On December 6, 2019, a Saudi Air Force officer training in aviation, used a handgun to kill three people and wounded eight more at the Pensacola Naval Air Station in Florida, a military base. (NBC News) Before he was killed in a shootout, the suspect was sufficiently concerned about the contents of one of two iPhones in his possession that he fired into it, apparently hoping to destroy its contents. However, while the FBI’s technicians were able to get the phone working again, they could not get access to the phone’s contents without its password.
Thus, they needed Apple to provide a trade secret algorithm that would unlock the phone without triggering off any “defensive privacy programs” (The Hill, “Apple v. Attorney General Barr”, Andrew C. McCarthy)
This is like the San Bernadino case where the government went to court seeking to get access to the phone of a suspect after a terrorist attack on US soil. Since the September 11, 2001 terrorist attack, with society placing a premium on safety, the government has apparently shown less restraint in safeguarding and preserving the privacy of Americans. It appears its raison d’etre in this context being that Americans would rather trade off their privacy rights to safeguard their “security” or physical well-being. In support of this reasoning seems to be the thinking that law abiding citizens should have nothing to hide.
In fact, attorney general William Barr has suggested that the government cannot protect citizens without “robust investigative authorities, and without the cooperation of public-spirited private actors.” (The Hill) However, it appears that with 9/11 further from the memory of many Americans and with many college age Americans having not been born at the time, concerns for their privacy rights and autonomy safeguarded by American laws are becoming pivotal in the American zeitgeist once again. (In addition, we can consider the angle from Apple’s business imperatives and its duty in fulfilling the trust reposed by its customers.)
Laws on Privacy Rights
The law has failed to keep up with the revolutions that have occurred in communication and information technology. Express laws and protections concerning privacy rights are not enshrined in the United States Constitution. Regulations concerning privacy rights are under the purview of state laws and some statutes and administrative agency laws. There is an underlying principle in American laws, the Constitution and jurisprudence that stems in part from the conflict between individual rights of the colonists against the authority of the crown; this conflict corresponds to the attempt to safeguard the individual rights of Americans versus the overreaching authority of the government.
The idealization of individual rights dovetails on Enlightenment era philosophers’ theories of rights of the individual—Voltaire, Rousseau and later Tocqueville.
Again, we can find parallels between the conflict of individual rights and state power (authority of the government), and the contemporary conflict between privacy and security. Modern communications technology is said to have destroyed any balance that may have existed and through encryption has been a boon to privacy (and shielding and facilitating crime, because the lawbreakers such as child pornographers and terrorists all possess encryption know-how, too) and a blow to security.
Privacy regulations appear to be stopgaps and dated. Thus, the Electronic Communications Privacy Act of 1986 (ECPA) which protects wire, oral, and electronic communications while being made and when stored, is a federal statute that updated the Federal Wiretap Act of 1968. (18 USC sections 2510-2523)
The Fourth Amendment protects individuals from unreasonable searches and seizures from state parties, without a warrant. Other than this, the Constitution is moot regarding privacy. As mentioned earlier, privacy regulation falls under the purview of individual states. However, the spirit of the Constitution still undergirds various state legislation on privacy rights of individuals with a view to barring abuse of state power and wholesale intrusion into our lives.
Where privacy rights of individuals are not prioritized and respected, then such abuses by state authorities like “online and telephone surveillance” which result in the imprisonment of political dissidents and “drone-assassination programs” will occur.
Our instinctual preference for liberty, empathy, or companionship will be violated as we perceive that “a life in which our thoughts, discourse, and interactions are subjected to constant algorithmic or human monitoring is no life at all.” (Rogaway) The cumulative effect of this hawkish data collection and intrusive monitoring would be a threat to liberal democracy, as free speech and expression congeal under the chilling effect of cold scrutiny.
Following the First World War, scientists in America became viewed as revered iconoclasts, speaking truth to power.
Tim Cook considers the ethical responsibility of protecting privacy rights
A school of thought posits that unbridled technological optimism undermines the basic need for social responsibility. However, Tim Cook’s position in refusing to accede to the government’s request to create a backdoor, serves as a counterpoint to the claim. But what is Tim Cook (he has become a poster child for defense of the privacy rights of customers and Americans) socially responsible for? While as CEO of the leading technology company in America that virtually permeates at least some facet if not most of our lives, Cook’s responsibility in the scheme of corporate governance is to shareholders and maximizing shareholder value. In corporate finance, this often boils down to quantifiable numbers—and company profits and stock value.
However, as a corporate leader, Mr. Cook also has a duty to promote social good. His moral duties also “stem not just from [his] stature as a moral individual, but, also, from the professional communities to which [he] belong[s]: cryptographer, computer scientist, scientist, technologist.” (Rogaway).
Besides, as we can see from events that have transpired in the media following the significant attention and acrimony, which the impasse (between Apple and the Justice department) has generated, Mr. Cook has the influence and arguably the capacity to use power to promote social good. In this respect, to safeguard and advance the privacy rights of Americans.
Privacy rights, autonomy and reasonable expectation of privacy
The revolution in information and communications technology and globalization have fostered a world where people have “important, intimate, long-term relationships with people they had never met face to face.” (Rogaway) Such novel, global and yet intimate relationships should enjoy the reasonable expectation of privacy which autonomous individuals have rights to, regardless of the precariousness and the security risks transborder relationships may be exposed to.
Globalization and the revolution in information and communication technology have provided opportunities to empower people and focus on the individual. Using technology and cryptography to randomly monitor and spy on individuals simply because transborder communications implicate sociopolitical concerns, means governments end up being empowered and not people.
Apple’s argument against the government
Apple has raised several cogent arguments against the government which wants them to create a backdoor to the iPhone, which does not exist today. It argues that the backdoor has the potential to unlock any iPhone in someone’s physical possession, which could leave users powerless to prevent any unwanted invasion of privacy.
It is Apple’s position that such a precedent has no parallel in history: “We can find no precedent for an American company being forced to expose its customers to a greater risk of attack.” Apple made its ethical stance clear that “at stake is the data security of hundreds of millions of law-abiding people and setting a dangerous precedent that threatens everyone’s civil liberties.”
To advance its case to the public of being a principled position against a government misrepresentation of Cook seemingly being a rapacious corporate executive “out to make a bunch of money”, Tim Cook launched an image campaign showing himself to be a compassionate, ethical leader whom users could trust to maintain their privacy; as one who tries to be fair and maintained a track record of a good steward of the company whose word could be trusted.
Thus, Apple provided more information in crafting a narrative that revealed the government had a history of trying to force Apple to create a backdoor to enable it conduct surreptitious investigations of its customers. The deadlock started after Apple had debuted an encrypted operating system, iOS 8, in late 2014, which “encrypted all the user’s data—phone call records, messages, photos, contacts, and so on—with the user’s passcode.” The encryption update meant that Apple could no longer access locked devices running iOS 8 and this forestalled government investigators, even when a valid warrant existed. (Leander Kahney, “The FBI Wanted a Backdoor to the iPhone. Tim Cook Said No.”)
Apple had denied the government’s request to hack into users’ phones, when it expressed its interest “in getting access to phones on a mass basis.” (New York Times). The San Bernadino terrorist attack on December 2, 2015 created the perfect storm and pretext for the FBI to file a writ ordering Apple to create a backdoor. As President Trump sent tweets attacking Apple and calling for a “boycott until the company handed over the information to the FBI”, and further misrepresentation that Apple’s refusal to do so amounted to siding with terrorists, it became imperative for Apple to make the case that “at stake is the data security of hundreds of millions of law-abiding people and setting a dangerous precedent that threatens everyone’s civil liberties.” (New York Times, “Why Apple is Right to Challenge an Order to Help the F.B.I.”)
While public opinion was polarized, the editorial board of the New York Times would write in an editorial titled “Why Apple Is Right to Challenge an Order to Help the F.B.I.,” that “There’s a very good chance that such a law, intended to ease the job of law enforcement, would make citizens, businesses and the government itself far less secure.”
The pervasive specter of the Orwellian dystopia of mankind’s loss of control to the machine—humankind’s use of its tools of convenience, its algorithms—that soon derives an autonomy of its own, that has long haunted American society was evoked.
The government would go on to drop the case which never went to trial, after it was able to use a third party to gain access to the phone. However, the matter remained unresolved and the December 6, 2019 attack by the Saudi Airforce officer provided the opportunity for the federal government to continue its attempt to force Apple’s hand to create a backdoor.
Privacy, though unstated, predicated on autonomy underscores a proper functioning democracy, certainly the type our founding fathers conceived of when they desired that “we the people” be empowered against overreaching and intrusiveness into the lives and affairs of the people. It guarantees our freedoms of expression, association, and assembly—just as the Constitution provides. “The erosion of privacy is something that affects all people, even those who have nothing to hide.” (Vox article)
Indeed, there is grave danger to our democracy when government (not the people) becomes the main client of cryptographers, computer scientists and the community of technical professionals that advance the revolution in communication and information technology and who have a social responsibility as professionals. In Phillip Rogaway’s “The Moral Character of Cryptographic Work” the observation is made that:
“Research communities have a general tendency to become inward-looking. As a community, we have fostered strong relationships to algorithms and complexity theory, but have done less well attending to privacy research, programming languages, or the law. We will play a larger social role if we up our connections to neighbors.”
In channeling solutions towards stakeholders in our social contract, the author proffers a path:
“Governments and companies have become our “customers,” not some ragtag group of activists, journalists, or dissidents, and not some abstract notion of the people. Crypto-for-privacy will fare better when cryptographers stop taking DoD [Department of Defense] funds and, more than that, start thinking of a very different constituency for our output.’”
Privacy and security should not be viewed in perpetual conflict as privacy may be the basis for enhancing security. Furthermore, pursuing privacy as an individual good promotes a social good that forestalls the risk of engendering compliant and shallow people, the type so easily promoted where mass surveillance is the norm.