How many of you recall the terrorist attack in San Bernardino back in December 2015? An Islamist terrorist couple went in to a California health sector office’s Christmas party and opened fire, killing 14 and wounding 22.
In the end, the FBI allegedly paid a hacker to get into the phone and allow the Bureau to continue their investigation anywayThe two were later killed in a hail of police gunfire, but that is where the controversy over the incident really started. In an attempt to find out the motivation behind the attack, US law enforcement tried to get into Syed Rizwan Farook’s cellphone only to find they could not as it was password protected. Authorities approached the phone’s manufacturer, Apple, for help only to be rebuffed.
The company said variably that it could not unlock the device or that by doing so it would set a dangerous precedent and undermine their users’ confidence in Apple’s ability to ensure privacy. In the end, the FBI allegedly paid a hacker to get into the phone and allow the Bureau to continue their investigation anyway.
The issue has not gone away
At the time this debate was heated with strong positions on both sides. Those in favour of meeting the government’s request who thought Apple should comply said that terrorists – especially dead ones – have no expectations of privacy and that the FBI needed the phone’s data to see who else was involved in the plot and whether others were being planned. Those against said the State has no business asking for private information and that if Apple had complied nothing would be secure ever again from Big Brother’s prying eyes (and ears).
I saw both arguments and weighed in – cautiously – on giving the police access, albeit on very strict conditions.
Well, guess what? The issue has not gone away. In early September the US intelligence community, in conjunction with their ‘5 eyes’ partners (the ‘5 eyes’ is a group of nations that includes Australia, Canada, New Zealand, the UK and the US and is the world’s premier intelligence club), apparently ‘quietly warned’ technology firms that they will “demand lawful access to all encrypted emails, text messages and voice communications” and threatened to impose compliance if such assistance is not rendered.
Wow, is that ever strong!
The community will ‘demand access’ and if denied will look into legislation to make sure they get what they want/need. Is this acceptable in a liberal democratic society (I assume police states and dictatorships have no compunction on making these threats)?
There are rules and procedures to follow and judges who deem certain cases too weak can turn them down (this does happen by the way)In a word, yes, with a caveat. My position has not changed since 2015 and I do think we can achieve security and privacy at the same time. Just as spies and cops cannot normally intercept communications of citizens without a court-approved warrant (SIGINT organizations like CSE do not get warrants but they also do not collect domestically) nor should they be able to demand access to encrypted domestic communications without one. If CSIS or the RCMP can make a case that an ongoing investigation into a serious threat can only go forward with access to data they cannot currently read, they can go before a Federal Court judge and make that case, much as they currently do for other intercept warrants. Who would be opposed to this? There are rules and procedures to follow and judges who deem certain cases too weak can turn them down (this does happen by the way).
There is, of course, a downside to having to get a warrant
It presupposes that you already have begun an investigation into an individual or cell and already have enough info to make your case. You are asking for part of the puzzle you don’t have yet. It does not allow for ‘fishing expeditions’ into those who have not already crossed your radar (which was what transpired in San Bernardino, no?). In other words, even a warrant does not guarantee 100% security. As a free society we have to accept that. The alternative is unfettered and uncontrolled State access to everyone’s communications and I am fairly confident no Canadian (or Australian, or Brit or…) wants that.