A View from Woodrow Hartzog
The Feds Are Wrong to Warn of “Warrant-Proof” Phones
Throughout history, communications have mainly been ephemeral. We need to be sure we can preserve that freedom.
If you’ve been paying attention to the fight between Apple and the FBI over the San Bernardino shooter’s iPhone, you’ve probably heard the term “warrant-proof phones” thrown about in an ominous way. In his testimony before the House Judiciary Committee on March 1, FBI director James Comey said, “We’re moving to a place where there are warrant-proof places in our life … That’s a world we’ve never lived in before in the United States.” In its response to a court filing Apple made in California, the government claimed that the “modest burden” Apple faces in complying with the FBI’s request is “largely a result of Apple’s own decision to design and market a nearly warrant-proof phone.”
This is a curious argument. For most of mankind’s history, the overwhelming majority of our communications were warrant-proof in the sense that they just disappeared. They were ephemeral conversations. Even wiretapping was limited to intercepting phone transmissions, not retrieving past conversations. For law enforcement purposes, encrypted phones are equally inaccessible: no one can recover information from them. But Comey’s description of warrant-proof technologies is vague enough to apply to many different things. We should use a different term if we care about preserving the ephemerality of some communications. Otherwise we might end up with a requirement to store everything.
Right now, there are essentially three types of information technologies that matter to law enforcement:
- Those that make data accessible to the government when it has a warrant or has complied with some other form of due process.
- Those that make data inaccessible to both government and manufacturers. Think of these as lockout technologies.
- Those that fail to store information as data or that systematically and completely erase data after a brief period. These are ephemeral technologies.
Most modern information technologies fall into category 1. This is why law professor Peter Swire and privacy scholar Kenesa Ahmad have dismissed the government’s fears of “going dark,” arguing that we actually live in the “golden age of surveillance.”
The iPhone was in category 1 before 2014, when Apple strengthened its encryption practices. Now the company is trying to get the devices into category 2. Apple could help the government unlock San Bernardino shooter Syed Farook’s phone. But is Apple is going to be allowed to design a phone that it truly could not break into even if it wanted to? Will legislatures deem data too valuable to be forever imprisoned on a hard drive?
If so, a new problem will arise, given that both lockout and ephemeral technologies are “warrant-proof.” Unless there is some kind of clarity from legislatures, the only realistic way to ensure legal compliance could be to design technologies that record and store everything. Consider assistance technologies like the Amazon Echo, which are designed to “always listen” for words like “Hello, Echo” but do not fully process, store, or transmit what they hear until they are activated. For law enforcement purposes, most of the information the devices listen to is functionally impossible to recover. Does this mean legal authorities should consider Echo a warrant-proof technology? The emergence of the Internet of things is shrinking the number of “dumb” objects by the day. The government has requested laws that mandate data retention for over 10 years. Must all technologies be built to ensure that what they hear is retained and made available for law enforcement’s inspection?
Warrant-proof technologies are not inherently bad. Both ephemeral and inaccessible technologies free us to explore, inquire, and play in ways that have always been necessary for human development. If we care about the freedoms that being warrant-proof gives us, we should find a more measured way to talk about facilitating law enforcement’s access to information. Otherwise we might find ourselves wondering how we wound up saddled with the concept of permanent data retention.
Woodrow Hartzog is an associate professor at Samford University’s Cumberland School of Law and an affiliate scholar at Stanford Law School’s Center for Internet and Society.
Hear more about security at EmTech MIT 2017.Register now