Cybersecurity & Standards, Government Surveillance
Tales from Decrypt: FBI Wants Backdoors and Ability to Compel Access
Ever since Apple and Google announced all their new smartphones would be encrypted by default – a decision we applauded – police and prosecutors have been sounding a doomsday alarm. Manhattan District Attorney Cyrus Vance argued the consumer protection measure would devastate a range of investigations, while FBI Director James Comey recently compared encrypted phones to “cars with trunks that couldn’t ever be opened by law enforcement,” and said it would put individuals “beyond the law.” However the government’s actions make it difficult to treat this hysteria as sincere: Even as law enforcement goes to media complaining it is now blocked out of phones, it continues to argue in court that a warrant provides open access to these devices.
That method of gaining access is compelled decryption.
That method of gaining access is compelled decryption. While police might be unable to unlock a phone, its owner always can, and courts may be able to require individuals to do so. This is not a new concept; compelled disclosure has always been a regular part of judicial proceedings. If someone owned the magic unbreakable car trunk Director Comey described – or more realistically, a lockbox – it would not at all be a problem for law enforcement to gain proper access. After providing a search warrant, the court can compel the owner to open the container in question.
While Director Comey contended during a speech on smartphone encryption this week that such an order would be ineffective because criminals would opt for a short contempt sentence over conviction for a serious crime, in reality refusing to comply with a court order can carry serious consequences. Contempt may result in indefinite confinement so long as an individual retains the ability to comply with the court order refused; in once case an individual was imprisoned for contempt for fourteen years (Chadwick v. Janecka, 302 F3d 107 (3d Cir. 2002)).
Government has argued in a number of cases that it should be able to compel an owner to “open” electronics just like a physical device, with mixed results. The 11th Circuit ruled against compelled decryption in U.S. v. Doe in 2012. Conversely, a Colorado District Court and the Massachusetts Supreme Court have ruled that police can with a warrant compel decryption of electronic devices in U.S. v. Fricocus andCommonwealth v. Gelfgatt, respectively.
These diverse rulings show that compelled decryption is far from resolved as an issue, with many significant components. Most importantly, if a court does have authority to order decryption, such an action should be inadmissible as evidence, and should not serve as basis for government to access an entire device when it has only demonstrated cause to search a particular subset of files.
However, even with some questions unsettled, compelled decryption has been conspicuously absent from law enforcement’s recent discussion of smartphone encryption. It’s hard to put much credence in government claims that encrypting phones is disastrous when it argues in court that unlocking an encrypted device should not only be possible, but a routine procedure.