Digital security and privacy

March 29th, 2016

Safety and privacy in tension

While investigating the December 2015 mass shooting in San Bernardino, California, the FBI recovered an Apple iPhone from the car in which the shooters died. The perpetrators had already smashed their mobile phones and their computers’ hard drives, so this iPhone may be investigators’ last chance to find out whether the shooters had conspired with other terrorists. But because Apple’s software automatically and thoroughly encrypts iPhone users’ personal data, the FBI has been unable to search the phone’s contents.

On February 16, Magistrate Judge Sheri Pym ordered Apple to give the FBI “reasonable technical assistance … in obtaining access” to the iPhone’s data. As of this writing, Apple has refused. The company says it has “no sympathy for terrorists” and points to how it has already helped the FBI, but it claims this order sets a dangerous precedent and is an unacceptable threat to what Apple CEO Tim Cook has called the “fundamental human right” of privacy.

A recent Pew Research poll found 51 percent of Americans think Apple should unlock the iPhone — a majority, but not an overwhelming one. And early last year, Pew found that 52 percent of Americans are “very” or “somewhat concerned” about the government monitoring their data and electronic communication — again, a majority, but a small one. These polls, like Apple and the FBI’s current dispute, highlight the tension our society feels between our desire to be safe and our desire to control our own information.

Public safety concerns

Without the shooter’s passcode — a six-character combination known only to him, and not stored on Apple’s servers — the FBI has no way to get around the formidable security features of Apple’s mobile operating system, iOS. The FBI wants Apple to create a new version of iOS that will run only on the shooter’s iPhone and will disable or bypass the system’s normal security measures. “We simply want the chance, with a search warrant, to try to guess the terrorist’s passcode without the phone essentially self-destructing and without it taking a decade to guess correctly,” wrote FBI director James Comey. “Maybe the phone holds the clue to finding more terrorists. Maybe it doesn’t. But we can’t look the survivors in the eye, or ourselves in the mirror, if we don’t follow this lead.”

Why does the FBI think the device might reveal terrorist connections? Increasingly, terrorist groups have been using smartphones and social media to recruit members: “The terrorist is buzzing in the pocket of a troubled soul 24 hours a day,” Comey told FBI agents last fall. And evidence suggests some of those who carried out the November 2015 attacks in Paris used encrypted apps to hide their planning.

An amicus brief filed in the FBI’s support on behalf of police and prosecuting attorneys’ groups argues that if Apple is allowed to refuse the court’s order, “public safety will suffer. Crimes will go unsolved and criminals will go free. Apple’s iPhones and iPads are ubiquitous. They are powerful. They are used by criminals, as well as crime victims.” The brief further contends that “were Apple to prevail … the public at large may question why they should be called upon to cooperate with law enforcement.” Any significant erosion of the long-standing principle that citizens have a duty to assist those who uphold the law could reasonably be expected to undermine civil order and safety.

Personal liberty concerns

Apple insists reasonable cooperation with law enforcement isn’t the issue. The company points out, and the FBI grants, that it promptly and willingly turned over information from the shooter’s phone that had been backed up to Apple’s iCloud storage service. (Unfortunately, for whatever reason — the FBI suspects the shooter disabled the phone’s automatic backup feature — no data was backed up after October 19, six weeks before the shooting.) And Apple has, on multiple previous occasions, extracted data from locked iPhones for law enforcement without actually unlocking the phones; those devices ran on older, less secure iOS versions.

Instead, Apple objects to the requirement that it create the customized iOS — the company’s manager of user privacy calls it “GovtOS.” Although the FBI says it would be used one time only, on the shooter’s iPhone only, Apple envisions the opposite outcome. “Once created,” Tim Cook warned in a public letter, “the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.”

The FBI has accused Apple of worrying more about its brand image than the public good, but Apple disagrees. “The government is asking Apple to hack our own users,” writes Cook, “and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals.”

Could Apple’s forced compliance set a dangerous precedent? Some observers think so. Jake Williams, CEO of cybersecurity firm Rendition Infosec, told Wired magazine, “The precedent isn’t that they unlock one phone. There’s no reason down the road they can’t go to Microsoft, or anyone else … to create some intentionally vulnerable applications.”

Such applications could track users’ online activity without their knowledge or consent. Attorney Nate Cardozo of the Electronic Frontier Foundation told the PBS NewsHour the core issue in this case isn’t “security vs. privacy” but “security vs. surveillance. … Before Apple instituted this level of encryption on devices, when devices were stolen, they were susceptible to any run-of-the-mill hacker opening it up. And that is what the FBI wants Apple to return to?”

A time for soul-searching

One of the several tech leaders who’ve thrown support to Apple is PayPal cofounder Max Levchin. In his judgment, too many questions about security and liberty have been decided too quickly in the years since 9/11. “We have put aside the conversation of what’s important to us as a society, as a country,” he told CBS News, “in favor of solving the problem that is immediately in front of us and subsequently, we found ourselves soul searching over and over again.”

If the FBI and Apple dispute is indeed a time for national soul-searching about the shape of our society sooner rather than later, then we Christians have a stake in contributing to that conversation.

On the one hand, the biblical tradition frequently directs believers to obey lawful social authorities (Romans 13:1-5; 1 Peter 2:13-17). Believing God “is a God not of disorder but of peace” (1 Corinthians 14:33, NRSV), we support social order that benefits everyone, and we have no interest in allowing crime, especially violent crime, to go unpunished. We believe human life is precious and should be protected.

On the other hand, our tradition also remembers that human authority often tries to act with authority that belongs only to God. It can create order that isn’t beneficial to all, especially to those people on society’s margins (1 Samuel 8:10-18). We know “the nations” must sometimes be reminded “they are only human” (Psalm 9:20).

I asked the Reverend Dr. Christopher Benek, a Presbyterian pastor whose theological thinking about technology has attracted national and international attention, what resources Christian faith has for wrestling with the issues raised in this case. In an email, he pointed me to Jesus’ Golden Rule (Matthew 7:12) and added, “Much of the Bible is about setting appropriate boundaries so that folks behave in a manner that honors … the necessary freedom to flourish as human beings.” 

People need both privacy and safety in order to flourish. How will the church offer insights in order to help our society reach an appropriate balance of the two that reflects God’s good will for humanity?

Be sure to check out FaithLink, a weekly downloadable discussion guide for classes and small groups.

comments powered by Disqus