Terrorism focus serves government badly in crypto battles

Opinion: If the government made its crypto case on the basis of normal criminal law enforcement, many fewer people would call it unreasonable.

Why? Because "terrorism."

Some variation on that eloquent reasoning is Exhibit A in any justification for the increases in government power to surveil and obtain evidence that we've seen since September 11. It's just not compelling anymore. The government needs to leave terrorism out of it and focus on law enforcement broadly.

FBI could demand Apple source code and keys if iPhone backdoor too 'burdensome'

The FBI could create "ghost" iPhone updates that imitate legitimate Apple software.

Read More

The most recent venue for this is the Justice Dept. dispute with Apple over a court order for the company to assist the FBI in attempting to brute-force the encryption of an iPhone used by one of the perpetrators of San Bernardino massacre in December. In that case there clearly is a terrorism connection, and yet it's not worth harping on it. All the same government arguments work just as well when framed as "just another mass murder."

President Obama gets a lot of guff when he says, as he said to Jeffrey Goldberg in The Atlantic, that he doesn't believe "... that terrorism poses a threat to America commensurate with the fear it generates." Of course he's right and, even if it's impolitic to admit it publicly, many on both the right and the left understand it. So when the government wants to gather everyone's phone metadata because maybe someone made a call to the Caliph Abu Bakr al-Baghdadi, it's fair to ask what it's really up to.

But with respect to conventional law enforcement, the government does have a legitimate problem with widespread, strong encryption. This notion that one's privacy should be sacrosanct against a legal warrant is novel and new to the era of mobile devices. With a legal warrant the police have always been able to take your home and office apart, reading private documents and business records. Now that it's on your iPhone the government shouldn't be able to look? Has much changed?

And it's not just the government. Remember that the power to obtain evidence is also a right of criminal defendants and civil litigants (and in fact the Apple case in California is a civil case). If a judge can't use the All Writs Act to compel assistance for the government, then he can't use it to compel assistance for a criminal defendant either.

Looked at in the context of more ordinary crime, searching Bernie Madoff's iPad or Ted Bundy's Apple Maps log for example, the privacy interest doesn't seem so compelling.

In fact, here's a paradox for you: The government is right to demand key escrow or some other way of reading encrypted devices and opponents are right to oppose it. But the problem is that any scheme to allow the government such access, such as key escrow, necessarily makes the system less secure generally and will open it to attack by criminals and foreign state actors. Almost by definition a system that is properly secure for the user is inaccessible to the government.

Perhaps the question will soon be moot. I'm fairly certain that if the Apple case makes its way through the courts the government will win, but Apple can and very well may close the gaps in iOS that make brute force with Apple's assistance possible. Apple may want to be careful about doing it though.

One day, if some serial killer goes free because Apple really can't help decrypt his iPhone, then fair or not, people will blame Apple.