In 2013, the FBI tried to change a law called CALEA.
The Communications Assistance for Law Enforcement Act was passed in 1994. It required telecom companies to build so-called "backdoors" into their systems so that police could more easily conduct surveillance on targets' phones in real time.
But nearly two decades later, the FBI argued that CALEA was outdated. Though the act had been expanded in 2006 to cover some VoIP services and broadband internet, the FBI said it was no longer powerful enough. Times had changed, and the agency wanted CALEA to change, too. Specifically, the FBI wanted communications that went across the internet: instant messages, video chats, emails, and the like, many of which were encrypted and otherwise inaccessible to police, they argued.
It was around this time that the FBI also began reusing the argument that it first used to support the passing of CALEA, that once-accessible sources of evidence and intelligence were "going dark."
Ultimately, the updated bill was never introduced, but the FBI remained undeterred. When the agency ordered Apple to build a backdoor into an iPhone that belonged to one of the attackers in December's San Bernardino shooting, the case was portrayed by the FBI as being about just one phone. But not only does this case have implications for all phones, it is also a continuation of both the FBI's efforts to redefine CALEA and the extent of the agency's lawful surveillance powers.
When politicians talk about legislating encryption, what they're really talking about is lawful surveillance, the catch-all term for the legally sanctioned ways in which police can obtain information.
"On some level, that's what it's all about. Whether someone brands a bill, whether someone goes on the Hill and circulates a draft bill that they call CALEA 3.0 or whatever, ultimately this fight and other fights are all about what degree of technical assistance these companies have to provide, and that's really what CALEA is about," said Alan Butler, senior counsel at the Electronic Privacy Information Center (EPIC).
What many Americans likely don't realize is that, as a condition of licensing wireless spectrum, telecom companies such as Verizon or AT&T must build interception capabilities into their systems. This is the basis of CALEA, from which Silicon Valley service providers such as Apple, Facebook, and Google have long been exempt. In 2013, however, the FBI made the argument that the communication services tech companies offered were no different than the ones traditional carriers offered, and thus should be subject to similar wiretapping law.
It was an expanded CALEA that, if successful, would have required everything from FaceTime to Facebook Messenger to have lawful interception capabilities—a backdoor—and would have compelled the companies behind these services to provide law enforcement the technical assistance necessary to bypass encryption when required.
"All of those are things that the FBI and DOJ have tried to put back on the table multiple times over the past five years in these debates," Butler said. Now, the FBI is trying to get its way through the court system, he said, "because they realize that they can't get it done through Congress."
Another reason to update CALEA, or introduce legislation that supersedes it, is that CALEA actually explicitly protects Apple and other companies from doing what the FBI wants it to do. In its motion to vacate brief, Apple argued that the government could not fall back on an earlier law when there is already a law—CALEA—that determines whether police can gain access to Apple's data, and compel it to provide assistance.
"Contrary to the government's contention that CALEA is inapplicable to this dispute, Congress declared via CALEA that the government cannot dictate to providers of electronic communications services or manufacturers of telecommunications equipment any specific equipment design or software configuration," the motion reads. In other words, there is actually legislation that prevents the government from asking for the inclusion of backdoors that can be used to bypass encryption.
At the same time, "CALEA did not prohibit a carrier from deploying an encryption service for which it did not retain the ability to decrypt communications for law enforcement access, period," wrote Albert Gidari, director of privacy at Stanford Law School's Center for Internet and Society, in an analysis of the case. Just as the government can't ask for a backdoor, it can't prevent a company from employing strong user protections either—the type of protections, say, that even Apple can't break.
"Here again," Gidari continued, "CALEA recognized that some evidence that may be necessary to an investigation will not be available to the government because it is encrypted and the provider lacks the key to access it."
If at first you don't succeed…
Ironically, by taking Apple to court, the FBI may get Congress to do what the agency wanted done all along whether it wins or not. Even before the Apple and FBI case went to court, senators Dianne Feinstein and Richard Burr, both senior members of the Senate Intelligence Committee, announced their intent to introduce legislation that would govern how encryption is designed and deployed**.** Senator John McCain has also supported such legislation. The FBI's case against Apple has only further justified these calls, and if passed, it would likely contain decryption requirements similar to what the FBI has previously sought.
Butler suggested that the FBI could be playing a "long game" whereby taking Apple to court could provide "additional leverage" should CALEA, or something like it, end up before Congress again. And yet, if the FBI couldn't convince congress to go for backdoors in encryption before, let alone an expansion in CALEA's powers, both Butler and Gidari are skeptical the agency could do so now, even with the added weight of San Bernardino and the Apple debate.
Even Senator Mike McCaul, who is planning to introduce a bill asking for the formation of a committee to study the impact of encryption on law enforcement, is skeptical. "Amending CALEA is not going to solve the problem, and more than half these companies are overseas anyway," McCaul told InsideSources last week. "That punitive measure against industry—I'm not sure that's going to be the right answer, and it will hurt our economy and our international business."
Rather, McCaul wants to bring government and industry together to "find a solution to this very great problem," a move that Apple supports.
Whatever the case may be, it's clear that the FBI has wanted to update CALEA for some time, and its fight with Apple will likely only embolden its case. Whether the end result is an update to CALEA, or some entirely new law, the outcome is still the same: an expansion of police powers to include access to data which they did not have before.