Exactly. The Fourth Amendment should already be plenty for this, but a ton of exceptions have been carved out of it, along with the general interpretation that if your data is on someone else's server then no warrant is needed to access it.
By its text, the 4th amendment applies to "searches" and "seizures." Requiring a back door is not itself a search or seizure, any more than requiring airbags is one.
I oppose requiring backdoors. I might even oppose requiring airbags. But neither is likely unconstitutional.
Then you rely upon the First Amendment, freedom of speech, and prior restraint of speech is strict scrutiny. There is no way a backdoor survives that at the Supreme Court, there is simply too many cases where strong encryption is obviously required for legal use.
Speaking privately is the rockbed of free speech. Without privacy of speech, there absolutely never be any thought that speech is free. To try to restrict the privacy of communication is antithetical.
Obviously that doesn't mean people wont try to do it 'for the better good' but easily usable strong encryption is reality, just the same as the idea that strong encryption isn't going to stop you from being tracked and monitored.
I'm fairly confident that government doesn't need this, and government won't get it. But partly that is confirmation bias because the idea they just might get it is ludicrous to me. It would be as pointless as it is shameful.
Speaking privately was not, historically, the bedrock of free speech. For the entire history of the First Amendment, the government has been able to get access to private speech with a warrant: they could search your person, house, papers and, effects and even compel people you talked to to tell the government what you said.
I don't think the government needs encryption backdoors either. But I also don't think they implicate free speech, at least in the First Amendment sense of the concept. That has always focused on protecting public political and artistic expressions, not on making personal communications beyond the reach of law enforcement.
I found 'The Search and Seizure of Private Papers: Fourth
and Fifth Amendment Considerations' (1973) [1] a very interesting read, and draw from it heavily in the following... A more updated brief can be found under '' "Dearest Property": Digital Evidence and the
History of Private "Papers" as Special Objects of
Search and Seizure' (2013) [2]
You're right, and I mispoke, it's not a matter of free speech as it is a matter of ensuring the privacy and security of the individual. However I think it's incorrect to say that for the entire history of the United States they could search your person, house, papers and, effects. This is matter for the 4th and 5th not 1st, starting back with Boyd v United States in 1886, and has seen much movement and refinement in the last 40 years particularly;
The seizure or compulsory production of a man's private papers to be
used in evidence against him is equivalent to compelling him to be a
witness against himself, and, in a prosecution for a crime, penalty or
forfeiture, is equally within the prohibition of the Fifth Amendment.
Both amendments relate to the personal security of the citizen. They
nearly run into, and mutually throw light upon, each other. When the
thing forbidden in the Fifth Amendment, namely, compelling a man to be a
witness against himself, is the object of a search and seizure of his
private papers, it is an "unreasonable search and seizure" within the
Fourth Amendment.
U.S. Supreme Court
Boyd v. United States
116 U.S. 616 (1886)
'Boyd thus created a "zone of privacy that [could] not be invaded by the police through raids, by the legislators through laws, or by magistrates through the issuance of warrants.' (Warden v. Hayden, 387 U.S. 294, 313 (1967))
[T]here are some crimes, such, for instance, as murder, rape, robbery,
and house-breaking, to say nothing of forgery and perjury, that are
more atrocious than libelling. But our law has provided no paper-search
in these cases to help forward the conviction. Whether this proceedeth
from the gentleness of the law towards criminals, or from a
consideration that such a power would be more pernicious to the innocent
than useful to the public, I will not say. It is very certain that the
law obligeth no man to accuse himself; because the necessary means of
compelling self-accusation, falling upon the innocent as well as the
guilty, would be both cruel and unjust; and it would seem, that search
for evidence is disallowed upon the same principle. Then, too the
innocent would be confounded with the guilty'
-- Entick v. Carrington
The sanctity of papers was limited in Gouled in 1921, taken away more fully by Warden in 1967. What was once considered an unwarrantable intrusion into personal privacy, and compulsary self-incrimination, was now considered a reasonable trade-off against personal privacy and sanctioned "after fulfilling the probable cause and particularity requirements of the Fourth Amendment and after the intervention of 'a neutral and detached magistrate.'
In Katz v United States in 1967, In Katz the government introduced evidence of the petitioner's part of a telephone conversation to prove that he had transmitted wagering information by telephone in violation of federal law.87 The Court, while finding the particular search to be invalid since it was not authorized by a warrant, stated:
[I]t is clear that this surveillance was so narrowly circumscribed
that a duly authorized magistrate, properly notified of the need for
such investigation, specifically informed of the basis on which it was
to proceed, and clearly apprised of the precise intrusion it would entail,
could constitutionally have authorized, with appropriate safeguards, the
very limited search and seizure that the Government asserts in fact took
place.
"However, the utterances at issue in Katz were wagering information and thus would be classified as means and instrumentalities of a crime rather than as mere evidence. 2 Furthermore, Katz did not deal with private papers and thus offers little assistance in determining whether there are circumstances in which private papers should be immune from search and seizure."
Diaries, and even private communication, to the extent that they are not instrumentalities and means by which a crime is committed, have long been seen as deserving protection even against seizure with a warrant. "Diaries, for instance, give rise to important privacy interests, are not a substantial means of committing any offense, and need not be seized for the general enforcement of any particular law. Their seizure in whole or part should not be countenanced unless the contents sought to be seized can be described with such particularity that it is clear that privacy interests have already been compromised."
'The positive law has closed its eyes on history. Federal Rule of Criminal Procedure 41 flatly equates “documents, books, papers, any other tangible objects, and information.” The rule plainly contemplates “the seizure of electronic storage media” for “later off-site copying or review.” Today, federal agents may obtain warrants to seize and carry away entire troves of digitally stored private papers and peruse those files at remote locations, one by one. What the leading Whig polemicist denounced as an “abominable outrage,” what the common law condemned as a relic of the Star Chamber, and what no American legislature authorized for the first eighty years of Independence, has become standard law enforcement procedure.' [2]
Note that "speech" here does not really mean "any communication". Conspiring to commit a crime, while technically communication, is not the speech the First Amendment refers to. It's more about expressing (political) opinions publicly. Otherwise, if the First Amendment means you cannot get arrested for speaking freely, why would you need privacy? ;)
They don't have to regulate speech. They can do this purely by regulating commerce, by making it unlawful for Apple or Google to license or sell software or computing devices that don't provide escrow.
The USG doesn't want to eliminate strong crypto. It wants to make it not the default. Notice how the huge "going dark" freakout happened with Apple encrypted phones and messages by default.
How does this even make sense? Until recently, virtually all communications that people had were coercively and deliberately backdoored under CALEA. But wiretaps don't fail a 4A test. Why would CALEA's equivalent in software fail?
I imagine if it did, we'd still be having a similar discussion. Without certain events by the court that reset or reaffirm interpretations, Constitutional "wandering" can run amok (see Interstate Commerce Clause and the War on Drugs).
District of Columbia v. Heller comes to mind, where the court confirmed a particular reading of the Second Amendment. In 50 years they'll probably have to reaffirm it again. Or they could go a different way...
I can easily imagine a bizzaro world where the Fourth Amendment does contain the word privacy, and the court has had to reaffirm or reinterpret what "privacy" means in context over and over.
The comment I was responding to implied the Supreme Court "interpreted" the Constitution to undermine privacy rights. But in fact the opposite has happened: it has inserted privacy rights into the document far beyond what is in the text.
As to your point: the 4th amendment clearly does protect a narrow form of privacy: freedom from government trespass to property. But look at the text: it's clearly a targeted, specific, protection. In contrast, look at the broad language of the first amendment: freedom of the press, freedom of assembly, freedom of speech. The framers used broad language when that's what they meant.
And it's not like private communication is such a novel concept they had no reason to even contemplate it. People tend to think of the cloud and encryption as sui generis but the underlying concepts are not. People in 1776 communicated extensively about sensitive matters by letter and in person. Heck, sometimes they even wrote coded messages! They trusted sensitive business and financial information to accountants, lawyers, merchants, bankers, etc.
And if you think about it, if there was some sphere of private communication that the framers intended to protect even from the reach of a warrant, they could have done so even without the existence of encryption! Instead of saying that the government can search your "papers" with a warrant, the 4th amendment could say that the government can never search your papers. Again, it's not like the idea of private communication was novel to them.
This is really a blend of the fourth and fifth amendments. The fourth amendment protects you from the government randomly seizing your phone, but the right to not incriminate yourself under the fifth amendment is what is used to justify not being able to compel someone to unlock/decrypt their device.
4A can't be at play here, because we're talking about searches accompanied by warrants.
That leaves 5A. But 5A isn't absolute either. You can be compelled to produce all sorts of evidence against yourself. And even the basic privilege of not incriminating yourself has a public safety exception.
I'm not so sure. I keep looking at the states and thinking that it might come to pass. Now, what amendments would get suggested and if they could get approval from 38 states is a different question.
You comfort me. I've been hearing about the idea of a constitutional convention, and somewhat concerned about what might get proposed. But if any proposals have to pass 38 states... yeah, I'm quite a bit less concerned now.
"After being officially proposed, either by Congress or a national convention of the states, a constitutional amendment must then be ratified by the legislatures of, or by ratifying conventions, in at least three-fourths of the states." [1]
Yeah, there is a lot of FUD on this one. Its really not a constitutional convention but more a gathering that will send proposed amendments back to the state legislatures. It is not a rewrite of the Cobstitution.
Uh, a gathering that sends proposed amendments to state legislatures is a Constitutional convention. (And the first Constitutional convention was gathered to do just that for the Articles of Confederation, it just ended up sending back a recommendation to trash the whole thing and start over. The concern that one called to do draft amendments for the Constitution might do likewise has always been one of the reasons people fear calling one, and have generally preferred running specific amendments through the Congress even when its difficult to calling a convention with direction to address a particular concern.)
> I don't know. If the convention had to get it past the states, then they couldn't do anything too crazy, even if they totally rewrote it.
Again, the Constitution itself is an example of why this may not be reliable: The original Constitutional Convention was called to propose revisions to the Article of Confederation, which required such changes to be adopted unanimously by the state legislatures. When it ended up proposing throwing the whole thing out and starting over, the new Constitution it proposed also had a different standard for passage -- requiring only nine of the states to ratify the new Constitution before it went into effect.
People are afraid of a Constitutional Convention arbitrarily rewriting the rules independently of the governing authority because that's exactly what the only one we've had did.
The topics under discussion back in 1787 were fairly foundational, but we have no shortage of hot topics which would surely end up 'needing' to be addressed in a convention.
It's amusing to think with congress as gridlocked as ever, the idea you could touch the constitution with a 10-ft. pole. And of course that's the point, it should take something fairly amazing and universal to get any kind of change through. Diversely conflicting viewpoints are good for some things.
> The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
As such, it would be more accurate to say "Not ALL rights are not enumerated". Some are, some aren't. Those that are have traditionally proven harder to infringe. As such, it's not wrong to explicitly codify a right to privacy in the constitution in order to remove all ambiguity.
It is true. The text you cite is pointing out that rights are rights, enumerated or not. Just because some right happens to be enumerated somewhere does not change the fundamental property of rights that they are not something you must enumerate to have.
> As such, it would be more accurate to say "Not ALL rights are not enumerated".
It would be even more accurate to say -- as regards the meaning of the Ninth Amendment -- that it means that not all rights applicable against the US federal government are enumerated in the Constitution, in that the omission of legal rights recognized prior to the Constitution are not extinguished by mere omission from the Constitution (they might be extinguished by conflicting with enumerated powers in the Constitution.)
I'm not sure its really defensible to interpret the intended meaning of the Ninth Amendment to be that rights exist without being enumerated anywhere. (The closest the Constitution gets to that -- at least, as far as rights that the federal government can't encroach -- is in Amendment X, which does something like that, though its framed in terms of powers rather than rights, by expressly reserving all powers not delegated to the federal government by the Constitution.)
Certainly, some of the same people who were involved in advocating for the Ninth Amendment had expressed the view in other contexts that rights exist independent of enumeration (e.g., in the Declaration of Independence.)
So IANAL, but didn't Griswold v. Connecticut establish that some rights DO exist without being enumerated anywhere? Specifically, that the guarantees in the bill of rights have "penumbras" that imply other rights not explicitly stated in any text (and not necessarily in common practice before the establishment of the constitution), but rather implied by the spirit of the text as a whole.
> So IANAL, but didn't Griswold v. Connecticut establish that some rights DO exist without being enumerated anywhere?
Not really,
> Specifically, that the guarantees in the bill of rights have "penumbras" that imply other rights not explicitly stated in any text
No, the ideas of "penumbras" and "emanations" in Griswold are not nonenumerated rights; they are the full scope of the meaning of particular enumerated rights and products of the combination of those enumerated rights, not rights that exist independent of enumeration.
> Here, as in those other cases, the government had a search warrant for the device, but it was thwarted by the device’s lock screen in executing the search.
> The government cannot impose an unreasonable burden on Apple
And the case EFF cites to for that proposition holds: "We conclude, however, that the order issued here [requiring a telephone company to assist the FBI in wiretapping its customers] against respondent was clearly authorized by the All Writs Act and was consistent with the intent of Congress."
> and it cannot violate the Constitution.
Sure. But the fact that there's a warrant takes away your biggest Constitutional argument--the 4th amendment.
> What’s more, such an order would be unconstitutional. Code is speech, and forcing Apple to push backdoored updates would constitute “compelled speech” in violation of the First Amendment
So the government can't force Toyota to push a firmware update to fix faulty electronic throttles?
> government keeps pushing for “exceptional access” to encrypted devices and communications.
But that's the thing. It's not "exceptional." Since the founding, the compromise is that the government can get at nearly any place that might contain evidence, so long as it has a warrant. Digital privacy proponents are trying to move the goal line, limiting government power in unprecedented ways.
Note bene: I support pervasive encryption and oppose back doors.
The problem here is... well, I'll make an analogy.
I have a safe. The government gets a warrant to search that safe, and since I refuse to help, they get a professional locksmith to open the safe for them.
Now, let's say I have a safe that the government can't figure out how to open without destroying its contents. In response, the government tells the safe manufacturer to start making different safes that the government can open.
Hopefully you see the problem with the second case.
Isn't that already covered by spoilage of evidence, or something along those lines? If i have a magic safe that destroys its contents, I'd be on the hook for maybe Obstruction of Justice? That may or may not be better than losing the contents, but it's not like i could just walk away.
I think this would come down to the purpose of the safe.
If the sole point of the safe can be demonstrated to be defeating law enforcement access then the judge won't look very kindly on you.
If you can make a reasonable argument that the safe was there to prevent thieves and crooks and safe crackers from getting their hands on the contents, you have a stronger case.
Judges don't take lightly to people trying to skirt the law in "clever" ways.
This is easy; you market the safe for the storage of trade secret documents. Getting back to the original issue, Apple can (and does) claim it offers encryption with no backdoors because a backdoor would give hackers a way to get in.
This has always seemed like a moot point to me when the government can demand that they install a backdoor at any point in the future under a gag order. Though this is true for any company anywhere basically.
I think OP meant opening up a safe with some explosives. But let us say it is a magic safe that incinerates the contents if it detects excessive tampering - I am assuming the purpose of which is to protect sensitive documents in case if the entire safe is stolen. Then the safe maker is not liable for obstructing justice any more then a paper shredding manufacturer.
For a more concrete instance, we have the case of a friend of the Boston marathon bombers deleting his search history and getting charge with obstruction of justice[1]. However, that doesn't mean the DOJ can use the Sarbanes-Oxley Act to prevent browsers from allowing the user to delete history.
The safe maker wouldn't be liable, the owner of the safe would be. If there's a warrant for the contents of the safe, but the owner refuses to open it up, then the owner is guilty of whatever law requires you to cooperate with the warrant. Isn't that enough?
Punishing the owner for not giving the government access to the contents of the safe doesn't change the fact that the government doesn't have the contents of the safe, so I guess they might not consider it enough.
My take is as long as said self-destruct feature exists prior and independent of it being used with evidence related to a crime, then spoilage of evidence should not apply. Apple created this feature in their phones for many many uses, just like a knife can be used for many many uses, legal and illegal.
At the end of the day, the evidence need not be destroyed either. It can just sit there concealed in an uninspectable form.
At the end of the day, they may or may not have the evidence they want in their possession. They just can't inspect that evidence.
"Since the founding, the compromise is that the government can get at nearly any place that might contain evidence, so long as it has a warrant."
I don't believe that with regards to the 5th amendment and some rulings, e.g. [1], have held this to be the case. I would like to think my phone applies and workarounds should not even be legal regardless of whether they can.
Note that the term "exceptional access" was originally devised in the CRISIS report from NAS, back in 1996.
> Third-party access has many twists and turns. When it is necessary for clarity of exposition or meaning, this report uses the phrase "exceptional access" to stress that the situation is not one that was included within the intended bounds of the original transaction, but is an unusual subsequent event. Exceptional access refers to situations in which an authorized party needs and can obtain the plaintext of encrypted data (for storage or communications). The word "exceptional" is used in contrast to the word "routine" and connotes something unusual about the circumstances under which access is required.
The report didn't intend to suggest that "exceptional" implied "legally improper" (in fact a subsequent paragraph from the same chapter assumes that government normally has appropriate legal justification for seeking exceptional access).
I'm not sure how that affects your criticism, but I'd just like to point out that we didn't make up this phrase and that we may well be using it correctly in its original sense here. :-)
It was apparently also always true in American history that people could use secrecy technologies to try to obscure their communications from any unintended recipients.
So one could also argue that surveillance proponents are trying to expand government power in unprecedented ways by questioning people's right to use technical means to protect the confidentiality of their communications. (Both things could be true at the same time!)
Since the founding common people have not had access to mathematically unbreakable encryption. This is a new era and new legal doctrines will have to be developed. Privacy activists are trying to influence this process, if they were just trying to overturn established case law the courts would be throwing out all these cases.
> so the government can't force Toyota to push a firmware update to fix faulty electronic throttles?
You're kidding, right? So, we're now ok not only with the government tellin us what we can't do (which is a good thing - e.g., murder, robbery, etc.), but also with them telling us what we have to do (other than taxes, license, etc.)?
This is what fines and criminal charges are for. That's how our legal system works, and how it works in most of the civilized world. If Toyota wants to not fix the cars, that should be their prerogative. What if they want to instead buy the victims new cars instead? If they do nothing to remedy the situation and people die, they risk criminal negligence charges, etc. That's how things work, and they work quite well this way. The last thing I want is for the government t to come into my place of business and actually force me to do something.
>but also with them telling us what we have to do (other than taxes, license, etc.)?
The "fixing faulty firmware" sounds like it would fall under some minimum warranty law. Not "the government can arbitrarily force firmware updates", but "the government can demand firmware updates in the context of enforcing a specific law"
Surely not. The example given was a faulty throttle on a car. If that breach of warranty results in serious injury or damage to others, I suspect you'd want more than a refund.
> So the government can't force Toyota to push a firmware update to fix faulty electronic throttles?
No, of course they can't (or, rather, should not be able to). Nor can they compel the production of such a firmware update in the first place, let alone pushing it. For the particular case of vehicles, since the government controls licensing of cars on roads, they can deny or withdraw such licensing entirely on safety grounds, and since the manufacturer doesn't want any of that to happen they'll produce and push firmware updates instead. That's the government saying something you can't do again: you can't drive an unsafe vehicle on public roads where you could potentially hurt people, which seems perfectly reasonable.
> the compromise is that the government can get at nearly any place that might contain evidence, so long as it has a warrant.
Encryption and electronic access controls aren't a "place"; the analogy does not hold. If they serve up a warrant, they can take the locked device, and they can have all the encrypted bits they want. I would argue that attempting to force decryption or backdoors would represent an expansion of warrant powers, or "moving the goal line"; preventing that simply keeps the goal line in place.
> So the government can't force Toyota to push a firmware update to fix faulty electronic throttles?
No the government should not be allowed to force such things. Civil liability lawsuits should be enough to get Toyota to willingly act in its own self interest by making a good faith effort to remedy a mistake it made.
If I recall you can use a Map Legend to protect yourself, but I cannot recall the case. Some person made a legend to safe guard his password. He was force to hand over his legend but did not have to tell (FBI/CIA) how to decipher it. Anyone know what I'm talking about. Sorry if this is off subject, just thought it might be interesting to look up.
"As the Ninth Circuit put it in a case interpreting technical assistance in a different context, private companies' obligations to assist the government have “not extended to circumstances in which there is a complete disruption of a service they offer to a customer as part of their business.”
It wasn't the case with Lavabit; there is obviously some point at which businesses are expected to properly architect their encryption solutions in order to comply with lawful search warrants. Would have been nice for the article to raise that counter-point and maybe try to address where exactly the line is drawn?
The point is Lavabit wasn't an 'All Writs' issue, if you get a search warrant against the company for data held by the company (e.g. the unencrypted iCloud backup) then it's a completely different expectation of compliance.
Does this or the WaPo article address if Apple possessed an iCloud backup of the device?
> there is obviously some point at which businesses are expected to properly architect their encryption solutions in order to comply with lawful search warrants
What do you mean by that? That they aren't allowed to provide end-to-end encryption that they can't decrypt? (I know that's not exactly what Lavabit did.)
At least one big difference is ownership. With lavabit, the company owned the code and infrastructure that was used in a "crime". With an iOS device, Apple has sold the device to an individual who is now responsible for that device. That's a huge difference.
The government has been using third-party doctrine as a weak link to exploit to get stuff it wants. Apple essentially removed themselves from the situation so that they are no longer a third-party responsible for the desired data.
reply