February 19, 2016
Apple’s pro-user, pro-privacy stand gets the issues right
A federal magistrate took the unprecedented step yesterday of issuing a court order for Apple Inc. to create, out of thin air, a mechanism in iPhone firmware that would allow law enforcement the ability to access to an iPhone that allegedly may have been used by one of the San Bernardino, Calif. terrorists.
Apple was quick to argue publicly that it will continue to oppose this order. Apple CEO Tim Cook issued a lengthy public letter explaining the order’s many problems – both technological and as a matter of public policy. As he wrote:
Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.
Compliance, Cook argued, would undermine the privacy and integrity of every iPhone user’s data, not just from government surveillance but from hackers as well. “Compromising the security of our personal information can ultimately put our personal safety at risk,” he wrote.
Keep in mind that some sectors of law enforcement and intelligence agencies have opposed strong privacy technologies, such as digital encryption, for decades. Fortunately, in recent years, the public’s interest in privacy technologies has grown. When FBI Director James Comey testified at a hearing in July 2015 calling for a “golden key” to enable the government to access encrypted information (and to sidestep other privacy measures), his wish list was met with widespread public criticism.
But law-enforcement and intelligence agencies also know public opinion can change swiftly in response to events like terrorist attacks. Not unexpectedly, the usual government agenciesreasserted long-standing concerns after last fall’s Paris and San Bernardino attacks, arguing that strong privacy technologies should have their limits. Comey may have met a cold reception from legislators last summer, but by this summer – particularly if it’s in the aftermath of another terrorist attack – the call to provide special access to our private data could resurface. (For those who care: there’s no indication yet that encryption technology or any other privacy measure played any particularly important role in recent attacks.)
It’s not that government concerns about encryption are completely irrational; encryption can be used and likely will be used by terrorists and other law-breakers. Terrorists make use of all manner of technology that happen to be essential to our daily lives: cars, phones, planes and, yes, secure digital privacy. Among the areas where encryption makes our lives better are online banking, connecting to your office computer from home and purchasing a product on Amazon. On a larger scale, consider how missionaries who help religious minorities and charitable groups who assist pro-democracy activists in far-off lands are strengthened and empowered by strong privacy technologies.
If we let fear of terrorism drive holes into our digital security, wouldn’t that mean…the terrorists will have won?
Opening a backdoor – in effect, allowing governments to sidestep your privacy protections by creating technological weaknesses – wouldn’t measurably improve how police can investigate crimes that have already occurred. (No government agency has provided numbers to suggest otherwise.) What it would do is expose users to vulnerabilities from hackers and other entities wishing to do harm.
Every right we have under the Constitution is a thing bad guys might use against us. We still hold on to those rights and think they’re worth preserving. Yes, we face crime and terrorism, but if we hold fast to our principles as a free society, we have to conclude that there is no argument for security “backdoors” like the one the FBI is seeking to compel Apple to create. When truly secure encryption is outlawed, only outlaws will have secure communications. That’s a crazy outcome.
As we have previously explained, directives like this eviscerates privacy as we know it. In fact, many in the intelligence community also recognize the problems with undermining the integrity of encryption. During a May 2015 address to the Joint Service Academies Cyber Security Summit at West Point, Admiral James A. Winnefeld Jr., vice chairman of the Joint Chiefs of Staff, answered a question from “security guru” Bruce Schneider on the balance between security and surveillance:
I think we all win if our networks are more secure. And I think I would rather live on the side of secure networks and a harder problem for [NSA Director Mike Rogers] on the intelligence side than very vulnerable networks and an easy problem for Mike. And part of that — it’s not only the right thing do, but part of that goes to the fact that we are more vulnerable than any other country in the world, on our dependence on cyber.
This defense of encryption was emphasized by Rep. Will Hurd, R-Texas, at a recent discussion on privacy protections hosted by the R Street Institute. The former CIA agent and current member of Congress explained that “encryption is an essential for national security and essential for our economy.”
This divide in the intelligence community should give policymakers pause as they consider calls to create backdoors for law-enforcement agencies.
R Street is encouraged by Apple’s defense of strong encryption and its leaders’ reluctance to abide by the recent court’s undue burden. Encryption is an essential tool that preserves the integrity of personal data and provides needed security of international banking and online commerce. Any effort to undermine encryption in one case will have irrevocable damage to the Internet.
As Tim Cook concluded in his statement:
While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.
Cook has this balance right. Let’s hope our law-enforcement establishment comes to understand that balance, as well.
Nathan Leamer is a policy analyst and outreach manager with the R Street Institute.
R Street is a non-profit public policy research organization that supports free markets; limited, effective government; and responsible environmental stewardship. It has headquarters in Washington, D.C. and five regional offices across the country. Its website is www.rstreet.org.