Earlier this year, the FBI’s demand (backed by a warrant issued by a federal court) that Apple provide it with a means of breaching encryption of data on an iPhone used by one of the San Bernardino terrorists set off a heated debate over our right to privacy.
Apple CEO Tim Cook refused to cooperate with the FBI because, he said, his company is dedicated to protecting the privacy of its customers. Such cooperation would create a dangerous precedent, Cook said. Google CEO Sundar Pichai jumped on Twitter to let everyone know that Google backed Apple’s stance.
Noting that the FBI wanted Apple to create special software that could be used to overcome encryption on any of its devices, Pichai declared that “forcing companies to enable hacking could compromise users’ privacy.” Industry experts (and even some former national security officials) also weighed in against the FBI, warning that any software created to defeat encryption ultimately would be disseminated around the world. This would enable the bad guys to hack into encrypted government databases, ultimately posing a greater threat to national security than encrypted data on an individual’s cellphone.
It looked like the two sides were headed for a showdown in the nation’s highest courts, when the FBI suddenly announced that an unnamed third party had assisted the Bureau in accessing the data on the terrorist’s cellphone. The FBI withdrew its demand to Apple, avoiding the establishment of a legal precedent setting the limit on how far law enforcement can go to obtain digital evidence.
But the matter is far from resolved. Congress is about to consider proposed laws addressing a wide range of surveillance issues that are not limited to encryption of smartphones. In a recent interview with The New York Times, Sen. Ron Wyden of Oregon—a leading proponent of protecting consumer privacy, including through encryption of data on devices—disclosed that the FBI is asking Congress to greatly expand its ability to monitor just about everything private citizens are doing in cyberspace.
According to Wyden, the FBI wants the authority to circumvent court oversight to obtain everyone’s browsing histories (as well as email and text message logs) without first asking permission from a judge. The G-Men also want the authority to hack thousands or even millions of hacking victims with one warrant from a single judge.
Think about that. Back in the prehistoric analog age, when investigators were limited to looking at printouts of a person’s phone and bank records (after obtaining a court order) or sifting through your garbage cans, your privacy could only be breached through a limited inspection. Even people who had something to hide—like the wiseguys in The Sopranos who “walk and talk” when they’re under surveillance—knew there were clear boundaries to their zone of privacy.
We don’t usually think about it when we’re searching the Web, but there’s a record of every search we’ve ever made stored in Google’s servers (or the servers of any other search engine we use). Until recently, Google maintained it had a right to keep these digital footprints forever; now, the tech giant has promised it will only hold onto them for three months, but we have no way of proving that they’re keeping their word.
Anyone who can look through a year’s worth of your browsing history will know everything there is to know about you, including which political party you favor, which products you consume, your medical issues, where you like to travel and a number of other personal choices we won’t mention here. Suffice it to say you will stand naked before your inspectors.
The FBI’s initiative to use a single warrant to hack the information of thousands or even millions of hacking victims sounds to us a lot like the excuse the NYPD used for years to justify it’s “stop-and-frisk” program. Knowing that anyone standing on a subway platform had no way to prove that they paid the fare, the New York cops used alleged fare-beating as a “probable cause” excuse to frisk hundreds of thousands of people, a practice they continued for more than a decade until a federal judge declared it unconstitutional.
The FBI wants to take the stop-and-frisk justification to a dangerous new level: the Feds want to use the fact that someone was victimized by a crime (hacking) to justify another crime (hacking conducted by the FBI) to invade the privacy of the crime victim (the person who was hacked), ostensibly all in the name of investigating the original crime. If Congress gives the green light to this, we’ve all fallen into an Orwellian rabbit hole, folks, one that will be difficult or perhaps impossible to climb out of.
The FBI also has proposed amending something known as Rule 41 to allow the government to hack into multiple devices with a single warrant. The Bureau is arguing it needs this adjustment in order to strengthen its ability to investigate cybercriminals, including child abusers. We’ll stipulate here that we’re in favor of nailing cybercriminals and child abusers, but we suspect there are numerous other applications of this broadly written rule change that could constitute an unnecessary invasion of privacy.
Meanwhile, the battle over encryption continues to rage, in Congress and in the courts. The Times reports that Open Whisper Systems, a maker of the encrypted messaging app Signal, recently received a federal subpoena for user information. Last week, Yahoo reportedly agreed to satisfy a secret court order by scanning incoming emails for digital signatures allegedly tied to a state-sponsored terrorist organization.
According to Wyden, all of the above will be the subject of intense debate in Congress during its lame-duck session after the election.
The good news is that there’s a large contingent in Congress, in both the Senate and the House, who are committed to reigning in the government’s ability to spy on Americans. In its reauthorization of what used to be known as the Patriot Act, Congress prohibited the government from automatically scooping up all of the metadata of U.S. phone calls, something the Feds had been doing routinely since 2004 (after the NSA secretly and illegally spliced AT&T’s primary fiber-optic cable). Wyden has promised to filibuster any bill that will weaken encryption of consumer data on smartphones.
The bad news is that when Congress wants to do something really unpopular, they always schedule the debate for a lame-duck session after an election, when a controversial, tightly contested measure (think the TPP trade deal) can be put over the top by retiring members or those who have just lost their seats in the election but remain in office until January—in other words, people who have nothing to lose. It only takes a single vote to tip the balance.