CEO Perspective: General Counsel Joel Margolis on “Apple/FBI” Tiff

Is the FBI’s recent attempt to gain cooperation from Apple in providing a “backdoor” to the San Bernardino, CA terrorist’s iPhone a dangerous precedent for future privacy violations by government — or simply a straightforward and perfectly legal attempt to gain evidence that might help prevent future attacks? And what of the FBI’s decision to put its case on hold while it pursues use of techniques to open the phone without Apple’s technical assistance — Will such a “hack” even work, and if it does, will it kick open another legal hornet’s nest between privacy advocates and law enforcement?

CEO Steve Bock consults with Subsentio General Counsel Joel M. Margolis, our resident expert on CALEA and all legal matters related to lawful intercept. With more than two decades in the industry spanning work at the DEA, FCC, Neustar and Subsentio, Margolis is among the most respected experts and public speakers on lawful intercept. Among his many signature achievements: initiator of the request for FCC rule making proceeding that extended the scope of CALEA to include two-way interconnected VoIP and broadband communication services in the United States. In today’s post he’ll endeavor to sort out the intent and ramifications of the current Apple vs. FBI legal battle.

Bock: Joel, you’re a busy guy and we appreciate your taking the time for this CEO Perspective. Before we dive into the Apple/FBI imbroglio, and for the benefit of our readers, please give us a rough sketch of a typical “day in the life” for you here at Subsentio.

Margolis: You bet. My primary responsibility is to maintain policies and procedures for Subsentio that keep our client service providers in compliance with the requirements of lawful surveillance and records production. My other responsibilities are similar to those of other general counsels. For example, I supervise the drafting of contracts with clients and equipment vendors, set standards to meet our employment law mandates, take steps to protect the company’s intellectual property, and handle certain corporate law matters.

Bock: For several months now the legal fight between Apple and FBI has been “top of the news.” Every day seems to bring a new twist. Aside from any general interest in the topic of encryption, and specifically on the impact of Apple & Android “strong” encryption that makes their smartphones virtually impenetrable to investigators, I’m sure our CSP clients might wonder: “What, if anything, might this have to do with me?” For that matter, is there any potential impact on Subsentio’s business?

Margolis: The FBI-Apple case is relevant to Subsentio’s clients for two reasons. First, the harder it is for law enforcement to access encrypted data stored in devices such as smartphones, the more often they must compensate for the investigative shortfall by placing more demands on service providers for communications records and real-time lawful surveillance. Second, any legislative solution to the encryption problem must address encryption of data stored in devices such as smartphones, and encryption of data as it is transmitted in real-time on service provider networks.

Bock: Got it, thanks. Now let’s move right into the Apple/FBI case itself. What’s the latest?

Margolis: Apparently an Israeli solution vendor has offered to help the FBI unlock the encrypted San Bernardino iPhone. They may have replicated a key chip in the phone that can overcome the auto-erase feature that has blocked the FBI from accessing the phone’s contents. As a result, just one day before the FBI and Apple were scheduled to appear for an oral argument before the California court that is hearing their dispute, the FBI asked for a stay of its case.

Bock: Who exactly is this vendor?

Margolis: As reported by the Associated Press and elsewhere, the company that approached the FBI with this offer is Cellebrite, a well-known provider of mobile surveillance systems including passive solutions and active “IMSI catchers,” as well as satellite communications interception technologies for the military and government intelligence agencies.

Bock: Is there any certainty that this proposed solution will help crack the San Bernardino iPhone?

Margolis: There is no such thing as “absolute certainty” in the realm of cryptanalysis. It is still unclear whether the Israeli technique will work. If it doesn’t, the California magistrate court hearing will be rescheduled.

Bock: And what if it does work? Does that end the FBI’s “encryption problem” by providing a uniform technical mechanism for dealing with every form of strong encryption?

Margolis: Hardly. Even if the technique does work it will not moot the encryption issue. There are at least three reasons why that’s true. First, the technique appears to be limited to just one brand of smartphone. Second, it may be cost-prohibitive or time-prohibitive to use on a regular basis. And finally, after-the-fact, Apple may strengthen its security to render the technique useless. Even after cracking this one phone, the FBI might find itself back at square one when trying to apply the same technique to other Apple devices.

Bock: So if the technique fails the FBI would presumably renew its case. What if Apple loses and the FBI wins?

Margolis: It’s still complicated. Even if the FBI wins the pending case, Apple could tie up the matter in federal district court and then the 9th Circuit Court of Appeals for years. Meanwhile the company could refuse to provide the needed assistance in the other 10 circuit court jurisdictions.

Bock: There’s one other route for the FBI, is there not? We’ve heard talk that this case could go all the way to the U.S. Supreme Court. What’s your take?

Margolis: It’s a big “if.” The Supreme Court may refuse to hear a case that interprets the California court order – called an “All Writs Act” order — because the court traditionally avoids deciding intensively technical questions such as whether decrypting an iPhone would impose an “unreasonable burden” on a handset vendor. It has historically referred that kind of responsibility to Congress.

Bock: ‘Round and ‘round we go.

Margolis: Exactly, but the fight would end up in the right place — finally! Ultimately the encryption debate must be resolved by Congress because the case-by-case approach would probably fail to provide clear and consistent guidance. CALEA is the most appropriate existing statute, but at age 22 the law is showing its gray hairs particularly in regard to encryption. New legislation must create the proper balance: addressing encryption that protects data stored in a smartphone, and encryption that protects data when it’s in transit between two communicating parties — while at the same time meeting the reasonable requests of law enforcement in investigating threats to public safety and national security.

Bock: So a CALEA II or other similar legislation must have privacy at the core, right?

Margolis: Of course — same as now. But let’s be clear that the issue at hand in the Apple/FBI case is not privacy. The California magistrate judge already decided the privacy issue when she ruled that the FBI showed sufficient “probable cause” to overcome the general presumption of suspect privacy. The only issue is what should be the burden on communications handset vendors and communication providers to decrypt data that law enforcement is already authorized to view.

Bock: That says it all. Thanks again, Joel!