photo by Catalin Cimpanu
You would think a government that couldn’t keep its most valuable hacking tools and espionage secrets from being splashed all over the internet would have a little humility when it comes to everyone else wanting to protect their privacy.
Consider Rosenstein’s criticism of technology companies for safeguarding their customers’ privacy. In October, the deputy attorney general said tech firms were enabling criminals and terrorists by advancing encryption software without “back doors” for law enforcement. “Technology companies almost certainly will not develop responsible encryption if left to their own devices,” Rosenstein said. While he didn’t name any particular companies, his remarks were likely aimed in part at Apple, which famously stood up to the FBI’s demands it break into a phone owned by one of the perpetrators of the 2015 attack in San Bernardino, California.
The same week as Rosenstein’s remarks, the Supreme Court decided to take up the question of whether American search warrants, typically issued by low-level magistrate judges at the request of police agencies without notice to their targets, can force U.S. companies to hand over data that is stored overseas, potentially in breach of foreign nations’ privacy laws.
The high court this week heard oral arguments in that case, U.S. v. Microsoft. In 2013, the government applied for a search warrant requiring Microsoft Corp. to turn over the email data of a suspect in a criminal drug case. Microsoft handed over some account-related data stored in the U.S., but said that the actual email messages were stored in an Irish facility, where the company argued that U.S. search warrants did not apply. If the law needs to be changed, Microsoft pointed out, this change should come from Congress, not law enforcement. Moreover, the company argued that making overseas data vulnerable to U.S. warrants would make it difficult for multinational firms to comply with strict privacy laws in Europe and other foreign nations.
The Second U.S. Circuit Court of Appeals in New York ruled in Microsoft’s favor last year. While it is too early to say what the Supreme Court will decide, the justices seemed divided during oral arguments. The Justice Department’s case hinges on the Stored Communications Act, a law written in 1986, long before the advent of modern cloud storage and international data centers. The justices are left to parse whether and to what extent that law can be usefully applied today.
The Justice Department would argue that as long as a suspected crime may have occurred in the United States, a U.S. search warrant is sufficient to force a U.S. person to bring information back to our shores and then surrender it. That, however, is not a “search.” When executing a warrant for, say, drugs inside an American house, police don’t ordinarily demand that the occupants gather all the drugs they may have stashed elsewhere and hand them over.
Demands for a target to assemble and surrender material should be made under a subpoena, not a warrant. The difference is that subpoenas require notice and usually provide an opportunity for the subpoenaed party to challenge the subpoena’s validity or scope. Law enforcers are trying to sidestep that process by using warrants issued by magistrates, who are little more than glorified law clerks.
They will tell us that they are acting to avoid compromising investigations by alerting targets through third parties that they are being investigated. This may be true to an extent, but it is also true that law enforcers don’t like to justify or explain themselves in general. Exhibit A: the claims that the Republican memo on the FBI’s spying on Carter Page would reveal details of intelligence sources and methods, details that were nowhere in evidence when the unredacted memo was ultimately released. Law enforcers ultimately dropped that claim and simply asserted that the GOP memo was unfair and incomplete. Boo hoo.
Rosenstein has issued dark threats of some unspecified action if device and software makers don’t somehow make their products subject to search by law enforcers, and thus vulnerable to the rest of the world’s hackers by extension. And he wants to be able to issue what amounts to his own unchallengeable global subpoenas, as long as he can find some magistrate somewhere in America who wants to play “Homeland” or “CSI” with real lawmen and spooks.
Rosenstein might get legislation if he asks for it. Sen. Orrin Hatch, R-Utah, introduced the Cloud Act this month, which would theoretically address many of the issues affecting this case. But when legislators get a closer look at law enforcement’s track record in the process of modernizing the law, the legislation that arrives might not be the sort Rosenstein wants. For now, let’s see where the Supreme Court comes out on the Microsoft case.