This story is over 5 years old.

Judge James Orenstein Has Something to Say About the US Government's Decryption of iPhones

The encryption movement's new hero is standing up to the Justice Department's push for a backdoor to Apple's iPhone.
Photo by Karlis Dambrans

This story originally appeared on Motherboard.

Back in June of 2014, seven defendants were charged in New York with running a drug ring that distributed crystal meth and MDMA. The suspects used code words such as "pork," and "seafood" to describe different narcotics over the phone but the Drug Enforcement Administration easily nabbed them in an undercover sting.

One of the dealers, Jun Feng, was indicted on three counts of possession and distribution of meth and scheduled to go to trial in November of 2015. The government set about preparing its case, collecting evidence to supplement its undercover and surveillance work. But then — a full year after Feng and his co-conspirators were first arrested — someone decided to take a look at Feng's iPhone 5s. Except, Feng claimed he had forgotten his iPhone password.


This would be a good time, federal law enforcement figured, to test the limits of the the All Writs Act of 1789, "a residual source of authority to issue writs [court orders] that are not otherwise covered by statute." In October of 2015, prosecutors sought an order to compel Apple to bypass Feng's passcode screen.

It's not a leap to say the government wasn't after evidence. The government had been building its case for a year, and hadn't troubled themselves about the iPhone until now. On top of that, the government likely knew they were close to a plea deal. Feng would plead guilty in the same month the Department of Justice would try to compel Apple to unlock his phone. Until that moment, the iPhone — an outdated model which Magistrate Judge Orenstein says could have been hacked with a Department of Homeland Security forensic tool — had been completely unimportant to the case.

In this case — over a month before the San Bernardino shooting — the government was testing the same statute and same logic that it is now using to try to get Apple to write a backdoor for the San Bernardino shooter's iPhone.

But in the New York case, by sheer bad luck, the Department of Justice ended up in front of Magistrate Judge James Orenstein.

Orenstein is known for his part in the "magistrates' revolt," a movement across the lowest levels of the federal judiciary, where magistrate judges began to express increasing skepticism towards warrant applications for data and other electronic evidence. The case against Jun Feng, the meth dealer, was still sealed, but Orenstein released a public order inviting Apple to file a brief in the case, asking the company to explain "whether the assistance the government seeks is technically feasible and if, so, whether compliance with the proposed order would be unduly burdensome."


Orenstein was sounding the alarm. For him, this one warrant application over a low-level meth dealer's outdated iPhone was no minor matter — it was a quiet government attempt to bypass a yet-unsettled, highly acrimonious public debate over whether tech companies should design their products to enable government surveillance. Small wonder then, that on Monday, Orenstein finally denied the government's motion in a blistering 50-page slap to the face.

While Orenstein's decision can't bind another magistrate judge all the way out in California, Magistrate Judge Sheri Pym will certainly be reading the decision before she makes up her own mind. Indeed, Orenstein has released his opinion right in time for the writers of amicus briefs (which due the end of the week) to quote from his ruling.

The opinion is a thorough and surgical takedown of the government's position on the All Writs Act, one that combs through all the relevant Supreme Court precedent, analyzes its statutory construction, and even opines on what the Founding Fathers intended. It's a written decision aimed at influencing other courts — even appeals courts.

"Magistrate judges don't write 50-page orders for all of their warrants," Andrew Crocker, staff attorney at the Electronic Frontier Foundation, told me. "This is clearly one where the judge knew there would be a lot of attention paid to it, whether that's for an appeal, or for the public, or both."


The All Writs Act: The New Frontier of the Crypto Wars
Since 2014, debate has raged over whether Apple should be allowed to provide its customers with encryption that not even the company can break, so that a search warrant would be useless. There were Senate committee hearings. There was (incredibly ill-advised) proposed state legislation. Eventually the White House "backed down" on seeking legislation that would compel decryption.

But prosecutors never quite gave up. In cases all over the country, the Department of Justice has been testing out the All Writs Act to force Apple to assist them with various iPhones.

The All Writs Act is a 1789 "gap-filling" statute that authorizes federal courts to issue miscellaneous insignificant orders that aren't explicitly addressed by other statutes. It fills the little "gaps" that Congress never specifically addresses, so the courts can run smoothly.

As I wrote in October:

"If the All Writs Act seems like a ridiculous hack that renders the entire complicated system of warrants, subpoenas, and other kinds of court orders for various searches and seizures invalid — don't worry, it's not and it doesn't. The government can't go to court and mumble 'All Writs Act' to get whatever it wants. The Supreme Court has said, 'Where a statute specifically addresses the particular issue at hand, it is that authority, and not the All Writs Act that is controlling.' On top of that, the All Writs Act can't be used if the order would be too burdensome."


It was obvious the DOJ's attorneys weren't going to make much headway with Orenstein. They moved on. A little bit later, they found their perfect test case: an iPhone belonging to an ISIS supporter who had committed a mass shooting on US soil. The magistrate judge in California granted their request for an order to compel Apple to assist in executing their search warrant. In other words, Apple had to build the government a backdoor.

Apple is now fighting back — and it's fighting hard. And it's not just a matter of hiring top gun attorneys, Apple is also fighting a PR war against the United States government. The government would like nothing more than to have their case perceived as necessary to fight the war on terror. Meanwhile, Apple has hired Theodore Olson, a former US Solicitor General whose wife died in the September 11 attacks, to speak for them in court. It's not easy to look good when you're being criticized by victims of a terror attack, but the company is still managing, with the American public tending slightly to side with Apple in several opinion polls.

It seems that even before the order came down, Apple knew what was going to happen. On February 12, four days before the California order was issued, Apple sent a letter to Magistrate Judge Orenstein, asking him to rule in the New York case.

The meth dealer had since pled guilty, and even though the government was still pursuing the court order, it was not exactly a priority anymore. But Apple wanted a ruling from Orenstein, fast. In its letter, Apple alluded to "additional requests similar to the one underlying the case before this Court" and said that the company had "been advised that the government intends to continue to invoke the All Writs Act in this and other districts."


Related: Why the FBI's Order to Apple Is So Technically Clever

Orenstein replied on February 16, asking Apple to list the specific cases it was hinting at. Before they could reply, Orenstein had already had his answer: that very day, the California ruling came down, compelling Apple to build a backdoor in order to hack the dead San Bernardino shooter's iPhone.

There are, of course, multiple cases involving iPhones and the All Writs Act across the country. (In its reply to Orenstein, Apple identified nine.) But the San Bernardino case has the country's attention, as well as Orenstein's, and it is the one that Apple is throwing all of its weight behind.

On Thursday, Apple filed a motion to vacate the California magistrate judge's initial ruling. It is no coincidence that Orenstein's decision came down the following Monday, inserting himself neatly into a debate around a case on the opposite side of the country.

His actions back in October were the judicial equivalent of shooting off a flare gun, aimed at grabbing the attention of his fellow magistrate judges. But as Apple fights the San Bernardino ruling, the magistrate judge is now lighting up a signal fire.

Preempted by CALEA
Both the Apple brief in the California case and Orenstein's ruling have adopted the argument that because the Communications Assistance for Law Enforcement Act (CALEA) does not authorize law enforcement to get the kind of order it is seeking in the iPhone cases, the All Writs Act doesn't, either.


CALEA forced telephone companies to design their networks to better enable wiretapping by law enforcement. However, the law distinguished "information service providers" from "telecommunications carriers," and declined to compel information service providers in a similar fashion. Apple claims it's an "information service provider" under CALEA. But even if it were a "telecommunications provider," CALEA explicitly says that the government can't force telecommunications providers to decrypt "or ensur[e] the government's ability to decrypt" communications.

While the All Writs Act gives courts a broad and flexible authority over things that aren't explicitly covered by statute, "where a statute specifically addresses the particular issue at hand" the statute is controlling. In other words, when Congress passed CALEA, it declined to compel information service providers to build backdoors. The All Writs Act, Orenstein wrote in his opinion, "cannot be a means for the executive branch to achieve a legislative goal that Congress has considered and rejected."

Bizarrely, in many accounts of the Crypto Wars of the 1990s, where the government repeatedly tried to limit public access to encryption and privacy technologies despite popular outcry, CALEA counts as a defeat for privacy advocates. It was, after all, an affirmative mandate to make wiretapping easier. But the legislative compromises built into the final version of CALEA — language like "Nothing in the bill is intended to limit or otherwise prevent the use of any type of encryption within the United States" — are now working in Apple's favor.


What the Founding Fathers Had to Say About the Crypto Wars
The All Writs Act was passed during the First Congress, which included many of the drafters of the Constitution. None of them gave much thought to how the All Writs Act applies to compelled assistance in bypassing the security of iPhones. But Orenstein wrote in his opinion that whatever the Founders thought, it couldn't possibly be what the government was advocating in the New York case, where they took a position more or less the same as the one they're taking in the San Bernardino case. Orenstein concluded that the government's reading of the 1789 statute would call into the question the constitutionality of the All Writs Act itself, an outcome "so doubtful as to render [the government's interpretation] impermissible as a matter of statutory construction." The All Writs Act is "a limited gap-filling statute," not "a mechanism for upending the separation of powers."

'It would betray our constitutional heritage and our people's claim to democratic governance for a judge to pretend that our Founders already had that debate, and ended it, in 1789.'

"It is wholly implausible," wrote Orenstein, "to suppose that with so many of the newly-adopted Constitution's drafters and ratifiers in the legislature, the First Congress would so thoroughly trample on that document's very first substantive mandate: 'All legislative Powers herein granted shall be vested in a Congress of the United States[.]' U.S. Const. Art. I, § 1."


Orenstein not only suggested that the government's position would "trample" on the Constitution, he also said that it "thoroughly undermines… the more general protection against tyranny" provided by the separation of powers.

But the magistrate judge wasn't yet done with his attack. He scathingly added that the government had come seeking an All Writs Act order exactly because they knew they wouldn't be able to pass the right legislation in Congress:

"It is also clear that the government has made the considered decision that it is better off securing such crypto-legislative authority from the courts (in proceedings that had always been, at the time it filed the instant Application, shielded from public scrutiny) rather than taking the chance that open legislative debate might produce a result less to its liking."

What happens next?
The San Bernardino iPhone case is due for a hearing on March 22. In the meantime, both sides are launching all kinds of distracting spectacles. A Congressional hearing on encryption is scheduled for Tuesday; Apple has moved its product announcement to March 21, the day before the hearing.

A magistrate judge's ruling in the Eastern District of New York can't bind another magistrate judge in the Central District of California. But Magistrate Judge Sheri Pym is bound to look at the Orenstein opinion before March 22, especially since Orenstein's reasoning overlaps well with Apple's arguments in its California case. And besides, Apple (and likely many of the amici curiae) will be citing the Orenstein opinion in briefs to come.


The Orenstein decision "adds some real strength to this argument that the All Writs Act is not the right vehicle for this, even though the facts are different," Crocker told me.

If the All Writs Act isn't the right vehicle, then the natural conclusion is that the question should go before Congress. "[T]hat debate must happen today, and it must take place among legislators who are equipped to consider the technological and cultural realities of a world their predecessors could not begin to conceive," Orenstein wrote. "It would betray our constitutional heritage and our people's claim to democratic governance for a judge to pretend that our Founders already had that debate, and ended it, in 1789."

As the California court case draws public attention, the government might use this opportunity to press for a new CALEA, one that ropes in Apple and other information service providers or hardware manufacturers.

Related: The FBI Is at War With Apple Because It Couldn't Change Wiretap Law

Meanwhile, the legal battle is destined to drag out. "Though you can't be certain, I would be surprised if the California case — whatever the magistrate judge does — doesn't get appealed," said Crocker.

Whether other cases in other jurisdiction will filter up through the appellate courts is uncertain. But if these are the second Crypto Wars, then Orenstein is trying to stir up a second magistrates' revolt against the overbroad use of the All Writs Act.

Many warrant applications are silently approved while under seal and without any accompanying written explanation. If Orenstein succeeds in emboldening his fellow magistrate judges, we'll likely see many more of these cases emerge from the fog of secrecy.

Follow Sarah Jeong on Twitter: @sarahjeong

Photo via Flickr