FOR PRIVACY’S SAKE, IS APPLE IN THE RIGHT?

On December 2, 2015, 14 people were killed and 22 were seriously injured in a terrorist attack at the Inland Regional Center in San Bernardino, California, which consisted of a mass shooting and an attempted bombing. The perpetrators, Syed Rizwan Farook and Tashfeen Malik, a couple living in the city of Redlands, targeted a training event and holiday party organized by the San Bernardino County Department of Public Health. About 80 employees had attended the event. Farook was an American-born U.S. citizen of Pakistani descent, who worked as a health department employee. Malik was a Pakistani-born lawful permanent resident of the United States. It was later discovered that both Farook and Malik supported ISIS’s ideology and had been radicalized.

During its investigation of the San Bernardino mass shooting, the FBI collected the shooter’s iPhone, which is locked down so securely that the Bureau cannot get access in to see what is inside. Since the owner is dead, the government has requested Apple to open the device. In essence, the government wants Apple to build a backdoor to the iPhone. Specifically, the FBI wants Apple to make a new version of the iPhone’s operating system, circumventing several important security features, and install it on an iPhone recovered during the San Bernardino investigation. The software that Apple is being asked to create does not exist today, but in the wrong hands it would have the potential to unlock any iPhone in someone’s physical possession. Apple is refusing to create the software to open the phone stating that doing so would compromise the security of every iPhone everywhere.

The All Writs Act of 1789

The Government is using a 226-year-old law to order Apple to create the software. Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority. The Act states in part that: “[t]he Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”

A Writ is a Court Order. The Act gives courts the authority to issue orders compelling individuals to do things, so long as it is for a legal and necessary reason. However, the All Writs Act, while very broad, is not all-powerful. The very ruling that orders Apple to help the FBI has a caveat of “unreasonable burden” that is part of the All Writs Act. In fact, to the extent that Apple believes that compliance with this Order would be unreasonably burdensome, it may make an application to the Court for relief. That is, Apple can petition the Court not to be compelled to produce the key to open the phone if it can show that doing so would be “unreasonably burdensome.”

Additionally, Apple’s will argue that if the government is utilizing the All Writs Act to make it easier to unlock the iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept people’s messages, access health records or financial data, track locations, or even access people’s phone’s microphone or camera without their knowledge. Google, Facebook, Snapchat, Amazon, Microsoft and Twitter have all signed on to legal briefs supporting Apple in its court case.

History Repeats Itself

Post-9/11 domestic measures implemented in the name of national security included: restrictions on speech and assembly; increased government surveillance; diminished administrative and judicial oversight; new registration requirements and ongoing monitoring of non-citizens that could lead to arrest, detainment, loss of legal immigrant status, criminal charges, and deportation for failures to register; attempts to deport or hold indefinitely non-citizens for minor or nonexistent immigration violations;   secrecy about the names of people detained;   use of asset forfeiture and other expanded governmental powers to obtain information, arrest, detain, and indict individuals for broadly defined terrorism-related activities. In the immediate aftermath of September 11, the United States government arrested and held over 1,000 individuals without filing formal criminal charges against them.

In mid-December 2005, an article appeared on the front page of the New York Times chronicling widespread monitoring of telephonic and Internet communications by the National Security Agency (NSA). These intercepts, according to the authors of the article, occurred with the direct authorization of the President of the United States George H. Bush, and were undertaken without approval or oversight by the judiciary, beginning shortly after the September 11 terrorist attacks. This wide-ranging program targeted interception of email and telephone calls with the number of those targeted ranging from the hundreds to possibly thousands. On December 19, 2005, President George W. Bush confirmed that the government had secretly and purposefully launched a massive electronic surveillance and communications interception program.

It was subsequently revealed that the national Security Agency had conducted warrantless electronic surveillance before obtaining authorization or consent from the President and that domestic communications had also been intercepted without the usual legal safeguards. Moreover, the NSA did not act alone, it sought and obtained the assistance of various private communications companies, who permitted the NSA to directly access their systems to collect information. Finally, the NSA was discovered to have shared the information that it “illegally” obtained with other investigative agencies. In a 2011 New Yorker article, former NSA employee Bill Binney said that his colleagues told him that the NSA had begun storing billing and phone records from “everyone in the country.” The NSA’s wiretap program was ultimately found to be illegal and NSA surveillance has been since brought within the relevant laws.

In May 2004, the graphic display of photographs of abuse at the Abu Ghraib prison in Iraq after the United States’ invasion shocked the world. One observer noted, “[i]t was Saddam’s torture chamber, and now it’s ours.” The Abu Ghraib scandal was the last straw. Critics began more vociferous in their concerns about other measures that had been adopted post 9/11 that severely curtailed civil liberties such as the indefinite detention of aliens. In a decision that was seen as a victory for champions of civil liberties, the Supreme Court spoke in the case of Hamdan v. Rumsfeld, and struck down the system of military tribunals for Guantanamo detainees established by the Bush Administration.

After 9/11 people’s outrage about the terrorist attacks fueled their willingness to give up many of their civil liberties in exchange for gaining some sense of personal security. Eventually, the infringement on civil liberties by the governments was such that an adjustment became necessary. The adjustment came mostly as a result of public outcry and people’s realization that despite the importance of personal security, a balance between waving their civil liberties and ensuring their safety was necessary.

Privacy and Security

A respect for the right to privacy and personal security are not mutually exclusive. With the appearance of new technologies that could potentially eliminate individual privacy, society is prompted to question whether privacy is such an essential human need as to make it sacred ground where governments are not allowed to enter unless we allow them to do so. The government’s flawed arguments positing that the only way to offer protection is to infringe in our right to privacy have proven not been successful in the long term. In fact, the NSA surveillance program did not prevent later terrorist attacks in the US and elsewhere. The idea that there must be a tradeoff between privacy and security is false. Our willingness to sacrifice our privacy for our security has been short-lived and eventually, the tide has turned back by demand of the people.

With the Apple controversy, we as individuals must decide what matters most to us, to know that there are some areas in our lives that we can keep private, or to allow our government access to the key to intrude whenever they choose in our private lives? Zeid Raad al-Hussein, the U.N. human rights chief has stated that U.S. authorities “risk unlocking a Pandora’s Box” in their efforts to force Apple to create software to crack the security features on its phones. He has warned about the potential for “extremely damaging implications” on human rights, journalists, whistle-blowers, political dissidents and others.

Should Apple create a key to open the terrorist’s phone, do we trust the government to only use the software this one time? Did we learn anything from the NSA scandal? Do we not remember about the NSA’s indiscriminate domestic surveillance of regular citizens? The answers to these questions will determine the future of the right to privacy. The choice to open Pandora’s Box is ours.

 

 

 

 

 

THE FEAR OF CYBER ATTACKS, THE GOVERNMENT, AND THE RIGHT TO PRIVACY

In response to a series of major data breaches at US companies in recent months including Sony, Anthem and Target, President Obama unveiled a series of cyber security proposals in his last State of the Union address in January. Obama followed up on this declaration of intent by signing a new executive order during the Summit on Cybersecurity and Consumer Protection organized by the White House at Stanford University in February.

Obama’s executive order encourages the development of Information Sharing and Analysis Organizations (“ISAOs”), providing legal-liability protection to make it easier for businesses and government to share online threat data specific to their industry or geographic region. The order also increases the role of the Department of Homeland Security in the data-sharing process by permitting it to enter into agreements and coordinate the ISAOs.

Mr. Obama’s renewed focus on cyber security has been mostly welcomed by the tech industry, however, the president continues to encounter some of the same suspicions over the privacy of online data that were so effectively highlighted by the Edward Snowden revelations about the NSA in 2013. Although Cyber terrorism is a reality, the concern is that unless there is a balancing between governmental intrusion and the individual’s right to privacy, people’s rights will be violated as they have in the past.

The right to privacy has been affected previously by extraordinary events around the world such as terrorism. While society has not been willing to sacrifice individual civil liberties lightly, it has done so in circumstances where the prevalent belief was that personal security has been threatened. In recent times, surveillance regimes that have been adopted as anti-terrorism measures have had a profound, chilling effect on other fundamental human rights.

The most drastic change affecting privacy in the laws of the United States occurred in response to the 9/11 attacks, when President Bush signed into law the anti-terrorism statute titled Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism, more commonly known as the USA PATRIOT Act. Among other things, the Patriot Act expanded the wiretapping and electronic surveillance powers of federal law enforcement authorities, and increased the information-sharing powers of investigative agencies. It also allowed law enforcement to demand libraries, bookstores, and businesses to produce tangible items, such as papers, books, and records, about persons of interest, while forbidding disclosure of such a demand. It further authorized searches conducted without giving contemporaneous notice of the search or an actual warrant for the search.

At the end of 2005, an article appeared on the front page of the New York Times chronicling widespread monitoring of telephonic and Internet communications by the NSA—National Security Agency.   These intercepts occurred with the direct authorization President Bush, and were undertaken without approval or oversight by the judiciary, beginning shortly after the 9/11 terrorists attacks. This wide-ranging program targeted interception of email and telephone calls with the number of those targeted ranging from the hundreds to possibly thousands. The effect of such wholesale violation of the right to privacy caused uproar among regular citizens who thought that such governmental intrusion on their personal affairs was overreaching and unwarranted.

Acts of terrorism and a fear for our personal security have historically intersected the privacy protections recognized by governments, and at times, served to take a few steps back in the universal recognition of the right to privacy. However, the government’s unsound arguments positing that the only way to offer protection was to infringe in our right to privacy have not been successful in the long term. People have recognized the obvious flaw with the proposition that there must be a trade off between privacy and security. Our willingness to sacrifice our privacy for security has been short-lived, and eventually, the tide has had to turn back by popular demand.

Upon further reflection and discourse on the effect of excessively curtailing civil liberties, the conclusion must be that a balance between security and respect for human rights is necessary in a civilized society. The two are not mutually exclusive; it is possible to demand cyber security and the protection of the right to privacy at the same time. The government must be very careful not to institute measures that will encroach on peoples’ hard fought civil liberties. The efforts made by Obama through his new initiative must carefully be monitored so that the right to privacy of individuals is sufficiently protected both by government and private entities.

ABOUT TIME, MR. PRESIDENT

Last year, Edward J. Snowden, a former N.S.A. contractor outlined the existence of a massive effort by the U.S. National Security Agency to track cell phone calls and monitor the e-mail and Internet traffic of virtually all Americans. The secret call records program — known as the “215 Program”, after Section 215 of the Patriot Act  — was part of the secret surveillance program that President George W. Bush unilaterally put in place after the terrorist attacks of Sept. 11, 2001.

In 2006, as part of a broader Bush administration effort to counteract terrorism, the Justice Department persuaded the Foreign Intelligence Surveillance Court (also known as the FISA Court) to begin authorizing the program. It claimed that Section 215, which allows the F.B.I. to obtain court orders for business records deemed “relevant” to an investigation, could be interpreted as allowing the N.S.A. to systematically collect domestic calling records in bulk, as potentially relevant to some ongoing investigations. The government lauded the usefulness of the tool although it was unable to point to any thwarted terrorist attacks that would have been carried out if the program had not existed.

The details of the program exposed by Snowden created a great deal of debate and consternation nationally and internationally, with the Obama administration receiving a great deal of criticism for allowing such a wholesale intrusion on privacy rights. Shortly thereafter, President Obama decided to appoint a review group and an independent federal privacy watchdog to review the program. They both concluded that major changes to the program were needed; the latter also indicating that the bulk collection was illegal, rejecting the government’s Patriot Act interpretation.

Last week the Obama administration announced that it is preparing to unveil a legislative proposal for a far-reaching overhaul of the National Security Agency’s once-secret bulk phone records program in a way that — if approved by Congress — would stop the collection the information, known as metadata, which lists millions of phone calls made in the United States.

Under the new proposal, the government would have to get permission from the FISA Court to review data about the time and duration of telephone calls that it believes may be connected to terror attacks. The bulk records would stay in the hands of phone companies, which would not be required to retain the data for any longer than they normally would. The N.S.A. could still obtain specific records, but only with permission from a judge, using a new kind of court order. The new plan would also allow the government to swiftly seek related records for callers up to two phone calls, or “hops,” removed from the number that has come under suspicion, even if those callers are customers of other companies.

Although some have expressed concern over how the records would be handled by employees at the telephone companies who might be asked to search the data in response to a government request, it is expected that safeguards would be put in place to avoid breaches of privacy.

Most critics of the old bulk data collection program think that this new initiative is a step in the right direction on the protection of privacy rights, and a compromise that still allows the government important investigative tools while decreasing the opportunity for abuse.

INTERNATIONAL LAW, AMERICAN LAW AND THE LEGALITY OF THE US SPYING PROGRAM

Michael Hayden, the former head of the CIA and National Security Agency, said last week that: “The United States does conduct espionage,” and the Fourth Amendment to the Constitution protecting the privacy of American citizens “is not an international treaty.”  On its face this statement is a correct interpretation of law as the Fourth Amendment as well as other Constitutional protections have been held not to extend beyond the borders of the US.

The allegations that have been leveled against the NSA by whistleblower Edward Snowden, outline a vast program of spying on a scale not previously seen. The amount of data collected by the federal agencies involved, if true, is staggering and conducted in an indiscriminate manner in order to mine as much data as possible. It would be naïve to think that the US is alone in spying on its citizens and others, but it would seem that the voracity and abilities employed by the US are unparalleled. Moreover, the US not only spied on its enemies but also seemed willing to conduct widespread data intercepts of its allies, something that is not sitting well in Europe and elsewhere.

As regards its international obligations, the US is a member of the international community and is thus bound by the treaties it enters into as well as customary international law. Although not a treaty, one of the most widely approved international documents is the UN Universal Declaration of Human Rights, to which the US is a signatory. Article 12 specifically states that:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

The information collected from sources such as the internet, emails, social media networks, internet service providers, search engines, etc., belonged to someone and it should be considered private personal data. The US neither asked for permission nor consent to collect the data.

Additionally, as regards spying on diplomatic missions, the US might be afoul of the Vienna Convention on Diplomatic Relations, which at Article 27, states as follows:

The official correspondence of the mission shall be inviolable. Official correspondence means all correspondence relating to the mission and its functions…

Finally, the type of spying conducted by the US is likely violative of customary international law as defined in Article 38 of the Statute of the International Court of Justice.  This is generally determined through two primary factors: the general practice of states and what states have accepted as law. A very strong argument can be made that the protection of personal private data is customary international law as virtually every country on earth has some form of data protection law and is widely applied. In this regard, the US is on very shaky legal footing if its spying is as widespread and unfocused as has been reported. For the international community, to have the US government repeat as a mantra that the US has not violated the Fourth Amendment of the US Constitution because its spying did not target US citizens, is not just insufficient, but borderline offensive. Perhaps US citizens will believe that their government is not spying on them, or perhaps they will demand a better explanation and hold their government accountable for what amount to blatant violations of the right to privacy.

Governmental Intrusions, Twitter and the Right to Privacy

Malcolm Harris, one of about 700 protesters who participated in the Occupy movement march along the Brooklyn Bridge last October, was subsequently arrested and charged with disorderly conduct. The prosecutor in the case subpoenaed hundreds of Twitter messages alleging that they would show that the police did not lead protesters off the bridge’s pedestrian path and then arrest them, an argument that Mr. Harris was expected to make at trial.

Although Twitter originally refused, eventually, the criminal court Judge demanded that Twitter release the data or hand over its confidential earnings statements from the last two quarters so he could determine how much of a fine to levy against the company. Twitter, which keeps such financial data secret, eventually produced the  data.

The judge’s ruling said that, “If you post a tweet, just like if you scream it out the window, there is no reasonable expectation of privacy. There is no proprietary interest in your tweets, which you have now gifted to the world. This is not the same as a private e-mail, a private direct message, a private chat, or any of the other readily available ways to have a private conversation via the internet that now exist. Those private dialogues would require a warrant based on probable cause in order to access the relevant information.”

In its appeal, Twitter wrote that Harris’ tweets are protected by the Fourth Amendment “because the government admits that it cannot publicly access them, thus establishing that the defendant maintains a reasonable expectation of privacy in his communications.” The Twitter accounts in question have been closed and are no longer publicly available.

Technology that allows for the invasion of privacy evolves significantly faster than privacy protecting laws, and as a result, the laws are almost always reactive to these new legal scenarios and often rushed to meet the urgency of the case at hand. In this particular case, the question is whether a message on Twitter that a person posts for his followers is the same as a message “gifted to the world” as the Judge stated in his ruling, for which there is no reasonable expectation of privacy.

To the extent that Twitter allows a user to block a follower, the user has an expectation of privacy regarding his messages. I am pretty sure that Mr. Harris would have blocked a government representative who wanted to become a follower of his tweets.

Under these circumstances, did his messages become public? Were his messages “gifted to the world,” or are his messages more like emails, that would require the government to obtain a warrant to have access to them?