Last week I gave a conference presentation examining how the public and private sectors work together, and at times clash, on issues of national security. Using Rod Lyon’s excellent schematic, I examined how the private sector fits into the debate around how to achieve both security and liberty. To do this, I examined the issue through the lens of the current clash between the US government and Apple over encryption that’s playing out through the media. The case illustrates that while both the public and private sectors are focused on the same goal of security for the ‘citizen’ or ‘customer’, different interpretations of what is meant by security can create friction. This piece will be the first in a three part series examining the case itself, some of the political messaging that’s emerging as a consequence, and finally what the consequences of the case will be for national security.
Good cyber security is essential for the growing digital economy. Everyone stands to benefit from less cybercrime, espionage or online disruption. If online services are delivered seamlessly in a secure and trusted environment, confidence in online marketplaces and products can be improved. A safe and supportive operating space is also conducive in the creation of new businesses and sowing the seeds of innovation, and enables us to communicate with confidence that unwanted prying eyes won’t be able to read our communications. Yet for the government and the private sector, it can be tough to coordinate and prioritise such outcomes into mutually beneficial practice. That was made more problematic by the negative impact that Snowden’s revelations had on the dialogue between big US tech industry companies and the US Government on matters of national security.
Reflective of the difficulty of achieving what Rod calls the sweet spot for security and liberty is America’s current war of words and legal proceedings relating to the encryption debate. Acting upon their interpretation of the ‘sweet spot’, Apple and a range of other high profile companies and software developers have increased the availability of encryption. While increased cyber security is a goal for both governments and private companies such as Apple, their motivations vastly differ.
For Apple, the increased encryption in their software was aimed at both protecting their customers from cybercrime and unwanted attention from governments. It also served as an important selling point to a customer base who increasingly demanded privacy in the wake of the 2013 Snowden revelations. Other motivations included regaining share price in a market that was suspicious of US firms perceived to be cooperating with the US government. Apple declared its independence in particularly dramatic fashion by developing encryption for the iOS8 operating system in 2014 that let consumers set their own passcode. This meant that Apple couldn’t hand the government an encryption ‘key’ because it simply didn’t have one.
The US government contends that more encryption plays into the hands of terrorists and criminals by offering them a degree of anonymity, and introducing challenges for evidence collection. They see that move as compromising broader national security. Jim Lewis makes an important case that the US government aren’t looking to create ‘backdoors’ in software, but rather that law enforcement agencies want the unencrypted plaintext when access has been authorised by law.
The issue is now coming to a head after Apple refused a court order to assist the FBI with unlocking an iPhone that belonged to one of the San Bernardino gunmen. Apple CEO Tim Cook has argued that such a move could set a ‘dangerous’ precedent and diminish the privacy that their customers have come to expect from Apple products.
Critics, of which there are many, argue that Apple’s position does a disservice to the victims of the shooting and potentially makes citizens less safe by limiting the amount of relevant data that law enforcement authorities can access in difficult national security cases like this. While many in the tech community have stood behind Apple, the general public remains fiercely divided on the issue, with recent surveys illustrating the schism in public opinion.
The thing about encryption is that it has so many valid uses, functioning as the essential enabler of an increasingly digital world. It allows people to establish their identity reliably, and keeps transactions out of criminals’ reach. Even the FBI’s Director James Comey recognises this, stating, ‘I love encryption, I love privacy… when I hear corporations saying we will take you to a world where no one can look at your stuff, part of me thinks that’s great. I don’t want anyone looking at my stuff’.
The outcome from the current Apple case will have wide reaching impacts for security and privacy, not just in America but in markets across the world—including here in Australia. It’s imperative, regardless of the outcome, that we maintain conversation between the private and public sectors. This is a time when increased dialogue and trust building is needed, not less. Despite differing motivations, we should remember that both the public and private sectors are working to achieve the same goal, a safe and secure society and online environment. However, finding that mutually agreeable sweet spot could be made difficult by the outcomes of this case.