Monday, April 25, 2016

The End Is Just The Beginning In The Apple Vs. DOJ Legal Battle Over Encryption

As you may have heard, on Friday afternoon the U.S. Department of Justice backed off its efforts to compel Apple to aid in unlocking a criminal suspect’s iPhone — for the second time in only a few weeks. While some have heralded this as a significant victory for Apple (or at least as a loss for the government), it’s really just a tiny, unresolved spat in what looks to become a protracted legal battle for both sides.

In a letter [PDF] to the U.S. District Court judge in the case on Friday, the DOJ explained that it no longer needed Apple’s aid in unlocking an iPhone belonging to a man already convicted of drug charges because “an individual provided the passcode to the iPhone at issue in this case.”

With that code, there was no longer any need for Apple to break its own encryption. That is neither a victory for Apple nor a loss for the DOJ. It merely kicks the can down the road until the next time the government can’t open a smartphone without potentially erasing all the sought-after content.

Federal prosecutors have already successfully used the All Writs Act — a 1789 law that allows a court to allows a judge to compel a person or group to provide a reasonable amount of assistance in the enforcement of a court order — dozens of times to require the assistance of Apple and Google.

But beginning in 2014, both companies began updating their mobile operating systems to remove any sort of backdoor access, meaning that a secured device could not be unlocked without the user-generated passcode.

Apple and its supporters now contend that the All Writs Act does not give courts the authority to require tech companies to weaken their encryption, but so far there is no legal consensus on the matter.

In February, a District Court judge in California initially granted the FBI’s request under the All Writs Act and ordered Apple to help unlock an iPhone that belonged to one of the terrorists in the Dec. 2, 2015 massacre in San Bernardino, CA. Apple was in the process of contesting that court order when the prosecutors withdrew their request because a third party (at a cost of $1 million) was able to bypass the encryption without Apple’s involvement.

While this was going on, a federal magistrate judge in New York flat-out said no to a similar DOJ request for aid in unlocking an iPhone belonging to a man already convicted on drug-related charges.

“Ultimately, the question to be answered in this matter, and in others like it across the country,
is not whether the government should be able to force Apple to help it unlock a specific device,” wrote the judge in his ruling, “it is instead whether the All Writs Act resolves that issue and many others like it yet to come… I conclude that it does not.”

Now that the DOJ is no longer pursuing this order, it leaves the magistrate court’s ruling uncontested, but that would not prevent the government from trying again, especially since some of the reasons for denying the request — Apple’s lack of connection to the crime; the fact that everyone involved had already entered guilty pleas — were specific to this case.

In a piece for The Verge, Russell Brandom makes the argument that the government now has an uphill battle if it wants to go after Apple again.

“Next time a locked iPhone comes up, prosecutors will have to make a very convincing case that there is no other way to find the subject’s passcode and no lingering vulnerabilities waiting to be discovered,” explains Brandom. “In both cases, it will be very hard to say for sure. As any security expert will tell you, there are always more undiscovered vulnerabilities out there.”

This sentiment was echoed by attorney Craig Newman, who told the Washington Post that since the DOJ has demonstrated that it can get around encryption without Apple’s help, “the bar just got higher, and the government will be hard-pressed to argue again that Apple is its only alternative.”

They may indeed be correct that the DOJ would have to say why it needs Apple’s help — and the government will undoubtedly try to use what it learned from the San Berardino work-around to avoid courtroom fights — but if the FBI, DEA, or some other federal law enforcement agency believes that the only way to obtain vital data on a locked iPhone is with Apple’s help, we can’t imagine the Attorney General taking the All Writs Act option off the table because of one ruling from a single magistrate judge in one district.

The California case involved an iPhone 5C, and the FBI has said that the work-around it paid $1 million for will not work on anything newer than an iPhone 5S, meaning the government will soon be several generations behind. Even the New York case, which did not require any tech intervention, was an older model iPhone. Given the unrelated popularity of both crime and iPhones, it’s inevitable that the DOJ will eventually run up against a criminal with a device they can’t unlock.

At that point, prosecutors will likely have to demonstrate that they have exhausted all non-Apple options, just as Apple will have to once again list all of its reasons a court order should be denied.

“There will be phones the government just can’t gain access to, and they’ll be able to say truthfully, ‘We need the data, and we have no way to access it,’ ” attorney Michael Sussmann tells the Post. “The fact that in these two cases they found a way in, or got lucky, won’t change that.”

With its financial and legal assets, Apple seems to be the most likely candidate for a tech company that could challenge the legality of an All Writs Act order all the way to the nation’s highest court. But it may ultimately be some other tech company challenging the DOJ.

As mentioned previously, the DOJ has used All Writs orders to compel Google’s help in bypassing security on Android devices, however the company recently said that it has not yet received a request that would require it to weaken its encryption. If/when it does receive such an order, Google said it “would strongly object.”

Facebook-owned messaging service WhatsApp recently upgraded its system to provide end-to-end encryption, meaning that no one at the company has any access to what WhatsApp users are communicating in their chats.

The service is already the target of All Writs Act orders, and the DOJ is reportedly waiting for the appropriately headline-worthy case to push the issue in front of a court.

There is also the possibility that tech companies won’t be challenging the authority of the All Writs Act, but of a recently introduced piece of bipartisan legislation that would require tech companies to design their encryption with built-in weaknesses so that law enforcement investigators with warrants could have ready access to the data they seek.

In other words, privacy advocates and privacy-minded consumers should probably put the champagne away for the time-being.


by Chris Morran via Consumerist

No comments:

Post a Comment