The current conflict between Apple and the FBI over developing a means to circumvent security features on the iPhone has reignited the tense debate about the tradeoff between security and privacy in the U.S. The Cipher Brief spoke to Robert Eatinger, former Senior Deputy General Counsel at the CIA, about the Apple case. He says that the FBI has the law on its side, but the government and the tech industry must learn to work together again in order to maintain both privacy and security for law-abiding Americans.
The Cipher Brief: What do you think about the court order to compel Apple to unlock the iPhone of one of the San Bernardino shooters? What’s your take on the legal precedent being set here?
Robert Eatinger: In my view, the Magistrate Judge’s order is correct and consistent with existing legal precedent. When digital data on a cell phone lawfully in the government’s possession, and for which the government has the cell phone owner’s consent to search, has been encrypted, the United States may secure a court order to compel U.S. private industry to provide reasonable technical assistance to the government’s efforts to obtain access to that digital data.
A judicial finding to the contrary would change the law in a way that could seriously impact the United States’ efforts to protect Americans from terrorist acts. The government will never be able to keep up with the developments in technology. It does and will need the assistance of the experts in U.S. private industry. Encryption provides the same service for stored digital data as does a safe for tangible data; it prevents others from accessing the data.
TCB: What are the international implications of this case? How do you anticipate other foreign governments approaching the encryption issue from a legal perspective?
RE: Europe is presently the foreign area that has looked most extensively at the intersection of privacy interests and government interests, and has generally provided greater weight to privacy interests. The jurisprudence has been developed primarily at the European Union level—decisions by the European Court of Human Rights and the European Court of Justice, rather than the individual state level. That jurisprudence, however, has mainly related to concerns about “mass surveillance” for intelligence purposes and not cases for which there is an individualized suspicion against a specific target. Thus, it is not clear to me that the European courts would find a violation of privacy rights in compelling a company to provide technical assistance to a government so that the government can search a single phone that had been used by an individual suspected of committing a terrorist act.
TCB: How do you see this latest dustup affecting the larger security debate? What effect will it have on the ability of government and the tech industry to work together on this and other issues?
RE: The dustup continues to forward arguments based on viewing the United States not as Abraham Lincoln’s government of the people by the people and for the people, but rather as George Orwell's government of 1984 that is separate from the people and seeks power for power’s sake. The proffered legal arguments are founded on a presumption the government will abuse any favorable precedent, and the attendant publicity informs current and potential terrorists on ways to secure their communications from the U.S.
These arguments cast suspicion on companies that provide assistance to the government, intimating that consumers should take their business elsewhere. As a result, U.S. companies that at one time were willing to provide technical assistance to U.S. law enforcement and intelligence efforts, now must be compelled by legal process. Whether this transition from cooperation to aggressive resistance resulted from business leaders’ ideology or from their real need to retain customers and profit, the resulting adverse impact on U.S.-private industry cooperation in counterterrorism efforts is the same.
The Apple case takes this “no cooperation” mindset to the next phase by aggressively resisting the government’s effort to obtain judicial compulsion, and furthering the “government cannot be trusted” caution to underpin its various legal arguments. Rather than allow the technical brilliance of their experts to be used to aid the government’s counterterrorism efforts, it has directed them to develop ways to defeat the government’s counterterrorism efforts. At some point, the government and tech industry must find ways to cooperate again so that the best minds in the United States help the country protect itself from terrorist attack and maximize the legitimate privacy interests of law-abiding Americans.