Constitutional Law

United States v. Microsoft Corp.: A Chance for SCOTUS to Address the Scope of the Stored Communications Act

Maya Digre, MJLST Staffer

 

On October 16th, 2017 the United States Supreme Court granted the Federal Government’s petition for certiorari in United States v. Microsoft Corp. The case is about a warrant issued to Microsoft that ordered it to seize and produce the contents of a customer’s e-mail account that the government believed was being used in furtherance of narcotics trafficking. Microsoft produced the non-content information that was stored in the U.S., but moved to quash the warrant with respect to the information that was stored abroad in Ireland. Microsoft claimed that the only way to access the information was through the Dublin data center, even though this data center could also be accessed by their database management program located at some of their U.S. locations.

 

The district court of New York determined that Microsoft was in civil contempt for not complying with the warrant. The 2nd Circuit reversed, stating that “Neither explicitly or implicitly does the statute envision the application of its warrant provision overseas” and “the application of the Act that the government proposes – interpreting ‘warrant’ to require a service provider to retrieve material from beyond the borders of the United States – would require us to disregard the presumption against extraterritoriality.” The court used traditional tools of statutory interpretation in the opinion including plain meaning, presumption against extraterritoriality, and legislative history.

 

The issue in the case, according to ScotusBlog is “whether a United States provider of email services must comply with a probable-cause-based warrant issued under 18 U.S.C. § 2703 by making disclosure in the United States of electronic communications within that provider’s control, even if the provider has decided to store that material abroad.” Essentially, the dispute centers on the scope of the Stored Communications Act (“SCA”) with respect to information that is stored abroad. The larger issue is the tension between international privacy laws, and the absolute nature of warrants issued in the United States. According to the New York Times, “the case is part of a broader clash between the technology industry and the federal government in the digital age.”

 

I think that the broader issue is something that the Supreme Court should address. However, I am not certain that this is the best case for the court. The fact that Microsoft can access the information from data centers in the United States with their database management program seems to weaken their claim. The case may be stronger for companies who cannot access information that they store abroad from within the United States. Regardless of this weakness, the Supreme Court should rule in favor of the State to preserve the force of warrants of this nature. It was Microsoft’s choice to store the information abroad, and I don’t think the choices of companies should impede legitimate crime-fighting goals of the government. Additionally, if the Court ruled that the warrant does not reach information that is stored abroad, this may incentivize companies to keep their information out of the reach of a U.S. warrant by storing it abroad. This is not a favorable policy choice for the Supreme Court to make; the justices should rule in favor of the government.

 

Unfortunately, the Court will not get to make a ruling on this case after Microsoft decided to drop it following the DOJ’s agreement to change its policy.


Microsoft Triumphs in Fight to Notify Users of Government Data Requests

Brandy Hough, MJLST Staffer

 

This week, Microsoft announced it will drop its secrecy order lawsuit against the U.S. government after the Deputy U.S. Attorney General issued a binding policy limiting the use and term of protective orders issued pursuant to 18 U.S.C. §2705(b) of the Electronic Communications Privacy Act of 1986 (“ECPA”), also referred to as the Stored Communications Act (“SCA”).

 

The ECPA governs requests to obtain user records and information from electronic service providers. “Under the SCA, the government may compel the disclosure of . . . information via subpoena, a court order under 18 U.S.C. § 2703(d), or a search warrant.” Pursuant to 18 U.S.C. § 2705(b), a government entity may apply for an order preventing a provider from notifying its user of the existence of the warrant, subpoena, or court order. Such an order is to be granted only if “there is reason to believe” that such notification will result in (1) endangering an individual’s life or physical safety; (2) flight from prosecution; (3) destruction of or tampering with evidence; (4) intimidation of witnesses; or (5) seriously jeopardizing an investigation or delaying a trial.

 

Microsoft’s April 2016 lawsuit stemmed from what it viewed as routine overuse of protective orders accompanying government requests for user data under the ECPA, often without fixed end dates. Microsoft alleged both First and Fourth Amendment violations, arguing that “its customers have a right to know when the government obtains a warrant to read their emails, and . . . Microsoft has a right to tell them.” Many technology leaders, including Apple, Amazon, and Twitter, signed amicus briefs in support of Microsoft’s efforts.

 

The Deputy Attorney General’s October 19th memo states that “[e]ach §2705(b) order should have an appropriate factual basis and each order should extend only as long as necessary to satisfy the government’s interest.” It further outlines steps that prosecutors applying for §2705(b) orders must follow, including one that states “[b]arring exceptional circumstances, prosecutors filing § 2705(b) applications may only seek to delay notice for one year or less.” The guidelines apply prospectively to applications seeking protective orders filed on or after November 18, 2017.

 

Microsoft isn’t sitting back to celebrate its success; instead, it is continuing its efforts outside the courtroom, pushing for Congress to amend the ECPA to address secrecy orders.

 

Had the case progressed without these changes, the court should have ruled in favor of Microsoft. Because the way § 2705(b) of the SCA was written, it allowed the government to exploit the “vague legal standards . . . to get indefinite secrecy orders routinely, regardless of whether they were even based on the specifics of the investigation at hand.”This behavior violated both the First Amendment – by restraining Microsoft’s speech based on “purely subjective criteria” rather than requiring the government to “establish that the continuing restraint on speech is narrowly tailored to promote a compelling interest”  – and the Fourth Amendment – by not allowing users to know if the government searches and seizes their cloud-based property, in contrast to the way Fourth Amendment rights  are afforded to information stored in a person’s home or business. The court therefore should have declared, as Microsoft urged, that § 2705(b) was “unconstitutional on its face.”

 


Sex Offenders on Social Media?!

Young Choo, MJLST Staffer

 

A sex offender’s access to social media is problematic nowadays on social media, especially considering the vast amount of dating apps you can use to meet other users. Crimes committed through the use of dating apps (such as Tinder and Grindr) include rape, child sex grooming and attempted murder. These statistics have increased seven-fold in just two years. Although sex offenders are required to register with the State, and individuals can get accesses to each state’s sex offender registry online, there are few laws and regulations designed to combat this specific situation in which minors or other young adults can become victims of sex crimes. A new dating app called “Gastby” was introduced to resolve this situation. When new users sign up for Gatsby, they’re put through a criminal background check, which includes sex offender registries.

Should sex-offenders even be allowed to get access to the social media? Recent Supreme Court case, Packingham v. North Carolina, decided that a North Carolina law preventing sex offenders getting access to a commercial social networking web site is unconstitutional due to the First Amendment’s Free Speech Clause. The Court emphasized the fact that accessing to the social media is vital for citizens in the exercise of First Amendment rights. The North Carolina law was struck down mainly because it wasn’t “narrowly tailored to serve a significant governmental interest,” but the Court noted that this decision does not prevent a State from enacting more specific laws to address and ban certain activity of sex offender on social media.

The new online dating app, Gatsby, cannot be the only solution to the current situation. There are already an estimated 50 million people using Tinder in the world and the users do not have a method of determining whether their matches may be sex offenders. New laws narrowly-tailored to address the situation, perhaps requiring dating apps to do background checks on users or an alternative method to prevent sex offenders from utilizing the dating app, might be necessary to reduce the increasing number of crimes through the dating apps.


U of M Asserts Sovereign Immunity Prevents USPTO from Invalidating Its Patents

Prof. Richard Stern, MJLST Guest Blogger

The University of Minnesota owns a number of patents on cell phone signal processing technology that was invented by Professor Georgios Giannakis of U of M’s Department of Electrical and Computer Engineering and his colleagues. The U of M claims that AT&T, Sprint, T-Mobile, and Cellco Partnership (a joint venture between Verizon and Vodaphone, doing business as Verizon Wireless) are infringing five of these patents, and in 2014 it sued the companies in Minnesota federal district court for patent infringement. The U of M is “a great research university,” President Eric Kaler said, and “must vigorously protect our faculty, [their] discoveries and the overall interests of our university.” (The U collects about $40 million annually in royalties from licensing and the commercialization of faculty work.) Apparently, the cell phone carriers infringed the patents by utilizing Ericsson radio chips that code signals for wireless transmission and practicing patented methods the chips performed.

 

The case was assigned to Chief Judge John R. Tunheim in Minneapolis, who denied the defendants’ motion to dismiss the case for defective pleading, in September 2015. He did reject the U’s claim, however, that the defendants engaged in “willful blindness” in infringing the patents. Judge Tunheim said that the U “alleges no actions that would constitute deliberate avoidance of knowledge” that they were infringing, although they did know of the patents and they “actively entice[d] their customers through advertising, marketing and sales activity to use [their] infringing products.”

 

Ericsson, the wireless carriers’ equipment supplier, then acted to protect its defendant customers against the U by intervening in the Minnesota infringement suit. Ericsson then filed inter partes review (IPR) proceedings in the USPTO to invalidate the U of M patents on which the U was suing the carriers. An IPR is a new type of administrative proceeding that the recent America Invents Act established to provide a swifter and supposedly cheaper way for small companies to resist demands by trolls that they pay patent tribute. Instead of engaging in district court litigation, an aggrieved party can seek an IPR before the USPTO, which then employs its patent expertise to determine whether the patents it issued are invalid, and (if so) consequently relieving the aggrieved party from infringement liability (an invalid patent cannot be infringed).

 

Here is where the complications set in. The 11th Amendment preserves state sovereign immunity against suit—“The Judicial power of the United States shall not be construed to extend to any suit in law or equity, commenced or prosecuted against one of the United States . . . .” Thus, when a patent owner sued a Florida state agency that provided college tuition payment plans, for patent infringement, the Supreme Court held the law subjecting states to infringement liability unconstitutional under the 11th Amendment. Florida Prepaid Postsecondary Ed. Expense Bd. v. College Savings Bank, 527 U.S. 627 (1999). Accordingly, in two January 2017 IPR cases, the USPTO held that the 11th Amendment required it not to allow proceedings before it against Maryland and Florida. Neochord, Inc. v. Univ. of Maryland, Baltimore and Harpoon Medical, Inc., IPR2016-00208 (May 23, 2017), http://www.ptablitigationblog.com/wp-content/uploads/2017/06/IPR2016-00208.pdf; Covidien LP v. University of Florida Research Found. Inc., IPR2016-01274 (Jan. 25, 2017), http://www.finnegan.com/files/upload/LES_Insights_Column/2017/CovidienvUFIPRNos20160126476.pdf. Although waiver was urged, the USPTO said it was inapplicable because the 11th Amendment is jurisdictional—it deprived the tribunal of any jurisdiction to act, so that jurisdiction could be considered at any time. Waiver requires an affirmative act of invoking federal jurisdiction in the relevant tribunal, and that had not occurred.

 

Ericsson argued, in support of its claim that there was jurisdiction to hear its IPR challenges, that the U had waived its 11th Amendment immunity by suing Ericsson’s customers in the Minnesota district court. Ericsson said that the U “has consented to jurisdiction,” when it sued Ericsson’s customers in the district court, because by filing lawsuits against Ericsson’s customers, “it could surely anticipate” that Ericsson would bring an IPR case at the USPTO to invalidate the patents asserted against its customers for using its products. The U has now urged the USPTO to dismiss Ericsson’s IPR cases, insisting that it has not waived its sovereign immunity by suing the phone carriers—not Ericsson, a third party to the U’s patent infringement suits.

 

The U argues that the law is clear that a waiver must be personal, i.e., filing a lawsuit or counterclaims in the same action and in the same forum. Thus, in Regents of Univ. of New Mexico v. Knight, 321 F.3d 1111, 1125 (Fed. Cir. 2003), the Federal Circuit held that it would be unfair to let New Mexico sue in federal court to enforce a right to ownership of patents arising from contracts “and, at the same time, to claim immunity from liability [in the same case] for royalties or other compensation arising from those same contracts and conduct.” The court added, “Moreover, because a state as plaintiff can surely anticipate that a defendant will have to file any compulsory counterclaims [in the same case] or be forever barred from doing so, it is not unreasonable to view the state as having consented to such counterclaims.” Id. at 1126. On the other hand, the Federal Circuit has held that “a state that files a [patent infringement] lawsuit in one district court does not waive its immunity in a related [invalidity declaratory judgment] lawsuit filed by a party in another district court.” Board of Regents of the Univ. of Wis. Sys. v. Phoenix Int’l Software, Inc., 653 F.3d 448, 462 (7th Cir. 2011) (citing Tegic Communications Corp. v. Board of Regents of the Univ. of Texas Sys., 458 F.3d 1335, 1342 (Fed. Cir. 2006)).

 

In the Tegic case, in which UT sued Tegic’s customers for patent infringement in Texas, the Federal Circuit held that UT waived its immunity against a declaratory judgment counterclaim in Texas. But UT did not waive immunity against the separate declaratory judgment action that Tegic wanted to bring in Washington (where Tegic resided). The court said that if Tegic wanted to litigate patent validity, it could intervene in the Texas case and subject itself to infringement liability if the patent was valid and infringed. This is consistent with the Supreme Court’s concept in the College Savings Bank that the 11th Amendment is more about where a state is willing to be sued than whether it can be sued—for example, most states allow suits against them in their own courts of general jurisdiction. (But they don’t want to be sued in another jurisdiction.)

 

Based on this case law, the U argued: “IPR petitions are [not] counterclaims nor adjudicated in the same forum—they are a different action brought in a different forum.” Further, “a state that files an infringement action does not waive its immunity from a different action challenging the patent in a different forum.” The USPTO had said previously that it was not passing on what would happen if the patentee did file a patent infringement suit, as U of M did here. Furthermore, Ericsson did intervene in the Minnesota district court patent infringement suit, as the Tegic court said the equipment seller should if it wanted to challenge validity. But the Minnesota district court has stayed the federal patent action (at Ericsson’s request) to await the result in the IPR case, as district courts usually do in order to let the experts in the USPTO resolve the patent issues for them. (Presumably, the court will vacate its stay if the IPR case is dismissed.)

 

The U quoted the Federal Circuit opinion in Tegic that insisted that Tegic could not show that adjudication of its claim of invalidity was “not available in the Texas action,” and the U then argued, “Similarly, Ericsson cannot show that adjudication of invalidity counterclaims is not available in the Minnesota court,” where the U has (constructively) waived its immunity. There is a serious conflict here between the respective policies of the 11th Amendment that states should not be subjected to forums not of their choice and of the America Invents Act that a cheap, fast, expert determination of patent validity should be available in lieu of litigation in courts. Like the College Savings Bank case, this case may well end up in the Supreme Court. One important issue, not raised or resolved so far, is whether Congress may constitutionally impose, as a condition of the statutory right to acquire the benefit of a patent, and thus make as an integral element of the patent right, that the patent is subject to validity determination in IPR proceedings. Or would the 11th Amendment make that an unconstitutional condition on a benefit, as applied to a state, rather than a legitimate part of the statutory definition of a patent right?


Did the Warriors Commit a Flagrant Privacy Foul?

Paul Gaus, MJLST Staffer

Fans of the National Basketball Association (NBA) know the Golden State Warriors for the team’s offensive exploits on the hardwood. The Warriors boast the NBA’s top offense at nearly 120 points per game. However, earlier this year, events in a different type of court prompted the Warriors to play some defense. On August 29, 2016, a class action suit filed in the Northern District of California alleged the Warriors, along with co-defendants Sonic Notify Inc. and Yinzcam, Inc., violated the Electronic Communications Privacy Act (18 U.S.C. §§ 2510, et. seq.).

Satchell v. Sonic Notify, Inc. et al, focuses on the team’s mobile app. The Warriors partnered with the two other co-defendants to create an app based on beacon technology. The problem, as put forth in the complaint, is that the beacon technology the co-defendants employed mined the plaintiff’s microphone embedded in the smartphone to listen for nearby beacons. The complaint alleges this enabled the Warriors to access the plaintiff’s conversation without her consent.

The use of beacon technology is heralded in the business world as a revolutionary mechanism to connect consumers to the products they seek. Retailers, major sports organizations, and airlines regularly use beacons to connect with consumers. However, traditional beacon technology is based on Bluetooth. According to the InfoSec Institute, mobile apps send out signals and gather data on the basis of Bluetooth signals received. This enables targeted advertising on smartphones.

However, the complaint in Satchell maintains the defendants relied on a different kind of beacon technology: audio beacon technology. In contrast to Bluetooth beacon technology, audio beacon technology relies on sounds. For functionality, audio beacons must continuously listen for audio signals through the smartphone user’s microphone. Therefore, the Warriors app permitted the co-defendants to listen to the plaintiff’s private conversations on her smartphone – violating the plaintiff’s reasonable expectation of privacy.

While the Warriors continue to rack up wins on the court, Satchell has yet to tip off. As of December 5, 2016, the matter remains in the summary judgment phase.


Faux News vs. Freedom of Speech?

Tyler Hartney, MJLST Staffer

This election season has produced a lot of jokes on social media. Some of the jokes are funny and other jokes lack an obvious punch line. Multiple outlets are now reporting that this fake news may’ve influenced voters in the 2016 presidential election. Both Facebook and Google have made conscious efforts to reduce the appearance of these fake news stories on their sites in attempt to reduce the click bait, and thus the revenue streams, of these faux news outlets. With the expansion of the use of technology and social media, these types of stories become of a relevant circulation to possibly warrant misinformation being spread on a massive level. Is this like screaming “fire” in a crowded theatre? How biased would filtering this speech become? Facebook was blown to shreds by the media when it was found to have suppressed conservative news outlets, but as a private business it had every right to do so. Experts are now saying that the Russian government made efforts to help spread this fake news to help Donald Trump win the presidency.

First, the only entity that cannot place limits on speech is the state. If Facebook or Google chose to filter the news broadcasted on each site, users still do not have a claim against the entity; this would be a considered a private business choice. These faux news outlets circulate stories that have appeared to be, at times, intentionally and willfully misleading. Is this similar to a man shouting “fire” in a crowded theatre? In essence, the man in the aforementioned commonly used hypothetical knows that his statement is false and that it has a high probability of inciting panic, but the general public will not be aware of the validity of his statement and will have no time to check. The second part of that statement is key. The general public would not hypothetically have time to check the validity of the statement. If government were to begin passing regulations and cracking down on the circulation and creation of these hoax news stories, it would have to prove that these stories create a “clear and present danger” that will bring significant troubles that Congress has the right to protect the public from. This standard was created in the Supreme Court’s decision in Schenck v. United States. The government will not likely be capable of banning these types of faux news stories because, while some may consider these stories dangerous, the audience has the capability of validating the content from these untrusted sources.

Even contemplating government action under this circumstance would require the state to walk a fine line with freedom of political expression. What is humorous and what is dangerously misleading? For example, The Onion posted an article entitled “Biden Forges Presidents Signature Executive Order 54723,” clearly this is a joke; however, it holds the potential ability to insight fury from those who might believe it and create a misinformed public that might use this as material information when casting a ballot. This Onion article is not notably different from another post entitled “FBI AGENT SUSPECTED IN HILLARY EMAIL LEAKS FOUND DEAD IN APPARENT MURDER-SUICIDE” published by the Denver Guardian. With the same potential to mislead the public, there wouldn’t really be any identifiable differences between the two stories. This area of gray would make it extremely difficult to methodically stop the production of fake news while ensuring the protection of the comedic parody news. The only way to protect the public from the dangers of these stories that are apparently being pushed on to the American voting public by the Russian government in an attempt to influence election outcomes is to educate the public on how to verify online accounts.


Crossing the Offensive Line

Quang Trang, MJLST Managing Editor

In my opinion, Autumn is easily one of the top four seasons of the year. It is a season where pumpkin becomes a spice, the leaves change colors, I wear cardigans, and of course FOOTBALL. And yeah, the Supreme Court of the United States becomes a thing again.

During its next term, the Supreme Court of the United States will hear Lee v. Tam, a case that may determine the constitutionality of the U.S. Patent Office’s (“USPTO”) authority to refuse a trademark. The USPTO threw a yellow flag and refused to trademark the name of a band called “The Slants” after finding the name crossed an offensive line against Asians. The Slants threw a red flag challenge to have the decision reviewed. Under review, the Federal Circuit reversed the ruling on the field citing First Amendment protection. The USPTO Hail Mary’d the Supreme Court of the United States to protect its authority to reject offensive trademarks.

Under Section 2 of the Lanham Act (15 U.S.C. § 1052(a)), the U.S. Patent Office may refuse to register a trademark that “[c]onsists of or comprises a . . . matter which may disparage . . . persons, living or dead, institutions, beliefs, or national symbols, or bring them into contempt, or disrepute.” However, granting the USPTO such authority may violate the First Amendment, which states that “Congress shall make no law . . . abridging the freedom of speech.” The Federal Circuit found the band’s name to be private speech, and thus entitled to First Amendment protection.

At this point you may be wondering “why is Quang making all these football puns?”, “Does Quang think his puns are funny?”, and “will he stop making bad puns?”

A Supreme Court decision in Lee v. Tam may intercept a case in the Fourth Circuit. The Fourth Circuit is currently reviewing the USPTO’s refusal to trademark the Washington Redskins after finding the name offensive and disparaging to Native Americans.

If the Supreme Court finds Section 2 of the Lanham Act unconstitutional, then the Fourth Circuit must overturn the USPTO’s refusal to trademark the Washington Redskins. However, if the Supreme Court limits its decision in Lee v Tam to the facts of the case or if the court affirms the USPTO’s ruling, then the Washington Redskins’ challenge may be sacked for good.

If the Washington Redskins loses its challenge, the organization may still keep the name and seek state trademark protection. The team would still be financially impacted if it loses federal protection against copycat merchandising. Changing the team name may then become a financial decision.


The Federal Government Wants Your iPhone Passcode: What Does the Law Say?

Tim Joyce, MJLST Staffer

Three months ago, when MJLST Editor Steven Groschen laid out the arguments for and against a proposed New York State law that would require “manufacturers and operating system designers to create backdoors into encrypted cellphones,” the government hadn’t even filed its motion to compel against Apple. Now, just a few weeks after the government quietly stopped pressing the issue, it almost seems as if nothing at all has changed. But, while the dispute at bar may have been rendered moot, it’s obvious that the fight over the proper extent of data privacy rights continues to simmer just below the surface.

For those unfamiliar with the controversy, what follows are the high-level bullet points. Armed attackers opened fire on a group of government employees in San Bernardino, CA on the morning of December 2, 2015. The attackers fled the scene, but were killed in a shootout with police later that afternoon. Investigators opened a terrorism investigation, which eventually led to a locked iPhone 5c. When investigators failed to unlock the phone, they sought Apple’s help, first politely, and then more forcefully via California and Federal courts.

The request was for Apple to create an authenticated version of its iOS operating system which would enable the FBI to access the stored data on the phone. In essence, the government asked Apple to create a universal hack for any iPhone operating that particular version of iOS. As might be predicted, Apple was less than inclined to help crack its own encryption software. CEO Tim Cook ran up the banner of digital privacy rights, and re-ignited a heated debate over the proper scope of government’s ability to regulate encryption practices.

Legal chest-pounding ensued.

That was the situation until March 28, when the government quietly stopped pursuing this part of the investigation. In its own words, the government informed the court that it “…ha[d] now successfully accessed the data stored on [the gunman]’s iPhone and therefore no longer require[d] the assistance from Apple Inc…”. Apparently, some independent governmental contractor (read: legalized hacker) had done in just a few days what the government had been claiming from the start was impossible without Apple’s help. Mission accomplished – so, the end?

Hardly.

While this one incident, for this one iPhone (the iOS version is only applicable to iPhone 5c’s, not any other model like the iPhone 6), may be history, many more of the same or substantially similar disputes are still trickling through the courts nationwide. In fact, more than ten other federal iPhone cases have been filed since September 2015, and all this based on a 227 year old act of last resort. States like New York are also getting into the mix, even absent fully ratified legislation. Furthermore, it’s obvious that legislatures are taking this issue seriously (see NYS’s proposed bill, recently returned to committee).

Although he is only ⅔ a lawyer at this point, it seems to this author that there are at least three ways a court could handle a demand like this, if the case were allowed to go to the merits.

  1. Never OK to demand a hack – In this situation, the courts could find that our collective societal interests in privacy would always preclude enforcement of an order like this. Seems unlikely, especially given the demonstrated willingness in this case of a court to make the order in the first place.
  2. Always OK to demand a hack – Similar to option 1, this option seems unlikely as well, especially given the First and Fourth Amendments. Here, the courts would have to find some rationale to justify hacking in every circumstance. Clearly, the United States has not yet transitioned to Orwellian dystopia yet.
  3. Sometimes OK to demand a hack, but scrutiny – Here, in the middle, is where it seems likely we’ll find courts in the coming years. Obviously, convincing arguments exist on each side, and it seems possible reconcile infringing personal privacy and upholding national security with burdening a tech company’s policy of privacy protection, given the right set of facts. The San Bernardino shooting is not that case, though. The alleged terrorist threat has not been characterized as sufficiently imminent, and the FBI even admitted that cracking the cell phone was not integral to the case and they didn’t find anything anyway. It will take a (probably) much more scary scenario for this option to snap into focus as a workable compromise.

We’re left then with a nagging feeling that this isn’t the last public skirmish we’ll see between Apple and the “man.” As digital technology becomes ever more integrated into daily life, our legal landscape will have to evolve as well.
Interested in continuing the conversation? Leave a comment below. Just remember – if you do so on an iPhone 5c, draft at your own risk.


Requiring Backdoors into Encrypted Cellphones

Steven Groschen, MJLST Managing Editor

The New York State Senate is considering a bill that requires manufacturers and operating system designers to create backdoors into encrypted cellphones. Under the current draft, failure to comply with the law would result in a $2,500 fine, per offending device. This bill highlights the larger national debate concerning privacy rights and encryption.

In November of 2015, the Manhattan District Attorney’s Office (MDAO) published a report advocating for a federal statute requiring backdoors into encrypted devices. One of MDAO’s primary reasons in support of the statute is the lack of alternatives available to law enforcement for accessing encrypted devices. The MDAO notes that traditional investigative techniques have largely been ineffective. Additionally, the MDAO argues that certain types of data residing on encrypted devices often cannot be found elsewhere, such as on a cloud service. Naturally, the inaccessibility of this data is a significant hindrance to law enforcement. The report offers an excellent summary of the law enforcement perspective; however, as with all debates, there is another perspective.

The American Civil Liberties Union (ACLU) has stated it opposes using warrants to force device manufacturers to unlock their customers’ encrypted devices. A recent ACLU blog post presented arguments against this practice. First, the ACLU argued that the government should not require “extraordinary assistance from a third party that does not actually possess the information.” The ACLU perceives these warrants as conscripting Apple (and other manufacturers) to conduct surveillance on behalf of the government. Second, the ACLU argued using search warrants bypasses a “vigorous public debate” regarding the appropriateness of the government having backdoors into cellphones. Presumably, the ACLU is less opposed to laws such as that proposed in the New York Senate, because that process involves an open public debate rather than warrants.

Irrespective of whether the New York Senate bill passes, the debate over government access to its citizens’ encrypted devices is sure to continue. Citizens will have to balance public safety considerations against individual privacy rights—a tradeoff as old as government itself.


Warrant Now Required For One Type of Federal Surveillance, and May Soon Follow for State Law Enforcement

Steven Graziano, MJLST Staffer

As technology has advanced over the recent decades, law enforcement agencies have expanded their enforcement techniques. One example of these tools is cell-site simulators, otherwise known as sting rays. Put simply, sting rays act as a mock cell tower, detect the use of a specific phone number in a given range, and then uses triangulation to locate the phone. However, the recent, heightened awareness and criticism directed towards government and law enforcement surveillance has affected their potential use. Specifically, many federal law enforcement agencies have been barred from their use without a warrant, and there is current federal legislation pending, which would require state and local law enforcement agents to also gain a warrant before using a sting ray.

Federal law enforcement agencies, specifically Immigration, Secret Service, and Homeland Security agents must obtain search warrants before using sting rays, as announced by the Department of Homeland Security. Homeland Security’s shift in policy comes after the Department of Justice made a similar statement. The DOJ has affirmed that although they had previously used cell-cite simulators without a warrant, going forward they will require law enforcement agencies gain a search warrant supported by probable cause. DOJ agencies directed by this policy include the FBI and the Drug Enforcement Administration. This shift in federal policy was largely in response to pressures put upon Washington by civil liberties groups, as well as the shift in American public’s attitude towards surveillance generally.

Although these policies only affect federal law enforcement agencies, there have also been steps taken to expand the warrant requirement for sting rays to state and local governments. Federal lawmakers have introduced the Cell-Site Simulator Act of 2015, also known as the Stingray Privacy Act, to hold state and local law enforcement to the same Fourth Amendment standards as the federal government. The law has been proposed in the House of Representatives by Rep. Jason Chaffetz (R-Utah) and was designated to a congressional committee on November 2, 2015, which will consider it before sending it to the entire House or Senate. In addition to requiring a warrant, the act also requires prosecutors and investigators to disclose to judges that the technology they intend to use in execution of the warrant is specifically a sting ray. The proposed law was partially a response to a critique of the federal warrant requirement, name that it did not compel state or local law enforcement to also obtain a search warrant.

The use of advanced surveillance programs by federal, state, and local law enforcement, has been a controversial subject recently. Although law enforcement has a duty to fully enforce that law, and this includes using the entirety of its resources to detect possible crimes, it must still adhere to the constitutional protections laid out in the Fourth Amendment when doing so. Technology chances and advances rapidly, and sometimes it takes the law some time to adapt. However, the shift in policy at all levels of government, shows that the law may be beginning to catch up to law enforcement’s use of technology.