In today’s world, defined by unprecedented reliance on constantly evolving technology, an understanding of security is crucial to understanding technology. Recent events have proven that counterterrorism policy has become inextricably connected with a very technical subject: encryption. Immediately following the tragic Brussels bombings on March 22, House Homeland Security Chairman Mike McCaul speedily hypothesized that encryption played a crucial role in planning the attacks, a view common among American lawmakers. However, the biggest case that has brought this conflict to the attention of the American public was the FBI-Apple encryption dispute. Following the San Bernardino attack last December that claimed 14 lives, the Federal Bureau of Investigation (FBI) engaged iPhone manufacturer Apple in a legal dispute over whether the United States District Court for the Central District of California could compel the tech company to create new software that would enable the FBI to unlock the phone of one of the culprits. Although the FBI eventually dropped the suit because they found a way into the phone without Apple’s help, the case still is worth studying for the ramifications it would have had if the FBI had won.
Apple’s primary opposition to the FBI’s demands comes on the grounds that the demands have the potential to pave the way for increased government ability to forcibly unlock or de-encrypt consumer technology. As Apple’s lead attorney Bruce Sewell testified to the House Judiciary Committee, “We can all agree that this is not about access to just one iPhone.” Such sentiments have been echoed by an amicus brief filed by fellow tech companies Twitter, AirBnB, eBay, LinkedIn, Reddit, Amazon, Microsoft, Snapchat and Yahoo. Under bipartisan pressure from the US House judiciary committee, FBI director Jim Comey has indeed admitted that the San Bernardino case could set the precedent for the decryption of more phones that are in the possession of the FBI or police. More tellingly, Comey has conceded that the case will “guide how other courts handle these requests,” confirming that the Apple-FBI case over the locked San Bernardino iPhone would have been about more than just one case and one phone. After the FBI’s dropped suit, such fears are already being realized. Within days, there are already reports of the FBI agreeing to help the Arkansas police unlock a phone that may contain evidence in a murder case.
But moreover, the case has broader implications for judicial decisions regarding privacy rights worldwide. The critical reason why the current FBI-Apple encryption dispute shouldn’t be viewed as contained to one phone in the United States is because the international community is watching intently. Notably, there are fears that regimes around the world will use the actions of the US, a country that portrays itself as an international pillar of freedom, to justify similar violations of privacy; the fact that the FBI was able to crack the encryption even without Apple’s help only fosters this view. Proponents of privacy argue that a ruling in favor of the FBI would have created an international precedent for governments to carry out similar actions and extrapolate from the case, potentially leading to larger breaches of privacy. Although no ruling was ultimately needed, it is only a matter of time before Apple or another company is sued again when they have beefier encryption. The decision then will have the same impact.
Such concerns are not unfounded, as the historical parallel of the NSA scandal of 2013 illustrates. As Chinese activist and artist Ai Weiwei warned shortly after Snowden’s disclosures, “A nation, like the US, which is technically advanced, should not take advantage of its power. It encourages other nations.” He was correct. China used outrage over NSA surveillance to force Apple to move local user data to China-based servers. Similarly, the Russian parliament began to put more pressure on tech companies to comply to its national standards on data storage, with one of the members of parliament remarking, “This is the lesson Snowden taught us.”
Similar consequences may result from future encryption disputes. Privacy experts and legislators have already warned that the results from the FBI-Apple case could have caused a “worldwide privacy shockwave,” one where “authoritarian governments like Russia and China will demand greater access to mobile data.” Notably, Senator Rob Wyden of Oregon argued that a court ruling in favor of Apple would have given “repressive regimes…a blueprint for forcing American companies to create a [similar] backdoor” within their own countries.
However, any encryption dispute is about more than just authoritarian governments infringing on their citizens’ privacy in the same way: these cases could lead to widespread human rights abuses. First, as the NSA disclosure proved, a ruling in favor of the government could lead to the US losing credibility to speak out for privacy rights in the international community. For example, President Obama has described Chinese legislation mandating firms to provide decryption keys for counterterrorism, passed last December, as “draconian.” As Greg Nojeim of the Center for Democracy and Technology summates, “Imagine how hollow these objections will ring if a US court can order what China was trying to compel by statute.” Chinese parliamentary spokeswoman Fu Ying has already noted that “Beijing’s proposals were in line with the same kind of Internet correspondence sought by the US and British governments.” If the US wants to be a major enforcer of global human rights by upholding the right to privacy, it must avoid hypocrisy.
Second, a ruling in favor of government access to encrypted messages risks pushing American companies to relocate in countries where they are even more susceptible to privacy violations. The trend is already in effect: last month, Apple “reportedly agreed to comply with some Chinese security checks to ensure its devices aren’t accessible to US authorities.” Other companies like Blackberry have similarly moved to countries like Pakistan due to decryption demands by the American government. This is a problem because operating in certain countries exposes American companies to problems like more “opaque legal system[s] and nationalistic sentiment[s] that could turn on foreign companies.” As Kalev Leetaru of Forbes explains, the FBI ruling could have created “a race to the bottom in which American companies must produce backdoors into their products for every major government.” He elaborates that in light of the NSA scandal, such pressure is already existent: Apple “received nearly 11,000 requests from government agencies around the world regarding information on roughly 60,000 devices” and honored “7,100 of those requests.” Complying with FBI demands could result in even more international pressure for tech companies to make private consumer information accessible.
Finally, the implications for this international precedent extend beyond just authoritarian governments: it can create the framework for human rights abuses by our allies. Nicholas Weaver of UC Berkeley has argued that a precedent would encourage spy agencies run by US allies, such as France and Israel, to carry out similar actions — any American decryption decision could sway the decisions of other countries. Amidst the controversy of the FBI’s dispute, a French bill that gives the power to arrest tech executives who don’t hand data over for terrorism investigations passed the National Assembly. Likewise, the UK is currently debating an investigatory powers bill that would give the country broad authority to wear down encryption standards for counterterrorism purposes.
Even though a precedent has yet to be established, the US may already be inciting privacy infringement among its allies. Attorney General Loretta Lynch has pushed for talks this March to establish a framework allowing British access to wiretap data from US firms. This trend is especially problematic given the progress the EU has made in recognizing the value of privacy: just last October, the European Parliament narrowly voted to drop all charges against Edward Snowden, a “human rights defender,” and asked member states to grant him protection from extradition.
Furthermore, privacy rights will be compromised to an even greater extent by a loss of trust between America and its allies. Security researcher Stephen Cobb postulates that European advocates will use a ruling in favor of decryption to topple the nascent Privacy Shield agreement. This agreement creates protections for corporations to transfer their data across the Atlantic safely. However, this safety may be largely threatened if corporations would be forced to decrypt their data for the US government. The NSA elucidates the historical precedent: amidst revelations that figures like German Chancellor Angela Merkel were targets of the organization’s surveillance, Europe’s highest court ruled Safe Harbor, a 15-year old transatlantic agreement with similar data protection agreements, invalid. Privacy Shield will likely not fare any better after a ruling in favor of the FBI.
There was overwhelming domestic and international opposition to the FBI’s demands, opposition that will likely only be intensified by the FBI’s cracking of the encryption. Director Comey was met with heated bipartisan opposition during his hearing with the House judiciary committee in early March. Similarly, Zeid Ra’ad Al Hussein, the United Nations High Commissioner for Human Rights, cautioned that a ruling favoring decryption would open a Pandora’s Box and “set a precedent that may make it impossible for Apple or any other major international IT company to safeguard their clients’ privacy anywhere in the world.” As Amie Stepanovich, policy manager of Access Now, cogently concluded in an amicus brief, “A loss for Apple in this case is a loss for human rights around the world.” Technology is a relentlessly changing force that permeates all of society: the FBI’s insistence that the rules can be bent for just one phone is near impossible. This dispute, and any future ones, may only be a retrospective demand for accessing a convicted criminal’s information on the surface, but the precedent it sets risks sowing the seeds of international privacy infringement and human rights violations.