THE APPLE-FBI ENCRYPTION DISPUTE LOOKS LIKE A FIGHT BETWEEN SUBSCRIBER PRIVACY AND NATIONAL SECURITY, BUT IT’S NOT

The media is ablaze with the Apple-FBI encryption debate, cast as a battle between subscriber privacy and national security. Unfortunately, the spectacle misses the point of the underlying story.

After the San Bernardino terrorist attack, the FBI recovered the iPhone of the deceased terrorist suspect but couldn’t access the phone’s contents in decrypted form. Apple had redesigned that generation of phones with a technology called “encryption by default” to block such access by law enforcement and everyone else. The only way to overcome the technical hurdle would be for Apple to undertake an unusual process, such as writing a special software update that would disable the phone’s password-protection feature.

Law enforcement representatives called on Apple to take the steps needed to further the national security investigation into the San Bernardino phone. Apple and privacy experts opposed the idea. They argued that creating a “backdoor” into this one Apple phone could potentially erode the privacy and cyber security of all other Apple phones. To the media, the Apple-FBI encryption debate is a great constitutional fight between subscriber privacy and national security. But the real issue is more narrow.

In the U.S., telecommunications are generally presumed to be private until and unless a circumstance such as a probable cause showing in a law enforcement investigation justifies an exception from the general rule. Only a judge can decide whether law enforcement has truly demonstrated probable cause. If so, the judge will grant an instrument of due process such as the search warrant that the FBI served on Apple. That is how our legal system strikes the balance between communications privacy and national security.

In the San Bernardino case the magistrate judge made a finding of probable cause and granted a search warrant. Neither Apple nor any other party challenged that decision. So the case does not implicate the balance between privacy and national security, as some alarmist media sources would have us believe.

The limited question in the San Bernardino case is how the undisputedly valid search warrant may be lawfully implemented. The magistrate judge tried to compel the needed implementation by citing a statute called the All Writs Act. However, the All Writs Act was enacted as long ago as 1789 and focused on the vague term “unreasonable burden.” It is a hopelessly blunt instrument to decide warrant implementation issues in the high-tech age, especially in a case like this, where Apple and the FBI can each make good arguments about the potential burden.

In the context of real-time lawful surveillance (i.e. wiretaps), court order implementation is governed by a more modern and specific statute called the Communications Assistance for Law Enforcement Act (CALEA). CALEA permits communication service providers to develop their own technical how-to guides for supporting different kinds of lawful intercepts on different types of networks. Until and unless an industry technical standard is challenged by a third party such as law enforcement, it remains presumptively valid.

CALEA contains a provision on encryption, though it would need an update to accommodate the kinds of encryption available today. Another update would be needed to cover handset vendors like Apple.

Of course, amending an act of Congress is easier said than done. But it’s better than bickering over implementation issues ad hoc based on vague legaleze from the Colonial age.