It is touching that a NSA lawyer cares so deeply about Apple and Google's business model.
BlackBerry fucked up their business the old fashioned way -- by screwing up. They were an early player that listened too closely to their early adopter customers. These customers, including the banks and federal government, cared about stuff like keyboards and CAC integration.
I've worked in very large IT environments, and users of our networks occasionally commit crimes, including heinous crimes that disgust me. Either way, when counsel tells me that we have a lawful warrant, we have a duty to provide the data. The argument put forth by this clown is complete bunk.
This is exactly what I was thinking. It's incredibly frustrating that this guy is spewing complete garbage. Hopefully the public (probably not true) is starting to see through this crap and realize this is a last ditch effort to attack companies trying to do the right thing.
What Baker is trying to express is that companies like Apple could be shooting themselves in the foot with corporate sales if the data sitting on devices they're manufacturing can't be handed over when counsel tells you that there's a valid warrant. If Apple says the data on the phones is completely secure and not even the cops can get to it, then that means IT can't get to it when directed to, either. Management might not like that so much.
Apple and Google are merely absolving themselves of being involved in the legal matters of others.
The third-party doctrine basically forces third-parties to be legally culpable for discovery. Google and Apple don't want to be legally responsible anymore, so they've pushed the responsibility for complying with counsel to the end-user.
i.e. instead of law enforcement going to Google and Apple and saying "I have a legal right to search X. Hand it over.", law enforcement now needs to go up to the person whose papers and effects are being searched and ask the same thing.
Had the founding fathers been aware that the notion that one day third parties would become responsible for the papers and effects for millions of citizens, it's reasonable to assume the warrants would have had to be issued in a way where the subject of the warrant would at least have a right to know they were the subject of a warrant. With third-party doctrine, the government got the benefit of issuing warrants to entities unlikely to protest because protecting the rights of others incurs a cost.
Third-party doctrine has been a civil liberties disaster because it decoupled the recipient of the warrant from the subject of the warrant. That decoupling has lead to a scenario that deprives millions of people the right to contest a warrant in court because they might not even know such a warrant was ever issued.
It's not like Google and Apple are taking away the government's ability to issue warrants. They are just removing themselves as a third-party. The government now needs to go directly to the person who possesses the phone and issue a warrant to that person.
> i.e. instead of law enforcement going to Google and Apple and saying "I have a legal right to search X. Hand it over.", law enforcement now needs to go up to the person whose papers and effects are being searched and ask the same thing.
Which is entirely the wrong way to conduct a criminal investigation. How effective can the police really be when they have to go to suspect and say "We've got enough evidence to suspect you of a crime and get a warrant, but not enough to convict. Can you please hand over all evidence that would further incriminate you?"
> It's not like Google and Apple are taking away the government's ability to issue warrants.
Eh? Police do that routinely. How do you think they get evidence to prove a building was a meth lab or crack house? They get a warrant, bust down the door and go inside. How do you think they get internal business documents when prosecuting white collar fraud? They get a warrant or subpoena and force the potentially guilty parties to hand over documents.
I'm not sure why this seems like a radical departure. "The cloud" is a very recent phenomenon. Up until quite recently almost all interesting documents were held only by the suspect parties themselves.
The two situations aren't analogous - in both my cell phone example and your meth lab example the police need warrants, but they don't need the owner's permission to bust open the door to a meth lab, and they can't bust open the login screen on an encrypted iPhone without the owner voluntarily decrypting it.
I linked to some case law examples in a previous comment[1], but basically the cops can't force you to decrypt an encrypted device because of your 5th Amendment rights, except in the rare case where you've already admitted that incriminating evidence is stored on that device (thus waiving your right to not self-incriminate).
In your white collar example, they're not demanding the suspect turn over the documents, they're demanding the employer turn over the documents, which would imply that a third party already had access to the unencrypted documents and was willing to cooperate with the police.
I think they are analogous - police usually start by asking nicely if they can search your home, and only get rough if you refuse.
WRT decryption the USA is currently in a weird spot: some countries don't have the same hangups about forcing people to reveal encryption keys or unlock codes if there is a valid warrant or court order. I think the USA will go the same direction; if I understand American history correctly the purpose of the 5th Amendment was to avoid people being coerced into giving false testimony? It doesn't really apply to things like combination locks or passwords where there's no coercion risk so the original reasoning behind the amendment would not apply.
My white collar example was thinking about banks, anti-trust and other such things where the suspect is the organisation as a whole.
The self-incrimination clause in the U.S. Constitution is rooted more in preventing the government from using coercion than it is in concern over the veracity of any testimony obtained through that coercion (of course torturing people into confessing crimes they did not commit is a major historical motivation for the provision, but mechanistically, it is not concerned with truth).
When it comes to a locked safe, the U.S. Supreme court still muses about whether revealing the combination to a lock is testimonial. For instance:
The law is still developing here, but personally, I'd prefer that it develop in a way consistent with long standing principles.
The approach the police want is to be capable of spying on everyone, then making a mockery of the justice system by constructing a plausible case based on illegally gathered evidence.
I think that the NSA's has a national security responsibility that may justify the extraordinary power that they are invested with. The problem is that their close collaboration with law enforcement is causing their "ends justify the means" culture to leak into law enforcement. How can we expect law enforcement to enforce the law if we're ingraining contempt for the law into their operating process?
the cops can't force you to decrypt an encrypted device because of your 5th Amendment rights
I don't believe this is quite correct.
AIUI, they cannot demand that you hand over the password as such, because that is tangential to the case - it's a third piece of information that has no bearing. But they can sit your down and tell you that you must unlock it for them - enter the password yourself - under penalty of the law.
> but basically the cops can't force you to decrypt an encrypted device
While true in the US, this isn't the case in all jurisdictions. For example refusing to decrypt or supply keys in the UK can land you up to two years in jail.
That is exactly how you conduct an investigation. You gather evidence establishing cause to search, get a warrant to conduct the search and get your evidence.
When the police seize your property, you're going to be compelled to provide access, or you'll be held in contempt until you do.
It does make to harder for a traffic stop to turn into a fishing expedition, but that's the point of the 4th amendment.
Warrants have never been a guarantee of producing evidence. If a prosecution relies in information alone, and that information is impossible to obtain, maybe it's not a good candidate for prosecution.
If as a company, you aren't managing your devices, (trivial to do at low cost via MDM) there is no difference between encrypted/unencrypted -- you're reliant on the custodian of the phone to do the right thing when turning over the device.
Baker wants the US to have the same access to data that Saudi Arabian or Indian law requires, except in those countries there is actual law requiring this. NSA/et al prefers "gentleman's agreements" backed by some broadly defined law that is impossible to contest in open court.
> If as a company, you aren't managing your devices [...] you're reliant on the custodian of the phone to do the right thing when turning over the device.
Precisely - and companies aren't going to want to purchase phones that they can't manage. Of course, this might be a moot point; I've never seen a company-issued iPhone before, so maybe Apple doesn't even want to be in that market (I might just be hanging around the wrong people, though).
> NSA/et al prefers [...]
While encrypting data while it's transiting the internet might have an effect on the NSA, encrypting data stored locally (like with the iPhone encryption debacle) won't affect them at all. When was the last time the NSA had your phone in its possession? It will affect criminal investigations. I think Apple would have stirred up a lot less controversy if they had marketed their encryption as protecting the data on your lost phone from criminals instead of marketing it as protecting it from the cops.
The US tech industry as a whole has shot itself in the foot by being suspected of complicity with US spy agencies in providing back doors and overt assistance. Any government or enterprise that values autonomy relative to US policies would avoid US tech products.
BlackBerry fucked up their business the old fashioned way -- by screwing up. They were an early player that listened too closely to their early adopter customers. These customers, including the banks and federal government, cared about stuff like keyboards and CAC integration.
I've worked in very large IT environments, and users of our networks occasionally commit crimes, including heinous crimes that disgust me. Either way, when counsel tells me that we have a lawful warrant, we have a duty to provide the data. The argument put forth by this clown is complete bunk.