The San Bernardino shooter would not have been my first choice to serve as a poster child for privacy protection. Nonetheless, Apple’s refusal to help the US Federal Bureau of Investigation (FBI) hack into the shooter’s iPhone is drawing much-needed attention to the importance of encryption in protecting Americans’ data.
Of course, the standoff between Apple and the FBI isn’t really about Syed Rizwan Farook’s iPhone. It’s about all of our smartphones, and the extent to which companies should be obligated to make it easier for law enforcement to guess users’ passwords. (The iPhone currently has a setting that erases all data stored in the phone after 10 incorrect password attempts.) If Apple creates the software that would allow it to comply with the FBI’s request, it will bring into existence technology that law enforcement could use to hack into your phone, too.
Apple’s stance has thus far won support from figures ranging from Google CEO Sundar Pichai and Twitter chief Jack Dorsey to whistleblower Edward Snowden and entrepreneur Mark Cuban. But with Farook’s name in the mix, the court of public opinion could well turn against Apple. It’s easy to see how the narrative could be twisted into a straightforward issue of good guys versus terrorists and public safety versus one tiny privacy tradeoff. Do we really want to stop the FBI from getting information about the man who, along with his wife, killed 14 people?
If this is the story that sets the tone of debates about encryption, it has potential to do real harm to the cause. Apple’s decision may be the right one in terms of clarifying a murky legal obligation and conveying to its customers the company’s commitment to protecting their devices. But it’s less clear that Apple is making the right strategic choice when it comes to shaping new policies in the long term.
This is not the first time a legal controversy about computer security has centered on an unsavory character. Lori Drew famously created a fake MySpace profile that she used to bully a 13-year-old classmate of her daughter. After the classmate committed suicide in 2006, Drew was charged with violating the Computer Fraud and Abuse Act because creating a fake profile violated MySpace’s service agreement.
Drew was a distinctly unsympathetic figure. But the case wasn’t about whether she (or anyone) should be allowed to drive a teenager to suicide. It was about whether failure to abide by companies’ infinitely dense and seemingly endless terms of service agreements, which approximately no one reads, is truly a criminal act.
Yet figures like Drew and Farook can have an outsize impact on how policy gets made. Drew, for instance, was ultimately cleared of computer fraud charges. But the case led several states to consider new laws aimed specifically at cyberbullying and online harassment. Such precedent suggests that even if Apple is able to successfully prevent the government from compelling it to cooperate with the FBI, its victory could pave the way for new laws it likes even less.