TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | With increased government data requests, Congress should act Related reading: Why the Apple crypto case goes beyond one company’s privacy battle

rss_feed
PrivacyTraining_ad300x250.Promo1-01
GDPR-Ready_300x250-Ad

U.S. technology companies continue to find themselves in the difficult position of attempting to both honor legitimate law enforcement data access requests and maintain the privacy and trust of their customers. Microsoft and Apple were exhibits one and two on Thursday, demonstrating how outdated laws are bumping into rapidly advancing technology and security, illustrating the growing need for U.S. Congress to act.

The most talked about privacy issue, of late, is Apple’s legal battle with the Department of Justice, which took a new turn late Thursday afternoon when Apple filed a briefing asking the court to vacate a motion to compel it to provide the FBI with technical assistance in unlocking the iPhone used by one of the San Bernardino shooters.

But Apple's case, in one sense, isn't an isolated one. It's part of a larger issue that sees technology companies butting heads with outdated laws around the world. 

The other ongoing legal battle is between the DoJ and Microsoft and involves a suspect’s emails that happen to be stored on a server in Ireland, as well as a growing international trend that pits local law with international data transfers.

In both instances, the tech companies are not only taking on the DoJ in courts, but also asking for Congress to help come up with a solution.

Apple’s formal response asking the court to vacate its demand means there will be a long legal battle – like the one Microsoft is currently embroiled in with the DoJ – that may run all the way to the U.S. Supreme Court, something Apple CEO Tim Cook said the company is prepared for.

And Apple is not alone in its battle, as a number of large tech companies – including Microsoft, Google, Twitter, Facebook, and Yahoo – said they’d provide the court with amicus briefs in support of Apple in its case against the DoJ.

Verizon also said they support Apple’s efforts. Thus far, telecommunications companies have been silent, or suggested they support U.S. law enforcement on the government access issue. Verizon, however, was clear in its support, which came from Chairman and CEO Lowell McAdam. “The case with Apple presents unique issues that should be addressed by Congress, not on an ad hoc basis,” McAdam said.

Even FBI Director James Comey has said Congress will have to take some sort of action. Testifying in front of the House Intelligence Committee, Comey said, “The larger question isn’t going to be answered in the courts, and shouldn’t be … It’s really about who we want to be as a country and how do we want to govern ourselves.” The comments echoed the director’s comments in a Lawfare blog posted last Sunday night.

At nearly the same time on Capitol Hill on Thursday, Microsoft President and Chief Legal Officer Brad Smith testified in front of the House Judiciary Committee on law enforcement access to international data requests, arguing that U.S. law – particularly the 1986 Electronic Communications Privacy Act – needs to catch up with technology. To illustrate the widening gap, Smith brought with him several props, including an IBM computer from 1986 and an adding machine from 1911 – the last time the All Writs Act was updated.

When ECPA was passed, “Ronald Regan was president, Tip O’Neill was Speaker of the House, and Mark Zuckerberg was two years old,” he said.

Microsoft, like many other companies, is increasingly facing legal conflicts when doing business internationally. Smith cited two recent examples that illustrate how the law does and does not work. After the Charlie Hebdo attacks in January 2015, Microsoft worked with the FBI and French government to turn over two of the shooters’ emails. The process, he pointed out, went through an international legal process and only took 45 minutes to get the data to the French authorities.

“That was a day when the system worked,” Smith said. “But unfortunately, that has become the exception and not the norm.”

brad smith

Microsoft President and Chief Legal Officer Brad Smith

A second case – what Smith calls the “norm” – involves local authorities in Brazil, who want data on a local suspect. Through a Brazilian court order, the local Brazilian authority has requested that Microsoft provide them with data that is stored in the U.S. Doing so, Smith points out, would be illegal under U.S. law. As a result and because the Brazilians have not turned to an international process, Microsoft is facing fines and one of its executives criminal prosecution from the local authority. 

“And unfortunately, that kind of case is spreading,” he said. “It’s spreading because other governments, including the United States government, are using unilateral legal process rather than international legal process to obtain data around the world.”

Solutions to the issue are out there, he said, including through the LEADs Act – currently pending in Congress – in updating the Mutual Legal Assistance Treaties as well as other new international treaties “designed and built for the 21st century. All of this requires action by the executive branch,” Smith said, “but it requires action by Congress as well.”

The root cause of all of this, he testified, is that U.S. law is old and outdated.

Old law and its role enforcing government access to modern technology is also being argued in the Apple case. Apple argues that the All Writs Act – passed in 1789 – does not give the DoJ power to compel the company to create new software that essentially hacks its built-in security. “Congress has never authorized judges to compel innocent third parties to provide decryption services to the FBI,” Apple argues in its motion to vacate.

But for the DoJ, the government has long had the authority to compel innocent third-party companies to assist in an investigation. In response to Apple’s filing yesterday,  DoJ spokeswomen Melanie Newman said, “The Justice Department’s approach to investigating and prosecuting crimes has remained the same. … The change has come in Apple’s recent decision to reverse its longstanding cooperation in complying with All Writs Act orders.”

Though Microsoft’s Smith presented a number of possible solutions for updating U.S. law and international treaties for dealing with law enforcement access to data stored in different countries, a solution to the Apple case may be a ways off, if possible.

Some lawmakers have proposed legislation to help with parts of the issue. Rep. Ted Lieu, D-Calif., has offered the ENCRYPT Act, which would preempt state laws that would ban encryption in smartphones. And just this week, Sen. Mark Warner, D-Virginia, and Rep. Michael McCaul, R-Texas, announced they will offer legislation that would create a commission – similar to the 9/11 Commission – to help find potential solutions to the encryption issue.

Even if passed, however, the report that would come out of the commission would take a year. In the meantime, Apple will make a rare appearance on Capitol Hill next week, when Senior VP and General Counsel Bruce Sewall testifies in front of the House Judiciary Committee to discuss what's being called "the encryption tightrope." 

There's clearly much work to be done, and it's increasingly looking like it's the U.S. Congress that has work to do, but with tight congressional races already underway, and a big unknown as to who will be the next president of the United States, it may be the courts who provide ad hoc and incomplete results for businesses and law enforcement. And that's not good for either side. 

Top image courtesy of Microsoft 

3 Comments

If you want to comment on this post, you need to login.

  • comment Michaela Barry • Feb 26, 2016
    Interesting article.  One important note, however, and the reason why the Apple case is completely different from other cases stems from the difference between providing access to data, and rewriting an operating system to bypass firmware based security in order to create a "Master Key" that could be used by anyone for any similar iPhone.  The court did not ask Apple for "technical assistance."  The court essentially demanded that Apple act in a manner that would damage its key business model, harm its shareholders, AND compromise privacy for all users of iOS.
  • comment Jedidiah Bracy • Feb 26, 2016
    Thanks, for the insightful response, Michaela. I agree that the Apple case is unique and have reported on that in recent articles. My point here is that the Apple case is part of a larger trend of tech companies running into antiquated laws that are ill-equipped to appropriately deal with modern business models. I thought it was telling that while the FBI was testifying about encryption, nearby, Microsoft was testifying about how the law is putting them in an untenable position with government access to data. It was a connection I felt needed to be made. That said, the Apple case is truly fascinating and precedent-setting, and I'll be following it very closely. More to come from me for sure.
  • comment drotts joel • Feb 29, 2016
    What is wrong with some of these Senators and legislators? It's literally like they forgot what it is to be American, as they trample upon the Constitution and it's protections of privacy rights and binding an over intrusive government. Maybe those Legislatures and elected officials need to read the Constitution once again, because the same document they claim to be "bendable" "outdated" or "a general suggestion on how the law should function," is the exact same document giving their office the authority it holds! Maybe we the people will decide that since our so called leaders have decided the Constitution can be so loosely interpreted and a mere suggestion as to our privacy rights, then so to may we come to view the powers and authority the Constitution grants their office as an American elected legislator. It is after all the same document, and what is good for the goose has always been what's good for the gander! 
    
        As to the ban on cryptology software.... ARE YOU NUTS!!!! Why must the people allow the government to view our phone records and files? It is akin to demanding all citizens give a copy of their house and car keys to their local police departments, and do so on the premise that we are to "trust our government." Are you nuts??????? Senators, newsflash, the credibility of any and all government is at an all time low in this country. Mostly due to your pissing on the Constitution, which continuously hurls this country to  the possibility of no longer in fact being a country or at least the one these legislators wish to think it is. Wake up, back off our rights, get a clue, or get clued out!!!! Jerks!!!!!