Tuesday, February 23, 2016

Apple Today Keeps Security at Bay


Prevailing opinion appears to be coalescing against Apple’s refusal to unlock the San Bernardino terrorists’ smartphones.  To many, Apple is more interested in protecting its brand than cooperating to protect our national interests.  As a practical matter, it would seem highly unlikely Apple would adopt a position contrary its financial self-interests, so the assumption that there is an underlying business motivation has some merit.  Yet, Apple has staked its flag upon privacy issues.  As Tim Cook, Apple’s CEO’s, expressed in a rank and file letter today, the issue is not about unlocking one phone. There are bigger issues at stake.    
Beyond the immediate, the Apple controversy has raised policy discussions about the need for government agencies to have formal backdoors to encrypted communications and data.  The basic argument is that criminals and terrorists can operate in the dark by using commonly available strong encryption like AES 256 ciphers and there is no practical way for authorities to de-encrypt and access information critical to thwarting serious criminal activities.  I confess, the arguments for backdoors are compelling.  But, before we rush headlong down backdoor paths, I would suggest we understand where they could lead, and in order to do so we first must uncover the substance of the issue.
Nobody would assume the Navajo language, while virtually undecipherable and used during World War II for secret communications, would require a government back door.  For that matter, whether it is undecipherable ancient Linear A script or modern English, language itself is a form of encoded information.  So why does the Government believe a backdoor is required for modern encrypted communications and stored data?  Is there something different about encrypted information than any other undecipherable or obscure human language?  Perhaps, it is the ease of deciphering an encoded communication that is the essential difference.  While on the surface this seems to be a distinction without substance, it could be rightfully argued that machine generated encryption is sufficiently non-human in origin to be different.  In other words, sufficiently unbreakable encryption exceeds the natural human capacity to devise and initiate such as a form of expression in the absence of a machine.  Thus, it is not a form of protected human speech.  On the other hand, there are many forms of human expression that defy easy interpretation or understanding.  In fact, it can be at times so abstract that no machine could decipher it.  As Picasso once famously said “Painting is just another way of keeping a diary.” I think we would agree deciphering Picasso’s visual diary would be no easy task.  Entire art departments devoted to that endeavor are no closer than the day he sat down with brush in hand.  But, more to the point, ciphers have been used since antiquity, some being more artful than others, for good and bad, precisely for secrecy.  Even in more recent pre-computer times, anyone could employ a relatively simple, mathematically unbreakable Vigenere cipher scheme. So, we again are left with the question of what is the real difference.  Whereas a Vigenere cipher requires only paper, pencil and a random passage from a secret book, modern encryption achieves these ends in a much more efficient and pervasive way.  Even the Vigenere cipher itself is available as one-time pad software, albeit grossly inefficient for real-time communications.  So, it would seem the real difference is that it is too easy, too accessible and too quick.  
With any “too” controversy, the basic contention is that something is too advantageous.  It upsets accepted norms or understood conventions of the relative distribution of power.   This is exactly what government security agencies argue.  There is nothing more principled or deep about it.  They don’t want criminals to enjoy an advantage, because modern encryption is too good, too available and too uncontrolled.  Of course, unfair advantage is a matter perspective.  I, for one, hope that law enforcement enjoys every possible advantage over criminals.  But, I also don’t want criminals accessing my sensitive private data either.  The problem with backdoors is just that.  It is another way in.  But insofar as law enforcement and national security are concerned, for most of human history, even up to and including the advent of modern communications, crafty criminals enjoyed the advantage when it came to secret communications.  It was not until the communications age that phone tapping and eavesdropping came about and gave law enforcement a leg up.  Phone networks became the places where most communications occurred, and intercepting communications became an essential part of  law enforcement’s repertoire.  Of course, this advantage still required a showing of probable cause before a warrant would issue.  So, basic police work was still needed to show a good reason.  However, many claim that even these protections have been eroded under the banner of pressing national security concerns since 9/11 under  the FISA court.  Its critics point out that the FISA court denied a paltry .03% of over 30,000 requests for electronic surveillance searches.  Moreover, critics complain that the FISA court operates in secrecy without public access or visibility into its proceedings and have permitted what amount to large-scale, sweeping general search warrants.  Yet, the FISA Court defends itself by noting that many of the approved requests were substantially modified before they became finalized, and it scrupulously protecting individual liberties from unreasonable searches.   Be that as it may, law enforcement’s technological advantage has been further magnified with the growth of big data, massive private and public transactional data stores, and a proliferation of public surveillance cameras.  For the first time in history, a human’s location, phone calls, spending and buying habits, social dialogue, extended family members, credit history, favorite TV shows, eating habits, topics searched online, and even books read can be found and are subject to government access, subject to legal process.  For all the talk of “cloud security”, it may, ironically, create the greatest vulnerability to personal privacy yet.   Private papers are no longer tucked away in desk drawers, stored on backroom computers or copied away on CDs in shoeboxes, immune from warrantless search and seizures.  Now, it is somewhere else in the ether, under the convenient management of commercial parties.  Cynically, the cloud is a one-stop shop for subpoenas, and in many instances your information is accessed without you even being notified.  We are leaving “digital footprints” all over the world and it provides law enforcement with a wealth of investigative advantages.  This is offered up as a social good that helps make our communities more secure than ever before.  It is true in many respects.  But, we would be wise to be aware of its potential costs so as to avoid being short-changed on liberty.
The classic approach that courts use to address issues like the government’s need to access encrypted private data versus the right to free expression and to be secure in papers and effects is called substantive due process analysis.  The basic inquiry is whether the restraint or infringement upon a particular fundamental freedom is the least intrusive  possible to achieve a compelling need of the state.  Yet, we ought to carefully think about whether this standard will adequately protect fundamental freedoms.  The US Supreme Court found a new right of privacy in the US Constitution in Griswold v. Connecticut.  In so doing, it did as much to expand individual privacy rights beyond traditional property-based concepts as it did in subsequent cases to whittle them away with a myriad of exceptions using substantive due process reasoning.  Even the very existence of the right of privacy is born out of relativism.  It only exists insofar as  a reasonable expectation of privacy exists, which turns on what most people think is, or treat as, private in ordinary course.  The problem is that social behaviors can change relatively quickly.  In the case of technology, there is hardly any greater prime mover of behavioral change afoot.  Thus, I fear right to privacy will wither under the rapid transformations in attitudes brought about by the persistent infiltration of technology into every aspect of our lives.   
As we trek along the evolution path of man and machine, questions around encryption will continually arise.  Yet, the core of the root conflict goes beyond encryption, in the sense that it is  about the role of society at large versus the individual in relation to who really governs a new form of emerging omniscient intelligence that can increasingly see, record, and analyze the most trivial aspects of our daily lives.  It is only a matter of time before machine augmentation of human bodies is commonplace.  As it is Amazon Echo sits in living rooms listening to every word spoken awaiting to assist.  Every large city is populated with cameras monitoring public places; automatic license plate readers innocuously record passersby, and your mobile phone tracks your every movement.  The fundamental question becomes, what are the limits of government access to the communications between mind and personal machine.  It is a widely held belief that one cannot be compelled to testify against oneself.   The brain, with all its memories, recollections and thoughts, are free from government intrusion.  We have even outlawed torture against the worst of our enemies to pry free secrets relegated to the recesses of the mind.  Yet, what cannot be pried out by coercion, will readily be available through not only backdoors in the name of security, but more likely through a gladly opened front door.  In our emerging technology-infused society, your coffee pot becomes a snitch for somebody.   Personal privacy will shrink to the space between your ears, as smart refrigerators, TVs, cars, lights, and so on become an ever present life companions. There will be no expectation of privacy because it will have been given away long ago in exchange for the innocuous promise of convenience and ease.  This, then, is the risk – to be lulled into the complacency of digital convenience served up by a myriad of eager companies aiming to please.   
Some may argue that backdoors are the price of security in an increasingly dangerous world.  Access to powerful tools of secrecy and deception have given bad actors too much power, and the playing field needs to be rebalanced in favor of law enforcement.  I would argue that we merely are reverting to the status quo and this is not so much a new battle as much as a familiar conflict between individual autonomy and state control in pursuit of security.   Some argue that the stakes are higher than ever because of the threats of modern terrorism, global crime syndicates, rogue nations, weapons of mass destruction and a host of other emerging phenomena.  I’m not so sure.  History is replete with successive generations of wholesale slaughters of city inhabitants by hostile invaders, mass enslavement, savage conflicts and global pandemics.  I find it unfathomable that we are in any more precarious situation than those preceding us.  That said, I have no interest in revisiting the Middle Ages, either.  These issues require significant reasoned discourse with an understanding that technology will not stop and is accelerating at an ever-quickening pace.  The ultimate question will be, in whose hand or hands this awesome power will sit.  I find no more comfort in Apple or Alphabet guarding privacy than good old Uncle Sam.  As between them, I would bet on the one that has the greatest guarantee of human freedom in the history of mankind rather than a corporate charter of maximizing profitability for shareholders.  Ultimately, it will fall upon those in black robes covetously protecting our freedom; otherwise, I don’t think we would stand a chance against technology in anyone’s hands. Whereas Apple seeks to preserve and grow its profits, and government bureaucracies seek to preserve and expand power, it is the acolytes of the Constitution, unencumbered by neither, that can best preserve liberty.  So, I say good for Judge Pym for the time being, but he must jealously guard liberty and understand there is more to privacy than mere expectation by custom.  Privacy is inherently human and our machines cannot be allowed to make us less so.