« Mr. Trump and the creative destruction of the Republican Party | Main | Entry Level Hiring: The 2016 Report - Call for Information »

Monday, March 14, 2016

“The Right of the People to Be Secure in Their [Encrypted] Effects”

A couple of weeks ago, I wrote a post arguing that the Fourth Amendment should be part of the Apple iPhone litigation. My basic point was to criticize current Fourth Amendment doctrine, which focuses so extensively on individual privacy that it seems to exclude power- and security-based arguments that are central to the litigation. This post renews my argument in light of the government’s recent filing in the San Bernardino case.

You might think that the iPhone litigation would centrally concern whether the government’s requested order would undermine the Fourth Amendment’s “right of the people to be secure in their [encrypted] effects,” namely, their iPhones. After all, one of Apple’s main arguments is that compliance with the order would require the creation of new code that would undermine the security of iPhones. The relevant code could be stolen or leaked, for instance—hardly unthinkable in the post-Snowden, post-Sony hack world. Or the government might request or otherwise obtain the code—a possibility that the government has now raised as an alternative form of relief.

Yet Fourth Amendment doctrine has nothing to say about those dimensions of the Apple litigation. As the government observes in a footnote in its March 10th filing:

The search of a smartphone does implicate the Fourth Amendment, but the government has doubly satisfied the Fourth Amendment by obtaining (1) a warrant and (2) the consent of the phone’s owner. Moreover, Apple cannot assert any privacy interests of the phone’s deceased user, the terrorist Farook. 

This argument well reflects that current Fourth Amendment doctrine is focused on privacy-based claims raised by individuals. But that approach misses out on much of what is at stake in the Apple litigation. Even if there is no privacy interest in the phone, or even if any such interest is overcome by the government’s search warrant, the government’s requested exercise of power would still place the people’s security at issue.

With the Fourth Amendment relegated to a footnote, the debate about iPhone user security has instead taken place under the auspices of the All Writs Act—or, more accurately, under the Supreme Court’s New York Telephone precedent that most authoritatively interprets the Act. But neither the Act nor the precedent explicitly calls for direct consideration of the people’s security. As a result, Apple has to present these interests indirectly by arguing that they provide Apple with a “substantial interest in not providing assistance.” As Apple puts it, “Apple has a strong interest in safeguarding its data protection systems that ensure the security of hundreds of millions of customers.” So iPhone users’ interests are not presented as valuable in themselves, so much as indirectly relevant to Apple’s potentially unreasonable “burden.”

The government principally addresses user security concerns by noting that the relevant software can be stored and used by Apple, in a secure facility. And, the government contends, Apple is equipped to defend that code, thereby providing for the security of its customers. This solution calls to mind the recently enacted USA Freedom Act, which prohibited the NSA from storing bulk telephone call metadata: requiring that both Apple’s iPhone code and the telephone call records remain in private hands will help force the government to go to court each time it wants to access to either of those resources. This state of affairs may better promote the people’s security than leaving the code or call records with the government and trusting it to play by the rules. It is plausible that the Fourth Amendment itself requires these kinds of arrangements, so as to check governmental power and ensure the people’s security.

Yet this entire debate is taking place under the auspices of the All Writs Act and so could be rendered moot by the enactment a well-drafted statute. For instance, the political branches could enact legislation that prohibited consideration of iPhone user security when evaluating All Writs Act requests. Or the political branches could go beyond the All Writs Act by requiring that smartphones use encryption with special “backdoors” to enable easy government access. These possibilities should be troubling. It’s all well and good for the parties to interpret the All Writs Act as a statutory stand-in for the Fourth Amendment’s guarantee of security. But, given its text, history, and purpose, the Fourth Amendment should constrain legislation that centrally affects the people’s security in their encrypted effects. 

To be clear, the point is not that Apple or any other business has a constitutional right to thwart law enforcement. Rather, the point is that efforts to empower law enforcement can unreasonably jeopardize the people’s security, contrary to the Fourth Amendment.

Posted by Richard M. Re on March 14, 2016 at 08:00 AM | Permalink


Thanks for the response, Richard.

I'm not sure the arguments in the Apple case help your point. First, although Apple argues that broad issues of power and security should be relevant to the All Writs Act, Apple is out on a bit of a doctrinal limb in making those arguments. It's not all clear that those arguments are doctrinally relevant. Second, the power courts have to issue assistance orders under the AWA is remarkably uncertain. There haven't been clear and administrable rules under the All Writs Act, even under the narrower set of considerations that have traditionally been used to interpret the statute's scope, and the statute is over 200 years old. It's hardly clear that one will emerge in the Apple case, especially if courts are free to consider the questions of power and security that you suggest should be in play. So it does lead me to wonder what the process would look like under the Fourth Amendment. Maybe there's a way that it could be done, but it's not clear to me what it is.

Posted by: Orin Kerr | Mar 16, 2016 3:33:07 AM

In the iPhone litigation, arguments based on power and security are already being put forward, somewhat awkwardly, under the All Writs Act. And the ultimate outcome of the litigation will probably be an administrable rule to guide future courts. Is it really so hard to imagine that a similar process could occur under the auspices of the Fourth Amendment, where the text is more on point but where Congress lacks plenary control?

You also referenced your three earlier questions. On #1, I'm not sure that a reasonableness analysis requires fixing a single "baseline," which sounds like your equilibrium-adjustment approach to current 4A doctrine. On #2, I think it would be appropriate to consider all the forms of security you describe; again, all those forms of security are live in the Apple litigation, except that it's proceeding under the All Writs Act. On #3, I'm not sure I see why going beyond a given right's protections via legislation (if that's what you're describing) would violate that right.

Posted by: Richard | Mar 15, 2016 10:50:35 AM

Richard, thanks for the clarification. This sounds like a Winston v. Lee or US v. US District Court type balancing for every kind of search, not just searches involving bodily searches or noncriminal searches. If that's right, I think it still raises the three questions I posed earlier. And like Asher, I'm skeptical that courts could implement that kind of test. In your response to Asher, you seem confident that it could be done; I guess I would like to know more about how. Maybe it would be just like other areas of constitutional law, but the fact that Fourth Amendment law applies to a million government actors and an incredibly diverse set of facts seems to call for more clarity than other areas.

Posted by: Orin Kerr | Mar 14, 2016 10:43:47 PM

Orin: Thanks as ever for your thoughts. My suggestion is that the Fourth Amendment ought to protect the people's security from unreasonable searches and seizures, not simply the people's security, full stop. It seems fair to follow the government's footnote in assuming that the iPhone litigation involves searches and seizures. The question then becomes: are those searches and seizures "unreasonable"? Current doctrine answers by evaluating personal privacy as connected with the device. Since there's no individual privacy interest in the iPhone itself, that question is a slam dunk for the government. But I think we should instead assess unreasonableness here based on a broader inquiry into the people's security in their encrypted effects.

Asher: Thanks to you as well. At least for purposes of this post, it's enough to focus on what you nicely call "the possibility that the code could be stolen, leaked, or used by bad actors within the government" for unlawful ends. You then assume a different answer and raise concerns about imponderables. I think that courts could implement my approach much as they implement current balancing tests: by adopting rules and standards as appropriate. Of course this will be hard at times, and limited deference to the political branches might sometimes be required -- but that's the nature of constitutional law.

Posted by: Richard | Mar 14, 2016 5:47:25 PM

Could you precisify quite what your concern is here? You appear to be claiming that, if the government gets a code which would enable the government to effectuate lawful searches of iPhones, this would "place the people's security at issue." First, does this argument depend on the possibility that the code could be stolen, leaked, or used by bad actors within the government to search phones, or do you think that even bracketing that concern, the people's security is placed at issue solely by the government's being able to lawfully search phones?

Second, if the latter, what's the problem with that, exactly? Is the concern that there's an unprecedented amount of information (borrowing from a comment of yours on the last post) on people's phones and that police will be able to discover all sorts of things that aren't related to the crimes they're investigating? (I assume your concern isn't that it will become too easy to find evidence of the crimes they are investigating.) I don't see how phones are really so different from residences in that respect, the contents of which can reveal a great deal of information about their owners, or wiretaps (people talk about all sorts of things on the phone!), or personal computers, searches of which we've been tolerating without a whole lot of angst for thirty years, and without which searches many crimes couldn't be prosecuted. I understand that you're willing to concede that the systemic frustration of law enforcement posed by encrypted devices the government can't hack can be weighed against the threat to security posed by letting the government hack them, and that the government might come out the winner on your view. But I don't think we should be balancing either of these things. You end up, I think, balancing all sorts of incommensurables and impossibly complicating each decision to grant a warrant - since I don't see why your concerns about security should be weighed at the individual level any less than they're weighed at the aggregate level. That is, suppose someone can't afford an expensive encrypted device, such that the government can search it if they get a warrant, but that he still has a great deal of information on his phone. Why can't he argue on your view that the threat to his security posed by the police seeing all sorts of things about him outweighs law enforcement interests? And wouldn't a court have to consider how much information is on the phone, how serious the crime being investigated is, how fruitful alternative means of getting the evidence might be, and so on?

Posted by: Asher Steinberg | Mar 14, 2016 3:40:03 PM

Richard, another interesting post. If I understand your argument correctly, you are saying that instead of merely prohibiting unreasonable searches and seizures, the Fourth Amendment should instead be a broad constitutional tool by which judges determine how much security people should have. Thus, if something happens that "jeopardize[s] the people's security," it should be a Fourth Amendment issue.

If I'm right about that -- a big if, I realize -- it prompts three sets of questions.

1) What is the baseline standard of security that the Fourth Amendment recognizes? Is the baseline, say, the amount of security that people had in 1789? Something else? Or does the Fourth Amendment not recognize a baseline, but instead only speak to what are reasonable deviations from that baseline?

2) What counts as "security"? Is that security from government access to a device? Security from non-government access to the device? Does security include not just security from access to the device, but also security from future crimes that might be deterred if the government had access to other devices that would enable them to prosecute those wrongdoers?

3) If the Fourth Amendment requires judges to assess whether they have enough security, and to invalidate efforts that would impair security too much, is that a one-way street or a two-way street? In particular, does the Fourth Amendment also require judges to assess whether the people have too much security, and to invalidate efforts to give them too much security? Assume manufacturers of devices want to increase the amount of security from outside access while the government wants to decrease the amount of security from outside access. Are both Fourth Amendment issues, or only the latter? (I realize that the former is not state action, but that is only relevant under current doctrine; if the point of the proposal is to change existing doctrine, I gather that the current state of doctrine can't answer it.)

Posted by: Orin Kerr | Mar 14, 2016 1:34:47 PM

The comments to this entry are closed.