Blog

Class aptent taciti sociosqu ad litora

Prosecutor Starts Another Crypto Skirmish

  • August 16, 2015
  • Clayton Rice, K.C.

On August 11, 2015, The New York Times published an op-ed titled When Phone Encryption Blocks Justice by five prosecutors led by Manhattan district attorney Cyrus R. Vance Jr. The op-ed was co-authored by Francois Molins, Paris chief prosecutor; Adrian Leppard, commissioner of the City of London Police; and, Javier Zaragoza, chief prosecutor of the High Court of Spain. It appears that Mr. Vance was the motivator because the examples used are from New York and Illinois. So you know where this is going.

The authors began by talking about a homicide case in Evanston, Illinois, where the police found an iPhone 6 and a Samsung Galaxy S6 near the body of the deceased. A judge issued a warrant ordering Apple and Google to unlock the phones and they both replied that they couldn’t because the user’s pass codes were unknown as a result of their re-engineered software with “full-disk” encryption. The prosecutors relied mainly upon the unsolved Evanston case to springboard them to a predictable conclusion:

“Full-disk encryption significantly limits our capacity to investigate these crimes and severely undermines our efficiency in the fight against terrorism. Why should we permit criminal activity to thrive in a medium unavailable to law enforcement? To investigate these cases without smartphone data is to proceed with one hand tied behind our backs.

The new encryption policies of Apple and Google have made it harder to protect people from crime. We support the privacy rights of individuals. But in the absence of cooperation from Apple and Google, regulators and lawmakers in our nations must now find an appropriate balance between the marginal benefits of full-disk encryption and the need for local law enforcement to solve and prosecute crimes. The safety of our communities depends on it.”

It didn’t take long for Jenna McLaughlin to fire back the same day in a piece titled The Many Things Wrong With the Anti-Encryption Op-Ed in the New York Times published by The Incercept. After criticizing the authors for failing to acknowledge the value of encryption to protect people and their data from hackers and government dragnets, Ms. McLaughlin emphasized that the prosecutors were demanding, “…a magical, mathematically impossible scenario in which communications are safeguarded from everyone except law enforcement.” She concluded with the dominant view of technology experts that, “…there’s either a doorway in or there isn’t. And if there is, lots of other people, including criminals, can use it to.”

The prosecutors called for a balance between the “marginal benefits of full-disk encryption” and the need for local law enforcement to solve crimes. I’ll repeat that, just in case it went by you – marginal benefits of full-disk encryption. To describe the benefits of full-disk encryption as marginal is absurd and provoked a salvo from Jamie Williams in an article titled At It Again: Law Enforcement Officials’ Anti-Encryption New York Times Op-Ed published by the Electronic Frontier Foundation on August 12, 2015. Ms. Williams made the following three points:

First, the benefits of encryption are in no way ‘marginal’ – unless you view ensuring the privacy and security of innocent individuals across the globe as trivial goals. The authors here reveal their failure to appreciate the need for encryption to protect against not only security breaches, but also criminals (the folks they are supposed to be protecting us from) and of course pervasive and unconstitutional government surveillance.

Second, when the authors say they want an ‘appropriate balance,’ what they are really asking for is a backdoor – or golden key – to allow government officials to decrypt any encrypted messages…We’ve said it before and we’ll say it again: It is technologically impossible to give the government an encryption backdoor without weakening everyone’s security. Computer scientists and cybersecurity experts agree, and have been telling the government as much for nearly two decades. And earlier this year, one Congressman with a technical background called encryption backdoors ‘technologically stupid.’ Everyone who understands how encryption works agrees.

Third, law enforcement isn’t currently and won’t in the future ‘go dark’ as a result of encryption. The government voiced the same concerns over encryption stifling criminal investigations during the Crypto Wars of the 1990s – i.e., Crypto Wars, Part I – which saw efforts by the government to prevent the development and distribution of strong consumer encryption technologies…Such concerns have proven to be unfounded in the past. Just a few weeks ago, former NSA director Mike McConnell, former Homeland Security director Michael Chertoff, and former deputy defense secretary William Lynn – in a Washington Post op-ed in support of ubiquitous encryption – remarked that despite losing Part I of the Crypto Wars, ‘[T]he sky did not fall, and we did not go dark and deaf. Law enforcement and intelligence officials simply had to face a new future. As witnesses to that new future, we can attest that our security agencies were able to protect national security interests to an even greater extent in the ’90s and into the new century.’ The same is true today. And as the former national security officials recognize, ‘the greater public good is a secure communications infrastructure protected by ubiquitous encryption at the device, server and enterprise level without building in means for government monitoring’.”

Also on August 12, 2015, Bruce Schneier of the Berkman Center for Internet and Society at Harvard Law School responded in Lawfare with an article titled Another Salvo in the Second Crypto War (of Words) in which he concluded with this observation: “So much of this ‘going dark‘ versus the ‘golden age of surveillance‘ debate depends on where you start from. Referring to that first Evanston example and the inability to get evidence from the victim’s phones, the op-ed authors write: ‘Until very recently, this situation would not have occurred.’ That’s utter nonsense. From the beginning of time until very recently, this was the only situation that could have occurred. Objects in the vicinity of an event were largely mute about the past. Few things, save for eyewitnesses, could ever reach back in time and produce evidence. Even 15 years ago, the victim’s cell phone would have had no evidence on it that couldn’t have been obtained elsewhere, and that’s if the victim had been carrying a cell phone at all. For most of human history, surveillance has been expensive. Over the last couple of decades, it has become incredibly cheap and almost ubiquitous. That a few bits and pieces are becoming expensive again isn’t a cause for alarm.”

On August 13, 2015, Nate Cardozo and Andrew Crocker joined the debate with a two-fold argument in an article for the Electronic Frontier Foundation titled Deep Dive into Crypto “Expectional Access” Mandates: Effective or Constitutional – Pick One. Cardozo and Crocker assert that requiring developers to weaken encryption systems would fail for two reasons: (1) hackers and crooks would turn to cryptography alternatives; and, (2) prior restraint violates the First Amendment and is unconstitutional. Their arguments are as follows:

  • If the government really is serious about creating a legislative requirement that law enforcement always be able to access the content of a communication, simply requiring companies like Apple to redesign their systems won’t be enough. Why? Because every terrorist, pedophile, mafioso, and run-of-the-mill crook will be able to simply stop using iMessage or WhatsApp and turn instead to one of the many apps that implement end-to-end cryptography without the FBI’s hypothetical golden key. Or they could simply use strong encryption protocols like OTR2 on top of other messaging services.
  • A prior restraint is a government action that prevents people from speaking or publishing before they have a chance to do so…Because prior restraints are central to the motivating purpose of the First Amendment, the Supreme Court has been extremely hostile to laws that restrict speech in advance. In fact, no prior restraint considered by the Supreme Court has ever been upheld. Most famously, the Court struck down a lower court’s injunction against the publication of the so-called Pentagon Papers by the New York Times and the Washington Post in 1971 despite the government’s claim that the publication would cause grave harm to national security. Coming out of these cases, prior restraints are said to bear a “heavy presumption” against their constitutionality. Courts often employ a hard-to-meet checklist, under which prior restraints must be (1) necessary to prevent a harm to a government interest of the highest order; absent which (2) irreparable harm will definitely occur; (3) no alternative exists; and (4) the prior restraint will actually prevent the harm.

I have not previously considered the crypto wars in the context of First Amendment doctrine. I’m a Canadian wiretap lawyer so my first instinct is to analyze these issues in the context of s. 8 of the Charter of Rights and the Fourth Amendment. At first blush, I think the prior restraint argument has merit. First Amendment doctrine certainly maintains a strong presumption against the validity of prior restraints and the Pentagon Papers case is a good example. Strong reasons are required to justify government censorship of speech before it is made. Another good example is pretrial publicity in criminal cases where the presumption has made any restriction all but impossible. [See: New York Times v United States, 403 US 713 (1971); and, Nebraska Press Ass’n v Stuart, 427 US 539 (1976).]

In Canada, the free speech argument would develop differently. Section 2 of the Charter of Rights provides that everyone has the fundamental freedoms of “thought, belief, opinion and expression, including freedom of the press and other media of communication.” However, under s. 1 of the Charter, fundamental freedoms are subject to “such reasonable limits prescribed by law as can be demonstrably justified in a free and democratic society.” In many cases, the s. 1 balancing test is the critical inquiry which probably makes the development of subsidiary doctrines unnecessary. The test is two-pronged: (1) the state interest must be “pressing and substantial”; and, (2) the enactment must meet a test of proportionality. The proportionality inquiry has three parts: (a) Is the law rationally connected to the objective? (b) Does the law impair freedom of expression “as little as possible”? (c) Are the effects of the law proportional to the objective? [See: R v Oakes, [1986] 1 SCR 103; R v Keegstra, [1990] 3 SCR 697; and, Greenawalt. Free Speech in the United States and Canada (1992), 55 Law & Cont Prob 5, at 7, 10 and 21]

The Evanston case is not the only one relied upon by the prosecutors to mount a trajectory from investigating crime to the “fight against terrorism”. They also discuss cases, presumably at the insistence of Mr. Vance, where “74 iPhones running the iOS 8 operating system could not be accessed by investigators for the Manhattan district attorney’s office.” In reply, Ms. Williams noted that: “Vance has touted this statistic before. But a spokesman for his office told Wired last month that the office handles approximately 100,000 cases in the course of a year, meaning that officials encountered encryption in less than 0.1% of cases. And Vance has never been able to explain how even one of these 74 encrypted iPhones stood in the way of a successful prosecution.”

But what is worse here, and not uncommon in the crypto wars, the prosecutors also do not give us one example of where full-disk encryption has undermined “our efficiency in the fight against terrorism.” That comment is completely gratuitous. The next time Mr. Vance and his colleagues start a crypto skirmish, they should bring some back-up.

Comments are closed.