Feb 09, 2017 | By George Gantz
What Are You Afraid of? (Part 2) – When Tech Claims Clash with Government Requests for Information
Privacy is not a simple concept, as we discussed in our previous post. The moral implications of privacy are complicated — “it depends.” In a spiritual context, privacy, or the illusion of privacy, is an invitation to the temptations to lie, cheat or steal! So how are we to decide between the claims of law enforcement and the claims of the tech industry when it comes to the Bentonville and San Bernadino cases? The answer boils down to a simple question – what do you fear most?
The Pragmatic Question of Privacy – What do you Fear Most?
So what is it that you, John Q and Jane D Public, are most afraid of? Should law enforcement officers be guaranteed access (in compliance with Court requirements) to the data from the many digital and online devices we now possess, as they seek to investigate crime and enforce the rule of law? Or to the contrary, should Tech Companies be allowed to refuse such access and sell un-crackable encryption that would permanently deny such access? Another legal argument between Tech and Government flared up recently. As reported on February 5, 2017, in this federal fraud case, Google argued that it cannot be required to turn over data from servers located on foreign soil. A judge has ordered that the data be repatriated. Google was banking in part on a similar case last year where Microsoft successfullly argued in a Federal Appeals Court that overseas data was effectively beyond US authority. Depending on how these cases turn out, the ability to move data to overseas servers might be as effective for avoiding law enforcement as un-crackable encryption. In arguing these point, Law Enforcement Officials argue that such information is sometimes critical for the protection of the public interest. Indeed, in the San Bernadino case, the smartphone of the terrorist (who was already dead) could provide information useful to the capture of other terrorists and the prevention of other killings, and the FBI ended up hacking into the phone without Apple’s help. In the Bentonville case, there is a chance that the Amazon Echo data (like the smart water meter data that helped investigators) might be relevant in learning the truth “beyond a reasonable doubt.” Prohibiting Law Enforcement access to such data could undermine our security and the capacities of our legal system. The long-term consequences of un-crackable privacy codes that shield perpetrators and conspirators from justice could be quite damaging to our interests. On the other hand, Apple, Amazon and the other tech companies argue that any Government access to such detailed personal information would be unreasonable, as it is too personal and too detailed. The fear behind this position seems to be of two kinds — fear of Government power and mis-use of private information, and the fear that such data would then be more susceptible to access by others with nefarious intent.
Fear of Government Power and Misuse of Private Information
The fear of Government over-reach and misuse of private information is a valid concern. We have seen examples of unacceptable Government intimidation and manipulation on the basis of secretly gathered information, including the private surveillance files of longtime FBI Director J. Edgar Hoover and the political tyranny of McCarthyism. Local law enforcement officers and prosecutors are also occasionally accused of secrecy, manipulation and intimidation. The fear of government abuse has played a role in the very public discussion of the expanded surveillance authority of the National Security Agency (NSA) under the Patriot Act of 2001, and the subsequent amendments to reduce the NSA’s massive data collection efforts. There is very little public information or evidence of any benefits of such massive surveillance, and very little public information or evidence that the NSA program led to abuse or intimidation of innocent civilians, but the rhetoric on both sides is quite vigorous. Clearly, the concern is very relevant in countries with autocratic or repressive governments that do not respect the rule of law or the basic human rights to life, liberty and the pursuit of happiness. Hopefully, the US is different. The framers of the Constitution worked very hard to include checks and balances on the abuse of power. Article 4 of the Bill of Rights is very specific about the limits to Government access:
Amendment IV The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The bottom line — does the fear of intimidation and manipulation outweigh the fear of a weakened justice system that could result from un-crackable privacy protections?
Would Our Data be Less Secure if Government Had Limited Access?
The fear about the overall security of our data is more generalized. Our digital devices and the online world with which they interact yield an immense amount of personal data. We have learned to be concerned about our accounts being hacked, but we are generally NOT aware of all the information about us that is collected. Consider the massive network of public and private data sources, including GPS and cellphone communication networks, cameras and sensors, retail outlets, online profiles and activity, and the sophisticated data mining techniques that allow data companies to scour those sources in order to build a detailed picture of our habits and preferences down to the individual clicks we make in our browsers. That knowledge is being used by computer algorithms to shape our feeds, answer our searches and expose us to individually tailored advertising and information. It is indeed a scary thought that such data might end up in the wrong hands. We have heard enough about hacking, stalking, bullying and identity theft to justify such fear. Given the varieties of detailed information that are now routinely accessible from or through our digital devices and networks, would Government access really make this data less secure? Detailed personal information, and the ability to mine it, is already in the hands of Facebook, Google, Amazon, and many other private companies. Do you fear Government use of that information more than you fear corporate use of that information? These three companies are some of the very largest in the US. We are (for the most part) giving them your data willingly. I also bet that you, like me, do not read the fine print every time you buy a device, load an app or respond to a prompt like “—- would like to access to your location.” Does it seem reasonable to conclude that prohibiting access by Law Enforcement (pursuant to Article IV restrictions) to any of this data will enhance your security?
Why I fear Tech more than Government – most of the time!
As the observations above suggest, I lean in the direction of trusting the intentions of Law Enforcement agencies, with the caveat that we remain vigilant to the restrictions of Article IV and demand accountability from our government officials at all levels. In this context, I found a 2015 report from the International Association of Chiefs of Police: “Going Dark – The Challenge of Data Encryption” both sobering and sincere in its commitment to public safety while acknowledging the importance of individual privacy. According to IACP President Richard Beary “Law enforcement simply needs to be able to lawfully access information that has been duly authorized by a court in the limited circumstances prescribed in specific court orders—information of potentially significant consequence for investigations of serious crime and terrorism.” I am not convinced that the Tech Industry has a similarly balanced perspective about privacy and public safety. Tim Cook’s analogy that cracking an iPhone security feature is the “software equivalent of cancer” is an indication that the industry “doth protest too much.” I do trust the Tech industry to behave in a manner that they believe is in the best interest of their companies, and I agree that the public seems to value unfettered and un-crackable privacy. But I now disagree that this feature is entirely beneficial to the public good. The long-term consequences of this position may well be disastrous for Law Enforcement. I am not alone in questioning the motivations of the Tech Industry. Anil Dash, an industry insider, has been very direct in holding the tech industry to task for its ignorance of moral and ethical considerations. (see: On Being Interview of Anil Dash). The Schumpeter column of The Economist Magazine on Feb 4 2017 also concludes that tech firms “often define virtue as what they judge to be in their business interests…. Oligopolistic, hubristic, and ruthless to the core, Silicon Valley is no beacon of moral leadership.” Moreover, at the practical level, while there is some facile appeal to the idea that we can maintain our individual privacy in this day and age, that idea is largely an illusion. We voluntarily, even enthusiastically, embrace the technologies and participate in the applications that collect, store and share the most intimate details of our lives — this makes secure personal privacy nearly impossible. In this context, the protestations about protecting privacy, by industry leaders as well as by individuals, seems hypocritical.
We Need Continued Vigilance Over Government Use of Personal Information
This does not, however, suggest we should become blasé about Government access and potential use of private information. In spite of the words of Article IV and the balance of power embedded in the US Constitution and our government institutions, our trust in Government ultimately relies on individuals resisting the temptation to abuse the information they have access to and the authority that they have been granted. Vigorous and open debate and high levels of transparency in government activities are critical. This issue will continue to be raised in the political context. An update to the governing law on privacy, the Electronic Communications Privacy Act (ECPA), passed the house in 2016 and will be before the Senate in 2017. The IACP has identified the issue as one of their 2017 legislative priorities. In addition, the latest controversies have raised awareness about the issue. We can hope for legislative action that properly balances the interests of privacy and security. In my opinion, un-crackable digital devices, and the ability to move data offshore, do not meet this goal. If the industry does not recognize this in their own practices, then government action may be required. At the same time, let’s be honest with ourselves. If we want to protect our privacy, we need to think hard about the technologies we use and how we use them.
“Let us keep in mind what is most important to us as human beings and avoid the temptations of the “pretty toys”…. At the same time, we need to be mindful of our responsibility to ourselves and to the greater society. It is up to each of us to be thoughtful, to make good choices, and then to act on our choices and live up to our responsibilities. From a grounded core of being, we can engage fully with the world, and play our part in making it better.” From The Human Race and The Technology Race, Chapter IV.
2 Responses to “What Are You Afraid of? (Part 2) – When Tech Claims Clash with Government Requests for Information”
Join the Discussion