Note: Guardians of Your Galaxy S7: Encryption Backdoors and the First Amendment
By Allen Cook Barr. Full text here.
Since Apple brought encryption technology into wide public use with its inclusion on the iPhone, there have been calls from law enforcement for technology companies to include backdoors—the ability to bypass the encryption and access information even if one does not have the password, fingerprint, et. cetera normally required to open the device—in their products. This debate became highly publicized in early 2016, when Apple refused to assist the FBI in unlocking the San Bernardino gunman’s iPhone. This Note argues that requiring broad backdoors in all devices would impermissibly infringe the free speech rights of software developers, because requiring the inclusion of such backdoors amounts to impermissible compelled speech.
Although encryption technologies were highly regulated through the 1990s, in 1999 most regulation ended. As a result, courts have never definitely held whether or not computer source code constitutes protected speech. After reviewing how software goes from being something a programmer types to something that can run on a device, as well as past government attempts to regulate encryption, this Note evaluates the arguments for and against First Amendment protection, concluding that source code is protected by the First Amendment.
If encryption source code is protected by the First Amendment, then whether broad backdoors are permissible depends on the level of scrutiny that applies to the backdoor mandate. This Note argues that because the speech in question amounts to mandating a particular message (“this is how to bypass our encryption”), strict scrutiny applies, and such a mandate must fulfill a compelling government interest by the narrowest means possible. Because broad backdoors sweep in millions of devices that (one hopes) are not party to any criminal matter, they fail in this analysis. Nevertheless, this does not leave law enforcement without options. This Note concludes by sketching out several means by which the government can gain access to a device’s information on a case-by-case basis.