Search warrant ruling could blow hole in cellphone privacy
Ruling in sealed federal case provides slight glimpse at government legal tactics.
Privacy advocates cheered when Apple announced last month that an updated encryption scheme would disallow Apple from bypassing user passcodes at the request of law enforcement officials armed with search warrants.
Now, the Justice Department is fighting back against these updates, and they’re using an ancient tactic to do it.
The Wall Street Journal explains:
That technological shift prompted tense private meetings this fall between Apple and Justice Department lawyers…
Amid that standoff, the government on Oct. 10 obtained a search warrant to examine the contents of the phone in the credit-card case. The phone was locked, so prosecutors asked U.S. Magistrate Judge Gabriel Gorenstein to order the manufacturer to unlock it. They cited the All Writs Act, originally part of a 1789 law that gives courts broad authority to carry out their duties.
Judge Gorenstein agreed. “It is appropriate to order the manufacturer here to attempt to unlock the cellphone so that the warrant may be executed as originally contemplated,” he wrote on Oct. 31. The judge gave the manufacturer, referred to only as “[XXX], Inc.,” five business days after receiving the order to protest.
Much remains unknown, including the maker of the phone, and what happened next. The language of the opinion suggests it could apply to a company like Apple. The order is directed at the “manufacturer of the cellphone,” and Apple is one of the few companies that produce both the phone itself and the software that would manage the encryption.
The order (full embed at bottom of post) was signed and published by a federal magistrate; this is significant because, as the article above explains, these types of decisions don’t normally come down in a published opinion. (Magistrates usually just sign an order granting or denying a request.)
The fact that this decision is now published is a signal to other judges who may examine it that we could be looking at the development of a new legal precedent to answer evolving technology.
Jonathan Mayer of the Stanford Law School has a fantastic overview of what an All Writs order is, and the different ways they have been used to aid in surveillance (h/t Ars Technica):
“The TL;DR is that there is nothing new about using the All Writs Act to compel assistance,” Mayer told Ars by e-mail. “And there is also nothing new about using it to compel assistance with unlocking a phone. That repeated language you saw? It’s provided by Apple itself!”
“As for the opinion discounting the All Writs Act, that had to do with surveillance under the Electronic Communications Privacy Act. Where ECPA applies, the All Writs Act doesn’t. (It’s just a default, as the court rightly noted.) Phone unlocking isn’t covered by ECPA, so the All Writs Act remains in play.”
It may not be novel, but if you’re Apple, you have to be wondering how far the government is going to go to maintain their ability to execute hassle-free searches though our data. The majority of these proceedings are sealed, which means that there’s little transparency surrounding this latest development in data privacy.
IN RE ORDER Cellphone unlocking.pdf
[Featured Image: Legal Insurrection]
DONATE
Donations tax deductible
to the full extent allowed by law.
Comments
So what if they were ordered to do so? If the software does not permit it, and there truly is no way to break the encryption other than brute force guessing which could take a VERY VERY long time if the encryption was done right and the password was strong, then what is the court going to do? They can order it all day long but they cannot chane the laws of mathmatics in order to enforce that order.
Amy, I’m confused by what appears to be YOUR confusion of two ideas…
1. locking a phone, and
2. encrypting data
The law has long provided for the cracking of a safe in execution of a search warrant. How is unlocking a phone inherently different?
Search warrants need to be specific in what they are seeking.
In the case of a safe, they can presumably say they are looking for booty or particular documents.
In the case of a phone, just saying “data stored on the phone” is too broad, and usually just a fishing expedition.
Smartphones are different — there is too much of our lives there. In many cases it is the sum of all our “papers and effects” and unless the warrant is specific as to which items it is seeking (not all of which can be encrypted) it’s a big 4th Amendment problem.
Simpler reply: Tell me how you plan to encrypt your phone call records or texts so that they are not accessible once the lock is bypassed.
Use an encryption algorithm that requires another passcode… and an option that says so many failed attempts and the phone is wiped.
the manufacturer CAN’T open encrypted files unless they run password cracker on it for a few days/weeks/etc
this is what was being cheered.
the mentioned case seems to be dealing with unlocking the phone, IE the swipe to take it off lockscreen.
totally different.
Not everything on a phone can be encrypted. Once a phone is unlocked, all things the phone software can access is available in the clear. Phone records, email, text etc. Yes, individual documents and files can be encrypted even after the lock is breached, but for almost every item on the phone, unlocking and decrypting are the same thing.
Bullshit. I can lock encrypted documents in a safe.
The court MAY crack the safe (and you’re full of crap also about the specificity of a warrant in this IMPORTANT respect…if I find stuff in your safe that is NOT relevant to the warrant, it is excluded…it isn’t admissible).
Once the safe is cracked, HOW the court gets my encrypted documents is a completely separate question.
Now, for a limited time only, the Lois Lerner Privacy App. But wait, there’s more…. call now and get a free document shredder AND the Lois Lerner Privacy App for only $19.99. Call now, NSA operators are standing by.
I don’t see the issue here. Of course courts can compel a manufacturer to open the phone, or decrypt the files, if it can do so. There’s nothing surprising there, that’s how it’s always been, and that’s how it should be. Apple’s announcement was that it is introducing an encryption system that it can’t break, precisely so that when it gets one of these orders it can truthfully say that it’s unable to comply. In exactly the same way, if your building’s janitor has keys to all the apartments, the police executing a warrant can compel him to open up for them; if he doesn’t, then they can’t.
I think just the opposite of AM here – Apple is likely going to be able to say to the judge “Sorry, we can’t do it” Not “won’t”, but “can’t”. And it might just get me to move from mu iPhones 4 and 5 to 6, just for this feature.
As some have pointed out here, the problem is that it is too easy for cops to do fishing expeditions when they get their hands on phones. Absent serious exigent circumstances, they should have to get warrants to view the contents of cell phones, should have to provide specifics as to what they are looking for, and be able to credibly document that they didn’t exceed such.
The problem is that much of our lives have migrated to our smart phones. Our mail, address book, records, photos, locations, etc. Much of it would have been in filing cabinets, etc in our houses in the past, and a warrant for an arrest would not have entitled the police to dig through the filing cabinet, photo albums, etc. Moreover, the cops couldn’t pretend it was an accident. But now, they grab cell phones upon arrest, then dig through them as a matter of course.
I think that what is really needed here is education of the judges, for them to understand what they are signing off on when they issue such a warrant, and that it often violates our 4th Amdt rights. Also, that they can limit their warrants to what is relevant, and tools are available to enforce this.
Don’t worry. Jeremiah Ebenezer Holder has banned profiling (once again). Encrypt your name/phone account to Jamel Smith.
I don’t understand how the phones could be encrypted so that they are are to decrypt. There are only 4 digits in an IPhone password so that’s less than 10,000 alternatives for passwords.
You could copy the data on the phone to a hard drive and replace the memory with memory that you could write to from an external device. Then just try every one of the 10k possible passwords and reload the IPhone memory when every it’s erased.
This would require some hardware, but allow them to break the encryption.