CALEA defines the circumstances under which private companies must create systems to assist law enforcement in its investigatory efforts, as well as the circumstances where such providers are not and cannot be required to build programs and systems to enable law enforcement access.
In other words, CALEA has limiting principles. That’s good since those limits came from Congress, and they give the lawyers a framework for their arguments.
CALEA has specific language about encryption: Telecom carriers “shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communications encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.” Apple says that Farook chose to encrypt the phone by setting a passcode, and that Apple doesn’t possess the information necesary to decrypt it—that’s what the government is asking for.
To put a finer point on it, since the phone in question was provided by his employer, it’s very likely that his employer required him to use a passcode—which his employer could have easily reset at any time by using even the most basic of multi-device managment practices.
And to put an even finer point on it, while Apple is a “communications company” under CALEA, it is not legally considered a “telecommunications carrier,” and so the language about carriers not being responsible for decrypting doesn’t apply to Apple. So, the filing argues, “If companies subject to CALEA’s obligations cannot be required to bear this burden, Congress surely did not intend to allow parties specifically exempted by CALEA (such as Apple) to be subjected to it.”
In fact, when CALEA was passed, this very question came up in the debate. From Apple’s filing:
During congressional hearings on CALEA, then-FBI director Louis Freeh assured Senator Leahy that CALEA would not impede the growth of new technologies. When Senator Leahy asked whether CALEA would inhibit the growth of encryption, he responded, “this legislation does not ask [companies] to decrypt. It just tells them to give us the bits as they have them. If they are [en]crypted, that is my problem.”
Now Judge Pym has some time to read and consider all of these filings before the scheduled March 22 hearing in Riverside, California. We’ll be keeping a close eye on this, but we want to know what you think. Has Apple made a compelling case to dismiss the order? Let us know in the comments.
Sign up for CIO Asia eNewsletters.