DOJ Using Antiquated 1789 'All Writs Act' To Try To Force Phone Manufacturers To Help Unlock Encrypted Phones

from the any-and-all-methods dept

With the ongoing fight over mobile encryption in the last few months, it's no secret that law enforcement has been pushing for new laws that require backdoors into encrypted offerings. However, the Wall Street Journal also noted another little trick that the Justice Department appears to be testing out: dumping the problem back on the phone manufacturer, by using a centuries old law to require the [nameless] phone manufacturer to help law enforcement decrypt a phone. And, Ars Technica then found another example of it being used on the very same day in a different case to try to pressure Apple into helping to decrypt a phone.

Specifically, the DOJ used the All Writs Act -- a 1789 law, that is now codified as 28 USC 1651. It's pretty straightforward (and broad):
(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.

(b) An alternative writ or rule nisi may be issued by a justice or judge of a court which has jurisdiction.
The case the WSJ found is not at all clear in the details. An order was issued to a phone manufacturer -- whose name is redacted to [XXX] Inc. -- saying that it needed to help the DOJ unlock the phone. Federal Court Magistrate Judge Gabriel Gorenstein (in the Southern District of NY) agreed, but issued the public ruling on it, perhaps recognizing that this is diving into slightly questionable territory. While noting that the All Writs Act was also the basis for so called "pen register" orders (recording phone numbers dialed by certain phones based on court orders), Gorenstein points out that this is a similar situation:
the Supreme Court held that a district court had authority under the All Writs Act to issue an order requiring a telephone company to provide technical assistance to the Government in its effort to install a "pen register" — a device for recording the numbers dialed on a telephone.... Thus, we conclude that it is appropriate to order the manufacturer here to attempt to unlock the cellphone so that the warrant may be executed as originally contemplated.
However, Gorenstein points out that the All Writs Act isn't without its limits, and thus he provides the phone manufacturer a chance to protest, arguing that the request is too burdensome:
The Government has provided a proposed Order that directs the manufacturer to provide "reasonable technical assistance" in unlocking the device. The proposed Order omits, however, any mention of a process by which the manufacturer may seek to the challenge the Order. Courts have held that due process requires that a third party subject to an order under the All Writs Act be afforded a hearing on the issue of burdensomeness prior to compelling it to provide assistance to the Government.... To the extent the manufacturer believes the order to be unduly burdensome or that it should be reimbursed for expenses, the manufacturer should be given clear notice that it has the opportunity to object to the Order.
It's unclear if the manufacturer did object to the order or not. In the other case, in the Northern District of California, Magistrate Judge Kandis Westmore doesn't hide Apple's name, noting that the FBI has the phone and wants Apple's help to decrypt it under the All Writs Act. The request, filed on the same day as the ruling in NY, notes that "in other cases, courts have ordered the unlocking of an iPhone under this authority." In other words, it looks like the DOJ wasted no time using the ruling in NY to suggest this was a common way of forcing the phone manufacturer to help decrypt phones. Though, as others have pointed out, other courts have actually pushed back on attempts by the feds to use the All Writs Act to spy on people like this.

Either way, Westmore doesn't go as far as Gorenstein, and rather notes that Apple only need provide "reasonable technical assistance" but "is not required to attempt to decrypt, or otherwise enable law enforcement's attempts to access any encrypted data." Instead:
Apple's reasonable technical assistance may include, but is not limited to, bypassing the iOS Device's user's passcode so that the agents may search the device, extracting data from the Device and copying the data onto an external hard drive or other storage medium that law enforcement agents may search, or otherwise circumventing the Device's security systems to allow law enforcement access to Data and to provide law enforcement with a copy of encrypted data stored on the iOS Device.
Westmore's response seems somewhat limited. It basically says that Apple can help getting the (encrypted) data off the device if the FBI can't figure out how, but it shouldn't have to help to decrypt it. The NY case ruling seems much more open ended. It's unclear if the nameless manufacturer in the NY case did push back on the ruling by protesting it. If it did, the efforts are probably sealed up. However, it does suggest that the DOJ is already figuring out a variety of ways to try to pressure even those who lock down information on devices to help the DOJ break those locks.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 1 Dec 2014 @ 11:05am

    How about apple just say no?

    They're so big at this point i don't think the government would risk a high profile fight with them.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Dec 2014 @ 11:15am

    Thus, we conclude that it is appropriate to order the manufacturer here to attempt to unlock the cellphone so that the warrant may be executed as originally contemplated.

    what is this 'warrant' mentioned in the article? How does a 'warrant' apply here?

    reply to this | link to this | view in chronology ]

  • icon
    Rabbit80 (profile), 1 Dec 2014 @ 11:19am

    So... Apples choice is either to reveal a backdoor or security flaw in IOS or to protest by saying their phone / OS is so secure that it can't be done..

    Have the FBI tried searching Google for "ios lock screen bypass"? (Would use a lmgtfy link, but it appears to be down)

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Dec 2014 @ 11:20am

    phone hacking = "e-rape"

    Carnal knowledge w/o consent = rape.

    Hacking into your PC/phone w/o consent = e-rape.

    Let's call a spade a spade; NSA is a bunch of perverts.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Dec 2014 @ 11:28am

    Providing technical assistance is not synonymous with success

    You can order me to provide the Feds with assistance in making a pig fly. I can try tossing it into the air. I can't guarantee it will remain in the air long enough to be considered a flying pig.

    reply to this | link to this | view in chronology ]

  • icon
    Beefcake (profile), 1 Dec 2014 @ 11:30am

    1789 or 1911?

    Correct me if I'm mistaken, but I doubt the original All Writs Act contained language about pen-registers on technology not yet invented. 1789 may be the basis of the 1911-and-thereafter updates, but this language does not actually date back to "Antiquated 1789", right?

    reply to this | link to this | view in chronology ]

    • icon
      Justin Johnson (JJJJust) (profile), 1 Dec 2014 @ 12:12pm

      Re: 1789 or 1911?

      The law itself doesn't mention pen registers or any technology in general. The general intent of the law that a court may issue writs to achieve an end is what dates back.

      The current actual language, as quoted above, dates to 1948 when multiple laws regarding writs were consolidated into 28 USC 1651.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Dec 2014 @ 1:00pm

        Re: Re: 1789 or 1911?

        The current actual language, as quoted above...
        Current text:
        ... all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.

        1789 text (section 14):
        ... all other writs not specially provided for by statute, which may be necessary for the exercise of their respective jurisdictions, and agreeable to the principles and usages of law.

        Note the use of—

        • “all” “writs”
        • “necessary” “their respective jurisdictions”
        • “agreeable” “principles” “usages” (alternate word order) “of law.”

        reply to this | link to this | view in chronology ]

        • icon
          Beefcake (profile), 1 Dec 2014 @ 1:22pm

          Re: Re: Re: 1789 or 1911?

          Thanks all. I was not connecting why it was correct to invoke 1789 (prior to the telephone device) so prominently in the article & headline, instead of 1911 or 1948 when the law was updated within the context of the telephone device existing. Seems it's the underlying principle of the 1789 origin though, so I'll settle down.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 3 Dec 2014 @ 8:47am

            Re: Re: Re: Re: 1789 or 1911?

            Seems it's the underlying principle of the 1789 origin though, so I'll settle down.

            It may surprise you, but I myself am not entirely convinced that the principle has remained the same. The surface similarity in phrasing and even apparent purpose may mask a substantial change in meaning due to changes in the overall legal context.

            It's difficult to convey to a modern lawyer how much of the English law of the 18th century (and even later) was driven by the forms of action. The legal term of art “writ” does not necessarily mean now what it meant in 1789.


            (See, generally, F. W. Maitland, The Forms of Action at Common Law, 1909.)

            reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Dec 2014 @ 12:15pm

      Re: 1789 or 1911?

      ... this language does not actually date back to "Antiquated 1789", right?

      The LII 28 USC § 1651 link provided above contains not only the (current) statutory text, but also an informative “notes” tab. The notes tab outlines the legislative history.

      In addition, the Wikipedia article on the All Writs Act links to the article on the Judiciary Act of 1789. In that second Wikipedia article, reference 3 links to a Library of Congress webguide. And in that webguide, the first link leads to the text of the 1789 Act.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Dec 2014 @ 12:30pm

        Re: Re: 1789 or 1911?

        ... the text of the 1789 Act.

        Here's a better copy of the Judiciary Act of 1789, from the Federal Judicial Center.
        SEC. 14. And be it further enacted, That all the before-mentioned courts of the United States, shall have power to issue writs of scire facias, habeas corpus, and all other writs not specially provided for by statute, which may be necessary for the exercise of their respective jurisdictions, and agreeable to the principles and usages of law. And that . . .

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Dec 2014 @ 11:44am

    just imagine the winging that the DoJ would have done if there was a 1700 writ that stopped all law enforcement from being able to access private communications in all circumstances! they would have gone totally nuts!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Dec 2014 @ 11:51am

    That they are attempting to use the All Writs Act means they are stretching and reaching for straws to compel Apple to decrypt the phones. They would not be going this route were there a better one to use. That means this is a sort of Hail Mary in an attempt to force Apple to come up with means.

    The stomping all over the Constitution and the rights of citizens has given the government a very bad name and this is going to come back to bite them in the ass. It's just a matter of when. There's a whole lot of fuel been piled on the ground dealing with different issues that congress can not or will not address. People are fed up with working two jobs to make ends barely meet. All it's going to take is a spark similar to Ferguson to set it off. I sure don't wanna be here to see it.

    reply to this | link to this | view in chronology ]

  • identicon
    Whoever, 1 Dec 2014 @ 11:53am

    Shredding services

    The Federal government claims that (and the Supreme Court already agreed) that the pen record of phone calls doesn't require a court order for law enforcement to access it. This is based on the idea that people "willingly" give this information to a 3rd party.

    Now, imagine a shredding service. I take my papers to a UPS store for shredding -- they are not immediately shredded, but instead held in a locked bin for pickup and later shredding.

    I "willingly" gave these documents to the UPS store. Is a court order required for law enforcement to access the files that are waiting to be shredded?

    reply to this | link to this | view in chronology ]

    • icon
      Rabbit80 (profile), 1 Dec 2014 @ 12:04pm

      Re: Shredding services

      Certainly in the UK - yes a warrant signed by a judge would be required.

      reply to this | link to this | view in chronology ]

      • icon
        TruthHurts (profile), 1 Dec 2014 @ 12:11pm

        Re: Re: Shredding services

        not if someone said the papers were child-porn photos or terrorist how-to documentation.

        The UK would have those open in no time, no warrant, no nothing, then they'd disappear you.

        reply to this | link to this | view in chronology ]

        • identicon
          I'm_Having_None_Of_It, 2 Dec 2014 @ 5:46am

          Re: Re: Re: Shredding services

          We don't "disappear" people in the UK. I'm not sure how long that's going to last since our Glorious Leaders are planning to bring in internment laws similar to their failed efforts in Northern Ireland during the Troubles. Which will probably be as effective.

          I don't like living in a nascent police state.

          reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 1 Dec 2014 @ 12:56pm

      Re: Shredding services

      "I "willingly" gave these documents to the UPS store. Is a court order required for law enforcement to access the files that are waiting to be shredded?"

      If the store decides they want to voluntarily hand them over then no, a court order is not required. The store could, however, take the position that they won't voluntarily hand them over -- in which case a court order would be required.

      It all depends on what the store wants to do.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Dec 2014 @ 2:12pm

        Re: Re: Shredding services

        The store could, however, take the position that they won't voluntarily hand them over -- in which case a court order would be required.
        A court order should be required in this case, but GP is posing the question of whether the government's favourite broad misreading of the Third Party Doctrine would conclude that no court order is required because the documents being seized are not in the custody of their creator/owner (the GP) and the GP willingly gave them to the current custodian (the store).

        reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 2 Dec 2014 @ 12:08pm

        Once in the public bin, the papers are questionable.

        I suspect that if a shredding service had papers intercepted by law enforcement (with a court order or not) it would be very bad publicity for the shredding service for their clients to discover how long the pages stayed intact.

        Of course, once the papers entered a collection bin that contained the papers of many, many clients (essentially the same as garbage in a waste-collection truck) there would be the matter of proving in court that each paper used as evidence was authentic, and didn't originally belong to someone else.

        Which actually presents a security measure that, say, the CIA or some major company could use, which is to generate bunches of false memorandums to mix in with their refuse, so that if ever a search like this was authenticated, the agency / company could claim that it was one of the false memos.

        reply to this | link to this | view in chronology ]

  • icon
    TruthHurts (profile), 1 Dec 2014 @ 12:06pm

    These 2 are not even close to one another...

    Finding out which phone numbers you called is not even close to finding out what private and confidential information is stored on your phone.

    Courts are already finding that a persons private data stored on the phone is the same as files stored in a safe in their home or office and require a warrant to get to.

    This is their only way to get the data is with a warrant and the court attempting to coerce the owner into decrypting the records.

    Any other method is illegal and violates the constitution.
    I would say forcing the owner to hand over the decryption code could also be said to be self-incrimination which would also violate the constitution, but apparently some judges just don't care about the law anymore.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Dec 2014 @ 12:37pm

    And so the strange sad case of United States Government VS. Reality continues.

    USG: We need to crack this encryption.
    Reality: Sorry li'l Brosephina, can't be done.
    USG: We order you to help crack this phone!
    Reality: No.
    USG: WE ARE THE LAW OF THE LAND!
    Reality: Sorry, brojangles, I am the laws of the universe itself, and possibly other ones too.
    USG: FINE! WE'LL JUST DEMAND BACKDOORS IN EVERYTHING!
    Reality: Sure thing, Broseph Stalin, tell me how that works out for ya.

    reply to this | link to this | view in chronology ]

  • identicon
    tomczerniawski, 1 Dec 2014 @ 1:22pm

    First they dredged up the espionage act to go after Edward Snowden. Now they're finding laws from 1789 to try to circumvent constitutional law.

    Sounds like they miss the "good ol' days."

    reply to this | link to this | view in chronology ]

  • icon
    dfed (profile), 1 Dec 2014 @ 1:32pm

    What this tells me is that at some point, just like desktop OS, encryption will be wrested away from the manufacturer and be a user-initiated and controlled tool. An open-source adaptation of luks for phones or something similar would remove the ability for the Feds to force phone manufacturers into this situation.

    reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 1 Dec 2014 @ 1:50pm

    So now we know why

    So now we know why they never take a law off the books.

    Who knows when some government official may someday need to twist and stretch some ancient irrelevant law to achieve some end that cannot honestly be achieved by the intended meaning and purpose of any current modern law.

    reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 2 Dec 2014 @ 12:12pm

      Laws never taken off the books

      It will be of little avail to the people that the laws are made by men of their own choice if the laws be so voluminous that they cannot be read, or so incoherent that they cannot be understood.
      -- James Madison saying "I told you so."

      reply to this | link to this | view in chronology ]

  • icon
    Mackenzie Brunson (profile), 1 Dec 2014 @ 2:57pm

    Someone mentioned a shredding company above and if the government could get a hold of the documents with a warrant. 1) They might be able to, but a judge might not let it into court. 2) This would be more akin to getting a warrant for your documents after they've been shredded and asking the shredding company to paste them back together.

    reply to this | link to this | view in chronology ]

    • icon
      Vladilyich (profile), 2 Dec 2014 @ 10:17am

      Re: Shredding

      That was my thought precisely. I fully expect to see some idiot AG go to court for a writ to force a company to either paste the shreds back together or reconstruct the ashes of document that have been incinerated.

      reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 1 Dec 2014 @ 3:07pm

    Not hard to understand

    The Government has provided a proposed Order that directs the manufacturer to provide "reasonable technical assistance" in unlocking the device. The proposed Order omits, however, any mention of a process by which the manufacturer may seek to the challenge the Order.

    They 'omitted' that little detail because as far as they're concerned, companies have no such right. The government demands, companies obey no questions asked, that's the end of it according to the DOJ/FBI/NSA.

    reply to this | link to this | view in chronology ]

    • identicon
      Whoever, 1 Dec 2014 @ 5:14pm

      Re: Not hard to understand

      reasonable technical assistance"


      Technical assistance could be provided, without any success in achieving the objective.

      reply to this | link to this | view in chronology ]

      • icon
        tqk (profile), 1 Dec 2014 @ 5:26pm

        Re: Re: Not hard to understand

        Technical assistance could be provided, without any success in achieving the objective.

        Followed by obstruction of justice charges, seizure of corporate assets of criminal enterprise charges, collusion with kiddie fiddlers, drug dealers and terrorists.

        Now, about that "out of the box" hard crypto you were planning on rolling out, ...

        reply to this | link to this | view in chronology ]

  • icon
    orbitalinsertion (profile), 1 Dec 2014 @ 6:12pm

    If they can help to decrypt the data on the phone, then you know something is wrong with the encryption.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Dec 2014 @ 6:20pm

    Use long pass-phrases. If you're being targeted before arrest then the FBI will simply request that the NSA remotely hack into your phone and install a keylogger that steals your pass-phrase before your arrest.

    I don't know why the DOJ is bothering Apple. I suppose the DOJ wants Apple's technical assistance extracting a device-unique secret key called a UID. This UID key is embedded in the cryptographic co-processor called the Secure Enclave.

    Once the UID key is extracted from the phone, then supercomputers can be used to bruteforce weak passwords. If the UID key isn't extracted from the phone, then all password guessing attempts must be carried out on the phone itself, which is so slow it's not worth doing.

    http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html

    Either the DOJ wants technical schematics of phone hardware designs, or they want to know how to get in touch with the chips manufactures to request their assistance in recovering UID key embedded in silicon chip.

    reply to this | link to this | view in chronology ]

    • icon
      Uriel-238 (profile), 2 Dec 2014 @ 1:07pm

      If the NSA can hack into your phone...

      Then so can China and every other criminal interest with hackers as allies.

      And if your life is exciting enough that the NSA or China or criminal interests would have motivation to hack your phone, then you need to gear up with a secure enough phone that it cannot be easily hacked.

      (in this case easily hacked meaning hacking your phone without dedicating either a mainframe to breaking your encryption or a squad of ninjas to break into your house and augment the phone's hardware.)

      e.g. If your life is interesting you should be using end-to-end encryption. The NSA can't crack that yet.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Dec 2014 @ 7:04pm

    Oaths of Office

    I have come to the conclusion that the members of the Government
    A. Don't comprehend the oath they utter when taking office, and
    B. Regard said oath as a series of predefined sounds they need to make in order to gain office, and
    C. Regard said sounds as totally meaningless such as repeating a paragraph, verbatim, in a foreign language.

    This will only stop when said parties are held responsible for their actions and for violations of said oath. Until then, chaos will reign.

    reply to this | link to this | view in chronology ]

  • icon
    Lars (profile), 1 Dec 2014 @ 7:11pm

    To the extent the manufacturer believes the order to be unduly burdensome or that it should be reimbursed for expenses, the manufacturer should be given clear notice that it has the opportunity to object to the Order.


    So what you're telling me is that we've set up a new revenue stream for these manufacturers to sell the data of private citizens to the government?

    Sounds like the manufacturers will be completely incentivised to protect the consumer here. I definitely trust Apple not to snatch up any dime put in front of them.

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 1 Dec 2014 @ 10:01pm

    If the encryption is properly strong...

    Then Apple should be able to offer all the technical assistance the state wants to unlock one of their phones and it be inadequate.

    I'm pretty sure that offering technical assistance doesn't include prematurely sabotaging the security of the phone so it could be accessible by the justice system.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Dec 2014 @ 10:29pm

    Re: If the encryption is properly strong...

    If Icloud has been turned off and the data has already been encrypted, Apple probably can't help.

    So far, the government is only seeking Apple's help in unlocking the phone, not making the data at rest intelligible.

    If you have rolled out your own encryption solution, or have used the phone as pure storage device, unlocking the phone will only reveal another encryption layer.

    And then the government has wasted a lot of time and paperwork for nothing.

    For that reason, I always encrypt with multiple software solutions.

    Even if there is a backdoor in one of them, the adversary only gets one layer decrypted.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Dec 2014 @ 9:14am

    The Gov doesn't like DRM when it's applied to them.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Sep 2017 @ 6:29am

    All Writs Act and Intent

    We should embrace the government's opening the Common Law to the People again. All Writs are Common Law instruments. I say this because it has been the effort of government to restrict the People from proper access to courts for redress and to put the entire operation of the courts in the hands of attorneys and judges. This includes all government actors.

    As a result we can no longer sue a prosecutor in his or her person for offenses of abuse, we can not resist unlawful arrests, we cannot file a petition to the Grand Jury to hear evidence of criminal activity of anyone in office. These were open to the People at one time and the resulting restrictions have deprived us of an entire body of law which is denial of due process and equal protection.

    One of the cause of the colonists and major complaint was subjecting them to commercial regulation, "for extend the laws of Admiralty beyond their ancient limits, even within the jurisdiction of a county". Admiralty was any and all things maritime including commercial trade, not the Navy in the historic context.

    Another such complaint was, "We are entitled to the Common Law at all times". (Declaration and Resolves, 1774, First Continental Congress) We are being subjected to the same encroaching nature of government that the colonists were. Same thing over again and there has been no amendment authorizing our regulation as commerce when we are pursuing activities of right. As Madison put it:

    "I believe there are more instances of the abridgement of freedom of the people by gradual and silent encroachments by those in power than by violent and sudden usurpations."
    James Madison

    Exactly on point.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer
Anonymous number for texting and calling from Hushed. $25 lifetime membership, use code TECHDIRT25
Report this ad  |  Hide Techdirt ads
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.