It sits in your house, passively recording everything you say. It knows what you like. It knows what you listen to. It knows what you buy. It knows who’s in the room with you. And now, it might tell the police all about it.
“It” is the Amazon Echo, a revolution in the “internet of things.” The Echo is a smart speaker that connects directly to Amazon’s cloud-based personal assistant service, Alexa. It can play music; give you the traffic, weather, and news; handle your shopping; put things on your calendar; play games; and even respond appropriately to a wide array of cultural references, all in response to voice commands. If you have the right add-ons, Alexa can even control your entire home, dimming your lights, adjusting the thermostat, and locking the doors.
It does this by passively listening for a given activation phrase—the default is “Alexa.” Generally, Alexa does not record anything else (although it may store up to sixty seconds at a time in a buffer). Once it hears its name, Alexa will begin recording and will send what follows to Amazon for processing—both to respond to a given request, and to store to improve responsiveness later. On one hand, this means that Amazon is not actually recording everything you say, but only those specific commands directed to Alexa. On the other hand, it means that Alexa is always listening.
This became relevant in a recent murder case in Bentonville Arkansas, in which police obtained a warrant for recordings from Amazon of commands given to the suspect’s Echo. It is far from clear what police hope to gain from these recordings; they have a large amount of traditional evidence and, unless the murderer specifically asked Alexa for help, the recordings are unlikely to be incriminating. Nevertheless, an attempt by police to seek recordings from a device that is virtually always listening to us in our homes is extremely disturbing.
These efforts are made even more concerning by recent court rulings on cell phone location data. According to two federal appellate courts, because cell phones send this information to a third party (that is, to cell phone and app providers), it is not considered sufficiently private for protection from searches and seizures. That means that police can access this data—which often allows an individual to be physically tracked from moment-to-moment—without even requesting a warrant.
If this principle is upheld by the Supreme Court (which, so far, has refused to consider the issue), it would mean that police could access daily recordings from the privacy of your own home on little more than a hunch and an informal request. Though many may say they have nothing to hide, I doubt most of us would be comfortable knowing a police officer was looking over our shoulder twenty-four hours a day.
There is one barrier to that terrifying outcome, which is that Amazon has refused to comply with the Bentonville warrant and officers there have decided not to press the issue. Like Apple, Amazon has taken it upon itself to protect its customers’ privacy. But a private company cannot be expected to be the defender of its customers’ civil rights forever.
But until the law catches up to the state of technology, every one of our devices is capable of being turned into an informant against us. And though Alexa can do a lot, it has yet to learn how to invoke its Fifth Amendment right to remain silent. Until it does, you might want to think twice before inviting Alexa–and potentially the police–into your home.
FBI Director James Comey took a rare break from the posturing typical of investigators and prosecutors in the current showdown between Apple and the FBI. While prosecutors argue that Apple’s privacy concerns are a smokescreen to avoid “assist[ing] the effort to fully investigate a deadly terrorist attack,” Comey posted a statement over the weekend in which he took the position that the tension between security and privacy “should not be resolved by corporations that sell stuff for a living. It also should not be resolved by the FBI, which investigates for a living. It should be resolved by the American people deciding how we want to govern ourselves in a world we have never seen before.”
Comey’s statement highlights a crucial problem with the development of privacy law: it often is developed in the context of important criminal cases. This comes at a real cost. We all know that Syed Farook committed a horrific crime, and any rights he once had against government searches are now forfeit. But though Apple may have chosen to serve as a limited proxy for its consumers in the San Bernardino case, often the interests of private citizens are wholly absent from the courtroom (or, often, judge’s chambers) when issues of fundamental privacy are debated.
This leads to a serious imbalance: Apple is talking about the diffuse privacy rights of its consumers and the risks of potential incursions by more restrictive, less democratic governments such as China. On the other hand, Manhattan District Attorney Cyrus Vance can point to 175 Apple devices that he cannot physically access even though those devices may contain evidence helpful to the government.
New York Police Commissioner Bill Bratton and one of his deputies put an even finer point on it in an Op-Ed in The New York Times, citing a specific case of a murder victim in Louisiana (more than one thousand miles outside of Mr. Bratton’s jurisdiction) whose murder is unsolved because officers cannot unlock her iPhone, which is believed to contain her killer’s identity. “How is not solving a murder, or not finding the message that might stop the next terrorist attack, protecting anyone?” asks Bratton.
But in assuming that private citizens have no greater fear than whether the police can investigate and prevent crimes, Bratton begs the question. In reality, citizens may see law enforcement as a threat of itself. Learning that the NSA was engaging in comprehensive warrantless surveillance likely has given many law-abiding Americans a greater incentive to protect their data from being accessed by the government. Indeed, in light of the NYPD’s record over the last few years—including a finding by a federal judge that they were systematically violating the rights of black New Yorkers and a lawsuit over religion-based spying on Muslims—it is not hard to see why citizens might want protection against Bratton’s police force.
But even if the police were the angels they purport to be, opening a door for a white hat can easily allow access to a black one. Less than a year ago, hackers used a “brute force” approach to exploit a flaw in iCloud’s security, and dozens of celebrities had their private photos shared with the world. These sex crimes are all but forgotten in the context of the San Bernardino shootings, even though the security weakness the FBI wants installed in Farook’s iPhone is markedly similar to that exploited with respect to iCloud.
Nor do those who wish for privacy need to invoke hackers or criminals. A private, intimate moment with a spouse or loved one; a half-finished poem, story, or work of art; or even a professional relationship with a doctor or mental health professional cannot exist unless they can remain private. Once these interactions took place in spoken, unrecorded conversations or on easily discarded paper; now many of our daily activities are carried out on our mobile devices. Even if one has nothing to hide, many citizens might balk at the prospect of having to preserve their private conversations in a format readily accessible by the police.
But if Mr. Comey has shown unusual insight, Mr. Bratton’s one-sided, myopic question illustrates the importance of Apple’s position and the inability of law enforcement officials to be objective about the interests at stake. Police and prosecutors are not always your friends or your defenders. Their goals are—and always will be—investigating and solving crimes and convicting suspected criminals. The less an officer knows, the harder it will be to investigate a case. As a result, privacy rights—even when asserted by innocent, law-abiding citizens—make their job more difficult, and many officers see those rights as simply standing in their way.
This is hardly news. Nearly sixty years ago the Supreme Court observed that officers, “engaged in the often competitive enterprise of ferreting out crime,” are simply not capable of being neutral in criminal investigations. For precisely that reason, the Fourth Amendment requires them to seek approval from a “neutral and detached magistrate” before a search warrant may issue.
That is why Mr. Comey’s acknowledgement that the FBI is not a disinterested party is so refreshing. Pro-law-enforcement voices have been clamoring to require Apple to compromise the security it built into the iPhone, invoking their role as public servants to buttress their credibility. But when it comes to privacy, the police do not—and cannot—represent the public interest. As Comey acknowledged, they are “investigators,” and privacy rights will always stand as an obstacle to investigation.
It is a well-known maxim that “bad facts make bad law.” And as anybody even casually browsing social media this week likely has seen, the incredibly tragic facts surrounding the San Bernadino attacks last December have led to a ruling that jeopardizes the privacy rights of all law-abiding Americans.
First, it is important to clearly understand the ruling. After the horrific attack in San Bernadino on December 2, 2015, the FBI seized and searched many possessions of shooters Syed Rizwan Farook and Tashfeen Malik in their investigation of the attack. One item seized was Farook’s Apple iPhone5C. The iPhone itself was locked and passcode-protected, but the FBI was able to obtain backups from Farook’s iCloud account. These backups stopped nearly six weeks before the shootings, suggesting that Farook had disabled the automatic feature and that his phone may contain additional information helpful to the investigation.
Under past versions of iOS, the iPhone’s operating system, Apple had been able to pull information off of a locked phone in similar situations. However, Farook’s iPhone—like all newer models—contains security features that make that impossible. First, the data on the phone is encrypted with a complex key that is hardwired into the device itself. This prevents the data from being transferred to another computer (a common step in computer forensics known as “imaging”) in a usable format. Second, the iPhone itself will not run any software that does not contain a digital “signature” from Apple. This prevents the FBI from loading its own forensic software onto Farook’s iPhone. And third, to operate the iPhone requires a numeric passcode; each incorrect passcode will lock out a user for an increasing length of time, and the tenth consecutive incorrect passcode entry will delete all data on the phone irretrievably. This prevents the FBI from trying to unlock the iPhone without a real risk of losing all of its contents.
As Apple CEO Tim Cook has explained, this system was created deliberately to ensure the security of its users’ personal data against all threats. Indeed, even Apple itself cannot access its customers’ encrypted data. This creates a unique problem for the FBI. It is well-settled that, pursuant to a valid search warrant, a court can order a third party to assist law enforcement agents with a search by providing physical access to equipment, unlocking a door, providing camera footage, or even giving technical assistance with unlocking or accessing software or devices. And, as the government has acknowledged, Apple has “routinely” provided such assistance when it has had the ability to access the data on an iPhone.
But while courts have required third parties to unlock doors, they have never required them to reverse-engineer a key. That is what sets this case apart: to assist the government, Apple would have to create something that not only does not exist, but that it deliberately declined to create in the first instance.
On February 16, Assistant U.S. Attorneys in Los Angeles filed an ex parte motion (that is, without providing Apple with notice or a chance to respond) in federal court seeking to require Apple to create a new piece of software that would (1) disable the auto-erase feature triggered by too many failed passcode attempts and (2) eliminate the delays between failed passcode attempts. In theory, this software is to work only on Farook’s iPhone and no other. This would allow the FBI to use a computer to simply try all of the possible passcodes in rapid succession in a “brute force” attack on the phone. That same day, Magistrate Judge Sheri Pym signed what appears to be an unmodified version of the order proposed by the government, ordering Apple to comply or to respond within five business days.
Though Apple has not filed a formal response, CEO Tim Cook already has made waves by publicly stating that Apple will oppose the order. In a clear and well-written open letter, Cook explains that Apple made the deliberate choice not to build a backdoor into the iPhone because to do so would fatally undermine the encryption measures built in. He explains that the notion that Apple could create specialized software for Farook’s iPhone only is a myth, and that “[o]nce created, this technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key . . . .”
This has re-ignited the long-standing debate over the proper balance between individual privacy and security (and the debate over whether the two principles truly are opposed to one another). This is all to the good, but misses a key point: Judge Pym’s order, if it stands, has not only short-circuited this debate, it ignores the resolution that Congress already reached on the issue.
Indeed, a 1994 law known as the Communications Assistance for Law Enforcement Act (“CALEA”) appears to prohibit exactly what the government requested here. Though CALEA preserved the ability of law enforcement to execute wiretaps after changing technology made that more complicated than physically “tapping” a telephone line, it expressly does not require that information service providers or equipment manufacturers do anything to open their consumers to government searches. But instead of addressing whether that purpose-built law permits the type of onerous and far-reaching order that was granted here, both the government and the court relied only on the All Writs Act—the two-century-old catch-all statute that judges rely on when ordering parties to unlock doors or turn over security footage.
Though judges frequently must weigh in and issue binding decisions on fiercely contested matters of great importance, they rarely do so with so little explanation, or after such short consideration of the matter. Indeed, when the government sought an identical order this past October in federal court in Brooklyn, N.Y., Magistrate Judge James Orenstein asked for briefs from Apple, the government, and a group of privacy rights organizations and, four months later, has yet to issue an opinion. Yet Judge Pym granted a similar order, without any stated justification, the same day that it was sought.
An order that is so far-reaching, so under-explained, and so clearly legally incorrect is deeply concerning. And yet, but for Apple’s choice to publicize its opposition, this unjustified erosion of our privacy could have happened under the radar and without any way to un-ring the bell. Fortunately, we appear to have avoided that outcome, and we can hope that Apple’s briefing will give the court the additional legal authority—and the additional time—that it will need to revisit its ruling.