Why Did Apple Ask for the FBI’s Request to be Sealed?
Earlier this year, when the FBI asked Apple for assistance accessing the contents of an iPhone, Apple asked for the request to issued under seal. This is the standard practice in such cases – indeed, we do not have complete information about how other firms react to similar requests precisely because the requests typically come under seal.
Published by The Lawfare Institute
in Cooperation With
Earlier this year, when the FBI asked Apple for assistance accessing the contents of an iPhone, Apple asked for the request to issued under seal. This is the standard practice in such cases – indeed, we do not have complete information about how other firms react to similar requests precisely because the requests typically come under seal. But since the request was not made under seal, and since Apple has been demanding more transparency from the government, why would Apple ask for this request to be sealed?
Here’s one theory: because a sealed order would allow Apple to control the message in the event that they decide to comply.
Suppose that Apple – a firm that typically takes great pains to comply with the law – was willing to comply with the FBI’s request but feared that the firm’s compliance would send the wrong message to customers and foreign governments. Having the order issued under seal would allow Apple to resolve these concerns. If Apple quietly complies with the FBI’s request, potential hackers do not know about the vulnerability Apple created; foreign governments do not know that Apple has taken measures to help law enforcement in the U.S.; and customers and privacy groups do not know to be outraged.
Apple, in other words, might have been willing to comply with the law’s obligations as long as it could do so without “making a statement,” to use Cass Sunstein’s phrase for law’s expressive capacity.
Indeed, this is largely what Apple has argued in its briefing regarding government efforts to access locked iPhones. In its Oct 19th brief to the Eastern District of New York, Apple argued that compliance with the court’s order that it unlock and search a locked iPhone, “could threaten the trust between Apple and its customers and substantially tarnish the Apple brand.” That is not an argument against the stringency of the law’s obligations; it is an argument about the reputational harm of being seen to comply.
We often assume that when individuals and companies resist complying with the law, it is because they do not like the law’s strictures – that the law is simply too restrictive or too burdensome to follow. But there are times when the bigger barrier to compliance is the signal that compliance sends. In those scenarios, enforcing the law behind closed doors makes it less costly to comply and makes compliance more likely. (Anyone who has watched The Wire spent time with informants knows that the bigger barrier to snitching is *not* the principle of the matter but rather the perception that it creates.)
This aspect of the Apple-FBI dispute caught my attention because I just finished an article about what I call regulatory reticence: regulators’ efforts to impose legal obligations without making a statement. While we tend to assume that the law is both legalistic (insofar as it imposes obligations) and expressive (insofar as it makes a statement), in fact these two features can be decoupled and modulated. On the first axis, regulators often choose whether to make the law’s obligations hard or soft, specific or vague; on the second axis, they choose whether to make more or less of a statement. Secrecy is just one tool for making it less likely that a particular law enforcement action will make a statement; anonymity and vagueness are others.
Why would regulators ever seek to enforce the law in a reticent fashion? Because it can make adherence to the law possible where it would otherwise be difficult. Consider an example from humanitarian law that will be familiar to some Lawfare readers. Belligerents engaged an armed conflict are often encouraged to comply with humanitarian law by non-state actors who use “name and shame” tactics, whereby they publicly identify rights violators and shame them with moral outrage. But one organization – the oldest and one of the most effective monitors of humanitarian law compliance – takes a completely different approach. As Steven Ratner demonstrates, the International Committee of the Red Cross (ICRC) rarely names and shames the actors it seeks to influence, choosing instead to arrange private meetings, offering confidentiality and even secrecy. This enables the ICRC to engage with and influence the practices of armed groups that otherwise might never agree to meet. Indeed, as Ratner tells it, the ICRC’s secrecy and ambiguity are crucial to the organization’s success. The ICRC fights – sometimes quite hard – to preserve this confidentiality, including refusing to disclose to courts of law the sources and details of ICRC investigations.
Why does the ICRC care so much about this confidentiality? Because it allows belligerents to control with the message sent by their compliance. One of the more plausible explanations for why an armed group would ever agree to meet with the Red Cross is the promise that upon leaving the meeting, the armed group can manage any reputational costs of meeting with the aid group. The armed group might say the meeting never took place, or they might say they took the meeting only to spit in the face of the imperialist pigs – both of which would give them cover to comply humanitarian law on their own terms.
This is not to say that we should welcome secrecy in law enforcement operations. Transparency and publicity are critical to a democratic society, and secret police operations are associated with the worst abuses of state power. But these scenarios may tell us something about the different aspects of the law’s influence on behavior. Efforts to decouple law’s obligations from their ability to “make a statement” are surprisingly common and – perhaps even more surprisingly – little-studied. (In future posts, I’ll take up some of the related ways that regulators create and impose legal obligations without making a statement.)