News Stay informed about the latest enterprise technology news and product updates.

U.S. lacks law to make Apple help bypass encryption

The federal court compelling Apple to help the FBI bypass encryption controls in the iPhone used by one of the suspects in the San Bernardino, Calif., massacre is leaning on a 227-year-old law called the All Writs Act. Part of the Judiciary Act of 1789, the statute authorizes the government to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”

In 2016 English, that means it lets the government issue any order it needs to make somebody do something, as long as it is for a legal reason. Jonathan Mayer, of The Center for Internet and Society at Stanford University, called the law a “Swiss Army knife for the courts” that has been used in a wide range of scenarios, including challenging criminal convictions and establishing real estate.

While the law is broad, it’s not all-powerful. In fact, the ruling that orders Apple to work with the FBI on the phone states that if the tech company finds compliance “unreasonably burdensome,” it can appeal. The company has until Feb. 26 to do so.

No law to turn to

Johna Till Johnson, president and founder of Nemertes Research, said the legal ground under the FBI’s feet is shaky.

“That’s exactly why Tim Cook made it public,” she said, referring to the Apple chief executive’s public letter to customers about the “dangerous precedent” complying with the court order would set.

Right now, Johnson said, “there is no law that says you need to re-engineer every mobile device to disable encryption.”

The Communications Assistance for Law Enforcement Act of 1994 requires telecoms to let the government around encryption controls in their networks, but it doesn’t cover mobile devices. Congress has been reluctant to pass legislation requiring tech companies to build “backdoors,” or shortcuts around encryption, into their products. In Johnson’s view, that could be on purpose.

Legal action

“If they did that, they’d kill the mobile phone industry,” she said. Foreign cell phone equipment suppliers like Alcatel-Lucent, already spooked by the revelations of global surveillance programs by former government contractor Edward Snowden, would want nothing to do with us.

“Everybody would stand up and say, ‘No way, José. The U.S. can do without mobile phones. We’re done,” Johnson said.

There is some activity on the issue. Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) are pushing for a bill to bypass encryption on mobile devices. Rep. Michael McCaul (R-Texas) and Sen. Mark Warner (D-Va.) are seeking an approach that balances government access to encrypted data with privacy protection, beginning with a commission to study the privacy and security implications of new technologies.

What might the world look like under a law requiring tech companies to decrypt information? Read the post “Life under a new encryption law.”