Views on the Apple Encryption Debate and Where the FBI Goes Now From Indiana University Maurer School of Law Professor Fred H. Cate

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

The government recently asked to drop its attempt to force Apple Inc. to help it unlock an iPhone 5c from the San Bernardino, Calif. terrorist attack after it reported that a third party had helped it access the encrypted data. But the debate rages on between consumer protection through encryption versus law enforcement access to data and how the FBI might attempt to use in other cases its newfound ability to hack certain iPhones.

Bloomberg BNA Privacy & Data Security News Senior Legal Editor Daniel R. Stoller interviewed Fred H. Cate, distinguished professor and C. Ben Dutton Professor of Law at the Indiana University Maurer School of Law, on the legal battle between the FBI and Apple and where the state of encryption is headed. Cate has been an adviser for Microsoft Corp., Department of Homeland Security and the Department of Defense, among many others.

Following is a lightly edited transcript of the interview.

Bloomberg BNA:

Will the FBI use the iPhone vulnerability in other cases and if so do they have the legal authority to do so?

Fred Cate:

I think it is a certainty that FBI will use the hacking tool in other cases. If they have an ability to get data they will use it. And from their point of view, it would be criminal not to collect data on suspected terror threats. If you are fighting for the security of the country and can access data, why would you not use all available avenues?

As for legal authority, they have a broad range of authority that extends beyond warrants and court orders—such as the use of National Security Letters. These letters are sent to companies requiring them to disclose information. The company must provide information and it becomes classified.

The authority comes from Congress and requires regular reporting over its use. However, the FBI has a long history of exceeding authority, even if it is for the best of motives. At times it has sent out ‘exigent letters' ordering companies to disclose data, without any legal authority to back them up.

Most of the other intelligence agencies have given up on the notion that there is going to be a limit on encryption, except for the FBI.

Bloomberg BNA:

How will Apple respond to future requests to access encrypted data on iPhones or other devices?

Cate:

Even though the San Bernardino case is over, the encryption debate is even more so alive (46 Privacy Law Watch, 3/9/16) (15 PVLR 556, 3/14/16).

Currently, Apple is winning a case in Brooklyn over data on a drug dealer's encrypted iPhone (46 Privacy Law Watch, 3/9/16) (15 PVLR 556, 3/14/16). The judge hasn't been persuaded that the All Writs Act would require Apple to help break into the drug dealer’s devices. Pro-encryption outcomes will only intensify Apple’s desire to fight with the FBI.

We will keep seeing different cases—be it an iPhone or another device—over encryption and each case may have separate outcomes depending on the facts. Eventually, the U.S. Supreme Court will have to rule on if the All Writs Act is appropriate to get this kind of information. The government will make the argument that old laws will cover new technologies.

I think the Supreme Court will rule against agencies using the All Writs Act to obtain encrypted data. New technologies will call for new laws and new limits, and therefore will put pressure on Congress to act.

Technologically, Apple will attempt to make their devices more secure. They probably already have improved iPhone data encryption so the new hacking tool wouldn't work. Because of the fight with FBI, Apple will throw a lot more resources at strengthening encryption with iPhone software.

“I think the Supreme Court will rule against government agencies using the All Writs Act to obtain encrypted data. New technologies will call for new laws and new limits, and therefore, will put pressure on Congress to act.”

Bloomberg BNA:

Do you think Congress is capable of handling the encryption debate?

Cate:

The debate is moving so fast and Congress acts so slowly.

They need to take a sensible approach and keep partisan politics out of their decision. If they can’t agree to at least hold a hearing over the Supreme Court vacancy, how can they possible handle the more complicated encryption debate without outside help.

I think a sensible approach would be the national encryption commission over the politically motivated bills that are currently before Congress.

“The FBI should share the hacking tool with Apple for this reason: the data is certain to be discovered or stolen by someone else. The FBI has made a public announcement to the hackers of the world that there is a vulnerability in certain iPhones.”

Bloomberg BNA:

Do you think the FBI should share the hacking tool with Apple or other federal agencies and are there external threats if they keep this information secret?

Cate:

I think on the whole that they should share it with Apple for this reason: the data is certain to be discovered or stolen by someone else.

The FBI has made a public announcement to the hackers of the world that there is a vulnerability in certain iPhones. You must assume that there are tens of thousands of hackers that are looking for this vulnerability.

Hactivists may also start going after the FBI because they pressured Apple to unlock the terrorist’s iPhone. The FBI has shown in the past it has vulnerabilities to hacks—such as their website being breached.

As for other agencies, everyone in Washington will want to know how to hack into iPhones.

Bloomberg BNA:

In the wake of the Belgium terrorist attacks, do you think the encryption debate will spill over to the European Union?

Cate:

Europe is in an incredibly conflicted position. The EU has a very strong data protection tradition. They claimed a lot of outrage over the 2014 Snowden NSA disclosures. On the other hand after the recent attacks, there is more sentiment for collecting and using data for law enforcement purposes.

One might fear that the Europeans will point fingers at the FBI and Apple, when in reality they will want to collect the same information to stop future attacks.