One thing that has been bothering me about the Emma Acosta attempt to limit access to government records is the rhetoric about computer hacking she expressed. Acosta stated that the Apple-FBI controversy prompted her to look into the personal information that is released to the public via open records requests. Acosta argued that hackers could break into a smart phone. Her reasoning is that through an open records request, a hacker could attain the telephone number of the next victim.
Besides the clear misunderstanding that Emma Acosta has about hacking, her attempt to build a nexus to her agenda item with the Apple-FBI controversy prompted me to write this article. For those of you that hate my long winded articles, I am afraid this is one of those. The Apple-FBI controversy and its related issues are too complex to explain in a blurb or 30-second sound byte. If you really don’t want to read the detailed version, you can skip down to the last two paragraphs and I will do my best to tie it all together there.
The Apple-FBI controversy is one element in a complex issue facing our society today. In addition to the Apple-FBI issue there is the issue that Google is facing in the European Union in regards to the “right to be forgotten.” Google is also facing a legal process in Brazil. Individually these issues are representative of the much larger issue of the right to privacy, the jurisdiction of laws and the need to prevent terrorist acts. The fundamental problem is that the internet has removed geographical borders that previously allowed countries to control what its citizens thought, information they could see and how they reacted. Prior to the internet, totalitarian governments had better control over its citizens by limiting what information they had access to.
Even now, China, North Korea and even the European Union are building virtual walls to try and contain the internet. The United States government is attempting to limit what people are allowed to keep secret. The US government is also attempting to expand its laws globally by expanding its legal jurisdiction to other citizens, whether they ever set foot in the United States or not. It is not just terrorism that the United States is trying to contain but also the US government is attempting to implement its civil legal doctrine, especially in intellectual property law on citizens in other countries. There are foreigners that have found themselves being prosecuted in US courts that have never set foot in the United States and are not drug dealers or terrorists. They ran afoul of intellectual property laws and are now subject to US laws even though they never set foot in the country.
Unfortunately, the issue is much more complex than that. In addition to legal jurisdictional issues there are issues of the fundamental right to privacy and the right of citizens to be safe from the dangers of terrorism. As if that wasn’t complex enough, web developers are now facing the burden of making fundamental decisions on whether to protect the integrity of the internet while balancing that against the fact that their systems may be facilitating egregious criminal acts. As the developer of Amitor® I now have to consider whether my business platform can be used for criminal acts. It may seem simple but since I offer a secure communications and file sharing system I need to consider at what point does my security allow criminal acts. At what point do I violate my users’ privacy by cooperating with law enforcement resulting in the only commodity I have to offer, the privacy of my users’ data.
What is the trigger point? Is it the notion that an account on my system may have data about a terrorist act? Is it the belief that one of my users is a notorious drug dealer? It may be simple but I am not law enforcement so it comes down to whether I can trust law enforcement to adhere to the fundamental principals of law in a free society.
There are many examples of police officers who have bypassed rights in order to apprehend a criminal. Drug violence is a serious problem that results in the loss of life. Terrorism is obviously a scourge on the world. It is easy to argue that the ends justify the means when it comes to those crimes. But at what point do we draw the line. We allow one police officer ignore fundamental liberties to stop a terrorist act before it results in the deaths of people. It seems easy, but what happens when a police officer ignores a fundamental right to arrest a petty thief? Some of you may be thinking, so what, they shouldn’t be committing a crime in the first place.
That thought ignores that in certain countries it is illegal to read a newspaper critical of the regime. In that country they are criminals but most of us can understand that criminalizing the reading of any publication is a violation of the fundamental rights of humans. I can go on and on with examples but I believe you get the gist of what I am trying to convey.
As the developer of Amitor® I have to consider that I have to offer my users a secure platform. They have to trust me to secure their data in order to use my platform. It only takes one instance of my releasing a user’s data for my user base to lose trust in me. But I also have to balance that with my responsibility to my fellow citizens and not allow my software to result in the death of anyone. It may seem easy to apply my morality, and thus agree to keep criminals that are killing people off of my system. But that raises the question of legal jurisdiction. What happens if China demands that I give them the names of my users who read prohibited materials?
The Chinese take their laws very seriously and if I refuse then I am subject to their laws in whatever manner they want to apply it. Some of you are thinking, simple, just don’t do business in China and don’t visit China. It is not so simple from a business perspective. It is even more complex in that I like to travel. The Chinese may not be able to extradite me from either Mexico or the United States. But what about Singapore? Or, Malaysia or another country that I may want to visit?
As the developer, how do I deal with all of this?
Keep in mind that I am only sharing with you a very superficial example of the many problems surrounding this.
The answer is rather simple; I build a system where the data that is stored on it is not available to anyone without the right credentials. That includes me, the developer.
If I cannot honestly access the data, then I cannot be compelled or intimidated into giving a third-party access to the data stored on the system. If I don’t know what the contents are then I don’t know if criminal acts are stored therein.
That is the fundamental issue with Apple and the FBI debate.
The FBI wants to keep companies from building secure systems that limits their ability to do their criminal investigations. Since the United States’ legal system is based on precedent, the FBI needs a case to build the precedent from. What is the precedent the FBI is after?
The FBI wants a company to build access into their own secure systems.
If the FBI prevails in the Apple case, then the precedent will be that no developer can refuse to build access to their secure systems. Keep in mind that it is not about providing a password to the FBI, but rather it is about building a back door into the system. At that point, the system is no longer secure.
Unfortunately, it gets much more complex.
Remember how I started out describing that the internet has erased geographical borders and that countries are trying to expand their legal jurisdiction to other citizens?
If you are currently in the European Union and open up Google to do a search on a Spanish citizen. Your results will be much different from mine even though we used the same search terms. The reason for this is because of the European Union’s law of the “right to be forgotten.” Under that law, any European Union citizen has the fundamental right to erase their history from the Internet.
Let’s say that you are searching for someone you read about five years ago that was arrested for financial fraud. You type in their name and nothing comes up in Google, even though you clearly remember reading about the case in the Wall Street Journal.
The reason is that a European Union citizen has the right to demand that their arrest be stricken from the news media after they have served their time or have been found innocent of the crime. In other words, their “history” can be erased. In order for Google to comply with the right to be forgotten law in the European Union, it filters its search results in Europe. Google has no subjected itself to Europe’s legal jurisdiction. Ironically, Acosta was targeting an individual that would love to see the European law applied in the United States, especially the one where anyone can look up how he has a pending arrest record in Arizona for not paying child support.
Now back to the Apple-FBI case. If Apple can honesty state that it does not currently have a back door into its system then it can operate in any country, including those totalitarian countries that allow it. When a government demands that Apple give them access to someone iPhone, Apple can currently state it has no way to do so.
Therefore, the Chinese government, for example, theoretically cannot legally hold Apple responsible for the proof that a Chinese citizen is disloyal to the Chinese government.
But if the US government, through the FBI’s legal challenge is successful in forcing Apple to build a backdoor then that security blanket for Apple ceases to exist. China would immediately demand access to Apple products of those it targets through its judiciary.
Now, let’s go back to Google for a moment. As I showed you previously, Google offers different results based on what country you are searching from. There are ways around that but for the average user their search results are limited by what the country’s government wants them to see.
This forces us to consider the very fundamental point to the internet, access to unimpeded and unfiltered information. The internet revolutionized the way we access information. In many ways it equalized access to information.
But now we are being forced into different classes of access to information. Some of us enjoy free access to anything we want while others must deal with filtered access. Just like we currently have education and economic classes of people, we will now exasperate limiting access to information for certain classes of people. We are going backwards instead of forward.
At what point will retreating away from freedom be stopped? When criminals aren’t allowed to plan their crimes in secrecy? When Chinese citizens aren’t allowed to read critical pieces about their government? Or what about US citizens given up the fundamental to keeping secrets?
As you can see, the problem is more than just giving access to the FBI to a terrorist’s iPhone. It is about eroding the freedoms that the internet opened up for us. It is the expansion of one countries imposition of its moralities upon other citizens who have no intention of subjecting themselves to other countries’ laws. The Apple-FBI battle is about eroding freedoms and expanding government authority over everyone. But it is not just the United States expanding its reach into US citizens. It is like running water, once you allow it to run out it never stops. The US government may want to snoop on a terrorist’s phone. That sounds like a good thing. But what happens when China demands access to a phone to convict someone of conspiracy against the Chinese regime just for sharing a newspaper article critical to the Chinese government? Where does it stop? Don’t think it happen? Google is already limiting access to its search results based on which country you are accessing the information from. Google is a private company yet it is the one that limits your access to information based on the dictates of a foreign government.
Is that what everyone wants for the future of the internet? Not me, that is for sure.