A Federal judge has just ordered Apple to unlock the phone used by one of the two San Bernardino shooters so it could access the phone’s records. Apple’s CEO Tim Cook has said the company will fight the order, stating that it has neither the ability to bypass its own strong encryption and that this would set a dangerous precedent. Although I’m not an Apple user, I’m 100% with the company on this and applaud their decision.
The question here is a simple one of the road to hell. It all begins, as usual, with good intentions: we want to stop terrorism. But as Apple CEO Tim Cook said, “building a version of iOS that bypasses security in this way would undeniably create a back door. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”
Yet we continue to jog blissfully into an Orwellian future in which the state (the UK is no different) not only insists but has also persuaded a good many of its citizens that their lives are in dire and imminent danger from foreign threats, and that any violation of privacy or individual freedoms is secondary to fighting that threat. Politicians of course make huge capital on this, and the media does nothing to bring some perspective and reality to the actual real threats to our daily lives, which for most people are to do with poor education, debt, poverty, ill health, unaffordable housing, the criminal cost of healthcare, and long-term insecurity—not terrorism.
The US has been in a state of perpetual war for over thirteen years, and continues to be. Its misguided foreign policy actions have destabilized a huge region of the world by trying to impose Western notions of government on nations utterly ill-equipped to embrace democracy (you have to have an Enlightenment before you can consider democracy, and when you still think tribally, corruption and self-interest are going to quickly corrode and ruin any attempt at forging a new state).
Saddam was undoubtedly a brute, and Bashir-al Assad (still in power today) not much better; Gaddafi was mercurial and unreliable. But although some individuals and/or sections of those societies were persecuted during these leaders’ rule, the vast majority of people in Iraq, Syria, and Libya had jobs, food, and a reasonable, often happy and secure standard of living. Today they’re straggling across Europe by the millions like beggars, taking handouts and desperately looking for places to settle—and that’s if they haven’t drowned in the Aegean or Meduterranean after having been fleeced by a whole new class of local criminals our good intentions have benefited: people smugglers. In the process, the rest of Europe is being destabilized.
I fully understand that government has a primary mandate and responsibility to keep its people safe. But in reality, the risk from terrorism is infinitesimally small: if you live in the USA, your chance of dying in a terrorist attack is about 5,000 times less than that of being shot by a US citizen (and even that’s not something that keeps most of us awake at night). The simple act of getting on a plane has already become a tedious, time-wasting hell despite the fact that study after study has shown TSA checks to be up to ninety-five percent ineffective at detecting threats. If you live in a city, your actions while out in public are already recorded on countless cameras; your cellphone and the plastic in your wallet provide extra layers of tracking and monitoring. But government insists it needs a further backdoor into everyone’s lives, and argues tooth and nail that any level of inconvenience and curtailment of individual privacy and liberty is justifiable.
Every day we see evidence of how the well-intentioned use of electronic records ruins lives. The undiscriminating and poorly-thought-out register of sex offenders is one: is it—to take just one example—really okay that because an eighteen-year-old had consensual sex with a seventeen-year-old, he should be viewed as a sexual predator in the same data bucket as a child molester? How many of my readers didn’t have underage sex of one kind or another in their high school or college days? And let’s not even talk of the teens whose lives have been upset by the (silly, but, hey! these are kids) practice of sexting one another.
The argument of course is that an honest citizen has nothing to fear from all this. Really? Try telling that to someone who’s been accidentally put on a no-fly list because of some data entry error or some other innocent reason (it happens). And although China’s new Social Credit System—a data-driven rating system similar to our own credit rating systems but with the emphasis on your status and trustworthiness as a citizen—isn’t likely to be replicated in the US anytime soon, the reality is that all kinds of aggregated data, including your online browsing and shopping habits, are already finding their way into databases that can affect your ability to rent a home, get a job, obtain credit, and a great deal more.
Nor is it just government. PayPal has just clamped down on allowing account holders to use its system to pay for VPN (virtual private network) subscriptions, presumably on the grounds that VPNs, which are used to mask a user’s real computer identity (IP address), may be used for terrorist communication or other illicit activity. What about the many hundreds of thousands of people who use VPN for entirely legitimate activities such as researching sensitive subjects (journalists do this all the time), getting around censorship in countries under authoritarian rule, or simply avoiding being tracked by advertisers. (PayPal are of course doing this not out of any noble motives but simply to forestall any possible future heat from government over enabling the masking of criminal communications).
Consider the slew of new voice- and audio enabled devices that are appearing in your home, like the Amazon Echo, which “hears you from across the room with far-field voice recognition, even with music playing”: do you really want that in your house? Even if it doesn’t come with a backdoor or a camera, what do we think happens to all the data it collects about our and our family’s daily habits? You don’t think that’s mined? Increasingly sophisticated AI can do that with ease and extract every ounce of commercially valuable information about us.
You’ve already been carrying around a tracking device (your phone) for years. Within the very, very near future, your home is going to be bursting with microphone- and camera- equipped devices which are all connected to the net as part of the IoT, or Internet of Things. If you’re not concerned about this, you should be. Quite apart from any government surveillance, just about anyone can hack in to these devices. For a single, chilling example, the camera on the monitor in your childrens’ room is ridiculously easy to hack, its IP address quite possibly already on a website. Think about it.
Everything—everything—that takes place in your home and car will—unless tech companies hold a hard line, and good luck with that one—be available on production of a court order. Right now the bar is terrorism; but other, more everyday, criminal activities will soon qualify. How long before all that data becomes available to your ex’s divorce lawyer? What if your current prospective employers can one day gain access to the data mined from these devices? Because you can bet that it’s all going to be for sale, legally or otherwise. And don’t forget that security on the current IoT is just about non-existent (this is in fact a big concern with self-driving cars, which can currently be hacked with such ease that a person with a laptop can take control over the car with very little difficulty from anywhere in the world).
In conclusion, I believe that tech companies have an absolute responsibility to protect the rights and privacy of their customers at every level. Not only should devices not come with a backdoor, ever, but every possible measure should be taken to ensure that networked devices, from our phones to our cars, refrigerators, baby monitors, and home thermostats are protected against intrusion and hacking by strong encryption and security measures. The emphasis and primary focus should be on the inviolability of the consumers’ privacy and individual rights. And we should demand that of them.
After all, it is we, and our hard-earned dollars, that have made Apple, Google, and Amazon what they are today.
Dario Ciriello 