try all possible PINs.

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Feb 2016 @ 8:35am

          Re: Re: Re:

          Well considering that the key needed to decrypt the information would get wiped in the event of 10 wrong guesses and decrypting the information would be impossible without it, what do you think the request to disable that feature was designed to accomplish if it wasn't to "ensure the government’s ability to decrypt"?

          link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2016 @ 3:05pm

      Re:

      I would argue that disabling security features that protect the encrypted data is "ensuring the government’s ability to decrypt"

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2016 @ 3:13pm

      Re: "Cumbered"

      unencumbered access
      What is “encumbered access”? Does Apple or its fab already provide an “encumbered” linkage between the supposedly-secret uid fused in the processor, and external markings?

      Would that be “encumbered access” because it's national security secret access? And thus, “unencumbered” would merely mean that everyone can talk about how the government learns the contents of the phone?

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2016 @ 7:37pm

      Re: But that is a backdoor

      That is indeed a backdoor. A backdoor doesn't have to provide a key, it just has to weaken the protections. That's what eliminating the PIN count and reducing the PIN delay does.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2016 @ 8:43pm

      Re:

      the government has even less of a leg to stand on for this argument. what they can compel people to do it limited for a reason. they can't force a bunch of people into a labor camp to build something. in the past companies were generally willing to work with the government but recently the governments action have meant fewer and fewer are willing to help them out and they seem to be to incompetent to figure it out for themselves.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2016 @ 3:13pm

    >I thought what the government asked for was unencumbered access to brute force the front door (the phone's PIN).

    No, that's not a thought, that's an incredibly silly word game--which doesn't keep it from being the kind of talking point the FBI uses when the law is dead set against it:

    "We don't want back doors, we'd be perfectly happy with a side door."

    "We don't need a door at all, so long as we can break the windows whenever we wish."

    "We wouldn't need to break windows if the homeowner could only be compelled to disassemble the house from the inside."

    "The owner is willing to open the door, why won't he disassemble the front wall enough to drive a tank inside?"

    "No, no, of COURSE we aren't insisting on the front wall: a side wall would be perfectly acceptable."

    To all of which, the proper response is: "Your mixed metaphor perish with you: to the law and to the testimony!"

    The law? "shall NOT be responsible for ... ensuring the government’s ability to decrypt...."

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2016 @ 3:27pm

    A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.

    CALEA sure helped Lavabit, and certainly prevented Microsoft from handing the skype keys over to the NSA. Of course, it may just be that neither case considered CALEA in that context. But why let legal details get in the way of a good snark?

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2016 @ 3:37pm

      Re: Snark

      … why let legal details get in the way of a good snark?
      The Hunting of the Snark by Lewis Carroll
      Fit the First
                The Landing

      "Just the place for a Snark!" the Bellman cried,
           As he landed his crew with care;
      Supporting each man on the top of the tide
           By a finger entwined in his hair.

      "Just the place for a Snark! I have said it twice:
           That alone should encourage the crew.
      Just the place for a Snark! I have said it thrice:
           What I tell you three times is true."

       . . .

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2016 @ 3:58pm

      Re:

      Lavabit was information technology communications, but not telecommunications. Same with Skype. Apple is in the interesting place of actually being a telecommunications product provider, and it is this product whose software the FBI want them to modify.

      So Apple gets out under a technicality. Internet communications was never protected in the same way that narrowly defined telecommunications has been for decades.

      link to this | view in chronology ]

  • icon
    shanen (profile), 24 Feb 2016 @ 4:24pm

    Learning from idiots?

    "When encryption is outlawed, only outlaws will have encryption."

    If you have nothing to hide, you don't need it, so wanting the ability to keep anything a secret from the government proves you're a criminal.

    Of course, the FBI is not doing this as a political scam on the "lucky" opportunity of using an infamous case to outlaw encryption. They are just trying to drum up business, since they know EVERYONE has some secret.

    By the way, there is too much focus on the negative side of dirty secrets and hidden crimes used as sticks. The carrot side is just as bad, less noticeable, and MORE in use.

    Actually, Apple is a leading abuser on that side. The personal data about your interests, tastes, and even your strengths is used by the marketeers to manipulate you and sell you all manner of stylish crape you don't need.

    (My dark secret is a propensity to use four-letter words like crape.)

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Feb 2016 @ 5:28pm

    It's like CALEA was created in a different time...

    ...A time when people remembered things like "1984" and the Watergate scandal.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2016 @ 5:57pm

      Re: It's like CALEA was created in a different time...

      A time when people remembered things like "1984"
      Apple 1984 Super Bowl Commercial

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2016 @ 6:05pm

      Re: It's like CALEA was created in a different time...

      A time when people remembered things like "1984"
      “1994”
      The Communications Assistance for Law Enforcement Act (CALEA) is a United States wiretapping law passed in 1994, during the presidency of Bill Clinton…

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Feb 2016 @ 9:27pm

        Re: Re: It's like CALEA was created in a different time...

        *facepalm*

        1984:

        http://www.amazon.com/1984-Signet-Classics-George-Orwell/dp/0451524934

        Good god, what do they teach kids these days?

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 24 Feb 2016 @ 10:30pm

          Re: Re: Re: It's like CALEA was created in a different time...

          Good god, what do they teach kids these days?
          Nineteen Eighty-Four
          Copyright status

          The novel is in the public domain in Canada, South Africa, Argentina, Australia, and Oman. It will be in the public domain in Brazil in 2021, and in the United States in 2044.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 25 Feb 2016 @ 12:20am

            Re: Re: Re: Re: It's like CALEA was created in a different time...

            And as soon as TPP gets ratified and TTIP gets signed, 1984 will (for all practical intents and purposes) move to enter public domain in 2044 (or whatever the U.S. decides to -yet again- extend copyright to) worldwide.

            Back on topic: I'd love for this case to be solved (and set in stone) as a matter of constitutionality, but I'm pretty sure Apple can't risk such high stakes, so I guess any win for them would work at this point.

            link to this | view in chronology ]

      • icon
        Wyrm (profile), 25 Feb 2016 @ 8:58am

        Re: Re: It's like CALEA was created in a different time...

        OK. It's official, some people definitely don't know 1984.
        That is sad, and worrying.

        link to this | view in chronology ]

  • icon
    Whatever (profile), 24 Feb 2016 @ 6:03pm

    While it's an interesting argument, I think you are pretty much intentionally misreading the law to try to draw a conclusion. Specifically, this:

    (1) Design of features and systems configurations. This subchapter does not authorize any law enforcement agency or office
    (a) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services;

    (b) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.


    This would appear on it's face to be related to forcing ALL of the company's products to be modified to this standard. The court order does not require a specific design for IPhones, it only asks for a modification for the device in police custody. There is no indication that the feds (or anyone else) wants this patch rolled out to every iphone in the world.

    That said, CALEA may be a better argument against requiring a true backdoor in a product. I would not be shocked to see this law get modified in the near future to eliminate this potential legal arguement.

    link to this | view in chronology ]

    • identicon
      Quiet Lurcker, 24 Feb 2016 @ 7:06pm

      Re:

      Where does it mention or even imply all devices/software/etc., instead of just one?

      If Apple puts this modified OS on one phone, they've 'adopted' the software.

      link to this | view in chronology ]

      • icon
        Whatever (profile), 24 Feb 2016 @ 8:47pm

        Re: Re:

        The difference is the word "design". A one off software modification for law enforcement isn't a design, it isn't the overall way the devices would be made, it's a one off. It reads about overall product and not any one device.

        If Apple rolled it out to all phones as a result of the court order, then yes, it would be "design"... but to place it one a single device... not so much.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Feb 2016 @ 2:41am

          Re: Re: Re:

          A one off software modification for law enforcement isn't a design,

          Oh yes it is, as law enforcement in this case is defining a design feature that they want. Design is simply the act of deciding how to implement something.

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Feb 2016 @ 7:41am

          Re: Re: Re:

          The creation of any piece of software is, most assuredly, by design.

          link to this | view in chronology ]

        • icon
          Wyrm (profile), 25 Feb 2016 @ 9:07am

          Re: Re: Re:

          I might give you that you were sincere with your definition of a "backdoor".
          Here, I have a lot of trouble sending any shred of good faith.
          1. Even a one-off software requires "design".
          2. So you seriously think this will be a one-time-only thing?
          3. You could have argued a few technicalities (eg. does Apple qualify as telecommunication provider? does CALEA apply when you're trying to decrypt stored information and not ongoing communications?...), but this objection is just ridiculous.

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Feb 2016 @ 9:16am

          Re: Re: Re:

          A one off software modification for law enforcement isn't a design, it isn't the overall way the devices would be made, it's a one off.

          If it doesn't require design, then you're saying it already exists.

          It apparently doesn't, otherwise this conversation wouldn't exist.

          Seriously, stop throwing words around like you have any semblance of a clue as to what they mean.

          link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Feb 2016 @ 7:31pm

      Re:

      This would appear on it's face to be related to forcing ALL of the company's products to be modified to this standard.

      Bull. It applies to being forced to modify ANY of their products.

      You're so full of it.

      link to this | view in chronology ]

    • icon
      That One Guy (profile), 24 Feb 2016 @ 9:15pm

      Re:

      (a) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services;

      Seems pretty clear to me, they're not allowed to force any changes. To claim otherwise would absolutely gut the restriction, as they could simply argue that a company doesn't have to implement or change a particular feature or system configuration for all their products and/or services... just the ones the government/police tell them to.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Feb 2016 @ 8:25am

      Re:

      You know that whole, "Wipe the phone after 10 wrong guesses" thing? Guess what? That is a system level feature configured by the user that law enforcement is trying to compel them to change.

      link to this | view in chronology ]

    • icon
      tqk (profile), 25 Feb 2016 @ 10:18am

      Re:

      This would appear on it's face to be related to forcing ALL of the company's products to be modified to this standard.

      You're just using an overbroad interpretation of "to be adopted". Changing a single phone would apply.

      link to this | view in chronology ]

  • identicon
    jim, 25 Feb 2016 @ 6:18am

    Re: oh, really easy

    I like these arguements. Why couldn't, our government talk with a government that has the source code for a copy of it. After all the great protector of privacy in america gave the "C" government a copy of their latest source code. I'll bet the others have not only found out, how, and already busted into what they want to hear.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Feb 2016 @ 6:49am

    Apple doesn't have to be a telco

    Design of features and systems configurations. This subchapter does not authorize any law enforcement agency or office
    (a) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services;

    (b) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.


    I do believe Apple does provide support for their services which of course includes Facetime as well as iMessages.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.