A polite debate over Apple, the FBI, and encryption

Previously published at WGBHNews.org.

I had expected fireworks—or at least strong disagreements—when Internet privacy advocate Jonathan Zittrain and former CIA director John Deutsch debated the impasse between Apple and the FBI over a locked iPhone used by one of the San Bernardino shooters.

Instead, the two men offered nuance and a rough if imperfect consensus over how much access we should have to technologies that allow us to encrypt our personal data in ways that place it beyond the government’s reach.

“Many other paths to data are available. We are exuding data all over the place,” said Zittrain, a professor at Harvard Law School and the author of The Future of the Internet—And How to Stop It. “The FBI has chosen this case … in large part, I think, because there is so little privacy interest on the other side.”

Deutsch, an emeritus professor at MIT, sought to draw a distinction between law enforcement and terrorism investigations such as the San Bernardino case. Authorities say they need to know what was on the phone used by the late Syed Rizwan Farook because it might reveal the identities of accomplices who are planning future attacks.

“There’s a big difference between law enforcement and national security,” Deutsch said. Law enforcement, he explained, is about “catching bad people,” whereas the aim of national security is “to avoid a catastrophe.” There is a public interest in requiring cooperation from companies such as Apple in a national-security investigation, he said, with the courts setting boundaries for when such cooperation should be compelled.

If that sounds like disagreement, it was so polite and mildly worded as to create barely a stir. Indeed, people in the packed hall at Harvard’s Kennedy School on Monday evening—most of them Apple partisans, I suspect—seemed to appreciate a discussion that focused more on the fine points of technology and the law rather than on broad proclamations about Internet freedom versus the threat of terrorism.

Then, too, technology is changing so rapidly that the points raised during the debate may soon be obsolete.

Apple has been ordered to write software that will enable government investigators to gain access to Farook’s data; the company has filed an appeal seeking to overturn that order. But as Zittrain noted, Apple executives say they will soon offer encryption software to consumers that will make it impossible for anyone—even Apple itself—to break in. Such software, Zittrain added, is already available from various sources, which means that even if it were legally banned, it could still be used.

And that changes the nature of what’s at stake. As the San Bernardino case has played out, I’ve been more sympathetic to the government than to Apple. Why shouldn’t a corporation be required to comply with a court order to provide information in a terrorism investigation? And if it’s extraordinary to demand that Apple to write software so that the phone can be accessed, what of it? That’s simply a consequence of Apple’s engineering decisions.

As Deutsch put it: “That’s not really the essential point. It’s a minor part of the issue.”

On the other hand, I’m as uncomfortable as anyone with the idea that Apple and other companies could be forbidden to offer encryption so strong that even they would lack the means to bypass it. Requiring companies to build in a so-called back door would open the way not just to legitimate investigations but to privacy breaches and fraud, and would hand yet another tool to authoritarian governments seeking to repress dissent.

Zittrain and Deutsch talked about what role Congress and the courts might play in finding the proper balance between privacy and security. I asked them whether those institutions could have any role at all in a world in which no one but the end user would be able to bypass the encryption settings.

Zittrain responded that we have never lived in an era when every bit of data is accessible to a government investigator with a warrant. Even so, he said, there will continue to be vast amounts of personal data available to investigators despite the existence of strong encryption. “There’s a whole constellation of data points out there,” he said, calling it “an embarrassment of riches.”

I found Deutsch’s response more intriguing, reflecting as it did his both cloak-and-dagger days at the CIA and his long career in science.

“I don’t believe that phones irrevocably go dark,” he said, explaining that he believes Apple and other companies will retain the ability to unlock encrypted devices regardless of what they publicly proclaim. He also offered what he called “a suspicious paranoid point: all of these phones are made in China.” Would the Chinese government really allow the manufacture of technology that it couldn’t somehow access?

With technology changing so rapidly, Zittrain said, the current dispute between Apple and the FBI is “a bellwether rather than the case of the century.”

This time, in other words, Apple says that it won’t. Next time, it may say that it can’t.