Can we have both privacy and security? That is a question that has been popular since 9/11/2001. I believe we can have both. As someone who personally witnessed the terrorist attacks on The World Trade Center from a couple of blocks away (and became homeless because of them and eventually moved), I am fully well versed on these issues from the security side. As an attorney who focuses on technology and privacy issues and who has advocated for stronger personal privacy laws on the state and federal level, I also understand the inherent privacy issues.
To recap the latest privacy vs. security debate: the U.S. Justice Department is demanding that Apple help unlock an iPhone that was utilized by the San Bernardino terrorists who killed 14 people and injured 22 in 2015. Without getting too technical, the FBI has requested (there has been multiple requests/back and forth between the parties) that Apple create software or disable some security protections on an iPhone that would weaken its encryption to allow the FBI to ensure that it may access the contents on the device. According to The New York Times, the FBI has also requested that Apple assist it with unlocking at least 9 other iPhones.
Weakening encryption or creating back doors into our technology may sound like a good idea for this one case; however, there are and will be other cases where similar requests will be made to access information stored on electronic devices. If the FBI is provided a back door for this one case, security services from others countries will also demand one for their cases (there could be demands for access to phones belonging to government political opponents or to whistle blowers) as well. In addition, hackers may also utilize back doors which would harm the privacy and personal security of all of us.
I am in favor of law enforcement being able to access digital content when a valid warrant has been obtained. However, the legal process needs to be followed before content requested is turned over. In general, a major problem with our current legal process is that our digital laws are outdated. For example, the 1986 Electronic Communications Privacy Act which governs email access was created before we had smart phones and the Internet as we know it. The judiciary is stuck trying to interpret laws that are woefully out of date.
Congress must step up to fix this process. Bills such as the Email Privacy Act, and the Law Enforcement Access To Data Stored Abroad Act-LEADS need to be enacted because these bills demonstrate that government is willing to update our laws to better reflect how we utilize technology. Absent a legislative fix, private industry has a challenge when law enforcement makes certain demands which are more than just data requests. Should they comply absent trying to block these demands through the courts or should they fight law enforcement demands via a flawed legal process?
This case and others like it demonstrate the need for more dialogue on these issues and the enactment of legislation that provides clearer guidance on how to handle these issues. Technology is moving too fast to leave it solely up to the judiciary to try to interpret how laws enacted decades ago for a different time should apply in the Digital Age. Our personal privacy and national security demand that Congress and the White House work on a long term solution to these important privacy and security issues.
Copyright 2016 by The Law Office of Bradley S. Shear, LLC All rights reserved.
