Editor’s note: This is the third in a five-part series on this topic. This examination by Arnold Abraham provides insights and nuanced lessons from history, the law and the tech world that can inform all of us interested in both privacy and security. For a detailed legal analysis accompanying the article, please visit TheCyberLawTeam.com/publications-1 -bg
Centuries ago men recognized that physical barriers were less important than legal ones, and now we face the same question in regards to virtual barriers in cyberspace. Thus, the question becomes should access to the data on cell phones be constrained by the limits of the law or by technology? The strength of one’s front door does not factor into the amount of protection one deserves against government intrusion. Nor should the strength of one’s encryption.
Supreme Court Justice Sotomayor once warned that granting the government “unfettered discretion” in obtaining information could “alter the relationship between citizen and government in a way that is inimical to democratic society.” The counterpart argument must be made that routinely shielding vast amounts of data from valid government warrants similarly alters this relationship.
But there are times when changes in technology do fundamentally alter society and this may be one of those periods. The ACLU accurately noted that the case “threatens a radical transformation of the relationship between the government and the governed,” but they had exactly the wrong reasons for this conclusion. The government’s victory would mean the balance between liberty and security remains as it has been for centuries under the Fourth Amendment. However, if Apple prevailed, even lawful searches that society deems reasonable would be easily thwarted on a massive scale. Similarly, the Center for Democracy and Technology correctly pointed out the stakes of the case, “[T]he relationship between technology providers and users will be forever altered,” but failed to realize the fundamental change would come from an Apple victory rather than a government victory. Apple’s victory would mean that people would look to technology to take matters into their own hands to protect their privacy rather than relying on the law.
Along the same trend, the United Nations issued a report that concluded secure communications are fundamental to the exercise of freedom of opinion and expression in the digital age. The official responsible for the report noted that “[w]here States impose unlawful censorship through filtering and other technologies, the use of encryption and anonymity may empower individuals to circumvent barriers and access information without the intrusion of authorities.”
But if the State is to remain sovereign, it is their choice as to what is lawful censorship. For example, even in the U.S. the law does not permit one to shout “fire” in a crowded theater. As noted earlier, the question is whether the power to make these decisions should be taken from government and given to the individual.
The UN report declared that individuals have a right to receive and transmit information that transcends borders and that encryption can help assure this right when States attempt to deny access to certain information. This is a clear call for individuals to leverage technology to bypass their country’s laws. The fact it is possible represents a shift in the balance of power. Perhaps this is a trend we want to see accelerated in other parts of the world, but maybe not in America – a country that has always included self-restraints on its government. Americans enjoyed the protections of the Constitution long before the Universal Declaration of Human Rights and International Covenant on Civil and Political Rights were drafted.
Looking at the state of affairs in other countries provides further insight. For example, India prevents information service providers from using bulk encryption and limits individual use of encryption without prior approval to an easily breakable 40-bit key length. Pakistan also requires prior approval for any encryption. In the meantime, Brazil and Bolivia prohibit anonymous speech and Vietnam has outlawed pseudonyms. Iran requires all Internet users to register their IP addresses and Russia requires any blogger who has more than a few thousand readers to be publically identified and registered. China has a long list of restrictions, including blocking access to ToR. Almost 50 countries in Africa require registration when activating SIM cards. Not surprisingly, Cuba and Ethiopia also fit in with countries, that are on the wrong side of history, attempting to prevent use of encryption by their populace.
While the future may give a different answer, so far it is the law rather than technology that dictates the end state. When the highly esteemed Danielle Citron, David Gray, and Neil Richards discuss limits on surveillance in the information age, their focus is on how the law should adapt to the technology, not how technology can operate outside the realm of law. These legal scholars advocate for procedural protections to serve as safeguards in use of surveillance technologies in response to “rapid adoption of technologies that increasingly facilitate persistent, continuous, and indiscriminate monitoring of our daily lives”.
Richards observed that concerns over privacy have grown to the point they are no longer just the “vague threat of an Orwellian dystopia” that arise within the “realms of science fiction and failed totalitarian states.” He declares we live in an “age of surveillance” unprecedented in human history. The combination of surveillance and Big Data “threatens to upend the basic power balance on which consumer protection and constitutional laws operate.” He notes “[t]he magnitude of technological change should not blind us to the important values that our law has protected for decades….” and “[r]ather than jettisoning longstanding civil liberties in our brave new digital world, we should instead follow the example of federal wiretapping law, which for decades has rested on the premise that private communications should be exactly that, shielded from the government (and other private actors) except in cases of proven law enforcement need for limited access to those communications.” (emphasis added)
Richard’s conclusion that “surveillance must be constrained by legal and social rules” should equally apply to encryption. “State of the Art” should not be allowed to trump the careful and deliberate decision making process that is the cornerstone of a stable society.
Latest posts by Arnold Abraham
- FBI vs Apple: Informed Dialog on Privacy vs Security Is Key - September 11, 2017
- FBI vs Apple: Lessons From History and The Law on Protecting Privacy Rights - September 4, 2017
- FBI vs Apple: History, Policy, Sovereignty and Individual Rights - August 28, 2017