Apple could be held liable for supporting terrorism with strong iOS encryption, experts theorize
A legal blog caused a bit of a stir on Thursday when it proposed Apple, along with other tech companies fielding communications services protected by strong encryption methods, might be held liable of providing material support to a suspected terrorist.
In the second installment of a thought piece about end-to-end encryption and its effect on national security, Lawfare editor-in-chief Benjamin Wittes and co-author Zoe Bedell hypothesize a situation in which Apple is called upon to provide decrypted communications data as part of a legal law enforcement process.
Since Apple does not, and on devices running iOS 8 cannot, readily hand over decrypted user data, a terrorist might leverage the company's messaging products to hide their agenda from government security agencies. And to deadly effect.
As The Intercept reported, the hypotheticals just made the ongoing government surveillance versus consumer protection battle "uglier."
Wittes and Bedell lay out a worst case scenario in which an American operative is recruited by ISIS via Twitter, then switches communication methods to Apple's encrypted platform. The person might already be subject to constant monitoring from the FBI, for example, but would "go dark" once they committed to iOS. Certain information slips through, like location information and metadata, but surveillance is blind for all intents and purposes, the authors propose. The asset is subsequently activated and Americans die.
Under the civil remedies provision of the Antiterrorism Act (18 U.S. Code ?2333), victims of international terrorism can sue, Lawfare explains, adding that an act violating criminal law is required to meet section definitions. Courts have found material support crimes satisfy this criteria. Because Apple was previously warned of potential threats to national security, specifically the danger of loss of life, it could be found to have provided material support to the theoretical terrorist.
The authors point out that Apple would most likely be open liability under ?2333 for violating 18 USC ?2339A, which makes it a crime to "provide[] material support or resources ... knowing or intending that they are to be used in preparation for, or in carrying out" a terrorist attack or other listed criminal activity. Communications equipment is specifically mentioned in the statute.
Ultimately, it falls to the court to decide liability, willing or otherwise. Wittes and Bedell compare Apple's theoretical contribution to that of Arab Bank's monetary support of Hamas, a known terrorist organization. The judge in that case moved the question of criminality to Hamas, the group receiving assistance, not Arab Bank.
"The question for the jury was thus whether the bank was secondarily, rather than primarily, liable for the injuries," Wittes and Bedell write. "The issue was not whether Arab Bank was trying to intimidate civilians or threaten governments. It was whether Hamas was trying to do this, and whether Arab Bank was knowingly helping Hamas."
The post goes on to detail court precedent relating to Apple's hypothetical case, as well as legal definitions of what constitutes criminal activity in such matters. Wittes and Bedell conclude, after a comprehensive rundown of possible defense scenarios, that Apple might, in some cases, be found in violation of the criminal prohibition against providing material support to a terrorist. They fall short of offering a viable solution to the potential problem. It's also important to note that other companies, like Google and Android device makers, proffer similar safeguards and would likely be subject to the same theoretical -- and arguably extreme -- interpretations of national policy described above.
Apple has been an outspoken proponent of customer data privacy, openly touting strong iOS encryption and a general reluctance to handover information unless served with a warrant. The tack landed the company in the crosshairs of law enforcement agencies wanting open access to data deemed vital to criminal investigations.
In May, Apple was one of more than 140 signatories of a letter asking President Barack Obama to reject any proposals that would colorably change current policies relating to the protection of user data. For example, certain agencies want Apple and others to build software backdoors into their encrypted platforms, a move that would make an otherwise secure system inherently unsafe.
In the second installment of a thought piece about end-to-end encryption and its effect on national security, Lawfare editor-in-chief Benjamin Wittes and co-author Zoe Bedell hypothesize a situation in which Apple is called upon to provide decrypted communications data as part of a legal law enforcement process.
Since Apple does not, and on devices running iOS 8 cannot, readily hand over decrypted user data, a terrorist might leverage the company's messaging products to hide their agenda from government security agencies. And to deadly effect.
As The Intercept reported, the hypotheticals just made the ongoing government surveillance versus consumer protection battle "uglier."
Wittes and Bedell lay out a worst case scenario in which an American operative is recruited by ISIS via Twitter, then switches communication methods to Apple's encrypted platform. The person might already be subject to constant monitoring from the FBI, for example, but would "go dark" once they committed to iOS. Certain information slips through, like location information and metadata, but surveillance is blind for all intents and purposes, the authors propose. The asset is subsequently activated and Americans die.
Under the civil remedies provision of the Antiterrorism Act (18 U.S. Code ?2333), victims of international terrorism can sue, Lawfare explains, adding that an act violating criminal law is required to meet section definitions. Courts have found material support crimes satisfy this criteria. Because Apple was previously warned of potential threats to national security, specifically the danger of loss of life, it could be found to have provided material support to the theoretical terrorist.
The authors point out that Apple would most likely be open liability under ?2333 for violating 18 USC ?2339A, which makes it a crime to "provide[] material support or resources ... knowing or intending that they are to be used in preparation for, or in carrying out" a terrorist attack or other listed criminal activity. Communications equipment is specifically mentioned in the statute.
Ultimately, it falls to the court to decide liability, willing or otherwise. Wittes and Bedell compare Apple's theoretical contribution to that of Arab Bank's monetary support of Hamas, a known terrorist organization. The judge in that case moved the question of criminality to Hamas, the group receiving assistance, not Arab Bank.
"The question for the jury was thus whether the bank was secondarily, rather than primarily, liable for the injuries," Wittes and Bedell write. "The issue was not whether Arab Bank was trying to intimidate civilians or threaten governments. It was whether Hamas was trying to do this, and whether Arab Bank was knowingly helping Hamas."
The post goes on to detail court precedent relating to Apple's hypothetical case, as well as legal definitions of what constitutes criminal activity in such matters. Wittes and Bedell conclude, after a comprehensive rundown of possible defense scenarios, that Apple might, in some cases, be found in violation of the criminal prohibition against providing material support to a terrorist. They fall short of offering a viable solution to the potential problem. It's also important to note that other companies, like Google and Android device makers, proffer similar safeguards and would likely be subject to the same theoretical -- and arguably extreme -- interpretations of national policy described above.
Apple has been an outspoken proponent of customer data privacy, openly touting strong iOS encryption and a general reluctance to handover information unless served with a warrant. The tack landed the company in the crosshairs of law enforcement agencies wanting open access to data deemed vital to criminal investigations.
In May, Apple was one of more than 140 signatories of a letter asking President Barack Obama to reject any proposals that would colorably change current policies relating to the protection of user data. For example, certain agencies want Apple and others to build software backdoors into their encrypted platforms, a move that would make an otherwise secure system inherently unsafe.
Comments
Idiots and ambulance chasers.
They should both be charged with treason along with aiding and abetting the enemy for proposing and detailing the process.
Impenetrable physical locks and safes could be a problem for manufacturers too. There needs to be limits on invading privacy. Soon, the Thought Police will require people to have mind reading brain implants.
Oh good grief.
Is Chevron liable for supporting terrorism because the Boston Marathon bombers filled up their tank at their station beforehand? Is Avis liable because they rented a truck to the 1993 World Trade Center Bomber? Is Home Depot liable because they sold fertilizer to Tim McVeigh? Are American and United Airlines liable because they sold tickets to the 9/11 terrorists?
Companies that rent trucks or sell gas, fertilizer, and airline tickets are liable now, because those products can be used for terrorism, just like Apple's messaging encryption?
What a total crock...
This X 1000. The standard isn't that you can be liable for making a product that COULD be used in the furtherance of terrorism. To prove Apple was liable, it would have to be shown that they INTENDED their products to be used for terrorism. Since their products have myriad other lawful uses for hundreds of millions of people, this is basically impossible to show unless an Apple executive openly admits it.
Apple would no more be liable than if you sold your car to someone and then that person later used the car to commit a crime. Shoddy legal minds coming up with this garbage.
Not to mention, several former national security officials are saying this:
https://www.washingtonpost.com/opinions/the-need-for-ubiquitous-data-encryption/2015/07/28/3d145952-324e-11e5-8353-1215475949f4_story.html
At some point I'm hoping the stupid reaches critical mass and implodes.
Critical masses explode. But I second the basic concept.
Hey, just by walking around I'm providing ISIS the opportunity to kill someone. Should I be held liable for that?
This is getting ridiculous.
This is a blog looking for page hits. It has no credibility at all in terms of predicting government actions.
At some point I'm hoping the stupid reaches critical mass and implodes.
Critical masses explode. But I second the basic concept.
https://en.wikipedia.org/wiki/Critical_mass
As proven by the recent hacks into United Airlines, our safety is actually better served by enhancing our security and encryption, not restricting it.