In October, we covered a significant case in Brooklyn federal court that tackles the hot-button issue of whether tech companies should be compelled to provide law enforcement with the ability to access information that’s protected by encryption.
The federal government sought an order compelling Apple to disable the security on a password-protected iPhone which the government had lawfully seized pursuant to a warrant. That iPhone runs an older version of Apple’s mobile operating system, iOS, for which Apple has the ability to bypass the device’s encryption. (Later versions of iOS feature encryption which Apple itself cannot bypass, to the chagrin of law enforcement and intelligence officials.)
Lawyers from the Department of Justice argued that a 226-year-old statute, the All Writs Act of 1789 (AWA), authorized the order they requested. However, Magistrate Judge James Orenstein expressed doubt whether the AWA in fact provided authority to force a private third party like Apple to, as he told the government, “do work for you.” (We believe it doesn’t.) Despite receiving further briefing and hearing oral argument, Judge Orenstein has yet to rule openly on the government’s request. Nothing has been publicly filed in the case since the end of October, when the device’s owner pled guilty to drug charges.
In a late October hearing, the government informed the court that Apple had unlocked iPhones on at least 70 occasions. That was news to us. We knew that Apple had received unlocking orders in the past – Apple acknowledged as much in a brief (indeed, it reportedly had a waiting list at one point), the DOJ’s briefs mentioned a handful of cases, and our research has uncovered a few more – but not the total number.
Troublingly, the American public has never had a complete picture of the frequency with which law enforcement has sought, and obtained, these unlocking orders – or what legal authorities it’s relying on in doing so. The government’s applications and the resulting orders are typically made under seal, and they’re not consistently unsealed and made publicly available once a criminal investigation is complete. The cases are scattered across the hard-to-search dockets of the country’s nearly 100 federal district courts, which don’t report statistics on unlocking orders like they do for wiretaps and delayed-notice search warrants.
All of these factors have enabled the government for years to pursue a dubious legal argument for forcing a third party to assist law enforcement in dozens of investigations, without undergoing the public scrutiny that is a hallmark of democracy – until Judge Orenstein chose to publicize this particular case.
That’s why we joined the American Civil Liberties Union and the ACLU of Northern California today in filing a Freedom of Information Act request to the DOJ, asking for more information about the 70 unlocking orders it acknowledged in open court. Because the current global debate over strong crypto is moving at a fast pace, we’ve asked DOJ to expedite our request. This request is an important part of CIS’s current work on uncovering and analyzing the government’s efforts to force decryption, obtain encryption keys, or demand backdoors. A prompt and thorough response from DOJ will empower the public to better evaluate its government’s mounting calls to undermine strong encryption. The law enforcement community may think of encryption as going dark, but it’s time for its own actions in our courts to be brought into the light.