Despite all of the build up and hype, in the end, there was no court hearing and no dramatic precedent set. But the end of the Apple and FBI legal battle over the unlocking of a deceased terrorists’ iPhone by no mean signifies the end of the complexities it involved. The fact that there was no court hearing has meant that the conflict between the private sector and the government has only intensified. Thus, coming to some kind of solution may have become much harder to achieve, as recent events may suggest.
In April, popular instant messaging service WhatsApp announced that it will use end-to-end encryption for all of its users’ communications. In the same month, Microsoft a filed a lawsuit against the US government over secretive data requests. The company was particularly concerned about the Electronic Communications Privacy Act, echoing other privacy advocates of whom have argued that the Act is in need of reform. Technology companies have been improving their security and data protection methods ever since the Snowden revelations from a few years ago. But the Apple and FBI saga has seemed to have escalated the debate with an array of new policies worldwide now being proposed to obstruct tech companies from implementing more robust data protection measures.
Policymakers from America’s legislative branch in early April proposed new laws to regulate the use of cryptography. Specifically, the draft bill, known as the Compliance with Court Orders Act of 2016, would require tech companies to provide encryption backdoors to allow authorities to access data needed to aid criminal investigations. The premise behind such laws draws many similarities to the features of the spat between Apple and the FBI. In the same month, the Brazilian Chamber of Deputies voted on several bills derived from a report by the Brazilian Parliamentary Commission of Inquiry on Cybercrimes, known as CPICBER. The bills propose a range of measures, including the allowance of warrantless access to IP addresses by police. Elsewhere, the UK government continues to swiftly push its surveillance laws through Parliament (see Addendum).
Overall, the private sector and governments have made their stances clear, but aggressive lawsuits and legislation further polarise the debate. The issues of privacy and national security are deeply involved. Despite the familiarity of these seemingly opposing ideas, their application to the digital age features a fair amount of ambiguity. Thus far, these concepts have not managed to solidify a place in modern times, with people being far more integrated with and dependent on technology than at any other time. In the transition towards these unprecedented technological times, the important ideas of privacy and security were not fully considered, nor were the drastic impacts of the revolutionary technologies anticipated. As a result, lawmakers now struggle to come up with policies which can work. In particular, policy which balances both digital privacy and national security has been hard to come by. The EU-US Privacy Shield, the new legal framework for transatlantic data transfers, for example, is meant to obstruct the use of mass surveillance by the US government on EU citizens and provide ways for legal redress for when Europeans feel that their privacy has been breached. However, several privacy advocates, mostly from Europe, have criticised the new laws for not going far enough, since it does fully prohibit mass surveillance by the NSA. The framework is yet to survive in the European courts.
The merits of both sides are understandable. Authorities want to be able to have access to the necessary information and data to prosecute and investigate criminals and the malicious actors of the world. Although, the FBI has not exactly helped this case. Recently, a Massachusetts judge dismissed evidence obtained by the FBI after it obtained it by injecting malware a website on the dark web. Despite being able to obtain information of those who visited and hosted a website containing sexual images of children, the judge said that “warrantless searches are presumptively unreasonable, and the good-faith exception is inapplicable…the evidence must be excluded.” This may provide as precedent to obstruct further government hacking operations. Though this is not entirely a good thing. Security and intelligence agencies need to be able to conduct their investigations to track down criminals and terrorists; the attacks in Brussels and Paris have exemplified this. But there needs to be a balance between privacy and security to avoid overreaching governments and short-sighted and dangerous policy. However, right now that is exactly what is happening, meaning that damaging court battles are bound to take place. Hopefully, the future is brighter.