How Existing Wiretapping Laws Could Save Apple From FBI's Broad Demands

from the calea-to-the-rescue? dept

There are all sorts of interesting (and frustrating and challenging) legal questions raised by the FBI’s use of the All Writs Act to try to force Apple to build a system to allow the FBI to hack Apple’s customers. But there’s one interesting one raised by Albert Gidari that may cut through a lot of the “bigger” questions (especially the Constitutional ones that everyone leaps to) and just makes a pretty simple point: the DOJ is simply wrong that the All Writs Act applies here, rather than the existing wiretapping statute, the Communications Assistance for Law Enforcement Act, or 47 USC 1002, better known by basically everyone as CALEA. CALEA is the law that some (including the DOJ) have wanted “updated” in ways that might force internet companies and mobile phone companies to make their devices more wiretap-ready. But that hasn’t happened.

And, as Gidari points out, it seems clear that CALEA preempts the All Writs Act and explicitly forbids what the FBI is requesting here. The DOJ is claiming that CALEA doesn’t apply to Apple:

Put simply, CALEA is entirely inapplicable to the present dispute [because] Apple is not acting as a telecommunications carrier, and the Order concerns access to stored data rather than real time interceptions and call-identifying information

But Gidari notes that’s misrepresenting CALEA, which also does apply to “manufacturers and providers of telecommunications support services” and Apple could be seen as qualifying, since it’s providing the “equipment” here. And then if CALEA, rather than the All Writs Act applies, the DOJ’s argument is basically dead on arrival. As many have noted, CALEA already says that you can’t force a provider to decrypt encrypted communications:

A telecommunications carrier shall not be responsible for decrypting, or ensuring the government?s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.

Now, some may argue that in this case Apple “possesses the information necessary,” but that’s not actually the case. Apple doesn’t possess the information necessary to decrypt. It’s being asked to build a system that would let the FBI then hack the system to decrypt. And that’s different. And on that point, there’s this in CALEA as well:

(1) Design of features and systems configurations. This subchapter does not authorize any law enforcement agency or office

(a) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services;

(b) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.

In a follow up post, Gidari looks at the legislative history of CALEA as well, and notes that it was a compromise between law enforcement (who wanted access to everything) and telcos (who didn’t want to give that much access). And the end result was that CALEA was designed to be clear that, no, law enforcement can’t always get anything, and certainly can’t force companies to build new tools:

Indeed, Congress outright rejected the government?s initial CALEA proposal to actually prevent deployment of new technologies that didn?t have a wiretap back door. As Congress noted, ?[t]his is the exact opposite of the original versions of the legislation, which would have barred introduction of services or features that could not be tapped.? In other words, Congress accepted the fact that some new technologies would put some evidence that law enforcement wanted, needed, and may have had access to in the past, beyond its reach in some cases.

Congress also determined that carriers would have no responsibility to decrypt encrypted communications unless the carrier provided the encryption and could in fact decrypt it. CALEA did not prohibit a carrier from deploying an encryption service for which it did not retain the ability to decrypt communications for law enforcement access, period. Here again, CALEA recognized that some evidence that may be necessary to an investigation will not be available to the government because it is encrypted and the provider lacks the key to access it.

So while CALEA provided law enforcement with some surveillance capabilities on phone networks (which the Federal Communications Commission later extended to broadband Internet access and two-way Voice over IP), it precluded the government from requiring ?any specific design of equipment, facilities, services, features, or system configurations to be adopted by any manufacturer of telecommunications equipment.? Requiring Apple by court order to create and implement a work-around for the iPhone?s security features is, in fact, doing what CALEA prohibited.

While a big Constitutional battle may be more interesting (and more long lasting), it’s possible that an argument like this one might win the actual lawsuit.

Of course, then the battle will shift back to Congress to try to update CALEA…

Filed Under: , , , , , ,
Companies: apple

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “How Existing Wiretapping Laws Could Save Apple From FBI's Broad Demands”

Subscribe: RSS Leave a comment
35 Comments
Anonymous Coward says:

“A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt,…”

But the government isn’t asking for Apple to decrypt anything or to provide a backdoor (a way ensuring the government’s ability to decrypt), are they? I thought what the government asked for was unencumbered access to brute force the front door (the phone’s PIN). Which means allowing PINs to be entered via a computer (as opposed to using the touchscreen), removal of the time delay between attempts and removal of the auto-erase function if 10 bad PINs are entered.

Anonymous Coward says:

Re: "Cumbered"

unencumbered access

What is “encumbered access”? Does Apple or its fab already provide an “encumbered” linkage between the supposedly-secret uid fused in the processor, and external markings?

Would that be “encumbered access” because it’s national security secret access? And thus, “unencumbered” would merely mean that everyone can talk about how the government learns the contents of the phone?

Anonymous Coward says:

Re: Re:

I would argue that disabling security features that protect the encrypted data is “ensuring the government’s ability to decrypt”

The primary security feature, the PIN, still protects the encrypted data even if Apple helps the FBI as requested by disabling security measures designed to help protect the PIN from attack. If Farook used an insecure passcode then the FBI will break it quickly (possible in less than 10 attempts), if Farook used a very secure passcode then the FBI might never be able to break in. Nothing is ensured.

John Fenderson (profile) says:

Re: Re: Re:

Apple is being asked to disable the security feature that prevents brute-forcing the PIN. Thus, the government is asking Apple to circumvent a security system. That’s a back door.

The strength of the PIN (I’m not sure what makes some PINs stronger than others, aside perhaps from how often people choose them) is irrelevant here. If the Feds get what they want, they can easily try all possible PINs.

Anonymous Coward says:

Re: Re: Re:

Well considering that the key needed to decrypt the information would get wiped in the event of 10 wrong guesses and decrypting the information would be impossible without it, what do you think the request to disable that feature was designed to accomplish if it wasn’t to “ensure the government’s ability to decrypt”?

Anonymous Coward says:

Re: Re:

the government has even less of a leg to stand on for this argument. what they can compel people to do it limited for a reason. they can’t force a bunch of people into a labor camp to build something. in the past companies were generally willing to work with the government but recently the governments action have meant fewer and fewer are willing to help them out and they seem to be to incompetent to figure it out for themselves.

Anonymous Coward says:

>I thought what the government asked for was unencumbered access to brute force the front door (the phone’s PIN).

No, that’s not a thought, that’s an incredibly silly word game–which doesn’t keep it from being the kind of talking point the FBI uses when the law is dead set against it:

“We don’t want back doors, we’d be perfectly happy with a side door.”

“We don’t need a door at all, so long as we can break the windows whenever we wish.”

“We wouldn’t need to break windows if the homeowner could only be compelled to disassemble the house from the inside.”

“The owner is willing to open the door, why won’t he disassemble the front wall enough to drive a tank inside?”

“No, no, of COURSE we aren’t insisting on the front wall: a side wall would be perfectly acceptable.”

To all of which, the proper response is: “Your mixed metaphor perish with you: to the law and to the testimony!”

The law? “shall NOT be responsible for … ensuring the government’s ability to decrypt….”

Anonymous Coward says:

A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.

CALEA sure helped Lavabit, and certainly prevented Microsoft from handing the skype keys over to the NSA. Of course, it may just be that neither case considered CALEA in that context. But why let legal details get in the way of a good snark?

Anonymous Coward says:

Re: Snark

… why let legal details get in the way of a good snark?

The Hunting of the Snark by Lewis Carroll

Fit the First
          The Landing

“Just the place for a Snark!” the Bellman cried,
     As he landed his crew with care;
Supporting each man on the top of the tide
     By a finger entwined in his hair.

“Just the place for a Snark! I have said it twice:
     That alone should encourage the crew.
Just the place for a Snark! I have said it thrice:
     What I tell you three times is true.”

 . . .

Anonymous Coward says:

Re: Re:

Lavabit was information technology communications, but not telecommunications. Same with Skype. Apple is in the interesting place of actually being a telecommunications product provider, and it is this product whose software the FBI want them to modify.

So Apple gets out under a technicality. Internet communications was never protected in the same way that narrowly defined telecommunications has been for decades.

shanen (profile) says:

Learning from idiots?

“When encryption is outlawed, only outlaws will have encryption.”

If you have nothing to hide, you don’t need it, so wanting the ability to keep anything a secret from the government proves you’re a criminal.

Of course, the FBI is not doing this as a political scam on the “lucky” opportunity of using an infamous case to outlaw encryption. They are just trying to drum up business, since they know EVERYONE has some secret.

By the way, there is too much focus on the negative side of dirty secrets and hidden crimes used as sticks. The carrot side is just as bad, less noticeable, and MORE in use.

Actually, Apple is a leading abuser on that side. The personal data about your interests, tastes, and even your strengths is used by the marketeers to manipulate you and sell you all manner of stylish crape you don’t need.

(My dark secret is a propensity to use four-letter words like crape.)

Anonymous Coward says:

Re: Re: Re: It's like CALEA was created in a different time...

Good god, what do they teach kids these days?

Nineteen Eighty-Four

Copyright status

The novel is in the public domain in Canada, South Africa, Argentina, Australia, and Oman. It will be in the public domain in Brazil in 2021, and in the United States in 2044.

Anonymous Coward says:

Re: Re: Re:2 It's like CALEA was created in a different time...

And as soon as TPP gets ratified and TTIP gets signed, 1984 will (for all practical intents and purposes) move to enter public domain in 2044 (or whatever the U.S. decides to -yet again- extend copyright to) worldwide.

Back on topic: I’d love for this case to be solved (and set in stone) as a matter of constitutionality, but I’m pretty sure Apple can’t risk such high stakes, so I guess any win for them would work at this point.

Whatever (profile) says:

While it’s an interesting argument, I think you are pretty much intentionally misreading the law to try to draw a conclusion. Specifically, this:

(1) Design of features and systems configurations. This subchapter does not authorize any law enforcement agency or office
(a) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services;

(b) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.

This would appear on it’s face to be related to forcing ALL of the company’s products to be modified to this standard. The court order does not require a specific design for IPhones, it only asks for a modification for the device in police custody. There is no indication that the feds (or anyone else) wants this patch rolled out to every iphone in the world.

That said, CALEA may be a better argument against requiring a true backdoor in a product. I would not be shocked to see this law get modified in the near future to eliminate this potential legal arguement.

Whatever (profile) says:

Re: Re: Re:

The difference is the word “design”. A one off software modification for law enforcement isn’t a design, it isn’t the overall way the devices would be made, it’s a one off. It reads about overall product and not any one device.

If Apple rolled it out to all phones as a result of the court order, then yes, it would be “design”… but to place it one a single device… not so much.

Wyrm (profile) says:

Re: Re: Re: Re:

I might give you that you were sincere with your definition of a “backdoor”.
Here, I have a lot of trouble sending any shred of good faith.
1. Even a one-off software requires “design”.
2. So you seriously think this will be a one-time-only thing?
3. You could have argued a few technicalities (eg. does Apple qualify as telecommunication provider? does CALEA apply when you’re trying to decrypt stored information and not ongoing communications?…), but this objection is just ridiculous.

Anonymous Coward says:

Re: Re: Re: Re:

A one off software modification for law enforcement isn’t a design, it isn’t the overall way the devices would be made, it’s a one off.

If it doesn’t require design, then you’re saying it already exists.

It apparently doesn’t, otherwise this conversation wouldn’t exist.

Seriously, stop throwing words around like you have any semblance of a clue as to what they mean.

That One Guy (profile) says:

Re: Re:

(a) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services;

Seems pretty clear to me, they’re not allowed to force any changes. To claim otherwise would absolutely gut the restriction, as they could simply argue that a company doesn’t have to implement or change a particular feature or system configuration for all their products and/or services… just the ones the government/police tell them to.

jim says:

oh, really easy

I like these arguements. Why couldn’t, our government talk with a government that has the source code for a copy of it. After all the great protector of privacy in america gave the “C” government a copy of their latest source code. I’ll bet the others have not only found out, how, and already busted into what they want to hear.

Anonymous Coward says:

Apple doesn't have to be a telco

Design of features and systems configurations. This subchapter does not authorize any law enforcement agency or office
(a) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services;

(b) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.

I do believe Apple does provide support for their services which of course includes Facetime as well as iMessages.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »