The recent fight between the FBI and Apple over accessing one of the San Bernardino shooter’s cellphones is just the latest in a string of cases in which the government has called on tech companies during criminal investigations.
In roughly 60 known cases, the government has used an 18th-century law to compel Apple or Google to crack into data encrypted through one of their services — and two of those cases were heard in Washington state courts.
According to an analysis of available court records by the American Civil Liberties Union released Wednesday, the government worked with or compelled Apple or Google to access encrypted data in cases in 22 states. Most of those investigations appeared to be connected to drugs.
In one Washington case, from the summer of 2013, David Michael Navarro of Belfair was charged with producing and distributing child pornography. The investigation included help from officers in Australia and Denmark and found video of Navarro raping a child, according to court documents filed in a federal court.
A court in 2014 sentenced Navarro, once president of a Mason County elementary school PTA, to 23 years on four child pornography charges. During the course of the investigation, the FBI approached Apple to help, and the company agreed to unlock Navarro’s iPhone 5.
“In fact, there is no evidence at all that Apple is unwilling to comply with the court’s order,” the U.S. Attorneys office wrote in that case. “To the contrary, Apple has indicated its willingness to assist upon receipt of such an order.”
In the second Washington case, agents with the U.S. Secret Service arrested in 2014 Russian national and alleged cybercrime ringleader Roman Seleznev.
Authorities in the Maldives collared Seleznev, the son of a Russian lawmaker and a huge catch for authorities fighting cybercrime, at an airport. He reportedly was on vacation. A grand jury in Washington indicted Seleznev in 2011 on multiple computer fraud, identity theft and conspiracy charges.
The Secret Service said his network intrusions were connected to more than $34 million in losses for the three major credit card companies, and about 350,000 compromised credit cards were linked to the case.
Apple was ordered to help the government access an iPhone recovered in the investigation. The Seleznev case is ongoing.
Centuries-old law
Despite Apple’s willingness to comply with investigators before, the company refused in the case of the attack in San Bernardino, Calif., and a pitched legal and political fight ensued.
The information on the phone used by one of the terrorists was encrypted and, the FBI initially said, was inaccessible. The investigators needed to guess a four-digit passcode to unlock the phone.
The FBI wanted Apple’s help to bypass a security feature that deletes a phone’s content upon 10 missed tries to enter the code, so FBI experts could attempt to find the right combination.
The FBI got a court order, citing 1789’s All Writs Act, to compel Apple to create software that would override the security system.
Broadly, the All Writs Act empowers judges to order something be done even in instances where Congress hasn’t acted or there’s no clear law. In some encryption cases, the government has used the law to argue that it can, in some circumstances, compel a business to perform some kind of service.
‘Quite ordinary’
Late last year in Brooklyn, N.Y., in another case in which the government went to Apple for help accessing the contents on a seized iPhone, an assistant U.S. attorney argued that Apple already had provided similar help in at least 70 other cases since 2008.
The ACLU said it went digging for similar cases, and found 63 circumstances in which the government pointed to the All Writs Act to get Apple or Google to help access data stored on a mobile device.
There are likely more cases along those lines, the ACLU said, adding it found 13 other cases it couldn’t fully confirm. Apple has identified 12 other pending cases, although the information about them isn’t yet public.
In the San Bernardino case, Apple argued, among other things, that it shouldn’t have to do the government’s work, and a project like what the FBI proposed could erode customers’ trust in the company’s ability to keep private data safe.
On Monday — amid a rising tumult regarding privacy, surveillance, the First Amendment, and terrorism — the FBI announced it found another way to access the San Bernardino attacker’s phone and dropped its court case. That method has not been revealed.
Although telecommunication and tech companies have been working with the government for years, tech and security industry watchers have said Apple’s bristling over the San Bernardino case shows the industry’s growing frustration.
Privacy and encryption advocates have argued the FBI was less interested in finding the content on the phone than in creating a precedent allowing the government more power to bypass encryption, which ultimately could make all data less safe.
The ACLU said its findings hint at the extent the government uses the All Writs Act to compel compliance.
“The FBI wants you to think that it will use the All Writs Act only in extraordinary cases to force tech companies to assist in the unlocking of phones,” the ACLU said. “Turns out, these kinds of orders have actually become quite ordinary.”