American Legislators and Citizens Alike Should Study up on Cyber Governance
BY KAJ MALDEN
The flare up between Apple and the Federal Bureau of Investigation has renewed discussions on what kind of role, if any, the U.S. government should assume in surveilling Americans’ communications data so as to safeguard national security. The FBI is asking Apple to develop a tool that, according to one court order, would “let the government circumvent the device’s security protocols and unlock the phone” belonging to the employer of Syed Rizwan Farook. On Dec. 2 2015, Farook and his wife, Tafsheen Malik, opened fire on a staff training event at the San Bernadino County Department of Public Health, where Farook worked, killing and injuring 14 and 22 individuals, respectively. More alarming to federal investigators is that the couple may be linked to the Islamic State group; Malik had apparently pledged bay’ah (allegiance) to the leaders of the Islamic State group on social media. The FBI hopes that by examining Farook’s iPhone, they can better discern his and his wife’s motivations, as well as identify any other dangerous contacts in their network.
In an open letter to its customers last month, Apple stated that the FBI’s request, if granted, would compromise the security of its customers’ personal information. Apple emphasized that the development and use of a “back-door” decryption software would set a dangerous precedent, giving government “the power to reach into anyone’s device to capture their data,” including SMS and email messages, financial information, personal health data, and other private content. More troubling is that if such software were developed, it could be used to build other kinds of surveillance mechanisms that can scrutinize individuals without their knowledge. In Apple’s view, it is not just government surveillance that customers should be worried about; there are hackers and criminals who could use this information for more nefarious ends.
The FBI’s request, granted or not, should be more alarming to U.S. citizens. Cyber-governance in the United States, and in much of the world, is severely under-developed, and existing legal frameworks may be obsolete in the digital age. In her critique of the American legal theory of third-party doctrine, which claims that one cannot reasonably expect voluntarily provided information to be private, Associate Justice of the Supreme Court of the United States, Sonia Sotomayor, contends that “it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill-suited to the digital age, in which people reveal a great deal of information in the course of carrying out mundane tasks.” This point is driven home by the fact that the FBI, in making its request of Apple, references an ambiguous 18th century law known as the All Writs Act, which states that all courts “may issue all writs necessary or appropriate in the aid of their respective jurisdictions and agreeable to the usages and principles of the law.”
Another part of the policymaking challenge is that many of the legislators interfacing with increasingly digital criminal evidence are not very literate in technology. Some have asked the FBI why don’t they just jailbreak the phone? Jailbreaking a phone to install third-party applications is different from decrypting the data stored on a phone. Interestingly, those citizens most concerned about digital privacy are typically a younger cohort that came of age in sync with the Internet. This is not to suggest that some (older) legislators across the U.S. political spectrum do not recognize the urgency of the issue: Senators Mike Lee, Rand Paul, and Ron Wyden have all advocated for a more private Internet.
Perhaps the biggest challenge, however, is redefining privacy in the digital age, and determining how that privacy should be prioritized vis-à-vis national security. While some may claim that they have nothing to hide, a Pew poll conducted after the 2013 Snowden leaks revealed that more than one third of U.S. adult respondents had changed their online behavior as a result of bulk data collection by programs such as PRISM. Taken to its extreme, these changes might bear semblance to notorious self-censorship in China. As Ai Weiwei, one of China’s leading contemporary artists, noted in an op-ed for The Guardian, “when human beings are scared and feel everything is exposed to the government, we will censor ourselves from free-thinking.”
Free-thinking, and the privacy to do so, are critical pillars of U.S. democracy. The FBI’s request, which amounts to a hack job, would further erode these pillars if granted. U.S. policymakers should better educate themselves on the architecture of information networks and better understand the implications. National security is an important function of the government, but forced decryption programs set new domestic and global precedent. Other governments, such as China’s, may make similar demands of Apple. It should be noted as well that terrorists in the grislier Paris attack last Fall used burner phones, not encrypted communications devices.
The U.S. public, including those who advocate for privacy, could do some learning as well. It may not be the government that should be most feared. Decrypted communications make one vulnerable to hackers and online criminals who may mine data to steal identities. Those who are more concerned about government surveillance should also ask themselves if current surveillance programs can truly evolve into more Orwellian forms in the United States. There is undoubtedly a capacity for these programs to become more invasive into private lives, but it’s unclear if the goals of these programs are as sinister as what is described in dystopian literature. To that end, greater transparency from U.S. intelligence and security communities could be helpful in restoring public trust.
Ultimately, whatever decisions or policies emerge from the Apple-FBI dispute, it is only the latest episode in an ongoing saga of U.S. privacy in the digital age. Cyber-governance will remain a key point of contention in U.S. politics in the years to come. As policymakers and citizens prepare to navigate that future, they would do well to better inform themselves on the dynamics of the issue.