Privacy issues hit all branches of government at once
- 16 March, 2016 06:08
In a rare confluence of events, all three branches of the federal government are weighing changes that would affect when and how personal data is accessed.
The approaches are somewhat contradictory: Some moves would protect citizen privacy, while others could result in more access by government agencies to records kept by businesses and smartphone users about personal information. Encryption technology is usually at the center of the discussions, with intelligence officials eager to find ways to detect communications on smartphones used by criminals and terrorists.
Various actions are taking place in the federal judiciary, before Congress, as well as the executive branch.
FCC and ISP privacy
In the latest proposal made last week, the Federal Communications Commission wants Internet service providers to receive customer permission before their personal data is shared for marketing and other purposes.
The FCC will debate the proposal at its March 31 meeting. The proposal quickly won an endorsement from nearly 60 privacy and digital rights groups, including Free Press.
Meanwhile, opponents also have emerged, including the Information Technology & Innovation Foundation, which said the U.S. Federal Trade Commission's oversight of broadband providers already protects broadband customer privacy while balancing privacy with industry costs and innovations.
Both FCC Chairman Tom Wheeler and FTC Chairwoman Edith Ramirez appeared together at the CES trade show in January to urge tech companies to expand their efforts to protect consumer privacy.
Apple and the FBI
Also receiving big headlines is the FBI's attempt to force Apple to write new software that would override password protections on the iPhone of a mass shooter in last year's deadly San Bernardino, Calif., attacks.
Magistrate Judge Sheri Pym on Feb. 16 ordered Apple to comply, but the company is appealing the decision on constitutional and other legal grounds. A hearing on the appeal is set for Tuesday. Many experts expect the case will end up at the U.S. Supreme Court.
A series of affidavits by both parties in the case have been filed almost daily. Last week, the FBI described how it tried to access content on the work-issued iPhone 5c used by San Bernardino shooter Syed Rizwan Farook.
Legislation expected to pass in Congress calls for creating a 16-member commission on security and technology challenges. The commission, drawn from a broad base of security and privacy advocates, would have a year to issue a final report.
Sen. Mark Warner (D-Va.), one of the commission's co-sponsors, said the group can "strike an appropriate balance that protects American's privacy, American security and American competitiveness."
A big issue for backers of the commission is ensuring that Congress not pass knee-jerk legislation seeking backdoors or other workarounds of encryption used on smartphones and other devices. The concern is that since many encryption apps are available from foreign companies out of reach of U.S. laws, any U.S. regulation would only hurt U.S.-based companies. Furthermore, terrorists could resort to using apps developed in other countries, or build their own.
While much of the concern over encryption and privacy rose out of the mass shooting attacks in Paris and San Bernardino, the recent deliberations before all the major branches of government can also be tied to the election calendar, analysts noted.
FCC commissioners and officials at the Department of Justice, the FBI and other security agencies are appointed by the president, and Barack Obama's term ends in January. The same goes for 435 members of the House and one third of the members of the Senate.
In the judiciary branch, the Apple-FBI case -- and others -- could drag on well past January. If the case heads to the Supreme Court, the appointment and confirmation of a ninth justice to replace recently deceased conservative Antonin Scalia, could have bearing on the outcome.
In June 2014, the high court ruled unanimously in favor of civil liberties and personal privacy in the landmark Riley v. California case. That ruling held that police may not search digital information on a cell phone without a warrant, even if the phone was seized from an arrested person. Some legal scholars see that case as having a bearing on smartphone privacy cases, since there is so much personal data, such as financial and health information, contained on a smartphone.
While the FBI and other agencies are pushing for access to a smartphone that was specifically designed by Apple to protect personal information, other government actions, like the one before the FCC, are heading in the other direction.
"The FCC plan is right on the mark for protecting consumer privacy … but it is also in direct contradiction in spirit to what the FBI is asking for from technology companies," said Avivah Litan, a longtime security analyst at Gartner, in an email.
"There is a ton of rich data at ISPs that can be used to identify and track terrorists and criminals. In fact, this data is more fertile than what is on a personal smartphone because it reveals networks and connections that involve crime or terrorist rings," Litan added.
Given that a terrorist or a criminal could easily resort to using a prepaid burner phone, (a phone briefly used and then disposed and replaced) — as happened with two other phones in the San Bernardino attack — Litan suggested that going after smartphones protected with encryption might not be the most effective course for the FBI.
"The government should accept that encryption advances are well underway, so trying to force Apple and Google to open backdoors for them is a futile exercise," Litan said. "The cat is already out of the bag," she wrote in a recent blog.
"The government needs to master new techniques for gathering intelligence and finding perpetrators instead of bullying technology and phone companies to open backdoors for them," she said in another blog.
"The government should stick to principals and stay away from technology details," she said. "And they need to accept that we are no longer living in the 20th century. The world has moved forward, as has technology. They should make the best of it and take advantage of all the information that is indeed out there, instead of sticking to old ways of doing business and blaming others for their ineptitude."