"Touching on cases like the Snowden or the Lavabit incidents, the duo strongly emphasized that companies should start asking themselves a couple of questions before law enforcement actually comes knocking at their door. Knowing what they collect, how they store it, for how long, why, what can it access, does it encrypt data and where are keys stored – are only a few of them.
While both the Wiretap Act and CALEA (Communications Assistance for Law Enforcement Act) may have been designed to increase the surveillance capabilities of law enforcement agencies, Granick argued that companies shouldn’t necessarily give in to law enforcement’s pressure, without a Department of Justice search warrant in conjunction with AWA (All Writs Act) writ.
Referencing the San Bernardino case of Apple versus the FBI – where the AWA was levered in trying to get Apple to create new software that can decrypt the terrorist’s phone – the company was able to fight off the FBI’s request by getting a different ruling from a second judge. However, it unclear whether or not Apple should have complied, according to Pfefferkorn.
“Is it necessary for Apple to help out?” said Riana Pfefferkorn, the Cryptography Fellow at the Stanford Center for Internet and Society. “We don’t really know.”"