The recent court ruling that Apple must help the FBI circumvent iPhone security is forcing Tim Cook to navigate between Scylla and Charybdis. By challenging the order, Apple doubles down on to its commitment to customer privacy. But in doing so, it pits the company against the government’s attempt to broaden its surveillance powers using the San Bernardino attack as a litmus test. Both can claim service of higher principles but only one side can win.
In the words of a former FBI assistant director, ‘there should be no safe haven for the bad guys’. Indeed, Cook’s response indicates cooperation with the FBI on less invasive requests in this investigation. But his line in the sand is the creation of firmware that opens a backdoor and can be reworked to hack millions of users.
Obliging the feds on this count would be a U-turn in Apple’s ethos. Post-Snowden fallout, Cook has differentiated on security, positioning it as intrinsically part of Apple’s business model and values. His speech at the President’s Cyber Summit highlighted privacy as an enabler of equality and our way of life. In the past two years, he has messaged security and privacy more than any of his big tech peers at non-security companies. Apple’s come too far to go backwards without losing credibility and trust.
More importantly, the entire tech industry stands to lose should Apple acquiesce. Inserting technology that gives the feds bypass access to user information is what companies fought and defeated in the Crypto Wars of the 1990s. Now, if the government can force Apple to work around its security features, the state gains the authority it failed to capture two decades ago. It would conclusively affirm the government’s right to compel any business to build backdoors into its products.
The above precedent would create dangerous fallout. At the practical level, weakened products deepen distrust in US companies, which makes them less competitive. At the policy level, it would bolster similar demands from other governments – including those with questionable human rights records. In all, it creates a world with no privacy from government surveillance, where there is no distinction between the innocent majority and the guilty minority.
Some are asking if Apple can beat the court order. In Apple’s favour, courts have previously rejected the All Writ Act of 1789 – the FBI’s basis for its case – for unlocking smartphone data. Still, Apple’s up against a government that sees an opportunity to expand its surveillance powers and reinforce the Patriot Act, which has suffered heavy pushback since the Snowden disclosures.
Even if victory is far from certain, as a matter of reputation, Apple must fight until it’s out of challenge flags. And based on the Pew findings that fifty one per cent of Americans back the FBI, Apple needs to better articulate to consumers that the case is about the future of privacy in America – not a battle over a dead terrorist’s smartphone.
The question that the courts are in position to decide is: to what degree do we, the people, have a right to privacy?
In the US, the First, Third, Fourth, and Fifth Amendments have been construed to protect the privacy of beliefs, homes, properties, and persons. 20th Century Supreme Court rulings (Meyer v Nebraska, Roe v Wade, Griswold v Connecticut) interpret the Fourteenth Amendment to guarantee privacy from certain state intrusions. The EU is more explicit in defining privacy as a human right, which it has enshrined in regulations and court rulings. Even so, the member states take different approaches on interpretation. The Netherlands rejected encryption backdoors as detrimental to privacy, but the UK is debating legislation to ‘remove any encryption applied’ for backdoors access.
This much is clear. At some point, Congress must clarify the right to privacy in America. A good starting point could be to update the Privacy Act of 1974, which established guidelines for how US agencies can handle personal information. Until then, the courts will be a busy place for government agencies seeking to compel access to data by whatever means necessary.
Lise Feng, Director of Global Communications, CipherCloud
Image Credit: Shutterstock/ymgerman