Backdoors: National Security versus the Fourth Amendment

As citizens of the United States, we rely on our nation’s foundation of rights as defined by the Constitution. These fundamental rights are guaranteed us, and these rights are protected and enforced by our Government – but what happens when it is the Government that is testing the boundaries of one of those rights, namely, the Fourth Amendment and the right to protection from unreasonable searches and seizures?[1]

To search or seize a person or their property, officers must obtain a warrant which can only be obtained on probable cause, by an independent and unbiased magistrate or judge, and must clearly state what or who will be seized.[2] Probable cause is defined as belief or knowledge from a reasonable person that an offense or crime was committed or will be committed, and that the search itself will produce useful evidence related to that crime.[3] The search warrant must clearly state the breadth, or scope, of the search, and the particularity, or specific items, that will be confiscated.[4] The intent behind these strict  requirements was to limit the ability of agents from seeking broad, undefined warrants and infringing on that Fourth Amendment right. While it is understandable that police officers need to search people and their property in the pursuit of safety and general welfare, that need cannot overtly overpower the need to privacy and the Constitutional right to be safe and secure in one’s person and home.

There are exceptions to the search warrant requirements, especially when there are questions of public safety or national security.  If an item is found during a search that was not originally included in the purview of the warrant, it can be kept by the police if it is deemed to be an “instrumentality of crime,” and assists with the investigation for that specific crime.[5] The passing of the Foreign Intelligence Surveillance Act (FISA) and the court system that came with it established a way for the Government to access information deemed to be necessary for national security without meeting the standard warrant requirements.[6] The court system established to manage these issues, within FISA, grants requests from the FBI to monitor and electronically survey phones and fax lines of individuals if they have probable cause.[7] This Act created a way for the Government to create an exception to the Fourth Amendment using the newly coined “foreign intelligence exception.”[8]

In the recent case of Apple v. FBI, we potentially face a new kind of exception to the Fourth Amendment’s protection from unreasonable search and seizure.[9] The Government is trying to access information stored electronically on a cell phone, but the technology does not currently exist that would allow them to access the information without a passcode. So, the government has asked Apple and other technology icons to create this technology, this backdoor, that would give the Government access to that information before it is destroyed or reset. When Apple declined, the Government requested a federal judge to issue a court order under the All Writs Act of 1789.[10]

It could be argued that seizing a cellphone, and the information on it, would be covered by the instrumentality exception. Communication between conspirators, search histories, social media presence, potential pictures, and more could all be accessed on the phone. While that individual information may not be listed in a warrant, that private information on a cellphone could be considered included in the search because of its potential relationship to the crime. It could also be argued that FISA could be applied to the situation in San Bernardino, and the Government has reason to access this information. However, both of these exceptions require access, through a backdoor, to the information stored electronically. The Government has a need to amend the security measures of private companies protecting our information for the sake of national security.  How do we balance national security measures against intellectual property issues, privacy concerns, and separation of the Government from private companies’ affairs?

The question today is, what happens when that backdoor is opened? And should it be? As we develop technology to make our daily lives simpler and our citizens safer, our legal lives become more complicated and our national security becomes more invasive out of necessity. Defining that balance will be the debate for the next decade as the world balances growth and expansion with development and personal privacy.


[1] U.S. Const. amend. IV.

[2] Fed. R. Crim. P. R 41(b), (e).

[3] United States v. Nilsen, 482 F.Supp. 1335, 1338 (1980).

[4] United States v. Cohan, 628 F.Supp.2d 355, 359 (2009).

[5] Johnson v. United States, 293 F.2d 539, 540 (1961).

[6] Foreign Intelligence Surveillance Act of 1978, P.L. 95-511, 92 Stat. 1783.

[7] 50 U.S.C.S. § 1801 (2015).

[8] United States v. Marzook, 435 F.Supp.2d 778, 780 (2006) (citing the District Court Judge’s opinion).

[9] In the matter of the search of an Apple iPhone seized during the execution of a search warrant on a Black Lexus IS300, California license plate 35KGD203.

[10] 28 U.S.C.S. § 1651 (2015); Yoni Heisler, Here’s Apple’s long-awaited legal response to the FBI, Boy Genius Report (Feb, 25 2016, 3:17 PM)

The White House’s Cybersecurity National Action Plan and What it Could Mean to the States

President Obama recently released the White House’s Cybersecurity National Action Plan (CNAP) last Tuesday.[1] After a hacker released a statement last Monday that he is planning to dump thousands of FBI and DHS employee details[2], the release of the CNAP comes none too soon. The President’s plan outlines the formation of a new commission, a three billion dollar modernization fund (much over needed), enhances student loans forgiveness for cybersecurity experts joining the federal work force, and the formation of the Federal Chief Information Officer.[3] The formation of the new Commission on Enhancing National Security would be the main body of information for the president.[4]

The commission would have twelve members, appointed by the President, with recommendations for one person a piece from the Speaker of the House, Minority Leader of the House, Majority Leader of the Senate, and Minority Leader of the Senate. [5] Advisory in nature, and non-renewable, unless extended by the President, the commission would research and produce recommendations to the President. [6] Recommendations and research are certainly needed in the realm of cybersecurity, but this commission has potential to be the key to consolidate cybersecurity efforts at the state level.

States governments are accomplishing achievements in strengthening online defenses.[7] Virginia created a Cybersecurity Commission in February 2014 and has since released their first annual report.[8] Virginia’s 2015 annual report stressed the need for education in cybersecurity and certified cybersecurity professionals. CNAP reiterates the sentiment of emphasizing education with a 62 million dollar budget.[9] The newly created commission seems to be paralleling the efforts at the state level.

While states such as Michigan and Virginia[10] are leading the charge in the realm of cybersecurity, more states must join in on the efforts. States carry out the key components in executive orders[11] and legislation regarding cybersecurity, so partnerships are key. [12] The federal government is taking the charge to lead states that may need to step up their cybersecurity game. It is essential that there is a consensus between the state governments and the federal governments to keep the country safe from cyber attack. The EU Commission provides a model for the United States to work towards a united security front.

The EU Commission’s proposed directive on network and information security (NIS)[13] seeks to increase cooperation between member states and requires each member state to select a national authority to set out a strategy to deal with cybersecurity.[14] The Council and parliament will hopefully formally approve the NIS directive this spring[15], which would provide a more cohesive and coordinated framework for member states. With broad cybersecurity attacks impacting financial institutions situated in multiple countries, a solid, cooperative, framework is necessary. By following NIS’s strong framework, the federal government can increase cooperation through the states with CNAP.

While CNAP addresses much-needed funds and direction for government agencies, it is silent on what more can be done to persecute hackers. The overarching law under the Computer Fraud and Abuse Act (CFFA)[16] punishes
“hackers” with much criticism. [17] The heaviest criticism is the result of the tragic suicide of Aaron Schwartz who took his own life after federal prosecutors filed thirteen felony counts for downloading academic papers.[18] Aaron violated a “terms of service” policy[19], which resulted in federal prosecutors applying the Computer Fraud and Abuse Act against him. The tragic story certainly seems unnecessary, as Aaron did not hack any federal information.[20] Aaron’s Law Act of 2013 amends some provisions of CFFA by replacing the phrase “exceeds authorized access” with “access without authorization” and defines the phrase.[21] CFFA would be significantly narrowed if the amendment was to pass, but the amendments sits in a house subcommittee instead.[22]

Steps are being taken at the executive level to enhance the nation’s cybersecurity defenses, so their resources do not need to be wasted by prosecuting men or women for downloading academic files. It seems a waste to flex the executive’s power of enforcing all federal laws in lieu of beefing up the security of the DHS, FBI, or CIA websites.



[1] Fact Sheet: Cybersecurity National Action Plan, (Feb. 9, 2016), https: / /

[2] Joseph, Cox, Hacker Plans to Dump Alleged Details of 20,000 FBI, 9,000 DHS Employees, (Feb. 7, 2016),

[3] Supra, Note 1.

[4] Id.

[5] Supra, Note 1.

[6] Id.

[7] Dan Lohrmann, Governors’ Briefing on Cybersecurity: People are Everything (Feb. 23, 2015),

[8] Cyber Virginia and the VA Cyber Security Commission,

[9] Supra, Note 1.

[10] Resource Center for State Cybersecurity,

[11] All those chip cards you are getting in the mail? It is the states that have to continue what the president started by enforcing the installation of chip-enabled machines in stores, Jeffrey Zients, The President’s BuySecure Initiative: Protecting Americans from Credit Card Fraud and Identity Theft (Oct. 22, 2014),

[12] Supra, Note 7.

[13] European Comm’n, EU Cybersecurity plan to protect open internet and online freedom and opportunity 2 (2013),

[14]Council of the European Union, EU steps up cybersecurity: member states approve agreement 12 (2015),

[15] Id.

[16] 18 U.S.C. § 1030 (2012).

[17] Sangkyo Oh and Kyungho Lee, The Scientific World Journal, The Need For Specific Penalties for Hacking in Criminal Law (2014),

[18] Doc Searls, How ‘Aaron’s Law’ is Good for Business (Feb. 5, 2013),

[19] Id.

[20] Such as the FBI and DHS employee identification hack mentioned earlier.

[21] “Obtaining information on a protected computer that the accesser lacks authorization to obtain by knowingly circumventing one or more technological or physical measures that are designed to exclude or prevent unauthorized individuals from obtaining that information,” H.R. 2454 – Aaron’s Law Act of 2013,

[22] Id.

iConstitution: How Apple is using the Constitution as a basis for its argument against the FBI

It’s quite difficult to imagine exactly what the Framers of the Constitution would think of the construal of their document to protect the locked-away iMessages and data of the San Bernardino terrorists. Yet, the principles of the Constitution that Apple is using to rebut the arguments of the FBI protect the rights of the individual to privacy and due process in a succinct and powerful manner.[i]

Primarily at play are the First and Fifth Amendments, but Apple also relies upon an argument against the All Writs Act of 1789.[ii] The FBI is using the All Writs Act as its source of authority for the court order compelling Apple to create a new version of its operating system that would make it easier to access the iPhone’s password-protected data.[iii] Apple fears that the creation of such software would not only threaten the privacy of all Apple users, but would also place an undue burden on the company to either destroy the program after the FBI uses it or keep and protect it against the certain multitude of attempts by “criminals, terrorists, and hackers” to steal the software. [iv]

Apple’s First Amendment argument relies upon the established classification of computer code as speech.[v] The First Amendment, as it pertains to this issue, prohibits the making of any law abridging free speech.[vi] In this instance Apple argues that its interests are protected because the Supreme Court has clearly decided that First Amendment protections apply when the government attempts to compel speech.[vii] Apple cites Riley v. Nat’l Fed. of the Blind of N.C., Inc., which upholds the idea that the court must scrutinize attempts by the government to compel speech, and it will be allowed only when the request is of a scope narrow enough to obtain a compelling state interest.[viii] The FBI, Apple argues, does not meet this standard because it has produced nothing more than mere speculation of potentially relevant information on the phone.[ix] Further, any relevant information may be encrypted using non-Apple software in secure communication applications.[x]

The Fifth Amendment’s Due Process Clause is applied in an attempt to protect Apple from governmental conscription.[xi] The Fifth Amendment’s Due Process Clause states, “[n]o person shall … be deprived of life, liberty, or property without due process of the law…”[xii]Apple argues that a court order compelling the company to create a backdoor that unlocks the San Bernardino terrorists’ phone violates its Due Process because the government would be depriving Apple of its liberty.[xiii] The government cannot force a private company to perform actions that are excessively burdensome and “contrary to the company’s core principles,” and Apple contends that the FBI’s request that Apple creates software that allows access to this iPhone cannot succeed due to this protection.[xiv]

With respect to the FBI’s use of the All Writs Act, Apple maintains that the FBI’s order violates the two requirements developed through common law that are pursuant to all orders.[xv] The Act requires that orders “must not adversely affect the basic interests of the third party or impose an undue burden.”[xvi] Apple alleges that the FBI’s order fails the first requirement because it has a powerful interest in protecting its security systems and all Apple customers depend on the company for their privacy.[xvii] The FBI’s order fails the second requirement too, argues Apple, because Apple would be forced to create a program that undermines the security features the company spent years developing.[xviii] Further, if Apple is compelled to create such software, it would open the floodgates to a large number of parties seeking similar software.[xix] Apple would be forced to either build and destroy software for each phone they are compelled to break open or safeguard the software against certain numerous attacks by parties with dubious intentions, both of which are alleged to be an undue burden on the company.[xx]

Apple presents itself as the hero of the rights of private companies to protect personal privacy against valid governmental concerns. The company does not seek to negate the FBI’s need to access the San Bernardino terrorists’ iPhone data, but rather hopes to preserve and protect the rights of individuals at the cost of burdening the government. Apple’s reliance on integral amendments to the Constitution serve to bolster its stance and prove that though dated, the Constitution’s elasticity allows its application to the technological intricacies of the current times. The argument is powerful, but the FBI’s reliance upon the All Writs Act and public safety concerns may outweigh Apple’s protection of privacy.


[i] Apple Inc.’s Mot. to Vacate Order Compelling Apple Inc. to Assist Agents in Search, and Opposition to Govt.’s Mot. to Compel Assistance, 32:5.

[ii] Id.; Id. at 14:13,14.

[iii] Id. at 14:13,14.

[iv] Id. at 25:6-9.

[v] Id. at 32:15,16 (citing sources that treat computer code as speech under the First Amendment).

[vi] U.S. Const. amend. I.

[vii] Mot. to Vacate, 32:21,22.

[viii] Id. at 32:22-6 (citing Riley v. Nat’l Fed. of the Blind of N.C., Inc., 487 U.S. 781,796 (1988)).

[ix] Id. at 33:3-6.

[x] Id. at 33:8-10.

[xi] Id. at 34:10,11.

[xii] U.S. Const. amend. V.

[xiii] Mot. to Vacate, 34:14-17 (citing Costanich v. Dep’t of Soc. & Health Servs., 627 F.3d 1101, 1110 (9th Cir. 2010).

[xiv] Id.

[xv] Id. at 23:8,9 (citing United States v. Hall, 582 F. Supp. 717, 719 (E.D. Va. 1984).

[xvi] Id.

[xvii] Id. at 23:11-16.

[xviii] Id. at 23:20-22.

[xix] Id. at 24:6-8.

[xx] Id. at 24:17-19, 25:1,2.




Economics and Tech Giants in Sino-American Relations

Thinking of China and Chinese history, certain things come immediately to mind. The Great Leap Forward, an economic and social campaign under Mao Zedong aimed at rapidly industrializing the country’s agrarian economy is an event most have heard of. Many of us have also heard of the Great Fire Wall, a legislative tool used by the Chinese government to censor Internet content. The Great Cannon however, is not so well known.

While state-engineered cyber barriers such as, the Great Fire Wall act as a would-be defense mechanism keeping censored content out, Beijing, it seems has adopted its own version of the Bush Doctrine, making broad use of anticipatory self defense. [1] In March 2015, this tool of cyber warfare became the subject of international attention, suspected of engineering a distributed denial-of-service (DDoS) attack on American coding website, GitHub. [2] Known for its hosting of content allowing users to circumvent Chinese Internet censorship connected to the Great Fire Wall, GitHub, on March 26, 2015 began to experience an overwhelming amount of online traffic causing the website to, at times, shutdown. [3] While the onslaught of activity was too much to handle for the San Francisco-based coding platform, it was an amount perfectly sustainable for China’s most popular search engine, Baidu. [3] Peking’s Cyberspace Administration did not respond to comments and questions on the event, despite security experts’ insistence that the attack, redirecting Baidu users to GitHub, was designed and carried out by the Chinese government. [4] Specifically, the attack redirected Baidu users to GitHub’s pages linked to websites banned by the Great Fire Wall. [5] One of these was the Chinese language version of the New York Times.

Acting in essence as a “middle man” the attack turned Internet users of Baidu into pawns. [6] Similar to clicking the “like” button on Facebook, millions of Baidu users were unknowingly redirected to GitHub, paralyzing the site over several days. [7] While one of the largest DDoS attacks in recent history, this immobilization of an online platform was certainly not the first example of weaponization of the Internet by the Chinese government. Attacks on American healthcare databases, financial institutions, and Internet companies have recently been the subject of significant national security concern.

Given that such targets as GitHub provide Internet users with methods of circumventing Chinese censorship efforts, a tactical mechanism such as the Great Cannon, seems to be, for the moment, serving continued efforts by Beijing to limit what Chinese web users are able to access. It has however been suggested by the Canadian and American researchers that discovered and affectionately named this new tactic, that it may very well evolve into a tool of online surveillance. [8]

However this new mechanism is to be viewed, the balkanization of the web clearly presents pressing concerns for global Internet integrity and freedom. The newly added level of complexity that this superpower rivalry presents, is the power wielded outside of the realm of sovereign governments. Internet giants exercise an immense influence in the era of cyber warfare, and with them comes their own deluge of politics and rivalries both internal and external. Google and Apple in the West, faced off against Baidu and Tencent, their counterparts in the East, is itself a battle of the titans, within the greater rivalry between Beijing and Washington. If this multifaceted conflict were able to be contained to state on state advances, emerging norms in international law might be able to corral some of the more nefarious acts and results. This added private sector component however, fuels the conflagration.

It is clear that the U.S. must act from both a policy and diplomacy standpoint. Beijing seems to have no qualms with the Internet becoming a universe of information tightly regulated by government incentives. If the U.S. seeks to move toward a new frontier of vast information sharing online, under the direction of free international cyber governance, this rivalry must be quelled. However the development of this issue progresses, it is clear that Internet giants like Google and Baidu will play an integral role. From the Chinese side, the private sector doesn’t distinguish significantly from the governmental realm. Beijing clarifies, that the likes of Tencent and Baidu will play by their rules or not at all. The U.S. must then ask itself, what sacrifices and conciliatory gestures it is willing to go forward with.

An equitable distribution of global governance roles seems a good place to start. Apart from the economic utility incentives inextricably connected to the cozy relations that sovereign governments maintain with Internet giants, broader economic cooperation would likely facilitate things. President Obama’s exclusion of China from a pioneering global trade endeavor likely did not strike Beijing as overly diplomatic. [9] Apart from the obvious reality that the Chinese cannot be excluded from economic relations, particularly in their own geopolitical sphere of influence, the TPP (Trans Pacific Partnership) is an undertaking that lacks in areas beyond diplomacy as far as Sino-American relations are concerned. [10] China has in the recent past, established a myriad of its own trade bloc relationships, the economics of which are directly linked with the operations of Internet giants like Baidu and Tencent. [11] This ongoing overlapping of trade blocs and Internet sovereignty love triangles will only pave the way for more DDoS attacks, amongst other national security concerns both cyber and economic. Conciliatory gestures from both sides are long overdue, as even the emerging influence of international law will likely not be able to contain the pervasive waves of cyber attacks and nefarious Internet activity, state-sponsored and private. Clearly, it’s time to talk; tech CEOs, heads of state, and citizens.


[1] Roger Creemers, Disarming the Great Cannon, Foreign Pol’y, (Apr. 10, 2015),

[2] James Sanders, Chinese Government Linked to Largest DDoS Attack in GitHub History, TechRepublic, (Apr. 3, 2015),

[3] Id.

[4] Supra. Note 1.

[5] Stewart Baker, The GitHub Attack and Internet Self-Defense, The Wash. Post, (Aug. 19, 2015),

[6] Supra, Note 1.

[7] Id.

[8] Supra, Note 1.

[9] Felipe Caro, Leaving China out of the TPP is a Terrible Mistake, Fortune, (Oct. 6, 2015),

[10] Id.

[11] Id.

Third Party Doctrine: Supporting Government’s Desire to Collect Information

In the past decade the Senate and House of Representatives have attempted to address the ever-growing concerns surrounding cyber-attacks (i.e., independent computer-network attacks), and cyber-espionage (i.e., government funded network attacks) through a variety of legislation.[1] The majority of proposed legislation on this topic is targeted towards improving information sharing networks across both private and public sectors. Several executive orders have also been issued by President Obama to encourage and protect public-private information sharing systems.[2] However, in recent months a House cybersecurity bill (“CISA”) was recently passed in the Senate, with amendments, that has caused the public to fear their Privacy rights have been violated, often times citing to their Fourth Amendment protections.

The arguments waged against CISA are likely rooted in the fear that the government is overstepping its national security boundaries, which became inflamed in the wake of the popularized NSA surveillance on U.S. citizens.[3] This does not mean that CISA does not drastically expand the government’s ability to gather information, but the worries waged against the government might be misplaced.

The general purpose behind CISA is to promote both the private sector and the public sector’s protections against cyber-attacks and espionage by codifying a method for corporations and the government to engage one another to share any information pertaining to failed or successful hacks into the corporate servers.[4] This is a voluntary relationship entered into by the corporations, but it is not farfetched to believe the private sector would be interested in entering into this public-private relationship. In Massachusetts and Colorado, there are organizations comprised solely of private corporations openly communicating with one another to help ensure the corporations’ servers are prepared for potential attacks.[5] Similarly, DHS has had their ISAO and ISAC initiatives operating for several years.[6] These initiatives are a voluntary collaboration of private corporations, in various industries, sharing information with one another and DHS regarding potential attacks on the corporations’ systems.[7]

The actions in MA and CO are very similar to the actions taken by DHS, with the exception that the government has no involvement with the former.

In terms of constitutional privacy rights, provided by the Fourth Amendment, the information CISA seeks to share is not dissimilar to that of both the MA/CO and DHS initiatives; however, it does appear to expand the types of information able to be shared marginally. One worry that is waged against the act is that these corporations might share information an individual shared with them. (e.g., addresses provided to the corporation by the individual/client) While the act does not explicitly enumerate the types of information to be shared, it is irrelevant when determining if a Constitutional right is being infringed upon, when looking at from the perspective of the individual.

The Third Party Doctrine established in common law, states that any information willing given to a corporation by an individual does not have any reasonable expectation of privacy associated with it.[8] Therefore, once the individual provided the corporation with their information, any Fourth Amendment claim against that information is lost. This doctrine is routinely used in enforcing by police officers when gathering information on a suspect by retrieving information from cell phone providers, specifically numbers the individual is calling, without a warrant.[9]

This is not to say that no privacy argument can be waged against corporations for sharing an individual’s information with the government, but any argument would have to rest on a statutory analysis of the Privacy Act, not the Constitution.


[1] See Cyber Threat Sharing Act of 2015, S. 456, 114th Cong. (2015); Protecting Cyber Networks Act of 2015, H.R. 1560, 114th Cong. (2015); National Cybersecurity Protection Advancement Act of 2015, H.R. 1731, 114th Cong. (2015); Cyber Intelligence Sharing and Protection Act of 2015, H.R. 234, 114th Cong. (2015).

[2] See Exec. Order No. 13,691 (encouraging public-private information sharing relationships); Exec. Order No. 13,636, 79 Fed. Reg. 50,891 (2013) (attempting to improve cybersecurity protective measure on critical infrastructure).

[3] Kristina Peterson, Congress Reins in NSA Spying Powers, Wall St. J., June 2, 2015 (reporting on how Congress addressed the NSA’s policy of collecting U.S. citizen telephone calls and text messages, which the NSA considered a part of their surveillance duties),

[4] Cybersecurity Information Sharing Act of 2015, S. 754, 114th Cong. (2015).

[5] ACSC Fact Sheet, Advanced Cyber Security Center (Jan. 23, 2015); WCX Concept, Western Cyber Exchange,!wcx/cjg9.

[6] Information Sharing, Dep’t of Homeland Security, (last visited June 30, 2015).

[7] Id.

[8] Smith v. Maryland, 442 U.S. 735, 743–45 (1979) (holding “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties” and sharing this information with government actor’s does not violate constitutional rights).

[9] Id.