[Cryptography] The All Writs Act

Allen allenpmd at gmail.com
Sat Feb 20 11:35:52 EST 2016


The DOJ wrote a pretty good motion to compel:

http://www.nytimes.com/interactive/2016/02/19/business/document-motion-to-compel-apple-compliance.html

As pointed out by Ars Technica, in other cases, the All Writs Act has been
used to force parties to provide access to facilities they controlled, for
example, the phone company has been ordered to provide access to the
switches it owns and controls:

http://arstechnica.com/tech-policy/2016/02/how-apple-will-fight-the-doj-in-iphone-backdoor-crypto-case/

The difference in this case is that Apple does not own or control the
subject iPhone.  As pointed out by the DOJ though, Apple does own the
software running on the phone (it is copyright Apple and licensed, not
sold) and controls the software the phone runs by requiring Apple's
cryptographic signature on any software loaded onto the phone.

So it seems to me there is a good chance the DOJ will win on this motion,
and in fact, the All Writs Act might in the future be used to force Apple,
Microsoft or any other software to root or plant spyware on a user's device
if the manufacturer retains that capability, whether it is through a
software update system or otherwise.  The only thing that would stop this
is an act of Congress forbidding the use of the All Writs Act to force the
installation of a backdoor.  That seem unlikely, so it looks like the DOJ
is about to get through the All Writs Act an ability to was not able to get
through Congressional action.

It seems to me the only way to get around this is for software manufacturer
to give up any ability to control what software the device runs, including
auto-update, or alternatively, to place control under a process that is not
susceptible to government-ordered spyware.  For example, the open source
model can be resistant, depending on how it is implemented.  Or it might be
possible to require updates to be signed by an organization that resides
entirely within a legal jurisdiction that does not allow secret
government-ordered spyware, but of course, that organization would also
need to have some way of auditing the contents of the update.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160220/1d1a2da8/attachment.html>


More information about the cryptography mailing list