Mon Jan 1, 0001

Encryption, “Going Dark,” and EO 12333

FBI vs. Apple (San Bernardino, 2016)

December 2, 2015: Syed Rizwan Farook and Tashfeen Malik killed 14 in San Bernardino. FBI recovered Farook’s county-issued iPhone 5C (iOS 9).

February 16, 2016: Magistrate Judge Sheri Pym (C.D. Cal.) issued order under All Writs Act (28 U.S.C. 1651) compelling Apple to build custom firmware (“GovtOS”) to disable auto-erase and brute-force delay. In re Search of an Apple iPhone, Case No. ED 15-0451M.

February 17, 2016: Apple CEO Tim Cook published open letter refusing, citing precedent of “master key” undermining security for all users.

March 28, 2016: DOJ withdrew motion — third party demonstrated unlock method. Washington Post (April 2021): identified Azimuth Security (Australian firm). FBI paid ~$1.3 million.

Legislative Attempts to Mandate Backdoors

EARN IT Act

S. 3398 (116th Congress, introduced March 5, 2020). Reintroduced as S. 3538 (117th Congress, February 2022). Would create commission for platform “best practices”; non-compliance strips Section 230 immunity. Critics: effectively penalizes E2E encryption. Did not pass.

LAED Act (Lawful Access to Encrypted Data Act)

S. 4051 (116th Congress, introduced June 23, 2020). Sponsors: Graham, Blackburn, Cotton. Would require providers to assist law enforcement in accessing encrypted data per court order. Did not advance out of committee.

Australia Assistance and Access Act (2018)

Passed December 6, 2018. Authorizes Technical Assistance Notices (compulsory) and Technical Capability Notices requiring companies to build new interception capabilities.

UK Online Safety Act (2023)

Royal Assent October 26, 2023. Section 122 empowers Ofcom to require platforms to use “accredited technology” to detect illegal content, including in E2E encrypted messages.

Executive Order 12333

Signed by Reagan, December 4, 1981 (46 FR 59941). Amended by EO 13284 (2003), EO 13355 (2004), EO 13470 (Bush, July 30, 2008).

Primary authority for NSA intelligence collection OUTSIDE US borders against foreign targets. Unlike FISA/Section 702: NO judicial approval from FISC required.

American communications swept up “incidentally” when one end is foreign. Former NSA official John Napier Tye (Washington Post, July 18, 2014): volume of US person data collected under 12333 “dwarfs” that collected under Section 702.

PCLOB published Section 702 report (July 2, 2014), announced intent to review 12333 (2014-2015). Comprehensive public report not completed. Senator Wyden: 12333 collection is a “backdoor search loophole” (Senate Intelligence Committee hearings, 2013-2017).

Sources

  • Court filing: C.D. Cal. ED 15-0451M
  • Apple open letter (February 17, 2016)
  • Congressional bill texts via Congress.gov
  • Federal Register (46 FR 59941; 73 FR 45325)
  • PCLOB reports
  • Washington Post (Tye, July 18, 2014; Nakashima, April 2021)