As this ZDNet article notes, some of the Snowden disclosures revealed that NSA had asked for the source code of various tech companies (though it links to a Jake Appelbaum article that I believe to be sourced to someone else). What is new in its report of US government demands for source code, however, is how the government is getting it: through secret civil or FISA orders.
The government has demanded source code in civil cases filed under seal but also by seeking clandestine rulings authorized under the secretive Foreign Intelligence Surveillance Act (FISA), a person with direct knowledge of these demands told ZDNet. We’re not naming the person as they relayed information that is likely classified.
With these hearings held in secret and away from the public gaze, the person said that the tech companies hit by these demands are losing “most of the time.”
When asked, a spokesperson for the Justice Dept. acknowledged that the department has demanded source code and private encryption keys before.
That is, at a time when we condemn public Chinese demands to be able to review source code of companies doing business in China, the US has been doing the same thing, albeit without the reputational hit of doing so publicly.
All of which makes the point I made here — that the government is fairly explicitly threatening to demand source code from Apple — all the more significant, in part for an issue I’ve been meaning to return to.
Contrary to popular belief, the FISA Court does not operate in complete isolation from traditional courts. On several known issues — notably, the access to location data and the collection of Post Cut Through Direct Dial numbers — FISC has taken notice of public magistrate’s opinions and used that to inform, though not necessary dictate, FISC practice. As I have noted, at least until 2014, the FISC used the highest common denominator from criminal case law with respect to location data, meaning it requires the equivalent of a probable cause warrant for prospective (though not historic) data. And FISC first seemed to start tracking such orders during the magistrate’s revolt of 2005-6. That’s an area where FISC seems to have followed criminal case law. By contrast, FISC permits the government to collect, then minimize, PCTDD, though it appears to have revisited whether the government’s current minimization procedures meet the law, the most recent known moment of which was 2009.
In other words, this Apple fight (as well as magistrate James Orenstein’s order) may affect what FISC will approve — or has already approved in secret — for other tech companies (or even for Apple), something the tech companies that submitted amicus briefs likely know. That makes FBI’s decision to hold this fight in public, which Apple preferred not to do, all the more significant. Because if Apple prevails, it will make it a lot harder to secretly jurisdiction shop anywhere in the US, whether in a secret magistrate’s proceeding or an even more secret FISC one.