From the Spring 2016 Issue

Technology and the Tension between Security and Privacy

Connie Uthoff
Asst. Director of Cybersecurity Strategy and Information Management Masters George Washington University

  •  
  •  
  •  
  •  
  •  
  •  

At the Electronic Privacy Information Center (EPIC) Champions of Freedom event in June 2015, Apple CEO Tim Cook stated, “Like many of you, we at Apple reject the idea that our customers should have to make tradeoffs between privacy and security. We can and we must provide both in equal measure. We believe that people have a fundamental right to privacy.”1 Less than a year later, following a devastating terror attack in San Bernardino, California, Apple and the FBI found themselves in the center of this very debate between privacy and security. While this is not the first time Apple and the FBI have been polarized in regards to this issue, this particular case involved retrieving evidence related to terrorism and future national security concerns on one side, and potentially protecting privacy and security for future iPhone users on the other. Though both sides represent legitimate priorities for Americans, the question remains: Can we ‘provide both in equal measure’ when it is clear that, in this case especially, the approaches to securing both liberty and security seem to clash?

Though safety and liberty are not new to the national dialogue – many may recall the Ben Franklin quote about safety and liberty2 – these American values took on new importance and focus after 9/11, amidst growing concerns related to terrorism. Advances in technology have made this debate exceedingly complex, though ever more necessary. On one hand, the ability for bad actors to utilize technology to communicate, plan, and execute attacks against US interests is advancing rapidly. Equally concerning, as divulged through the Snowden leaks, is the robust data collection capabilities the United States has developed, which, if used improperly, could threaten civil liberties and the very security we seek to protect. Both positions represent valid concerns for the American people. How we choose to address these types of concerns is complicated by the rapid development of technology, as well as the storage and sharing of personal and professional information. The Apple vs. FBI case has provided us with an opportunity to examine and discuss some of the challenges that these issues present. During the case, supporters from each side looked for precedence-bearing outcomes which would have implications far beyond this particular debate.

For those unfamiliar with the background of the case, on December 2, 2015, Syed Rizwan Farook and his wife, Tashfeen Malik, planned and orchestrated a mass shooting attack at the Inland Regional Center in San Bernardino, California, in which 14 people were killed and 22 were injured. During the investigation, one concern was that the assailants may have been in contact with an individual suspected of international terrorism. An iPhone 5C that was used by Farook was legally obtained by the FBI, but three methods Apple designed to limit unauthorized access are preventing investigators from collecting information from it. The phone is encrypted and is set to erase if more than ten password attempts are made. Passwords must be entered by hand, and there is lag time between unsuccessful attempts. Because the phone’s software has limited the investigation, the FBI asked Apple to disable the software barriers. Apple refused.

Although Apple has cooperated with the FBI on many occasions, they argued that by helping the FBI in this case they would have to create software that could potentially put the data of millions of iPhone users at risk. The FBI did not agree, so in order to compel Apple to cooperate, the government sought a court order under the All Writs Act, which can mandate that Apple provide assistance to the FBI if no other alternative is available. The court sided with the FBI in this case and ordered Apple to temporarily disable the security features on the phone. This would allow the FBI to use a brute force attack and potentially unlock the phone.

Apple refused again, at first on grounds that the court order violated First and Fifth Amendment rights, and then that the court had exceeded the powers granted to it under the All Writs Act. The company is currently appealing the decision due to concerns that the software would create a vulnerability which could impact other customers. The company also states that the outcome could set a precedent allowing the FBI greater access to other Apple devices, and could potentially impact its relationship with its customers.3 Approximately seventeen technology firms, including AT&T, Google, and Twitter, supported Apple in its decision to resist the court order to open Farook’s iPhone. These companies also encouraged the court to apply the laws carefully, considering that many were crafted long before cell phones.

The case comprises an important dialogue that will last long after its resolution. Already, there have been significant but related developments in United States and abroad. A judge in New York presiding over a similar iPhone case ruled in favor of Apple, perhaps tempering some concerns related to precedence-bearing advantages. Congress met to discuss varying perspectives regarding encryption. Zeid Raad Al Hussein, a U.N. High Commissioner for Human Rights also weighed in with the opinion that a decision in favor of the US government could be detrimental to protecting privacy around the world. He stated that a decision against Apple would be “potentially a gift to authoritarian regimes, as well as to criminal hackers.”4 Conversely, in light of the ISIS attacks, members of France’s parliament voted to penalize smartphone companies that do not cooperate in investigations involving terrorism.

The Apple/FBI debate is one reflection of how advances in technology will test our approach to civil liberties and national security objectives, but there are many more. Despite the benefits our technological advancements provide, development clearly outpaces governance. To avoid the ‘tradeoffs,’ continued and thoughtful dialogue surrounding these issues is crucial and, in some ways, long overdue in order to ensure that we secure a future which provides both security and privacy ‘in equal measure.’


 Sources 

  1. Panzarino, Matthew. “Apple’s Tim Cook Delivers Blistering Speech On Encryption, Privacy.” TechCrunch. June 2, 2015. http://techcrunch.com/2015/06/02/apples-tim-cook-delivers-blistering-speech-on-encryption-privacy/.
  2. “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Safety nor Liberty.” – “Reply to the Governor,” Pennsylvania Assembly. 1755
  3. http://www.apple.com/customer-letter/
  4. Ribeiro, John. “UN Human Rights Chief Warns of Worldwide Privacy Implications of Apple-FBI Case.” PCWorld. March 4, 2016. http://www.pcworld.com/article/3040805/un-human-rights-chief-warns-ofworldwide-privacy-implications-of-apple-fbi-case.html.

Leave a Comment