Could that San Bernardino iPhone Unlock Privacy?

Apple’s refusal to provide technical tools to unlock the San Bernardino iPhone is based only on a “marketing strategy” rather than a legal rationale, said the U.S. Department of Justice.   Wrong, and not just for the Constitutional reasons just stated by Ted Olson on This Week  The argument that all of the hundreds of  expert commentators on this largest of all tech privacy issues have not been talking about until now is that information security in the service of privacy is also the law, an area of the law regulated in the U.S. by a host of federal and state regulators jumping all over each other to protect individual privacy.   And if some of those regulators stood up for the principles to which they adhere when otherwise regulating the private sector, not only could the resolution of this issue be substantially influenced, but the U.S. could lead the world in the protection of privacy at a point both in its international relations and its political history when it could use that principled leadership.

Unlock FTC Standards?

In the case of the San Bernardino iPhone, let’s take a very quick look at the standards of the Federal Trade Commission (FTC).   Apple has a privacy policy.  Does that privacy policy say that Apple will assist the Government by undoing its security measures when not compelled by law to do so?   If not, then to do so would be “deception” under the FTC’s generally well-accepted Section 5 authority.   Or let’s say Olson is wrong about the Constitution, and the Government could even have some power to compel in this case under the ancient All Writs Act, acknowledged as possible by Orin Kerr.  Could undoing your own security measures nonetheless constitute “unfairness” when all of the leading technical security experts say that when you create the exploit here, it will be used by governments and hackers around the world?   Granted that when all of the leading technical security experts (including the FTC’s former Chief Technology Officer) addressed this issue last year, they were talking about backdoors in encryption rather than disabling the auto-delete function after the entry of 10 incorrect passwords and the other demands of the Government to enable a brute force attack on the San Bernardino iPhone, but the same arguments are already being advanced by a number of the same experts in this case already.   Is information security just Penelope weaving Laertes’ burial shroud in the day and undoing her own work by night (this time as forced labor)?   The Federal Communications Commission and all state attorneys general may want to give these issues some consideration as well.

Unlock Global Restraints on Surveillance?

These are of course complex issues that will require a lot more analysis as the facts and law relating to this case become more clear.  I thought it might be worth raising them now, though,  particularly since the guy who after winning South Carolina last night has been pronounced the unstoppable nominee of his party for the office of President of the U.S. simply told everybody to boycott Apple for raising legal objections, period.   So maybe the jurisdiction of regulators over the privacy and security practices of the private sector could protect consumers a bit against Government overreach.   After all, that is what Privacy Shield is about, in part, so the FTC is already arguably in the business of restraining government surveillance.  Moreover, in reconciling privacy and government surveillance law, the U.S. would truly be leading the world; consider, for example, by contrast, the disconnected parallel universes of aggressive surveillance law and aggressive data protection law that appear to coexist in France now.

Lots more to follow.  What do you think?

timothy-muris-quote-privacy-and-security-promises-must-be-kept-its-goo

Is information security just Penelope weaving Laertes’ burial shroud in the day and undoing her own work by night (this time as forced labor)?

My great partner Ron Raider, working with my great partners Burleigh Singleton and Shayne O’Reilly, gave me the core insight of this post, but they bear no responsibility for the extreme lengths to which I might just push that insight.