Apple Controversy Puts CALEA Statute In Spotlight as Wheeler Readies for March Hill Hearings

FCC Chairman Tom Wheeler will venture to Capitol Hill next month amid a fierce debate surrounding the government push to force Apple to unlock one of its devices and ongoing consideration of whether and how to tweak the wiretap law known as the Communications Assistance for Law Enforcement Act (CALEA) as a way to address broader encryption concerns. Hill observers expect Wheeler to get questions about CALEA and the FCC’s perspective on tweaking it, a topic that also came up during a November oversight hearing following the deadly attacks in Paris.

Encryption debates spiked following the Dec. 2 attack in San Bernardino, California, the source of the current fight between Apple and the federal government (see 1602170068). The Justice Department filed a motion Friday to try to force Apple to provide access to one of its devices, and while the government hasn’t relied on CALEA authority in going after Apple, some stakeholders including Apple argue that Congress may need to wrestle with overhauling CALEA to address the broader policy fights.

Congress passed CALEA in 1994 to require telecom companies and manufacturers to design in ways for law enforcement to wiretap. The statute was expanded to encompass broadband and VoIP traffic. FBI Director James Comey has in recent years called for an expansion of CALEA, despite worries from privacy advocates. Wheeler himself brought up a possible congressional tweak to CALEA at a November hearing when asked about the FCC’s role in the national security landscape. Congress had defined “lawful intercept” in terms of CALEA before, and “things have moved on since then,” Wheeler told House lawmakers then, his most recent appearance before lawmakers.

Wheeler is likely to testify at least three times before Congress next month: at a March 2 Senate Commerce Committee oversight hearing and hearings before the House Communications Subcommittee and the House Appropriations Financial Services Subcommittee.

“Lawmakers will probably have questions for both the FCC and the Department of Justice,” Subsentio General Counsel Joel Margolis told us. Subsentio is a third-party firm that helps telecom companies comply with CALEA. He referred to the ongoing push from the FBI for overhauling parts of CALEA and suspects the FCC will be “careful to let the FBI take the lead” in terms of law enforcement needs, as a courtesy to those other government players.

Members of Congress will likely press Wheeler on encryption and its impact on CALEA “because this collision of the public’s need for privacy and the public’s need for security from terrorists and crime is a central question of this era,” said Venable telecom attorney Jamie Barnett, a former FCC Public Safety Bureau chief. “The FCC’s role in CALEA has always been adjudicatory and appellate in nature. There is a statutory and fairly cumbersome process for resolving disputes between carriers and law enforcement. But beyond the statutory role, the FCC is the nation’s expert agency in communications, and it should be part of the dialogue and the solution.” Apple is a Venable client.

“You have to separate out device encryption from communications encryption,” Venable’s Ari Schwartz told us. “They can’t come at it through CALEA if they have the actual device.” Schwartz, who served as White House National Security Council senior director-cybersecurity until the end of September, sees the current dialogue as more about device encryption and so “CALEA’s less at play” at the moment. But he said he could see that changing as the year develops.

Fallout From San Bernardino

The encryption debate exploded last week when the Central District of California court ordered Apple to help the FBI by building software to crack an encrypted iPhone belonging to a San Bernardino attacker, spurring Apple’s defiance and discussion among presidential candidates and in prominent statements from trade groups and editorial boards (see 1602180049). GOP presidential front-runner Donald Trump called Friday for a boycott of Apple products until the company complies. Debate will continue in a House Judiciary encryption hearing scheduled for March 1. “The government’s demand on Apple would coerce a private U.S. company to hack its own device, threatening the trust of millions of customers and placing our technology industry at a significant disadvantage abroad,” said senior House Judiciary Democrats including ranking member John Conyers, D-Mich., worried that “the heartbreaking event in San Bernardino is being exploited to undertake an end-run around the legislative process.” House Commerce Committee leaders sent a letter to the FBI's Comey and another to Apple CEO Tim Cook asking them to testify before an Oversight Subcommittee hearing on these issues.

“What we would like is a world where people are able to comply with court orders,” Comey at a Feb. 9 hearing told Senate Intelligence Committee Chairman Richard Burr, R-N.C., who has talked about putting together encryption legislation this year with ranking Democrat Dianne Feinstein of California (see 1512090062). Comey is testifying again 2 p.m. Thursday before the Appropriations Commerce, Justice and Science Subcommittee on the FBI budget proposal.

Government officials relied on an older law known as the All Writs Act when pressuring Apple. But CALEA was a prominent part of October court discussion on the same topic, with Apple pressing for congressional review. “CALEA is where Congress has been debating making amendments or amending the statute to encompass a wider variety of services and a wider variety of providers, and that's the debate that Congress needs to have,” attorney Marc Zwillinger argued on Oct. 26 on behalf of Apple in the Eastern District of New York court in Brooklyn. “What's going on here is this is not a gap in the law that the All Writs Act would fill in. This is pushing the law to a new frontier and if the government wants these types of authorities to require providers to provide forensic services to the government, I think the place to go is Congress. … If we give the government the power they're asking [for] under the All Writs Act, we circumvent that entire debate.”

The federal government disagrees. Saritha Komatireddy, arguing for the government in October in Brooklyn, countered: “CALEA doesn't even come close to addressing the issue we have here.” DOJ defended the authority of the All Writs Act in Friday’s filing against Apple and slammed any hearkening to CALEA: “Put simply, CALEA is entirely inapplicable to the present dispute and does not limit this Court’s authority under the All Writs Act to require Apple to assist the government in executing a search warrant.” DOJ argued the case involved data at rest rather than in transit, an important distinction in CALEA applicability.

Role for the FCC

The FCC is an “important player” in any CALEA overhaul, Subsentio’s Margolis said. “Who knows the industry best? That’s where the FCC could come in.” He lauded the technical expertise the FCC could help provide and said that, while not privy to the interagency processes possibly underway now, he would not be surprised if the FCC were at the table in discussions of what any CALEA updates should be. “The jurisdiction of CALEA goes only so far,” he remarked, considering possible changes. An overhaul would potentially expand the jurisdiction to handset manufacturers and could “rope in social network operators” such as Facebook, LinkedIn and Twitter, too, “once the ball starts rolling,” he said. Margolis predicted that any move to expand CALEA’s jurisdiction would prompt “howls of protest from industry and the privacy community” but sees some possible necessity for an update: “Congress, I think, is going to have to deal with this issue, one way or another.”

The FCC could take some CALEA actions “on its own,” argued TechFreedom President Berin Szoka. “All it takes is a single declaratory order.” Congress would have to change the provisions involving access to data at rest but the agency could take action on what providers are covered in terms of data in transit, he told us, expecting the issue to potentially come up before Wheeler on the Hill. “The people who really are most likely to ask this question are Dianne Feinstein and Richard Burr,” but they have “friends” on other committees, he said. The right tweak to CALEA’s jurisdiction could encompass such apps as WhatsApp and FaceTime, he pointed out. He sees the court fights continuing up through the Supreme Court, potentially: “The battle is not over.”

Sen. John McCain, R-Ariz., also took interest and cited CALEA as a model. “Congress should consider legislation that would require U.S. telecommunications companies to adopt technological alternatives that allow them to comply with lawful requests for access to content, but that would not prescribe what those systems should look like,” McCain, chairman of the Armed Services Committee, argued in a Feb. 5 Bloomberg View opinion article. “Such a proposal would be similar to legislation enacted in the 1990s that ensured law enforcement agencies are able to lawfully wiretap without mandating how those systems ought to be designed.” McCain “continues to consider all options” and is working with other senators and committees “to address the increasing use of encrypted technologies by America’s adversaries, which put vital information outside the reach of law enforcement and threaten our national security,” a Republican Senate staffer told us Friday.

Margolis was unsure of the Hill’s overall appetite for such an overhaul, between the presidential election year and congressional gridlock on certain major issues. He pointed out that lawmakers of both parties were especially amenable to government requests on such issues in 2011, but acknowledged that the bigger debates surrounding NSA surveillance may have shifted the paradigm since 2013. “The mood did change significantly,” Margolis told us of the shift following the revelations by former NSA contractor Edward Snowden. He said that some privacy advocates seemed to view NSA surveillance and local law enforcement’s push for access as one and the same: “The whole government was stained.”

“After San Bernardino, the Congress will hotly focus on the encryption versus law enforcement dilemma, but I do not think that we will see legislation pass and be signed into law during this election year,” Venable’s Barnett said.

“The jurisdiction issue there is interesting,” Schwartz noted of the Hill dynamics at play. The Intelligence committees seem to have dug in on the encryption issues but the Judiciary committees typically take the lead on issues of CALEA, he remarked, acknowledging that Commerce lawmakers could also exert their influence in the course of FCC oversight hearings. He worries about international precedent that could follow from the current encryption case in San Bernardino. “It’s one thing to say what happens in this case,” he said of any software that Apple is ordered to create. “But once the software is created, what do you say to China in that case? What do you say to Russia?” Sen. Ron Wyden, D-Ore., a privacy advocate on the Intelligence Committee, argued the same point: "If the FBI can force Apple to build a key, you can be sure authoritarian regimes like China and Russia will turn around and force Apple to hand it over to them," he said Friday in a Medium blog post. "They will use that key to oppress their own people and steal U.S. trade secrets."