This CRS report is further evidence of Congress’s expectation that the government will fail in its bid to compel Apple to “jailbreak” the iPhone recovered at the scene of December’s San Bernardino massacres and believed to belong to one of the alleged gunmen, Syed Rizwan Farook.

The need for legislation to resolve the “going dark” vs. “backdoors” dispute between the Federal Government and the tech industry was on full display during The Encryption Tightrope: Balancing Americans’ Security and Privacy, the nearly six hour House Judiciary Committee hearing held last week. The CRS report is dated March 3, 2016, two days after that hearing.

“Renewed” fears of the dark

The Report cites as its impetus the ongoing conflict between the federal law enforcement community’s desire for tech companies to install “backdoors” in their products and services that encrypt (or enable users to encrypt) data and the tech community that asserts backdoors are not possible without severely compromising security. The Report cites “renewed fears among government officials that technology is thwarting law enforcement access to vital data,” arising from Apple, Google, and Facebook’s default encryption of their devices and communication platforms (“going dark,” in government parlance).

The Report analyzes “two discrete and narrow legal questions” arising from government attempts to access data stored on a smartphone: one pertaining to compelling individuals to permit government access, and the other pertaining to compelling companies to assist the government in gaining access. It is the latter of these two issues that is the subject of the pending government actions against Apple to compel it to “jailbreak” the iPhone of one of Farook.

Whether the Fifth Amendment right against self-incrimination would bar a request to compel a user to either provide his password or decrypt the data contained in a device pursuant to valid legal process; and

Whether the All Writs Act (“a federal statute that provides federal courts with residual authority to enforce its orders”) can be interpreted broadly enough to cover compelled assistance by the device and software manufacturer in unlocking a device.

Compelled assistance and the All Writs Act

The law under which the government is attempting to compel Apple to jailbreak the iPhone is the All Writs Act. The Report states the legal question presented by such requests is.

Whether the All Writs Act can be interpreted broadly enough to require Apple to help the government in accessing the data on the device against Apple’s wishes.

“The answer will likely depend on whether this mandate would pose an ‘unreasonable burden’ on Apple and whether it is consistent with the intent of Congress,” the Report states, before going into an extensive discussion of the All Writs Act and the relevant cases decided under that Act.

Conscripted jailbreaking and reputational harm

Included in the Report’s analysis is last month’s highly publicized case in which “Magistrate Judge James Orenstein of the Eastern District of New York (EDNY) assessed whether the All Writs Act could support the government’s request for assistance in unlocking an iPhone 5c running an earlier version of iOS.149. On February 29, 2016, the court issued its ruling, holding that the government’s request exceeded the court’s authority to compel Apple’s assistance against its wishes.”

The Report goes on to explain the test used in that case, and went to great lengths to point out that,

“Perhaps the most important determination by Judge Orenstein was that a reviewing court could take into consideration not only the financial burden of complying with the specific request at hand, but also ‘more general considerations about reputations or the ramifications of compliance.’”

This highlight, in obvious reference to Apple’s assertions that its reputation for security will be hurt if it complies with the order and that reputational harm should be weighed in considering the “reasonableness” of the order.

Constitutional claims not analyzed in the Report

Apple has raised First Amendment and substantive due process claims in its Motion to Vacate the order compelling it to assist in the search of the shooter’s iPhone and in opposition to the government’s motion to compel.

Apple’s Constitutional arguments were specifically stated to be beyond the scope of the Report, even though those claims could, if valid, “restrict Congress’s ability to enact legislation,” the Report admits.

Potential congressional responses

Finally, the Report discusses six potential congressional responses to “technology companies moving toward more, not less, encryption for data transiting and stored on their devices.” Congress could:

mandate tech companies to build in a “backdoor” to be able to access data locked on their devices;

enact legislation instituting a criminal penalty for failure to decrypt;

enact data retention laws requiring companies to retain certain categories of data for specified time period;

prohibit encryption mandates, that is, prohibiting “any mandate on technology companies to be able to decrypt data on their devices,” similar to currently-pending legislation, and containing exceptions for law enforcement mandates;

enact legislation creating a National Encryption Panel that would advise Congress; and/or

improve law enforcement’s capabilities to investigate “despite encryption”.

“Secretive” CRS reports

CRS is a legislative branch agency within the Library of Congress that “works exclusively for the United States Congress, providing policy and legal analysis to committees and Members of both the House and Senate, regardless of party affiliation.” “Exclusively for” is de facto exclusive of the public, to the point the Washington Post dubbed the CRS as “secretive” and highlighted in another report CRS’s policy of keeping its reports confidential unless they are released by individual congressmen. CRS has existed for over a century. FAS, the nonprofit think tank that announced the release of this Report, has (exposing) government secrecy as one of its charter causes.

©2016. Lisa M. Brownlee. All Rights Reserved.

Lisa M. Brownlee is an independent legal scholar and author for Thomson Reuters. She also writes for RSA.