Tag Archive | "internet surveillance"

Photo Cred: WCCF Tech

The FBI and Apple, Inc.: National Security v. Privacy

Photo Cred: WCCF Tech

Photo Cred: WCCF Tech

In January of this year, President Obama’s top intelligence advisers met with Apple’s CEO, Tim Cook and other technology leaders to discuss their long-standing disagreement over the encryption safeguards built into their devices. The Federal Bureau of Investigation requested Apple help unlock an iPhone used by Syed Rizwan Farook, one of the San Bernardino murderers who killed 14 people on December 2, 2015. Apple refused. On February 16, 2016, the United States District Court for the District of California issued an order compelling Apple to assist the FBI by enabling the search of the Farook’s iPhone. Tim Cook called the FBI’s request “chilling” and a “dangerous precedent” to set. The FBI requested that Apple create and digitally sign a special version of iOS, which would be modified in three ways, as specified on page 8 of the court order:

  1. iOS can be set to erase its keys after 10 incorrect passcode guesses. The FBI wants software with this feature disabled.
  2. iOS imposes increasingly long delays after consecutive incorrect passcode guesses to slow down guessing (this is commonly called rate limiting). The FBI wants software that accepts an arbitrary number of guesses with no delays.
  3. iOS requires individual passcodes be typed in by hand. The FBI wants a means to electronically enter passcodes, allowing it to automatically try every possible code quickly.

At the time, Apple worried the FBI’s application of the All Writs Act of 1798 would allow the government to force Apple into taking further steps, and used the example of surveillance software that could intercept and capture all data on an iPhone.

The All Writs Act is a 227 year old, general-purpose law allowing a court to require third parties’ assistance to execute a prior order of the court when “necessary or appropriate.” Many feared that should the U.S. government prevail in this case, it could be used to justify law enforcement efforts to get around encryption technologies in other investigations far removed from national security threats. Additionally, some feared the government could ask to use this power proactively, before a suspected terrorist attack. Is this really a possibility? Perhaps, but not certainly.

Ultimately, this case pitted a strong, governmental interest in ensuring its national security against an individual’s fundamental right to privacy. Many continue to wonder whether the U.S. can claim national security concerns justify the hacking into all iPhones. However, two legal roadblocks prevent such an occurrence.

First, in the U.S., the Fourth Amendment grants a measure of privacy for “persons, houses, papers, and effects” from “unreasonable searches and seizures” while requiring that warrants be issued based only on probable cause. Second, the international human right to privacy, arguably a customary norm of international law, as codified in the International Covenant on Civil and Political Rights (ICCPR) and the European Convention on Human Rights (ECHR), place limits on a State’s ability to interfere with the right to privacy.

But the courts weren’t faced with making this determination. On March 28, 2016, the Justice Department withdrew its legal effort to compel Apple to assist the U.S. government claiming it had unlocked the iphone without assistance from the tech company. Despite the U.S. government’s successful iphone hack, on April 8, 2016, the Justice Department said it would continue to try to force the tech company to help in criminal probes based on the All Writs Act justification.

Interference into an individuals’ right to privacy is illegal where it is arbitrary and not prescribed by law. As a threshold matter, the invasion must be prescribed by domestic law and have certain clear and precise safeguards. Second, and probably the limiting factor, is that the interference must not be arbitrary. The European Court of Human Rights’ jurisprudence on the subject has allowed a claim of national security threats to supersede an individuals right to privacy. However, these national security threats must be concrete, and the interference may not be “blanket and indiscriminate.” Thus, a State would not be justified in the surveillance of any and all phones absent a clearly defined threat to such State.

In sum, international law already accounts for the fear’s individuals express over a ruling in favor of the government. Should Apple fail in its “fight the good fight” attempt, individuals need not worry about the government being enabled.

Posted in 1TVFA Posts, 2Featured Articles, Philip Nickerson, Phillip NickersonComments (0)

Internet graphic

Critical Analysis: Determining the Boundaries of the Internet

Cloud Computing and Internet Surveillance

Since the rise of the internet, lawmakers and courts have struggled to create legal rules for a computer network that disregards geographical boundaries. Issues concerning internet governance have only grown more complex with the recent trend towards cloud computing and revelations of internet surveillance by government agencies. U.S. companies host massive amounts of data from customers around the world, with much of that information being stored overseas. These same U.S. companies have come under fire for giving U.S. government agencies access to customer data. Many countries responded to these revelations by enacting legislation designed to protect the privacy of their citizens’ data. Now we are left with a segmented, country-by-country approach, to govern an internet that has no borders. The lack of a unified international framework for data protection has made it impossible for global internet companies to comply with all of the contradicting demands of their various stakeholders.

global network graphic

Image Source: wonderfulengineering.com

Microsoft Refuses to Give Foreign Hosted Data to U.S. Authorities

A court decision determining the circumstances under which U.S. law enforcement agencies may obtain digital information stored outside the U.S. has become the most recent example of the difficulty in reconciling the notion of sovereignty with a globally distributed network. During the summer of 2014, a United States court ordered Microsoft to produce the content of email-data stored on servers in Dublin, Ireland. Microsoft complied with the warrant to the extent of producing the metadata of the email stored on U.S. servers but has refused to turn over the foreign hosted content. Microsoft claims that U.S. courts do not have the power to issue warrants for extraterritorial search and seizure. In the courts view, extraterritoriality does not apply to warrants issued pursuant to the Stored Communications Act (SCA) because the information is within the control of Microsoft.

Stored Communications Act (SCA)

Part of the purpose of the SCA was to address the difficulty in applying Fourth Amendment protections to information communicated and stored electronically. The court argues that a section 2703(a) SCA warrant operates like a hybrid between a subpoena and a warrant. With a subpoena the test for compulsory production of information is whether or not the information is in the possession, custody, or control of the subpoena recipient. Extraterritoriality does not apply because, like a subpoena, an SCA warrant does not involve government agents entering the premises of the ISP to search its servers and seize information. One of the problems in allowing the SCA warrant hybrid to defy jurisdictional boundaries is that it creates a situation where Microsoft cannot comply with both the order and the laws of the host country simultaneously.

The Business of International Internet Companies

Microsoft, with the support of several other tech giants (including AT&T, Apple, Cisco, and Verizon among others), is claiming that this court order could set a precedent that might encourage Europeans to avoid using Microsoft products out of a fear that expansive U.S. discovery rules could expose all of their information. To maintain its European customers and avoid possible liability abroad, Microsoft has a very strong incentive to push back against this order. Microsoft has argued that if it complied with this order, it could decimate the U.S. cloud computing industry – which would cost both jobs and massive tax revenue. To protect its growing business in countries outside the U.S. Microsoft is urging the U.S. government to abide with its mutual legal assistance treaties, or MLATs. This approach would allow for more cooperation between the requesting and host countries, ensuring that the local laws of the host country are not disregarded in the process of acquiring the requested information.

Internet graphic

Image Source: techpolicydaily.com

The Cloud Computing Industry Fights Back

While this case has played out in the court systems members of the United States Congress have been working to find an appropriate solution to the issues presented by U.S. based companies hosting data abroad. On September 18, 2014 a bipartisan group of senators introduced the Law Enforcement Access to Data Stored Abroad Act, or LEADS Act. The LEADS Act would implement the warrant-for-content rule, meaning that the account of a U.S. citizen held overseas would only be accessible to law enforcement with a judicial warrant. The goal of the bill is to balance the needs of U.S. law enforcement with consumer privacy rights. Microsoft is supportive of the new bill as a way to continue the conversation over the control of data, but was adamant that it would not be the conversation’s conclusion.

Matthew Aeschbacher is a 4LE law student at the University of Denver Sturm College of Law and a staff editor for the Denver Journal of International Law & Policy.

 

Posted in 1TVFA Posts, 2Featured Articles, DJILP Staff, Matthew AeschbacherComments (0)


University of Denver Sturm College of Law

Posts by Date

December 2018
M T W T F S S
« Nov    
 12
3456789
10111213141516
17181920212223
24252627282930
31  
Resources