Insanity Rules: NSA Apologists Actually Think Apple Protecting You & Your Data Could Be 'Material Support' For ISIS

from the this-is-wrong dept

A few weeks ago, we pointed out that Senator Sheldon Whitehouse led the way with perhaps the most ridiculous statement of any Senator (and there were a lot of crazy statements) in the debate over encryption and the FBI’s exaggerated fear of “going dark.” He argued that if the police couldn’t find a missing girl (using a hypothetical that not only didn’t make any sense, but which also was entirely unlikely to ever happen), then perhaps Apple could face some civil liability for not allowing the government to spy on your data. Here’s what he said:

It strikes me that one of the balances that we have in these circumstances, where a company may wish to privatize value — by saying “gosh, we’re secure now, we got a really good product, you’re gonna love it” — that’s to their benefit. But for the family of the girl that disappeared in the van, that’s a pretty big cost. And, when we see corporations privatizing value and socializing costs, so that other people have to bear the cost, one of the ways that we get back to that and try to put some balance into it, is through the civil courts. Through the liability system. If you’re a polluter and you’re dumping poisonous waste into the water rather than treating it properly somebody downstream can bring an action and can get damages for the harm they sustained, can get an order telling you to knock it off.

You can read our longer analysis of how wrong this is, but in short: encryption is not pollution. Pollution is a negative externality. Encryption is the opposite of that. It’s a tool that better protects the public in the vast majority of cases. That’s why Apple is making it so standard.

The suggestion was so ridiculous and so wrong that we were surprised that famed NSA apologist Ben Wittes of the Brookings Institute found Whitehouse’s nonsensical rant “interesting” and worthy of consideration. While we disagree with Wittes on nearly everything, we thought at the very least common sense would have to eventually reach him, leading him to recognize that absolutely nothing Whitehouse said made any sense (then again, this is the same Wittes who seems to have joined the magic unicorn/golden key brigade — so I’m beginning to doubt my initial assessment that Wittes is well-informed but just comes to bad conclusions).

However, even with Wittes finding Whitehouse’s insane suggestion “interesting,” it’s still rather surprising to see him find it worthy of a multi-part detailed legal analysis for which he brought in a Harvard Law student, Zoe Bedell, to help. In the first analysis, they take a modified form of Whitehouse’s hypothetical (after even they admit that his version doesn’t actually make any sense), but still come to the conclusion that the company “could” face civil liability. Though, at least they admit plaintiffs would “not have an easy case.”

The first challenge for plaintiffs will be to establish that Apple even had a duty, or an obligation, to take steps to prevent their products from being used in an attack in the first place. Plaintiffs might first argue that Apple actually already has a statutory duty to provide communications to government under a variety of laws. While Apple has no express statutory obligation to maintain the ability to provide decrypted information to the FBI, plaintiffs could argue that legal obligations it clearly does have would be meaningless if the communications remained encrypted.

To make this possible, Bedell and Wittes try to read into various wiretapping and surveillance laws a non-existent duty to decrypt information from your mobile phone. But that’s clearly not true. If that actually existed, then we wouldn’t be having this debate right now in the first place, and FBI Director James Comey wouldn’t be talking to Congress about changing the law to require such things. But, still, they hope that maybe, just maybe, a court would create such a duty out of thin air based on things like “the foreseeability of the harm.” Except, that’s going to fall flat on its face, because the likelihood of harm here goes the other way. Not encrypting your information leads to a much, much, much greater probability of harm than encrypting your data and not allowing law enforcement to see it.

Going to even more ridiculous levels than the “pollution” argument, this article compares Apple encrypting your data to the potential liability of the guy who taught the Columbine shooters how to use their guns:

For example, after the Columbine shooting, the parents of a victim sued the retailer who sold the shooters one of their shotguns and even taught the shooters how to saw down the gun?s barrel. In refusing to dismiss the case, the court stated that ?[t]he intervening or superseding act of a third party, . . . including a third-party’s intentionally tortious or criminal conduct[,] does not absolve a defendant from responsibility if the third-party’s conduct is reasonably and generally foreseeable.? The facts were different here in some respects?the Columbine shooters were under-age, and notably, they bought their supplies in person, rather than online. But that does not explain how two federal district courts in Colorado ended up selecting and applying two different standards for evaluating the defendant’s duty.

But it’s even more different than that. Even with this standard — which many disagree with — there still needs to be “conduct” that is “reasonably and generally foreseeable.” And that’s not the case here that it is “reasonably and generally foreseeable” that because data is encrypted that people will be at more risk. In all these years, the FBI still can’t come up with a single example where such encryption was a real problem. It would be basically impossible to argue that this is a foreseeable “problem,” especially when weighed against the very real and very present problem of people trying to hack into your device and get your data.

In the second in the series, Bedell and Wittes go even further in looking at whether or not Apple could be found to have provided material support to terrorists thanks to encryption. If this sounds vaguely familiar, remember a similarly ridiculous claim not to long ago from a music industry lawyer and a DOJ official that YouTube and Twitter could be charged with material support for terrorism because ISIS used both platforms.

Bedell and Wittes concoct a scenario in which a court might argue that providing a phone that can encrypt a terrorist’s data, opens the company up to liability:

In our scenario, a plaintiff might argue that the material support was either the provision of the cell phone itself, or the provision of the encrypted messaging services that are native on it. Thus, if a jury could find that providing terrorists with encrypted communications services is just asking for trouble, then plaintiffs would have satisfied the first element of the definition of international terrorism in § 2331, a necessary step for making a case for liability under § 2333.

Of course, this is wiped out pretty quickly because that law requires intent. The authors note that this would “pose a challenge” to any plaintiff “as it would appear to be difficult, if not impossible, to prove that Apple intended to intimidate civilians or threaten governments by selling someone an iPhone…”

You think?

But, our intrepid NSA apologists still dig deeper to see if they can come up with a legal theory that will actually work:

But again, courts have handled this question in ways that make it feasible for a plaintiff to succeed on this point against Apple. For example, when the judge presiding over the Arab Bank case considered and denied the bank?s motion to dismiss, he shifted the analysis of intimidation and coercion (as well as the question of the violent act and the broken criminal law) from the defendant in the case to the group receiving the assistance. The question for the jury was thus whether the bank was secondarily, rather than primarily, liable for the injuries. The issue was not whether Arab Bank was trying to intimidate civilians or threaten governments. It was whether Hamas was trying to do this, and whether Arab Bank was knowingly helping Hamas.

Judge Posner?s opinion in Boim takes a different route to the same result. Instead of requiring a demonstration of actual intent to coerce or intimidate civilians or a government, Judge Posner essentially permits the inference that when terrorist attacks are a ?foreseeable consequence? of providing support, an organization or individual knowingly providing that support can be understood to have intended those consequences. Because Judge Posner concludes that Congress created an intentional tort, § 2333 in his reading requires the plaintiff to prove that the defendant knew it was supporting a terrorist or terrorist organization, or at least that it was deliberately indifferent to that fact. In other words, the terrorist attack must be a foreseeable consequence of the specific act of support, rather than just a general risk of providing a good or service.

But even under those standards, it’s hard to see how Apple could possibly be liable for material support. It’s just selling an iPhone and doing so in a way that — for the vast majority of its customers — is better protecting their privacy and data. It would take an extremely twisted mind and argument to turn that into somehow “knowingly” helping terrorists or creating a “foreseeable consequence.” At least the authors admit that much.

But why stop there? They then say that Apple could still be liable after the government asks them to decrypt messages. If Apple doesn’t magically stop the user in particular from encrypting messages, then, they claim, Apple could be shown to be “knowingly” supporting terrorism.

The trouble for Apple is that our story does not end with the sale of the phone to the person who turns out later to be an ISIS recruit. There is an intermediate step in the story, a step at which Apple?s knowledge dramatically increases, and its conduct arguably comes to look much more like that of someone who?as Posner explains?is recklessly indifferent to the consequences of his actions and thus carries liability for the foreseeable consequences of the aid he gives a bad guy.

That is the point at which the government serves Apple with a warrant?either a Title III warrant or a FISA warrant. In either case, the warrant is issued by a judge and puts Apple on notice that there is probable cause to believe the individual under investigation is engaged in criminal activity or activity of interest for national security reasons and is using Apple?s services and products to help further his aims. Apple, quite reasonably given its technical architecture, informs the FBI at this point that it cannot comply in any useful way with the warrant as to communications content. It can only provide the metadata associated with the communications. But it continues to provide service to the individual in question.

But all of this, once again, assumes an impossibility: that once out of its hands, Apple can somehow stop the end user from using the encryption on their phone.

This is the mother of all stretches in terms of legal theories. And, throughout it all, neither Bedell nor Wittes even seems to recognize that stronger encryption protects the end user. It’s like it doesn’t even enter their minds that there’s a reason why Apple is providing encryption that isn’t “to help people hide from the government.” It’s not about government snooping. It’s about anyone snooping. The other cases they cite are not like that at all. These arguments, even as thin as they are, only make sense if Apple’s move to encryption doesn’t really have widespread value for basically the entire population. You don’t sue Toyota for “material support for terrorism” just because a terrorist uses a Toyota to make a car bomb. Yet, Wittes and Bedell are somehow trying to make the argument that Apple is liable for better protecting you, just because in some instances it might also help “bad” people. That’s a ridiculous legal theory that barely deserves to be laughed at, let alone a multi-part analysis of how it “might work.”

Filed Under: , , , , , , , , ,
Companies: apple

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Insanity Rules: NSA Apologists Actually Think Apple Protecting You & Your Data Could Be 'Material Support' For ISIS”

Subscribe: RSS Leave a comment
52 Comments
Anonymous Coward says:

This is how you know the NSA is clearly out of options with respect to encryption – they’re trying to manipulate the law in whatever way possible to twist it into what they think they need.

They WANT access to everything, after proving time and time again that if they have it, they will STILL fail to connect whatever dots they’re talking about until after the fact.

Anonymous Coward says:

Learned from the experts

This reads exactly what was planned against Google by MPAA.

https://www.techdirt.com/articles/20150724/15501631756/smoking-gun-mpaa-emails-reveal-plan-to-run-anti-google-smear-campaign-via-today-show-wsj.shtml

“Following the media blitz, you want Bill Guidera and Rick Smotkin to work with the PR firm to identify a lawyer specializing in SEC matters to work with a stockholder. This lawyer should be able to the [sic] identify the appropriate regulatory filing to be made against Google.”

SteveMB (profile) says:

it’s still rather surprising to see him find it worthy of a multi-part detailed legal analysis for which he brought in a Harvard Law student, Zoe Bedell, to help

If Wittes wants to turn his own name into point-and-laugh fodder, that’s his business, but dragging in a student who is presumably trying to build a respectable intellectual reputation for herself is just plain evil.

Anonymous Coward says:

As I understand it, both Apple and Android are making existing encryption options on by default. Under the legal theories discussed here, wouldn’t an individual be liable for turning on device encryption, for instance a parent enabling encryption on their child’s phone? And how about turning off the appalling range of data-collection turned on by default in Win10?

Wickedsmack (profile) says:

Maybe I'm just paying more attention

It would seem to me that the government is full of representatives that are largely ingnorant to modern technology. Sure they may know how to work a Blackberry or check their email, but with the larger more complex issues that are popping up, they seem woefully undereducated. The Goverment has proven time and again, they can’t manage themselves. Federal agencies are no better. If I buy a product from a company, that product and any data in it is mine. Not the police’s, not the Government, not the NSA. Encryption is pretty much a requirement these days (though I am blown away by the companies that come out and say OMG it wasn’t encrypted…and oh yeah it was your financial and personal info…so basically a your ID on a silver platter for theft). WHY CAN’T THEY SEE THAT?!? If they are our most tech savvy agencies, why on Earth would they not understand the basics of why encryption is needed and why it should never ever have any kind of back door ever? Oh I’m sorry are you going to actualy have to do your homework and get warrants to access particular information based on evidence and credible suspicion. Sorry you have to do your job better….

DannyB (profile) says:

Material Support

Suppose someone invented a new kind of office safe. One that was indestructible and impenetrable.

It would keep your stuff really safe! It would sell well. Banks and all kinds of other users would love it. It would be a true benefit to society.

According to the government…

Everyone using this new safe is now providing Material Support to ISIS and should be prosecuted accordingly.

The inventor of this new safe should be hanged for treason.

Safe makers should be smart enough to create a magical Golden Key embedded with pure ground unicorn horn particles. This golden key would open all safes — because the government would mandate that safes use special locks that open when presented with the Golden Key.

But this Golden Key does not compromise all security of everyone everywhere, because, Trust Us, we’ll make sure nobody misuses the golden key. And of course ISIS or the Chinese won’t be able to create their own copy of the Golden Key that works just as good as the original at opening all safes everywhere.

Anonymous Coward says:

culpability

The Wiki article on culpability is instructive.

The case of the nursing home in Hurricane Katrina is a good example of the issue of culpability. The nursing home owners called the Governor in as a witness, and asked her what caused the flood. The Governor said it was because the Levi broke. The State was trying to blame the Manangos for the death of the residents, by blaming them for the levy breaking.

“Proximate cause” is another factor.

Sheogorath (profile) says:

But for the family of the girl that disappeared in the van, it’s pretty galling to learn that the crime could easily have been prevented simply by placing a salt cellar with a bug in it on the diner table between the conspirators instead of chasing the boogeyman of encryption. Because that’s how kidnappers tend to plan their crimes, Senator Whitehouse, FACE TO FACE. *facepalms*

Ambrellite (profile) says:

I'm tired of this stupidity

A pillow could be used to asphyxiate somebody. Shoes could help a criminal run away. Underwear could conceal explosives. Sunglasses can help a suspect hide from police. Even something as innocuous as yogurt can be used to deliver deadly poison, or to hide narcotics.

Can these fools get it through their heads that things are often useful to criminals simply because they’re USEFUL??

Anonymous Coward says:

Toyota analogy

A better car analogy is that because Toyota makes cars that have air bags and other features to protect a driver in a crash that Toyota is then providing material support to a terrorist by allowing them to survive accidents and thus be able to perpetrate future terrorist acts.

Using that analogy it becomes clear that assigning liability to apple is outrageously wrong.

Vikarti Anatra (profile) says:

Re: Re: Toyota analogy

Exactly, just like how David Coleman Headley used GPS signals to find his landing spot to launch his Mumbai attack. Since GPS satellites are run by the US government, that would be material support as well.
Are you really sure he used only GPS NavStar (system run by USG) signals and not GLONASS (system run by Russian Goverment) ?

Anonymous Coward says:

Why does communicating via packets change my expectation and right to privacy? If Masnick and I want a private conversation, we can do as we always do: meet in an Arby’s parking lot at 2am and talk (and talk and talk…). Why then, if we decide to use a device to communicate, should every government on the planet suddenly have a right to access to that conversation?

Anonymous Coward says:

> In all these years, the FBI still can’t come up with a single example where such encryption was a real problem

Ugh… I hate this argument. What if they were able to give 10 good examples where encryption was a real problem with terrible consequences? Would you suddenly be willing to accept compromised encryption?

afn29129 (profile) says:

Re: Re: Re: Snail-mail vs Email

Snail-mail can be just as encrypted as Email.
I could both email a message or put in an envelope and have the post office deliver.

W9zAzuTpaI1Nipu2Edm4sbZUt1C8NGjat4QvWdXB
2bHVnEUttu0pPELbjkKpXn35RVNuU01XeOJ2PKxx
qnkzTCtbs60brJdxpi1O64qsRuFLYdCkDEsBoMrC
68ykVFkPjuSlhuhFsjHmcMP2q3RtHjxxopv1vZY5
W4z4ZGJbcplbyg8lcBi0CZG7K3NToEuwAwxKmJ6p
BSvixYCODfjtYRI99eRR6kXAs7HF4Lh0s6E9IXZ1
MU3Xl9tDPhNYh1OthrD03Lqv8MqXOHuttDvL98d4
StrZxskbQr9qvbkCbAZtLh58mQWnM4fi32iljFIg
feztj6vjN9POJKIPaLstOHW3IZ2kupb8pa6saRC3
0owY0msP6PWhqkWlKRhnYyEVeQ65XNg1IkBAODyn

In each case all that would show it the metadata, (to, from, etc)

Anonymous Coward says:

Through the liability system. If you’re a polluter and you’re dumping poisonous waste into the water rather than treating it properly somebody downstream can bring an action and can get damages for the harm they sustained, can get an order telling you to knock it off.

Unless you live down stream from a fracking operation and the group that’s supposed to be looking out for your well being and that of the environment is being paid off or ordered to turn a blind eye or lie .

Anonymous Coward says:

…when weighed against the very real and very present problem of people trying to hack into your device and get your data.

This is the thing never taken into consideration during all these witch hunts to prevent privacy apps. The government itself recommends data encryption and if it had been following it’s own advice, items like hacking into the medical care databank of Obamacare as well as the loss of security questionnaires applying for higher security status would never have had an impact. Instead, the Obamacare raid has opened up people to identity theft and the security raid has given China a roadmap on how to compromise those holding security classifications through the lack of protection.

The aim of the spying is contrary to the needs of the public at large. In the process of keeping things from going dark as they like to refer to, they have opened the door to hackers at large to come in and take what they wish through the compromised programs, databases, and computers.

Not a good trade off.

Anonymous Coward says:

NSA aplogists? You're looking at the article wrong.

… This is the mother of all stretches in terms of legal theories.

And that, good sirs, was (in my view) the point of the article.

In other words, you’re complaining of these legal researchers being NSA apologists, when they are conducting a thought exercise on the question “Could the company be held liable, given the current state of laws and precedents?”

You don’t complain about white hat hackers. In fact, you laud them, and call out the unfairness of prosecuting them. And yet you don’t extend the analogy to white hat legal researchers, thinking about what arguments you would have to defend against in a court of law. Why not?

Personanongrata says:

Banana Republic

If Apple doesn’t magically stop the user in particular from encrypting messages, then, they claim, Apple could be shown to be “knowingly” supporting terrorism.

Would it be better for American citizens if Apple (etal) were forced to collaborate with a clearly criminal government that at every opportunity seeks to function in secrecy while circumventing or out right ignoring the US Constitution, the supposed supreme law of the land, and replace it with an arbitrary and politically expedient manner of governing called tyranny?

Groaker (profile) says:

Re: Re: Banana Republic

It would make me ecstatic to believe that Obama was the responsible individual. That this went back only as far as his administration.

But as an example, the NY Times secretly knew at least a year before Bush 43’s second election that the Bush was collecting information in bulk without warrants. And there is good reason to believe that it went back further to at least Clinton’s time, and likely before it.

Steve says:

The legal constructs for endless, baseless war & the war on terror are equally tenuous. The Government will just keep going with encryption law until it manages to fabricate some legal fiction that it will then keep secret.
The whole surveillance state is being implemented to put in place the system of control of the general population that the (real) Government is afraid will be necessary very shortly, when the shit hits the fan.

Marc says:

If this should hold, then

All firearm manufacturers are liable for illegal shootings (they have not actively adapted their products to stop illegal use).

All baseball bat manufacturers are liable as well for misuse.

Hmm, banks are liable for aiding fraud.

Government is liable for not preventing crime? Can I sue them?

Why does no one address such idiotic ideas with fitting idiotic questions?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...