The Encryption Debate – Once Again, Technology Outpaces the Law

A US Magistrate Judge in California ruled recently that technology giant Apple could be required to create specialized software to help federal investigators bypass the security protocols on the encrypted Iphone 5S used by Syed Farook, one of the San Bernardino shooters.  This ruling conflicts with the ruling of a US Magistrate Judge in Brooklyn, who found that he could not order Apple to take steps to bypass the security features of an Iphone seized during an earlier drug investigation.

The media coverage of the more recent San Bernardino case has been far more extensive because it involves the December 2, 2015 mass-shooting committed by a married couple who were radicalized by ISIS.  The facts and events giving rise to the older Brooklyn case are far more ordinary.   But for the Iphone issue, that matter arises from just another relatively routine federal narcotics investigation – one of who-knows-how-many that play out in federal courts across the country every single day.

But a review of the ordinary drug case reveals far more about the development of the cell phone security issue that is at the heart of this debate.  The drug case involves an alleged methamphetamine dealer named Jun Feng, who’s phone was seized during the 2014 search of his Queens, New York residence.  Investigators sought to access his phone to obtain information that is fairly routine in drug cases, such as contact lists.  According to prosecutors in that case, Apple had assisted federal agents in extracting information from Iphones tied to criminal investigations approximately 70 times in seven years.  To law enforcement’s surprise, Apple suddenly changed its position as to such issues in Feng’s case.  Feng entered a guilty plea last October, but attorneys for both Apple and the Government continued to press the Court for a ruling and the Court ruled against the Government.

Why did Apple’s position change?  The company apparently updated its position on this issue as it updated the software in its devices.  It seems that Apple was not so fussy about such things when its products were running older, less sophisticated versions of its software.  Newer software has become considerably more sophisticated, and has more extensive security features.  And, as we all know from personal experience, software updates can appear regularly and frequently.  Farook’s Iphone runs on iOS8.  According to Apple, the software is so secure that even the company cannot access data contained in the phone with writing software that will bypass a self-destruct feature (The data on Farook’s phone is password-protected.  Apple does not have the password.  Each incorrect guess at the password results in a short delay.  Too many incorrect guesses results in the memory being erased.)  The security features on Feng’s phone, while of relatively recent vintage, are not this sophisticated.  Nevertheless, as the software becomes more sophisticated, Apple is apparently becoming more concerned with setting bad precedents that require it to cooperate with law enforcement investigations, and cause customers to question the security of its devices.

This debate is playing out in state-level criminal matters, as well.  Manhattan DA Cyrus Vance recently stated that his cybercrime lab is holding 175 devices that cannot be accessed because of the sophistication of the encryption technology.  In a recently recorded jail conversation, a city inmate described Iphone encryption as “a gift from god”.  In the same or another recorded conversation, an inmate stated “[t]he DA Cyrus Vance, who’s prosecuting me, is beefing with Apple because they put these phones that can’t be (un)encrypted … If our phones is running on the iOS8 software, they can’t open my phone.”  (Note:  This inmate, who is apparently smart enough to somewhat understand the capabilities of his cell phone software is still too stupid to realize that jail phones are frequently tapped, and the conversations are frequently recorded.)

Apple’s devices are not the only ones at issue.  Law enforcement officials have also noted that Google’s Android operating system raises similar issues.  Thus, it probably comes as no surprise that some of the biggest names in technology (Amazon, Google/Alphabet Inc., Facebook, Microsoft and Twitter) are all siding with Apple in this fight.

This debate also goes far beyond terrorism and drug cases.  It involves cases of child pornography, financial fraud, indeed – any other criminal matter where a device was used.  Apple has recently refused to cooperate in criminal investigations involving Iphones in four states.

At this juncture, however, the two sides in this fight are anything but evenly matched.  On the side of “tech” are some of the largest, most powerful, most influential companies in the world, some of which write software, build devices and/or offer services that touch the lives of the vast majority of human beings on the planet.  Further, these companies constantly alter their products, software and services to make them the latest and the greatest.  And since many of us just have to have the latest and the greatest, we run right out and buy them.  (Incidentally, this last point has real implications for criminal investigations.  For examples, drug dealers frequently change devices and phone numbers, with the result that data can be stale by the time it is accessed.  They look for the latest devices, just like everyone else.)

The Government’s arsenal is very different.  In both the San Bernardino and Brooklyn cases, federal prosecutors are relying upon the 1789 All Writs Act.  In short, this 227-year-old statute was designed generally to compel a party to act when other laws could not be used to do so.  The Act, among other things, authorizes judges to mandate actions required to enforce their own orders.  As to the prosecution’s use of this statute in the Feng matter, the Magistrate in Brooklyn stated in his opinion that the Government was stretching an old law “to produce impermissible results.”

The San Bernardino and Brooklyn cases are plodding their way through the Court system, and Congress is holding hearings on the problem.  I have some confidence in the judicial system to formulate reasonably viable short-term solutions in these specific cases based on current law.  However, a long-term and relatively all-encompassing solution has to come from Congress and, possibly, state legislatures.  Given what seems to happen regularly on Capitol Hill and in different state houses coupled with the complexity of the issues, I don’t think we can expect a workable legislative solution anytime soon.

At a minimum, any long-term and far-reaching solution to this issue must address the following problems:  Can we create a mechanism that allows law enforcement to penetrate a device’s built-in security features in a targeted manner that is tailored to the needs of the underlying criminal investigation?  Under what circumstances, if any, should we require the assistance of the manufacturer to break through a device’s seemingly impenetrable security features so that the data can be accessed?  If the manufacturer’s involvement is deemed necessary,  to what extent should a private company be required to assist law enforcement, and who will supervise and/or oversee its role in the investigation?  And, of course, what should the Government’s burden be in such matters before being granted the relief sought?  The manner in which these and related questions are answered will determine whether and to what extent the obviously broad gap between law and technology can be reduced.

James S. Friedman, LLC closely tracks cutting-edge developments in law and technology, and represents individuals charged with criminal offenses implicating the latest hardware and software.  If you or someone you know has a criminal charge involving the use of the internet, a computer, or a portable device such as a cell phone, contact the firm immediately to discuss your case.




Justia Lawyer Rating
New Jersey Bar Association Badge
National Association of Criminal Defense Lawyers Badge
 ACDL - NJ Badge
Contact Information