Encryption and Privacy

Recently, the FBI ordered Apple inc. to decrypt the iPhone of one of the San Bernardino shooters. On the surface, this may seem like a simple and reasonable request, but there is much more to this request than may be obvious to the average citizen. The first issue is that Apple does not currently have the ability to decrypt their customers’ phones. The encryption system was designed so that nobody, not even Apple or the US Government, could gain access to the phone’s data without the user’s credentials (in this case, the user’s fingerprint scan and passcode). For Apple to grant the FBI’s request, they would need to create a modified version of the iPhones operating system (OS) that would allowe them to break into it. The FBI insists that the modified OS would only be installed on this phone, but critics of the request believe that the FBI would begin using this strategy in more cases, increasing the risk that this software would be leaked to a third party. In the wrong hands, anyone with this software could break into any iPhone they could get their hands on, accessing personal and financial information of the phone’s owner.

Although it may seem to be just a squabble between a tech company and the FBI, this issue actually represents the next major crossroads for the right to privacy by the American citizen. Although most constitutional scholars believe that the constitution guarantees its citizens’ right to privacy (through a combination of the 1st, 3rd, 4th, 9th, and 14th amendments), they also agree that this right to privacy is forfeit during substantiated legal investigations. This interpretation has worked for years, but with the recent advent of the digital age, we must consider the consequences of continuing in this manner.

Before the digital age, privacy meant that nobody could come into your home or take something that was yours without permission. They also could not access any legal, financial, or personal information about you, since any documents containing such information would be inside your home or workplace, where they would not be allowed without permission. Now, however, people store their entire lives in their pocket: their phone contains personal information in the form of texts, emails, and pictures; their credit card and social security numbers are stored by apps through which they make purchases. To gain access to someone’s phone is often to gain access to their schedule, their bank accounts, and any other services they may be able to access through their phone. In the digital age, a phone contains everything one would need to completely assume a person’s identity, or to empty all of their accounts. All of this can be done quickly and untraceably once a party gains access to the data. We must consider this incredible risk when choosing to allow certain parties access to our information.

Some might argue that these risks are there in the physical world as well – that the same criminals can break into your home or mug you, steal your wallet, and accomplish the same goals. However, the major difference here is that in either case, it is clear that a crime has been committed, and that the victim’s data has been compromised. In the case of digital intrusions, a skilled hacker will leave no trace that the victim’s data has been stolen. A person may not realize that their identity has been stolen for hours, days, or even weeks after the crime has been committed. This makes it very difficult to track the person  who committed the crime, and leaves the victim little hope of recovering his assets.

The thing about encryption that public officials seem unable to grasp is that you cannot create a backdoor without leaving it open for anyone clever enough to find it. What I mean by “backdoor” is a method for authorized officials (such as the FBI) to access encrypted data. To understand the flaw in this idea, we need to understand how encryption works. When data is encrypted, it is first encoded numerically, so that a computer can read it. Next, these numbers are run through a function based on the user’s key. Without the key, there is no way to convert the encrypted numbers back into something that the computer can read. Modern encryption programs do not rely on the method of encryption being kept secret, as that method’s discovery would render the entire encryption system useless. A government backdoor would require an encryption system that does not nned the user’s key to be decrypted. This method would rely entirely on the government’s method of gaining backdoor entry remaining secret. The moment that method was discovered, the entire encryption system would become unsafe to use, exposing millions of people’s data to anyone tech savvy enough to look for it.

In the digital age, where a person can remotely access a server from anywhere in the world, and where any information they gain can be disseminated nearly instantaneously across the globe, we cannot afford to rely on secrecy to protect our data. The chance of the backdoor’s secret being discovered coupled with the untold damage that could do to millions of lives far outweighs the advantages that could be gained through giving the government access to criminal’s communication records. This is not an issue of the FBI gaining access to a single phone. This is an issue of whether we value the privacy and safety of every single citizen over the ability of our government to access the records of those deemed to be a threat to national security. It is not an easy question, and should not be answered lightly, but I believe that the potential risks far outweigh the potential benefits of having a government backdoor to encryption. Even if we assume that this power will never be abused, we cannot realistically assume that it will never be replicated by hackers, who have already proven far more competent in matters of information technology than our government.

There’s no denying that police violence in the US has become far too common. Over the past year, it has become abundantly clear that officers will not face any serious repercussions for their actions in all but the most horrific cases. These two facts have created an environment of fear and tension between civilians and police, one which regularly erupts into violence that only serves to further divides the two groups. A positive feedback loop has been created, where some violence leads to more violence, which in turn leads to even more violence.

The main issue with the current system is the lack of accountability held by offending officers. When an officer abuses his power and is not punished, he will continue to do so, while serving as a reminder to other officers that they are untouchable, and not to be held to the same standard as normal citizens. This only serves to reinforce the “us against them” mentality that has become far too common on either side of this mess. On the other hand, if officers are punished for their transgressions, (actually punished, not suspended with pay for two weeks) they serve to discourage similar behavior. If this were the case, violence would lead to convictions and punishment, and every violent incident would make future incidents less likely, instead of the current system that encourages them.

Considering all of this, why aren’t officers punished for breaking both civilian trust and the law? Thanks to an anonymous hacker known as “Cthulhu” along with an anonymous source within the Fraternal Order of Police, we finally have an answer for this question. Cthulhu hacked into the central server for the Fraternal Order of Police (FOP), and released 2.5 GB of confidential information, consisting of 63 contracts between police unions and their local governments. Although some of these contracts were innocent enough, more than a third included clauses allowing departments to destroy records of investigations, complaints, and disciplinary actions after a negotiated period of time, ranging from a few years to only a few months. Many of these contracts also allowed police departments to deny citizens access to any of these records, effectively burying any evidence of wrongdoing.

FOP officials argue that these provisions are there to protect the rights and safety of officers, and that it was “standard HR practice” to remove evidence of wrongdoing, as it can affect career advancement. This argument only serves to illustrate the disconnect between the rules for officers and the rules for civilians. A civilian convicted of a felony is stuck with the record of that felony for the rest of his life, and whatever career he may have been advancing through can be assumed to have ended the moment the verdict was read in court. “Standard HR Practice” for employees who break the law is to fire them.

There are other alarming provisions in these contracts, which can be read about here, on The Guardian’s website. Many of the practices outlined in these contracts are damaging the public’s trust of the police, but the most damning by far is the nearly universal practice of conducting all investigations internally. This means that corrupt departments investigate their own guilt, and the verdict is almost always that they are innocent. Many law enforcement officials defend this practice, stating that “no one understands what we do.” Not only is this excuse condescending and contrived, it hints at the very dangerous mentality shared by many officers today: That they see themselves as separate and above normal citizens. They see battle lines being drawn between themselves and the very civilians they are supposed to be protecting.

Although the current situation seems grim, it’s vital that we remember a few things: First, that these events of police brutality are not new. There always has been and always will be a risk of those in power abusing that power. Corruption has always been present in any organized society since the beginning of time. What has changed is our ability to see that corruption. With modern technology, a bystander can take out their phone and record these events at a moment’s notice, then post them online to be viewed by millions. The apparent epidemic of corruption and violence that we see today is largely a product of that fact. The next time you wonder, “how did the world get so backwards?”, remember that it already was backwards, and it’s only now in the digital age that most of this corruption is coming to light – and once it’s out in the open where everyone can see it, we can finally start to do something about it.

The second thing we need to remember is that not all police officers are corrupt. In fact, it’s likely that very few are. Sadly, these few seem to congregate in certain departments that damage the reputation of all other departments. However, the current climate of anger and mistrust towards officers only serves to alienate them from the public they are supposed to protect. Every time an act of violence is perpetrated against law enforcement officials, every single officer is forced to question his commitment to the public, especially when the public seems to condone that violence.  Law enforcement agencies need to take a serious look at themselves, and make sure that they are addressing their failures in a way that serves to discourage further failure, but we as citizens also need to take a serous look at our own actions, and make sure that we are not encouraging each other to perpetuate this violent cycle. Without compromise and restraint on both sides of this conflict, the violence will only get worse, and people will keep needlessly dying.