February 24, 2016

PR offensive - a poor way to make policy

Americans are considering the tricky balance between privacy and security. What is not needed now is hyperbole, hysteria and a lot of red herrings. Unfortunately, that is just what privacy advocates and, most recently, Apple are providing.

Over the protests of Apple, a California appeals court the other day ordered that the company must help the FBI in an investigation of one of the most horrific terrorist cases in recent years, last December’s San Bernardino killings. The FBI wants to get at the contents of a locked up and encrypted iPhone used by one of the shooters.

Having lost in the real court, Apple turned to the court of public opinion. In a fear-mongering “customer letter” on Feb. 17, Apple’s CEO Tim Cook says that helping the FBI to decrypt this single mobile phone risks exposing the private data of millions of customers. A casual look at the actual Court Order reveals that the company’s argument is skewed or perhaps purposely misleading.

For instance, Apple asserts that the company has cooperated with the FBI but goes on, “…now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.”

Actually the court order directs Apple to “…assist in enabling the search of a cellular telephone.” That is, one particular iPhone 5C, with serial number specified. It leaves wide room for Apple to decided how to do that.

But Apple argues that the company is being directed to build a whole new version of its iOS operating system that would “undeniably create a backdoor.” Cook repeats that creating this new iOS would give a “master key” to be used “over and over again” undoing “decades of security advancements that protect our customers.”

The FBI quickly fired back, “Apple appears to object based on a combination of a perceived negative impact on its reputation and marketing strategy…numerous mischaracterizations of the requirements of the order, and an incorrect understanding of [the law].’’

Apple asserts it is “deeply committed to safeguarding” customer’s data and promises to do ”everything in our power” to protect personal information.

The founders of the United States were perhaps even more deeply committed than Apple to protecting the citizenry, since they had just fought a war on American soil to assure civil rights including privacy. Yet they could see the need for legal searches in pursuit of law enforcement to assure public safety. So, in the new country’s Constitution, they outlined a process for safeguarding rights while allowing searches.

Of course, there are solutions enabling legal search and surveillance that do not require emasculation of privacy protection on computers or mobile devices.

Hacking Team produces software that permits lawful surveillance of devices used by criminals, terrorists or other suspects. The company was founded on the premise that security provided by law enforcement is an essential right, just as privacy is. Hacking Team has paid dearly for taking that position. Well-publicized attacks against the company have been aimed apparently at destroying it.

Privacy advocates and critics of law enforcement argue loud and long that the use of any such software is a hideous invasion of privacy, that activists working for democracy will surely be targeted rather than criminals, and that “Big Brother” will take over. Yet there is no evidence that where these technologies have been used, activists, freedom workers or democracy advocates have actually been harmed. “But they could be,” is the response.

Like the debate around Hacking Team or the Apple/FBI battle, most of the public commentary about surveillance, encryption and law enforcement in general is charged with emotion. Advocates rely on hypotheticals, fear-mongering and hysteria in presenting arguments, and they hope to win by winning public opinion.

None of this advances the development of what is most needed: a sound policy accomplishing two vital goals — protecting privacy and permitting law enforcement to do the job of protecting us all.

“The implications of the government’s demands are chilling” Apple concludes in its letter. Perhaps what is more chilling is the thought of terrorists hiding their plans behind end-to-end universal encryption on the Apple iPhone.

In either case, what is really needed is a thoughtful policy that protects the privacy of users of modern technology while at the same time providing a reliable mechanism for lawful investigation. It should be based on a good-faith, cooperative effort on all sides to find a solution, not on hyperbole, hysteria and red herrings.