How Existing Wiretapping Laws Could Save Apple From FBI's Broad Demands
from the calea-to-the-rescue? dept
There are all sorts of interesting (and frustrating and challenging) legal questions raised by the FBI’s use of the All Writs Act to try to force Apple to build a system to allow the FBI to hack Apple’s customers. But there’s one interesting one raised by Albert Gidari that may cut through a lot of the “bigger” questions (especially the Constitutional ones that everyone leaps to) and just makes a pretty simple point: the DOJ is simply wrong that the All Writs Act applies here, rather than the existing wiretapping statute, the Communications Assistance for Law Enforcement Act, or 47 USC 1002, better known by basically everyone as CALEA. CALEA is the law that some (including the DOJ) have wanted “updated” in ways that might force internet companies and mobile phone companies to make their devices more wiretap-ready. But that hasn’t happened.
And, as Gidari points out, it seems clear that CALEA preempts the All Writs Act and explicitly forbids what the FBI is requesting here. The DOJ is claiming that CALEA doesn’t apply to Apple:
Put simply, CALEA is entirely inapplicable to the present dispute [because] Apple is not acting as a telecommunications carrier, and the Order concerns access to stored data rather than real time interceptions and call-identifying information
But Gidari notes that’s misrepresenting CALEA, which also does apply to “manufacturers and providers of telecommunications support services” and Apple could be seen as qualifying, since it’s providing the “equipment” here. And then if CALEA, rather than the All Writs Act applies, the DOJ’s argument is basically dead on arrival. As many have noted, CALEA already says that you can’t force a provider to decrypt encrypted communications:
A telecommunications carrier shall not be responsible for decrypting, or ensuring the government?s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.
Now, some may argue that in this case Apple “possesses the information necessary,” but that’s not actually the case. Apple doesn’t possess the information necessary to decrypt. It’s being asked to build a system that would let the FBI then hack the system to decrypt. And that’s different. And on that point, there’s this in CALEA as well:
(1) Design of features and systems configurations. This subchapter does not authorize any law enforcement agency or office
(a) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services;
(b) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.
In a follow up post, Gidari looks at the legislative history of CALEA as well, and notes that it was a compromise between law enforcement (who wanted access to everything) and telcos (who didn’t want to give that much access). And the end result was that CALEA was designed to be clear that, no, law enforcement can’t always get anything, and certainly can’t force companies to build new tools:
Indeed, Congress outright rejected the government?s initial CALEA proposal to actually prevent deployment of new technologies that didn?t have a wiretap back door. As Congress noted, ?[t]his is the exact opposite of the original versions of the legislation, which would have barred introduction of services or features that could not be tapped.? In other words, Congress accepted the fact that some new technologies would put some evidence that law enforcement wanted, needed, and may have had access to in the past, beyond its reach in some cases.
Congress also determined that carriers would have no responsibility to decrypt encrypted communications unless the carrier provided the encryption and could in fact decrypt it. CALEA did not prohibit a carrier from deploying an encryption service for which it did not retain the ability to decrypt communications for law enforcement access, period. Here again, CALEA recognized that some evidence that may be necessary to an investigation will not be available to the government because it is encrypted and the provider lacks the key to access it.
So while CALEA provided law enforcement with some surveillance capabilities on phone networks (which the Federal Communications Commission later extended to broadband Internet access and two-way Voice over IP), it precluded the government from requiring ?any specific design of equipment, facilities, services, features, or system configurations to be adopted by any manufacturer of telecommunications equipment.? Requiring Apple by court order to create and implement a work-around for the iPhone?s security features is, in fact, doing what CALEA prohibited.
While a big Constitutional battle may be more interesting (and more long lasting), it’s possible that an argument like this one might win the actual lawsuit.
Of course, then the battle will shift back to Congress to try to update CALEA…