What do social justice questions have to do with the encryption debate? Plenty, actually
How does the idea of social justice fit into the encryption debate?
That question and more were addressed January 27th when I had the privilege to participate in a very timely conference at the University of Connecticut (UConn) Law School entitled Privacy, Security & Power: The State of Digital Surveillance. (A video of most of the conference is found here)
The panel on which I served was called The Ethics and Impact of Surveillance and Encryption and included Professor Sahar Aziz of Texas A & M Law School; Professor Stephanie K. Pell, Assistant Professor and Cyber Ethics Fellow at West Point’s Army Cyber Institute; and Professor Riana Pfefferkorn of the Center for Internet and Society at Stanford Law. Professor Molly Land of the UConn Law faculty moderated. (This panel appears on the conference video starting at about the 2:18:40 point).
The discussion was really fascinating as each of us introduced some of the themes of our papers that will be forthcoming in a special UConn Law Review symposium issue. My draft essay is entitled Social Justice and Silicon Valley: A Perspective on the Apple-FBI Case and the “Going Dark” Debate.
Why that perspective? When the dispute between Apple and the FBI arose about this time last year, I was struck by what I considered to be a rather narrow view of “security” the Apple executives were propounding. It was a concern about just their customers, not society at large. In fact, in an op-ed, Apple vice president Craig Federighi said that “nothing is more important than the safety of all of our customers.” (Italics added.)
Of course, not everyone is an Apple customer. Indeed, there are still a lot of people who may not be able to afford the latest IPhone or other device with readily-available encryption. In comparing IPhone customers with Android users Forbes made these observations in 2014:
Both iPhone and Android people are affluent, educated, eager digital device consumers, and well-represented across the adult age spectrum up to 65….iPhone people are a notch up the socio-economic scale: higher income, higher education, higher representation in professional and managerial jobs. (Italics added).
Moreover, for a variety of reasons experts say the typical Android phone is more accessible to law enforcement than its Apple counterpart. This makes writer Sam Biddle’s observations about Apple particularly interesting:
And it’s not purely an income game—other socioeconomic factors that correlate heavily with the amount of money you’ve got in your pocket line up perfectly. Federal census data pegs black and hispanic households at median income (and ergo spending) levels tens of thousands of dollars below their white peers—and statistically, those same households are going Android at higher rates. A full 12-percent more black and Hispanic smartphone users are Android users compared to Apple customers, and owners of any race with a high school diploma or less made up 38-percent of Android owners, over iPhone’s 31-percent mark in that cohort.
In practical terms all of this means that the affluent not only enjoy the added privacy that pricey encryption provides, but also are, I would argue, better able to afford to protect themselves from the adverse consequences – crime and terrorism – that encryption might enable.
The wealthy, to include Apple executives enriched in large part by IPhone sales, can afford costly security technology as well as expensive physical security measures to protect them from whatever havoc terrorists or criminals enabled by encrypted communications may be able to visit upon the less fortunate of our society. Those killed and injured at San Bernardino were working class people, not Silicon Valley billionaires with squads of body guards. The public at large must depend upon law enforcement for protection, and its effectiveness is obviously impaired when even court orders won’t get them access to high-tech encrypted devices used by terrorism and criminal suspects.
As I discuss below, the inherent tension between privacy and security has always been resolved by the courts. However, we now have private entities with a profit motive able to sell technology which is essentially – and intentionally – beyond the reach of law enforcement, even when authorized by the courts. In my mind that also raises social justice issues as the less affluent in our society have to depend upon the judicial system – and not corporations – to decide how much of their security will be put at risk.
Apple’s motives had much to do with their financial interest in having encryption as part of the brand of their phones. Blair Reeves, a Principal Product Manager for the software company SAS, made this point unequivocally:
For several years now, Apple has explicitly made “privacy” a key marketing stick with which to beat its chief competitor, Google. Certainly, a stated commitment to protect customer privacy is vital to Apple’s brand and continuing business strategy. Apple’s CEO and employees may be expressing genuinely held private convictions, but the regulatory theater in which Apple, the corporation, is currently embarked is without question motivated by its business concerns.
That is an understandable imperative for a private company seeking to maximize its profits. Yet we cannot – and should not – ignore the impact on the non-customers, especially the less well-to-do. My paper endeavors to at least suggest the questions we should be asking. Below is an extract from my draft essay:
Social justice, we are told, “is generally equated with the notion of equality or equal opportunity in society.” It also embraces the idea of economic justice. This paper argues that these concepts are involved in last year’s dispute between the Apple corporation and the Federal Bureau of Investigation (FBI) over an encrypted phone found among the possessions of one perpetrator of the San Bernardino massacre that killed 14 people and wounded 22.
The phone was believed to be evidence in a terrorism case, and the FBI got permission of the owner of the phone (the San Bernardino County Department of Public Health) to search its contents. They were stymied, however, by the Apple phone’s encryption software that effectively “locked” the phone. The FBI then obtained a court order under the All Writs Act compelling Apple’s assistance in unlocking but the corporation resisted doing so. (The case eventually became moot when the FBI found a private contractor who was able to gain access to the phone.)
Nevertheless, the dispute highlights what has been called the “going dark” debate, where technology is frustrating the ability of law enforcement to investigate crimes and national security threats, even where the government is working though the judiciary. Apple’s contention that there is “nothing is more important than the safety of all of our customers” is juxtaposed against the FBI’s broader mission to “protect the American people” in general (and not just Apple customers), as well as the Supreme Court’s admonition in Haig v. Agee that “no governmental interest is more compelling than the security of the Nation.”
While Apple argued that the main issue in the dispute was one about individual privacy rights against government intrusion; in truth it engages fundamental notions of social justice and the rule of law. This essay suggests that some of the key questions are these: in a free society, to what extent should Silicon Valley – as opposed to the courts – determine what law enforcement professionals can and cannot do, particularly when the tech moguls making that determination have the wealth to insulate themselves from the consequences of their decisions?
If commercial companies believe that encryption is vital to the viability of their brand, should they nevertheless bear the costs when their devices enable the commission of criminal acts and terrorism? Should a statutory presumption be established to benefit victims where a reasonable inference is established that a phone or similar device was used by the perpetrator of a crime or terrorist act where the company involved either designed it with “unbreakable” encryption, or refuses to aid in its decryption despite a court order?
Along that line, in a nation where courts have traditionally resolved the inherent tension between privacy and security, are we seeing that adjudication, de facto, shifting to private entities with a commercial interest in the outcome? Does former Director of the CIA John Brennan raise a legitimate concern when he says in reference to the Apple-FBI case that:
So. . . if a judge issues a writ that says a safety deposit box in a bank must be opened up because there’s something in there either inculpatory, exculpatory of the crime or something that’s going to allow us to prevent a crime, the bank owner has a legal obligation to open it up. Same thing with a warehouse owner, or somebody who owns an apartment building.
Now private sector companies are getting the ability to say to the government and to the courts and to our system of laws, no, I’m going to determine what the government is going to be able to see or not. (Italics added.)
Moreover, in a free enterprise system, to what extent should the legitimate financial interests of private companies – not to mention the bona fide individual interests and rights of the customers of that company – prevail over the security interests of the public at large, to include those whose financial means are such that they must depend upon government for protection as the wealthy do not? How much privacy and civil liberties do the public want to forfeit in a technological era that Thomas Friedman tells us may be enabling “super-empowered” individuals to “kill us all”? Is he correct when he says:
[W]e need to ensure our government has all the surveillance powers it needs — under appropriate judicial review — to monitor and arrest violent extremists of all stripes. The bad guys now have too many tools to elude detection. (Italics added)
How should we manage the trade-offs inherent in the tension between privacy in a world where 51% of the public believes that “government anti-terror policies have not gone far enough to adequately protect the country” and only 27 percent say “they have gone too far in restricting civil liberties”?
At the same time, however, we need to keep in mind, as Mieke Eoyang has pointed out, that “the debate is often framed as a balance between government power and individual privacy.” Eoyang says this too often overlooks the “critical role of the communications companies, who as physical and legal gatekeepers regulate government access to private information.” She adds that “[w]hen the government does not properly balance the economic concerns with the national security concerns it can harm US competitiveness abroad.”
Obviously, this essay is still a work in progress, and the debate continues to roil. What’s ahead for the coming year? FBI Director James Comey said last August he hoped the “going dark” debate would “reemerge [in 2017] as a less passionate, more fact-based ‘adult conversation.’” The Hill reported that Comey observed:
At the end of the day, if the American people say ‘You know what, we’re okay with that part of the room being dark, we’re okay with, to use one example, with the FBI in the first 10 months of this year getting 5,000 devices from state and local law enforcement and in 650 of those not being able to open those devices,” he said, without finishing the hypothetical.
“That’s criminals not caught, that’s evidence not found, that’s sentences far shorter for pedophiles and others because judges can’t see the true scope of their activity. We should not drift to a place that a wide swath of America is off limits to judicial authority.”
Although as a campaigner President Trump appeared to come down strongly on the side of the FBI, experts are now not so sure what direction he will take. Consider this: on February 2nd it was reported that House Judiciary Committee Chairman Bob Goodlatt., a Republican, said that “undermining encryption is a nonstarter.” It looks like the byte barons of Silicon Valley just might get their way.