FBI vs Apple: Lessons From History and The Law on Protecting Privacy Rights

Editor’s note: This is the fourth in a five-part series on this topic. This examination by Arnold Abraham provides insights and nuanced lessons from history, the law and the tech world that can inform all of us interested in both privacy and security.   For a detailed legal analysis accompanying the article, please visit Thecyberlawteam.com/publications-1/   -bg

Legal scholars Danielle Citron and David Gray made a case for “technology-centered approach” for protecting privacy rights. They proposed that “if a court finds that a challenged technology is capable of broad and indiscriminate surveillance by its nature, or is sufficiently inexpensive and scalable so as to present no practical barrier against its broad and indiscriminate use, then granting law enforcement unfettered access to that technology would violate reasonable expectations of quantitative privacy.”  Their goal was to develop a reasonably balanced approach that satisfied the Fourth Amendment standard with an “appreciation of both the law enforcement and privacy interests at stake.”

These thought-leaders in the field of privacy law return numerous times to the central role of the Fourth Amendment, recognizing it “…was conceived, and has long served, as a bulwark against law enforcement’s technological tendency toward a surveillance state” and that it “guards against the government’s unfettered use of techniques and technologies.”    Indeed, the case against Apple would be quite different if it did not begin with a firm foundation resting on the Fourth Amendment.

When considering the premise that a technology in general public use may be used by law enforcement without being subject to Fourth Amendment concerns, Citron describes this as “technological determinism run amok.” The fear is that as technology proliferates, citizens will need to hide in their basemenAll Poststs and pass cryptic notes to each other in the dark to obtain privacy. It is a future those authors don’t imagine the drafters of the Fourth Amendment envisioned for our country. In the same vein, could one imagine the founders intended that lawfully acquired warrants would hold no meaning?  That citizens should hold the power to defy the government on such a wide-scale basis?  Just as Citron and Gray consider the risk of technology threatening to alter a fairly stable balance between government power and private citizens, it is fair to consider the risk of the balance being altered in the opposite direction.

While the Fourth Amendment is the cornerstone of privacy protections, it does not recognize absolute privacy, but only reasonable expectations of it. It is not reasonable to expect cell phones to be warrant-proof, because the Supreme Court already rejected this notion in Riley v. California, 134 S.Ct. 2473 (2014): “Our holding, of course, is not that the information on the cell phone is immune from search; it is instead that a warrant is generally required before such a search.”

Thus the choice is whether to adhere to the existing legal regime or to let technology dictate the course. But it is not a new choice. The ongoing debate is just the most recent battle in what has been labeled as “Crytpo Wars 2.0”   In the early 1990’s the government failed to introduce a “key escrow” system known as the “Clipper Chip.”  Under that system, hardware would be inserted into consumer devices that allowed for strong encryption, but also provided built-in access for law enforcement, because a copy of the encryption key would be held by the government.

In an article titled “Why the fear over ubiquitous data encryption is overblown,” former leaders from Defense, Homeland Security and Intelligence, wrote: “We believe that the greater public good is a secure communications infrastructure protected by ubiquitous encryption at the device, server and enterprise level without building in means for government monitoring.”   They reasoned that including third-party access to encryption increases vulnerabilities for users and while law abiding members would adhere to the regime, malicious actors would find alternate methods of encryption. They believed the most significant reason to not have duplicate keys was that other countries, such as China, would levy the same requirements but without the same due process protections.

On the balance, they argue that projected fears over “going dark” due to widespread encryption did not materialize after the failure of the Clipper Chip proposal. The Chertoff Group found only a very small portion of law enforcement cases to date were hindered by encryption and they were unable to find a single “terrorist attack that would have been prevented by the availability of lawful decryption access technology.”   But they acknowledge we are just in the early stages of mass market encryption, so the long range implications of the new trend are yet to be seen.

The iPhone was introduced a decade ago, but only recent changes have led to the potential of it becoming warrant-proof so the true impact is only beginning to emerge. Encryption capabilities that used to primarily be seen in military and diplomatic channels are now starting to pervade society as an integral component of the global economy.

In 2014, after new security features were introduced the FBI director criticized Apple and Google with the warning “there will come a day when it will matter a great deal to the lives of people . . . that we will be able to gain access” to their devices. It is important to remember the FBI is not only trying to investigate past events, but also to prevent future attacks. In most cases, other than “lone wolf” operatives, terrorists are linked to other terrorists. Accessing their information can be the key to unraveling a network and defeating the spread of violent extremism and saving countless lives. Is it necessary to wait for another 9/11 attack to recognize the scope of what is at stake?

Apple’s CEO applied an analogy to the physical world and said what the government was asking for was equivalent to “a master key, capable of opening hundreds of millions of locks—from restaurants and banks to stores and homes.”  But of course such a thing already exists in the physical world. It is called a battering ram and no restaurant, bank, store, or home in the world has a lock that cannot be bypassed by it’s brute force attack. It is not the lock that stops entry. It is the law that restrains the government’s hand, as Pitt so aptly described centuries ago.

Still, some see the public backlash against the Clipper Chip as a decision by society against back doors and in favor of Apple’s position in this case. But there is an important difference here, because what is being requested is not universal ‘baked-in’ back door access. To continue with the analogy, few citizens (if any), would want their local police department to have a key to their home in case the government discovered a need to lawfully enter. But this does not stop the police from getting in, should the need arise. When proper authority is granted through a warrant, the police may safely rely upon the old fashioned battering ram, despite any physical safeguards the occupant has in place. In the meantime, individual rights of privacy and peace of mind remain undisturbed because there is no pre-positioned “back door access” that carries an implication that each and every law abiding citizen simply can’t be trusted.

 

The government requested a tool more sophisticated than a “battering ram,” but it is still a closer analogy than a “master key” or a built-in back door like the rejected Clipper Chip. In part it is a numbers game. A built-in back door would affect all devices. Hundreds of millions of innocent users would be subject to the intrusive nature of its presence, even if though it would never be used in the vast majority of cases. For example, in 2015 the total number of wiretaps in the United States numbered only 4,148 and less than 1% of these cases encountered encryption. Thus, instead of impacting every user, the need to bypass security would only be applied in situation affecting an extremely small portion of the population.

On the other hand, imagine a world with no battering rams. Should one be free to violate the law behind locked doors that cannot be opened?  Murder, rape, child abuse shielded from the power of the State, regardless of reasonable suspicion or even probable cause?  Each man a sovereign behind the walls of his own castle, subject only the laws he chooses to submit to. Does this not sound much like very state of nature that governments were first formed to avoid?

For centuries society has rested on the concept that governments hold some level of authority over individual freedoms. The extent of the authority is defined by law, not by de facto limitations. Changing the nature of this relationship would mark a notable event in human history.

 

Arnold Abraham

Founding Partner at CyberLaw Group
Arnold Abraham, Esq. is Founding Partner of The CyberLaw Group where he focuses on litigation and mediation of disputes in cyberspace.He previously served as a senior executive level civilian in the DoD, Department of Homeland Security, and Office of the Director of National Intelligence. He has been one of the thought-leaders in the field of cyber warfare since the late 1990s and was recognized by the CIA with the National Intelligence Medal of Achievement for his groundbreaking analysis.
About Arnold Abraham

Arnold Abraham, Esq. is Founding Partner of The CyberLaw Group where he focuses on litigation and mediation of disputes in cyberspace. He previously served as a senior executive level civilian in the DoD, Department of Homeland Security, and Office of the Director of National Intelligence. He has been one of the thought-leaders in the field of cyber warfare since the late 1990s and was recognized by the CIA with the National Intelligence Medal of Achievement for his groundbreaking analysis.

Leave a Reply