Op-Ed: Congress can put iPhones back within reach of law enforcement
The FBI paid six figures for a hacking tool to get into San Bernardino shooter Syed Rizwan Farook’s iPhone 5c after Apple refused to unlock it.
That’s one down, more than 1,000 lawfully seized phones to go.
As recently as 18 months ago, Apple and Google — whose operating systems run 96.7% of the world’s smartphones — would comply with judicial orders to extract evidence from mobile devices and send the data to prosecutors. In 2014, however, the companies reengineered their operating systems to make their devices encrypted by default. They could no longer unlock their own products.
Since then, 230 inaccessible Apple devices have come into the Cyber Lab of the Manhattan district attorney’s office pursuant to judges’ warrants. The Los Angeles County Sheriff’s Department is sitting on 150 warrant-proof devices, and the Los Angeles Police Department now has more than 300. San Diego and Riverside Counties have 11 connected to murder cases.
Hundreds of criminal investigations will remain stalled until Congress intervenes. The lawful exploit employed by the FBI to open Farook’s iPhone works only on that model and operating system, and Apple could patch the flaw exploited at any time. Moreover, tools of the kind used to open that phone cost far more than most local agencies can afford.
Data encryption is leading to a rare level of internecine conflict between American law enforcement and American industry. A technological arms race between the government and Silicon Valley is in no one’s interest. Technology companies don’t want their products used to protect criminals. Judges don’t want their search warrants rendered meaningless. And victims of crime don’t want evidence-free zones.
A technological arms race between the government and Silicon Valley is in no one’s interest.
Centuries of jurisprudence hold that no item is beyond the reach of a court-ordered search warrant. In the past, criminals stored evidence of their crimes in safes, file cabinets and closets. Today, that evidence is found on smartphones. Our laws haven’t kept pace with this evolution in technology, and in the void, large technology companies have rendered themselves — not judges — gatekeepers of the data necessary to solve crimes.
Last month, Sens. Richard M. Burr (R-N.C.) and Dianne Feinstein (D-Calif.) proposed a way forward. They released a draft bill that would require technology companies to provide law enforcement with decrypted data, or the technical assistance to get it, when ordered by a court to do so. The bill restores the authority of judges, requires firms to be compensated for their assistance, and leaves tech companies free to decide how to design their operating systems — so long as the company can comply with court orders. No draft bill is perfect, which is why the senators have requested that stakeholders — including technology companies — simply discuss it.
State and local prosecutors stand ready to advance that discussion with data, real-life case examples, legal briefs and testimony that document the effect mobile device encryption is having on public safety and victims of crime. At the same time, we continue to ask tech companies to provide their own metrics to quantify the purported trade-offs in personal data security if the Burr-Feinstein proposal were enacted. To start: Did Apple’s routine compliance with court orders until 2014 ever lead to anyone getting hacked?
Congress, not Silicon Valley, must determine the balance in our society between personal privacy and public safety. It should start by considering the Burr-Feinstein proposal without delay.
Cyrus R. Vance Jr. is the Manhattan district attorney. Jackie Lacey is the Los Angeles County district attorney. Bonnie Dumanis is the San Diego County district attorney.
A cure for the common opinion
Get thought-provoking perspectives with our weekly newsletter.
You may occasionally receive promotional content from the Los Angeles Times.