Security and Privacy are Not Mutually Exclusive

| Elaine Lammert
Elaine Lammert
Former Deputy General Counsel, FBI

The interesting thing about the Apple vs. FBI encryption debate is that that there is little disagreement that encryption is a valuable tool for protecting individuals’ privacy and preventing information from falling into the wrong hands.  There is also little disagreement that we want law enforcement and intelligence agencies to be equipped to prevent and investigate criminal and national security threats against our country.  To do the former, one needs the later – information.  And this is where the two concepts collide.  What happens when the information law enforcement and national security agencies need to protect our country is protected by encryption?  What should carry more weight – privacy or security?  Advances in technology have brought to the forefront the question of what is the appropriate balance between privacy and security in a way no other issue has before.

I don’t believe anyone disagrees that the FBI has a responsibility to investigate the San Bernardino attack fully.  The victims and the country expect, and should expect, this.  The phone was used by Syed Farook may contain information relevant to the investigation, such as whether there are coconspirators or other terrorist networks, and how Farook and his wife were able to conceal their radicalization and carry out the attack.  This information would aid in preventing future terrorist attacks.    We must not forget that this issue is greater than the FBI investigation—there are other law enforcement agencies with a need to access phones protected by encryption.  These agencies are investigating cases involving murder, child abuse/pornography, drug dealing, and so forth. The information locked inside the protected phones could help solve these crimes and prevent future crimes from occurring. 

The court order directs Apple to write code for the phone.  Apple is asserting that the FBI’s request would require them to build a backdoor that would compromise all phones. Once created, Apple states, the solution could be used over and over again and compromise its clients’ security and privacy.  I cannot assess Apple’s assertion that the only solution is one that affects all phones or other means of communication as opposed to creating a solution applicable only to this phone. This may be the case, although there have been press reports that Apple has unlocked phones per law enforcement requests before.  Furthermore, the code would remain with Apple, effectively mitigating concerns that the code would get out and be used for nefarious purposes. 

What I think is most telling is Apple’s concern that if they abide by this court order, they will have to abide with other court orders.  It appears that Apple’s objection rests as much, if not more so, on what they believe is the appropriate balance between customer privacy and the government’s need for information to protect our nation’s security.  By its actions, Apple is favoring customer privacy, and they are doing so in a way that puts information completely out of the reach of law enforcement. 

Is this what our country wants?  A society with absolute privacy protection is less secure, because law enforcement and national security agencies do not have access to information needed to investigate crime and prevent threats. Creating technology solutions that aide law enforcement and national security agencies may also make communications vulnerable to bad actors. However, security and privacy are not mutually exclusive; I actually believe they reinforce each other.

Effective law enforcement enhances privacy as well as security by enforcing our criminal laws and preventing national security threats.  Strong privacy protections enhance security, preventing information from falling into the wrong hands.  Privacy safeguards also ensure that government actions conform with the Constitution and the rule of law. Whether the conflict between Apple and the FBI is resolved by the courts or via legislation, the decision will require a balancing between these two values.

The answer must ultimately be that law enforcement should have lawful access to information it needs to thoroughly investigate crime and national security threats.  This is not unfettered access but the ability to obtain information necessary to solve crime and protecting our national security pursuant to lawful authorities.  Encryption is an important tool to protect privacy and enhance information security but so is effective law enforcement with access to the information needed to carry out its mission.  

The Author is Elaine Lammert

Elaine Lammert is a former Deputy General Counsel with the FBI, with over 28 years of government experience.  She currently is an Adjunct Professor at George Washington University's College of Professional Studies, Public Safety and Security Leadership.

Learn more about The Cipher Brief's Network here.

CLICK TO ADD YOUR POINT OF VIEW

Share your point of view

Your comment will be posted pending moderator approval. No ad hominem attacks will be posted. Your email address will not be published. Required fields are marked *