How Existing Wiretapping Laws Could Save Apple From FBI's Broad Demands
from the calea-to-the-rescue? dept
There are all sorts of interesting (and frustrating and challenging) legal questions raised by the FBI's use of the All Writs Act to try to force Apple to build a system to allow the FBI to hack Apple's customers. But there's one interesting one raised by Albert Gidari that may cut through a lot of the "bigger" questions (especially the Constitutional ones that everyone leaps to) and just makes a pretty simple point: the DOJ is simply wrong that the All Writs Act applies here, rather than the existing wiretapping statute, the Communications Assistance for Law Enforcement Act, or 47 USC 1002, better known by basically everyone as CALEA. CALEA is the law that some (including the DOJ) have wanted "updated" in ways that might force internet companies and mobile phone companies to make their devices more wiretap-ready. But that hasn't happened.And, as Gidari points out, it seems clear that CALEA preempts the All Writs Act and explicitly forbids what the FBI is requesting here. The DOJ is claiming that CALEA doesn't apply to Apple:
Put simply, CALEA is entirely inapplicable to the present dispute [because] Apple is not acting as a telecommunications carrier, and the Order concerns access to stored data rather than real time interceptions and call-identifying informationBut Gidari notes that's misrepresenting CALEA, which also does apply to "manufacturers and providers of telecommunications support services" and Apple could be seen as qualifying, since it's providing the "equipment" here. And then if CALEA, rather than the All Writs Act applies, the DOJ's argument is basically dead on arrival. As many have noted, CALEA already says that you can't force a provider to decrypt encrypted communications:
A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.Now, some may argue that in this case Apple "possesses the information necessary," but that's not actually the case. Apple doesn't possess the information necessary to decrypt. It's being asked to build a system that would let the FBI then hack the system to decrypt. And that's different. And on that point, there's this in CALEA as well:
(1) Design of features and systems configurations. This subchapter does not authorize any law enforcement agency or officeIn a follow up post, Gidari looks at the legislative history of CALEA as well, and notes that it was a compromise between law enforcement (who wanted access to everything) and telcos (who didn't want to give that much access). And the end result was that CALEA was designed to be clear that, no, law enforcement can't always get anything, and certainly can't force companies to build new tools:(a) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services;
(b) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.
Indeed, Congress outright rejected the government’s initial CALEA proposal to actually prevent deployment of new technologies that didn’t have a wiretap back door. As Congress noted, “[t]his is the exact opposite of the original versions of the legislation, which would have barred introduction of services or features that could not be tapped.” In other words, Congress accepted the fact that some new technologies would put some evidence that law enforcement wanted, needed, and may have had access to in the past, beyond its reach in some cases.While a big Constitutional battle may be more interesting (and more long lasting), it's possible that an argument like this one might win the actual lawsuit.
Congress also determined that carriers would have no responsibility to decrypt encrypted communications unless the carrier provided the encryption and could in fact decrypt it. CALEA did not prohibit a carrier from deploying an encryption service for which it did not retain the ability to decrypt communications for law enforcement access, period. Here again, CALEA recognized that some evidence that may be necessary to an investigation will not be available to the government because it is encrypted and the provider lacks the key to access it.
So while CALEA provided law enforcement with some surveillance capabilities on phone networks (which the Federal Communications Commission later extended to broadband Internet access and two-way Voice over IP), it precluded the government from requiring “any specific design of equipment, facilities, services, features, or system configurations to be adopted by any manufacturer of telecommunications equipment.” Requiring Apple by court order to create and implement a work-around for the iPhone’s security features is, in fact, doing what CALEA prohibited.
Of course, then the battle will shift back to Congress to try to update CALEA...
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, calea, doj, encryption, fbi, hacking, iphone
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
But the government isn't asking for Apple to decrypt anything or to provide a backdoor (a way ensuring the government's ability to decrypt), are they? I thought what the government asked for was unencumbered access to brute force the front door (the phone's PIN). Which means allowing PINs to be entered via a computer (as opposed to using the touchscreen), removal of the time delay between attempts and removal of the auto-erase function if 10 bad PINs are entered.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
The primary security feature, the PIN, still protects the encrypted data even if Apple helps the FBI as requested by disabling security measures designed to help protect the PIN from attack. If Farook used an insecure passcode then the FBI will break it quickly (possible in less than 10 attempts), if Farook used a very secure passcode then the FBI might never be able to break in. Nothing is ensured.
[ link to this | view in chronology ]
Re: Re: Re:
The strength of the PIN (I'm not sure what makes some PINs stronger than others, aside perhaps from how often people choose them) is irrelevant here. If the Feds get what they want, they can easily try all possible PINs.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: "Cumbered"
Would that be “encumbered access” because it's national security secret access? And thus, “unencumbered” would merely mean that everyone can talk about how the government learns the contents of the phone?
[ link to this | view in chronology ]
Re: But that is a backdoor
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
No, that's not a thought, that's an incredibly silly word game--which doesn't keep it from being the kind of talking point the FBI uses when the law is dead set against it:
"We don't want back doors, we'd be perfectly happy with a side door."
"We don't need a door at all, so long as we can break the windows whenever we wish."
"We wouldn't need to break windows if the homeowner could only be compelled to disassemble the house from the inside."
"The owner is willing to open the door, why won't he disassemble the front wall enough to drive a tank inside?"
"No, no, of COURSE we aren't insisting on the front wall: a side wall would be perfectly acceptable."
To all of which, the proper response is: "Your mixed metaphor perish with you: to the law and to the testimony!"
The law? "shall NOT be responsible for ... ensuring the government’s ability to decrypt...."
[ link to this | view in chronology ]
CALEA sure helped Lavabit, and certainly prevented Microsoft from handing the skype keys over to the NSA. Of course, it may just be that neither case considered CALEA in that context. But why let legal details get in the way of a good snark?
[ link to this | view in chronology ]
Re: Snark
[ link to this | view in chronology ]
Re:
So Apple gets out under a technicality. Internet communications was never protected in the same way that narrowly defined telecommunications has been for decades.
[ link to this | view in chronology ]
Learning from idiots?
If you have nothing to hide, you don't need it, so wanting the ability to keep anything a secret from the government proves you're a criminal.
Of course, the FBI is not doing this as a political scam on the "lucky" opportunity of using an infamous case to outlaw encryption. They are just trying to drum up business, since they know EVERYONE has some secret.
By the way, there is too much focus on the negative side of dirty secrets and hidden crimes used as sticks. The carrot side is just as bad, less noticeable, and MORE in use.
Actually, Apple is a leading abuser on that side. The personal data about your interests, tastes, and even your strengths is used by the marketeers to manipulate you and sell you all manner of stylish crape you don't need.
(My dark secret is a propensity to use four-letter words like crape.)
[ link to this | view in chronology ]
It's like CALEA was created in a different time...
[ link to this | view in chronology ]
Re: It's like CALEA was created in a different time...
[ link to this | view in chronology ]
Re: It's like CALEA was created in a different time...
[ link to this | view in chronology ]
Re: Re: It's like CALEA was created in a different time...
1984:
http://www.amazon.com/1984-Signet-Classics-George-Orwell/dp/0451524934
Good god, what do they teach kids these days?
[ link to this | view in chronology ]
Re: Re: Re: It's like CALEA was created in a different time...
[ link to this | view in chronology ]
Re: Re: Re: Re: It's like CALEA was created in a different time...
Back on topic: I'd love for this case to be solved (and set in stone) as a matter of constitutionality, but I'm pretty sure Apple can't risk such high stakes, so I guess any win for them would work at this point.
[ link to this | view in chronology ]
Re: Re: It's like CALEA was created in a different time...
That is sad, and worrying.
[ link to this | view in chronology ]
Re: Re: Re: It's like CALEA was created in a different time...
[ link to this | view in chronology ]
(1) Design of features and systems configurations. This subchapter does not authorize any law enforcement agency or office
(a) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services;
(b) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.
This would appear on it's face to be related to forcing ALL of the company's products to be modified to this standard. The court order does not require a specific design for IPhones, it only asks for a modification for the device in police custody. There is no indication that the feds (or anyone else) wants this patch rolled out to every iphone in the world.
That said, CALEA may be a better argument against requiring a true backdoor in a product. I would not be shocked to see this law get modified in the near future to eliminate this potential legal arguement.
[ link to this | view in chronology ]
Re:
If Apple puts this modified OS on one phone, they've 'adopted' the software.
[ link to this | view in chronology ]
Re: Re:
If Apple rolled it out to all phones as a result of the court order, then yes, it would be "design"... but to place it one a single device... not so much.
[ link to this | view in chronology ]
Re: Re: Re:
Oh yes it is, as law enforcement in this case is defining a design feature that they want. Design is simply the act of deciding how to implement something.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Here, I have a lot of trouble sending any shred of good faith.
1. Even a one-off software requires "design".
2. So you seriously think this will be a one-time-only thing?
3. You could have argued a few technicalities (eg. does Apple qualify as telecommunication provider? does CALEA apply when you're trying to decrypt stored information and not ongoing communications?...), but this objection is just ridiculous.
[ link to this | view in chronology ]
Re: Re: Re:
If it doesn't require design, then you're saying it already exists.
It apparently doesn't, otherwise this conversation wouldn't exist.
Seriously, stop throwing words around like you have any semblance of a clue as to what they mean.
[ link to this | view in chronology ]
Re:
Bull. It applies to being forced to modify ANY of their products.
You're so full of it.
[ link to this | view in chronology ]
Re:
Seems pretty clear to me, they're not allowed to force any changes. To claim otherwise would absolutely gut the restriction, as they could simply argue that a company doesn't have to implement or change a particular feature or system configuration for all their products and/or services... just the ones the government/police tell them to.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
You're just using an overbroad interpretation of "to be adopted". Changing a single phone would apply.
[ link to this | view in chronology ]
Re: oh, really easy
[ link to this | view in chronology ]
Apple doesn't have to be a telco
I do believe Apple does provide support for their services which of course includes Facetime as well as iMessages.
[ link to this | view in chronology ]
Re: Apple doesn't have to be a telco
[ link to this | view in chronology ]