The Digital Gods

By Vivian Newman*

 

Frequently I think of Google, Facebook, Twitter and in general the Internet giants as gods to whom we make daily offerings to calm their fury and show them respect. Everyday we offer them thousands of megabytes of our data, which make them fat and powerful. Lately, I fancy that Apple has joined the Olympus of the Gods with its iPhone riddle that it did not want to reveal to the FBI. It took six weeks to solve this security versus privacy riddle, leaving a couple of lessons.

The apple of discord between iPhone and the FBI was the mobile phone of one of the attackers of San Bernardino, California, who died after killing 14 innocent people. But his iPhone was still living. It had an iOS9 system, which implied that his data, with his contacts, were encrypted when the FBI tried to open the device. These data cannot be decrypted without the adequate cryptographic key and this key is in turn is protected by the user’s personal code. The judge issued a first decision in favor of the FBI and asked Apple to weaken the protection systems of the mobile phone. He accepted that Apple was like a lessee that rented spaces and should open the door to the state looking for criminal evidence.

If Apple complies with the judicial order, there is a risk of compromising the privacy of all its users, who have been asking for more protection of the data it collects. As a consequence of the revelations of Edward Snowden, Apple has built a complicated and external system of protection, and does not have nor want the key to decrypt the riddle. To search for that formula puts at risk the objective of safeguarding users’ privacy. By developing this formula for a single mobile phone, you obtain the basis for opening any other similar device. And if more people know the elements of this formula, it is more difficult to keep it secret. In little time, this knowledge will reach hackers.

On the other side, others called for an Apple boycott until it gave access to the mobile phone. Police insisted that there should be no door, no lock, and no system that cannot be penetrated with a judicial order. It said that the criminal investigation is the state’s responsibility and cited that only in New York there are 175 iPhones waiting to be opened to solve crimes. To win this case is equivalent to creating a precedent asking technology manufacturers to make products and systems, which are sufficiently weak so that they can comply with the law subsequently. It’s like locking your front door, but not completely, as someday thieves can hide out in there.

At the center of this debate, beyond the capitalist argument of the mobile giant, is the protection of citizens’ right to privacy. Is privacy an absolute right that must never be compromised, not even to allow the state to fulfill its security obligations? Of course not. Privacy can be qualified, but only when there does not exist other, less intrusive, means to obtain the same goal, which also complies with requirements for proportionality and reasonability. But in this case, there was another means. The FBI accepted that a third party, which commentators believe is the Israelite firm Cellebrite, managed to unlock the encrypted system. Apple was the prevailing party, as the FBI apparently overestimated this case in the old battle over cryptography, which it sees as the sheltering sky of terrorists.

Apple won because it was not forced to decrypt its secret, although it lost a little because it realized that third parties could easily break into their security systems. The FBI won because it managed to break into the phone, but lost because it could not establish a precedent to force the creator of the riddle to decrypt the system in the future. However, by deciding to break the phone’s security code through a third party and with no judicial authority, we all lose because we thought that our mobile phone was securing our privacy and that only a judge could authorize its opening.

The reaction of WhatsApp is already in our phones: encrypting automatically all the messages of its users.

This reminds me that the law and whoever implements it tend to not be able to keep apace with technological innovation. While congress discusses a bill, the judge interprets its adaptation to a case and the police err, the gods keep on feeding themselves with the data that we offer in an Olympus with more riddles every day.

 

*Vivian Newman is the Deputy Director and a researcher at the Center for the Study of Law, Justice, and Society (Dejusticia).