The Department of Justice (DoJ) filed its response yesterday to Apple's motion to vacate the court’s order that directed Apple to write new code and certify it to circumvent a security feature configured to prevent access to a device. Reaction to the tone and DoJ analysis was swift, and it highlights the stakes of the case for both sides. Not surprising, DoJ asserts largely unconstrained power under the All Writs Act to have a court compel a third party to do whatever needs to be done to facilitate an authorized search. DoJ pretends that the Communications Assistance for Law Enforcement Act (CALEA) is altogether inapplicable to the case, as if this very debate had not occurred in 1994 and Congress had not spoken to relieve manufacturers of any such obligations. DoJ’s position is understandable because if CALEA applies, then the order is improper. But DoJ's position is indefensible, and worse, DoJ actively misleads the court on CALEA in its brief.
As I’ve noted before, CALEA precludes the government from requiring “any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.” 47 U.S.C. 1002(b)(1)(emphasis added). It also prohibits the government from requiring “the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.” Id., at 1002(b)(2). The government dismisses CALEA by saying that the provision is a limitation on law enforcement, not the courts, and so it can achieve its goal merely by having the court do what it is prohibited from doing directly. As I noted here, that argument is circular and ignores the fact that CALEA specifically addressed the obligations of manufacturers and crafted a very narrow law to define precisely which parties had an obligation to design equipment and services to facilitate surveillance, and which ones did not.
DoJ next asserts that Apple is not an exempt information service under CALEA in any case, and even if it were, it is not a manufacturer of telecommunications equipment. It doesn’t matter if Apple is or isn’t an information service under CALEA. It is a manufacturer and as such cannot be ordered by the government to change the configuration of its equipment. But here is where DoJ most actively misleads the court -- it argues in footnote 3 of its brief that a manufacturer of telecommunications equipment under Section 1002(b) is limited to a “manufacturer[] of [] telecommunications transmissions and switching equipment,” citing 47 U.S.C. 1005, and doesn't include manufacturers of telephones.
Section 1005, however, is limited specifically to a manufacturer’s obligation to cooperate with a telecommunications provider in designing CALEA solutions for wiretaps. Of course Section 1005 speaks to telecommunications transmissions and switching equipment, which is where the CALEA software resides. But in no way does Section 1005 define or limit the prohibitions in Section 1002 that preclude government from otherwise dictating or requiring changes in “any specific design of equipment, facilities, services, features, or system configurations” by a "any telecommunications manufacturer," not just a manufacturer of switching equipment.
To the collective chortle of the telecommunications industry, DoJ asserts that in any event telecommunications equipment does not include telephones. The term is not defined in CALEA and there is no indication that Congress meant anything other than the plain words in the statute so it is a long reach to say that a phone is not a piece of telecommunications equipment. But let's make the stretch for DoJ. Is DoJ serious in arguing that it can compel manufacturers like Apple to create handset-enabled surveillance equipment; that is, to require that phones rather than central office switches contain wiretap capabilities? That is the result of its logic and argument, and that really is the result of its demand in this case.
Taking another step, I also noted here that DoJ’s CALEA argument also would permit it to obtain a court order to require a system redesign of routing and switching telecommunications equipment despite the language of Section 1002. All it need show, under its theory, is that a peer-to-peer network, for example, is being used by particular criminals and terrorists and failure of the router manufacturer or VPN provider to design a back door for access to the communication stream frustrates a court-ordered wiretap. Peer-to-peer communications are exempt from CALEA, as are encrypted messaging services, or VPNs, but that doesn’t matter to DoJ, because CALEA is only a restriction on them, not a court and the New York Telephone standard is a low bar to achieve its goals.
DoJ would have been more honest to argue that two years after the passage of CALEA, Congress passed the Communications Act of 1996 and carved “customer premises equipment” or "CPE" out of the definition of "telecommunications equipment." See 47 U.S.C. 153(16). CPE is understood to include customer-owned handsets or phones. But that argument would require DoJ to admit that CALEA applied in the first instance and that the term “telecommunications equipment” is ambiguous and should be interpreted by how Congress later, in a separate statute, applied it. Such an approach would be too risky because the legislative history of CALEA makes it very clear that Congress defined the collective telecommunications universe of obligations to assist law enforcement -- it is after all called the Communications Assistance for Law Enforcement Act.
The stakes of this case certainly are high. It may be that a future Congress decides that the technical assistance the government wants here is necessary and desirable to assist law enforcement in its mission. But CALEA left no gaps for a court to fill with the All Writs Act today and DoJ knows it.