March 7, 2016
Apple vs. the FBI: Privacy and Security in the Digital Age
Few issues (aside from the Presidential campaigns, of course) have played larger in the media over the past several weeks than the legal dispute between the FBI and Apple over whether Apple should be compelled to write special software to disable a self-destruct feature so the FBI could find the passcode to unlock the iPhone 5c used by San Bernadino shooter Syed Farook. Both sides have made strong arguments before the U.S. District Court Magistrate, which have been outlined extensively in the media and on Capitol Hill.
This case has brought to the fore a conundrum that is hardly new but has grown in intensity and significance as we move further into the global digital age. It focuses on the most sensitive and critical responsibilities citizens expect from their government—protecting their security and guaranteeing their civil liberties. And it involves complex technical, legal and policy issues. Apple argues, among other things, that compliance could make their encryption system more vulnerable to hackers and reduce privacy protections for their users. Also, they worry that this could lead to an increased volume of law enforcement requests, both here and overseas. Citing the growing use of digital communication by terrorists and other criminals to design, coordinate and even deliver acts of terrorism, law enforcement interests cite a need, with appropriate court orders, to access certain information to track down criminal groups and deter possible future events.
There are international implications as well. Our technology companies serve consumers world-wide and other countries look to see how we balance privacy and law enforcement needs in terms of how they treat US companies who serve their citizens as well. We also see these concerns reflected in on-going negotiations with Great Britain and other countries.
The current legal process here could take months, if not longer. The questions are being weighed against statutes that were enacted well before most of this technology was even invented, let alone widely utilized. Unless and until there is some clear, consistent guidance to address these situations going forward, we will continue to see these matters addressed on a piece-meal, case-by-case basis that leaves all interests in the lurch of uncertainty. This will not be easy. During recent House testimony, FBI Director James Comey described the encryption issue as “the hardest question I’ve seen in government”.
Congressional hearings are ongoing, and several Members, as well as industry and other interests, have suggested that Congress needs to address the issue legislatively. Considering the Constitutional, legal and policy questions here, that would be the logical conclusion. Senate Intelligence Committee members Diane Feinstein (D-CA) and Richard Burr (R-NC) may offer a bill to require companies to unlock phones under court order. House Homeland Security Committee Chairman Mike McCaul (R-TX) and Senator Mark Warner (D-VA) have offered a bill to establish a National Commission on Security and Technology Challenges which would bring together experts from law enforcement, the tech sector, intelligence, privacy, and civil liberties groups to suggest solutions to these problems and report back to Congress. Interestingly, on the related issue of the Internet of Things, which will bring its own set of issues related to privacy, liability, and security, Senators Deb Fischer (R-NE), Cory Booker (D-NJ) and others have introduced a bill to set up a public-private sector working group under the Dept. of Commerce to make recommendations to Congress on how to deal with potential challenges in this area, hopefully before they become major issues of contention.
While it remains to be seen what Congress will do, there are two things to consider: first, any solution will need the input of the parties most involved in, and knowledgeable about, these issues. We have brilliant minds in all these fields, and they need to be part of the solution. Whether this happens through a statutory commission or other groups like the Digital Equilibrium Project, we must work together here; and second, delay is no one’s friend. We are already behind the curve, and if Congress does go the commission route, it cannot be to simply “kick the can.” There must be firm, reasonable deadlines to act. The goal must continue to be protecting the American people, our infrastructure and our economy, guaranteeing our civil liberties, and encouraging innovation so US companies can flourish here and around the world. We have the talent to solve this conundrum. With determination, consultation, and cooperation, it can get done. Tick Tock.