In today’s world, defined by unprecedented reliance on constantly evolving technology, an understanding of security is crucial to understanding technology. Recent events have proven that counterterrorism policy has become inextricably connected with a very technical subject: encryption. Immediately following the tragic Brussels bombings on March 22, House Homeland Security Chairman Mike McCaul speedily hypothesized that encryption played a crucial role in planning the attacks, a view common among American lawmakers. However, the biggest case that has brought this conflict to the attention of the American public was the FBI-Apple encryption dispute. Following the San Bernardino attack last December that claimed 14 lives, the Federal Bureau of Investigation (FBI) engaged iPhone manufacturer Apple in a legal dispute over whether the United States District Court for the Central District of California could compel the tech company to create new software that would enable the FBI to unlock the phone of one of the culprits. Although the FBI eventually dropped the suit because they found a way into the phone without Apple’s help, the case still is worth studying for the ramifications it would have had if the FBI had won.

Apple’s primary opposition to the FBI’s demands comes on the grounds that the demands have the potential to pave the way for increased government ability to forcibly unlock or de-encrypt consumer technology. As Apple’s lead attorney Bruce Sewell testified to the House Judiciary Committee, “We can all agree that this is not about access to just one iPhone.” Such sentiments have been echoed by an amicus brief filed by fellow tech companies Twitter, AirBnB, eBay, LinkedIn, Reddit, Amazon, Microsoft, Snapchat and Yahoo. Under bipartisan pressure from the US House judiciary committee, FBI director Jim Comey has indeed admitted that the San Bernardino case could set the precedent for the decryption of more phones that are in the possession of the FBI or police. More tellingly, Comey has conceded that the case will “guide how other courts handle these requests,” confirming that the Apple-FBI case over the locked San Bernardino iPhone would have been about more than just one case and one phone.  After the FBI’s dropped suit, such fears are already being realized. Within days, there are already reports of the FBI agreeing to help the Arkansas police unlock a phone that may contain evidence in a murder case.

But moreover, the case has broader implications for judicial decisions regarding privacy rights worldwide. The critical reason why the current FBI-Apple encryption dispute shouldn’t be viewed as contained to one phone in the United States is because the international community is watching intently. Notably, there are fears that regimes around the world will use the actions of the US, a country that portrays itself as an international pillar of freedom, to justify similar violations of privacy; the fact that the FBI was able to crack the encryption even without Apple’s help only fosters this view. Proponents of privacy argue that a ruling in favor of the FBI would have created an international precedent for governments to carry out similar actions and extrapolate from the case, potentially leading to larger breaches of privacy. Although no ruling was ultimately needed, it is only a matter of time before Apple or another company is sued again when they have beefier encryption. The decision then will have the same impact.

Such concerns are not unfounded, as the historical parallel of the NSA scandal of 2013 illustrates. As Chinese activist and artist Ai Weiwei warned shortly after Snowden’s disclosures, “A nation, like the US, which is technically advanced, should not take advantage of its power. It encourages other nations.” He was correct. China used outrage over NSA surveillance to force Apple to move local user data to China-based servers. Similarly, the Russian parliament began to put more pressure on tech companies to comply to its national standards on data storage, with one of the members of parliament remarking, “This is the lesson Snowden taught us.”

The critical reason why the current FBI-Apple encryption dispute shouldn’t be viewed as contained to one phone in the United States is because the international community is watching intently.

Similar consequences may result from future encryption disputes. Privacy experts and legislators have already warned that the results from the FBI-Apple case could have caused a “worldwide privacy shockwave,” one where “authoritarian governments like Russia and China will demand greater access to mobile data.” Notably, Senator Rob Wyden of Oregon argued that a court ruling in favor of Apple would have given “repressive regimes…a blueprint for forcing American companies to create a [similar] backdoor” within their own countries.

However, any encryption dispute is about more than just authoritarian governments infringing on their citizens’ privacy in the same way: these cases could lead to widespread human rights abuses. First, as the NSA disclosure proved, a ruling in favor of the government could lead to the US losing credibility to speak out for privacy rights in the international community. For example, President Obama has described Chinese legislation mandating firms to provide decryption keys for counterterrorism, passed last December, as “draconian.” As Greg Nojeim of the Center for Democracy and Technology summates, “Imagine how hollow these objections will ring if a US court can order what China was trying to compel by statute.” Chinese parliamentary spokeswoman Fu Ying has already noted that “Beijing’s proposals were in line with the same kind of Internet correspondence sought by the US and British governments.” If the US wants to be a major enforcer of global human rights by upholding the right to privacy, it must avoid hypocrisy.

Second, a ruling in favor of government access to encrypted messages risks pushing American companies to relocate in countries where they are even more susceptible to privacy violations. The trend is already in effect: last month, Apple “reportedly agreed to comply with some Chinese security checks to ensure its devices aren’t accessible to US authorities.” Other companies like Blackberry have similarly moved to countries like Pakistan due to decryption demands by the American government. This is a problem because operating in certain countries exposes American companies to problems like more “opaque legal system[s] and nationalistic sentiment[s] that could turn on foreign companies.” As Kalev Leetaru of Forbes explains, the FBI ruling could have created “a race to the bottom in which American companies must produce backdoors into their products for every major government.” He elaborates that in light of the NSA scandal, such pressure is already existent: Apple “received nearly 11,000 requests from government agencies around the world regarding information on roughly 60,000 devices” and honored “7,100 of those requests.” Complying with FBI demands could result in even more international pressure for tech companies to make private consumer information accessible.

Finally, the implications for this international precedent extend beyond just authoritarian governments: it can create the framework for human rights abuses by our allies. Nicholas Weaver of UC Berkeley has argued that a precedent would encourage spy agencies run by US allies, such as France and Israel, to carry out similar actions — any American decryption decision could sway the decisions of other countries. Amidst the controversy of the FBI’s dispute, a French bill that gives the power to arrest tech executives who don’t hand data over for terrorism investigations passed the National Assembly. Likewise, the UK is currently debating an investigatory powers bill that would give the country broad authority to wear down encryption standards for counterterrorism purposes.

Even though a precedent has yet to be established, the US may already be inciting privacy infringement among its allies. Attorney General Loretta Lynch has pushed for talks this March to establish a framework allowing British access to wiretap data from US firms. This trend is especially problematic given the progress the EU has made in recognizing the value of privacy: just last October, the European Parliament narrowly voted to drop all charges against Edward Snowden, a “human rights defender,” and asked member states to grant him protection from extradition.

Furthermore, privacy rights will be compromised to an even greater extent by a loss of trust between America and its allies.  Security researcher Stephen Cobb postulates that European advocates will use a ruling in favor of decryption to topple the nascent Privacy Shield agreement. This agreement creates protections for corporations to transfer their data across the Atlantic safely. However, this safety may be largely threatened if corporations would be forced to decrypt their data for the US government. The NSA elucidates the historical precedent: amidst revelations that figures like German Chancellor Angela Merkel were targets of the organization’s surveillance, Europe’s highest court ruled Safe Harbor, a 15-year old transatlantic agreement with similar data protection agreements, invalid. Privacy Shield will likely not fare any better after a ruling in favor of the FBI.

There was overwhelming domestic and international opposition to the FBI’s demands, opposition that will likely only be intensified by the FBI’s cracking of the encryption. Director Comey was met with heated bipartisan opposition during his hearing with the House judiciary committee in early March. Similarly, Zeid Ra’ad Al Hussein, the United Nations High Commissioner for Human Rights, cautioned that a ruling favoring decryption would open a Pandora’s Box and “set a precedent that may make it impossible for Apple or any other major international IT company to safeguard their clients’ privacy anywhere in the world.” As Amie Stepanovich, policy manager of Access Now, cogently concluded in an amicus brief, “A loss for Apple in this case is a loss for human rights around the world.” Technology is a relentlessly changing force that permeates all of society: the FBI’s insistence that the rules can be bent for just one phone is near impossible. This dispute, and any future ones, may only be a retrospective demand for accessing a convicted criminal’s information on the surface, but the precedent it sets risks sowing the seeds of international privacy infringement and human rights violations.

Photo

Edward Snowden’s revelation that the US government was spying on millions of communications between civilians sent shock waves through Silicon Valley. Major technology companies that had often been complicit in the surveillance program, such as Facebook, Google, and Apple realized the full extent of government spying and faced public outcry over the lack of user privacy. They responded swiftly with heightened security measures; now, the Apple iPhone’s iMessage and Facetime, Facebook’s Messenger and WhatsApp, and Google’s Gmail, among other apps and services in the tech industry, use end-to-end encryption. In essence, end-to-end encryption ensures that companies are not able to break the encryption on their own users’ messages. Only the sender and recipient — the two “end” points of the information transaction — have the “key” to decipher a message.

If the NSA knocks on Yahoo!’s door requesting information with the threat of a $250,000 per day fine for noncompliance, as the NSA did last year, Yahoo! doesn’t even need to refuse. They can respond, correctly, that they simply don’t have the information. This new security method has made government surveillance more difficult, although certainly not impossible (formal requests for user information are hardly the only means of intelligence-gathering) and has affirmed company user privacy agreements. However, end-to-end encryption faces firm opposition from federal agencies and the threat of legislative regulation.

In November, UK Home Secretary Theresa May announced the Snoopers Charter, a proposed draft of the Investigatory Power Bill, which aims to update existing information communication regulations in light of new technologies. For months, many in the tech industry feared an outright ban of end-to-end encryption in the bill. The final piece of legislation is more nuanced, but serves the same ends of opening user information up to government access. Section 189 of the Snoopers Charter declares the Secretary of State may issue orders to companies “relating to the removal of electronic protection applied…to any communication or data.” In effect, the government would be able to order tech companies to remove end-to-end encryption or, more likely, ask Facebook, Google, or Apple to reengineer end-to-end encryption to provide a “back-door” for government intelligence agency access.

Currently, there are no similar proposals on this side of the Atlantic, but the US federal government has voiced similar opposition to end-to-end encryption. FBI Director James Cromey and Deputy Attorney General Sally Ouillian Yates recently testified to the Congress on this very issue. Cromey provided the amusing description of end-to-end encrypted messages intercepted by the government as “gobbledygook.” Yates spoke more firmly on the issue. A mandate on companies using end-to-end encryption “may ultimately be necessary,” she said. Noting that critics of the Snoopers Charter and policies like it often assert that engineering a “backdoor” is not possible, Yates responded, “Maybe no one will be creative enough [to solve the problem] unless you force them to.”

Efforts to pass regulations in response to new security technology could, however, run into legal and constitutional roadblocks. End-to-end encryption may be defended under the Fourth Amendment right to privacy against unreasonable search, as wiretapping often occurs without proper warrants on civilians who are not suspected of being involved in criminal activity.

Efforts to pass regulations in response to new security technology could, however, run into legal and constitutional roadblocks. End-to-end encryption may be defended under the Fourth Amendment right to privacy against unreasonable search, as wiretapping often occurs without proper warrants on civilians who are not suspected of being involved in criminal activity. A 2013 Supreme Court case on this grounds was dismissed, but simply because the plaintiffs could not prove they had been wiretapped. End-to-end encryption puts barriers on mass government surveillance and, therefore, may be defended as a means of ensuring Fourth Amendment privacy.

Issues of government-enforced decryption may also jeopardize Fifth Amendment protection against self-incrimination. With end-to-end encryption in effect and companies unable to comply with law enforcement orders, there have been requests in criminal cases that the accused decrypt their own phones, computers, or individual files for evidence gathering or be held in contempt of court for “obstruction of justice.” The question of whether decryption is a form of self-incrimination has yet to be decided definitively. Cases on the subject have vacillated back and forth on the issue. Jason Grimmelmann, a University of Maryland Law School Professor, has said the decision comes down to whether police have a justifiable reason to demand decryption, “If the police don’t know what they’re going to find inside,” he says, “they can’t make you unlock it.” Mass surveillance can similarly be cast as a blind search for incriminating evidence at the expense of users’ Fifth Amendment rights.

Proponents and apologists of government surveillance often assert that these rights to privacy are superseded by the indefinable and malleable concept of the state’s compelling interests, including national security and public safety. On these terms the debate can devolve into an argument of values in which little ground is gained by either side. Perhaps, a more compelling argument against end-to-end encryption regulation is that it’s bad policy, and that it stands against the state’s compelling interests.

As previously mentioned, in response to government requests for a “backdoor” into encrypted user information, technologists and technology companies have responded that it’s not possible without severely comprising the overall security of end-to-end encryption. One analogy that’s been used in this argument is that “there’s no way to outfit a safe with a backdoor that only the FBI can open.”

The wave of tech companies employing end-to-end encryption is not solely a response to the Edward Snowden leak. It can also be read as a general response to the state of cyber security, in other words, the dire state of cyber security, in which hacks have become “when” rather than“if” questions. This is not the time for the government to be mandating that companies scale back their security measures.

If we are considering the compelling interests of public safety, the threat of cybersecurity fraud and theft is mounting and should be prioritized by the federal government, not purposely exacerbated by requiring major tech companies to collect massive stockpiles of data whose security has been deliberately compromised. And certainly, after reflecting on this summer’s OPM breach, in which the social security numbers of over 22 million federal workers were stolen, federal agencies are hardly on firm footing when demanding major alterations to Silicon Valley’s cybersecurity infrastructure.