Keynote | Security v. Privacy

2016-02-29

Good morning, everyone. Today I'd like to share a special case with you, which is called Privacy v. Security.

Imagine that you were an officer of the FBI. You just caught some terrorists who cruelly killed 14 people in San Bernardino.

To get more information about their crime, you want to take a look into their phone, an iPhone 5c.

However, it was protected by password. Normally, for guys working in the FBI, a 4-digit password is nothing more than a piece of cake - you can bypass it within 10,000 attempts, which can be easily done automatically and shortly with an external machine attached to the phone.

However, the reality seems a bit tougher. Designed with concern of security, the iPhone refuses electronic password input, and the more failed attempts you made, the longer you'll have to wait before your next input, which may make the process drastically longer. What's worse, the terrorist enabled a built-in function that will erase all data on the phone after 10 wrong inputs. You got hesitated. Even Sherlock Holmes spent quite a long time to unlock a phone, but you are only 10 steps away from death. Fairly unfair.

Luckily, with one path cut, you still have another one: you can ask Apple, the manufacturer of the very phone, to develop a special edition of software that enables automatic input and disables data erasing, and inject it into the phone.

And your idea is backed the All Writs Act, a law that authorises the federal courts to issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.

To your surprise, your order were immediately turned down. Apple refused to offer the software you want, and those guys even post a letter to their customers, publicly against you. In the letter, they argued that the move may lead to potential damage to the privacy of iPhone users, which they had been valued and cherished so much that they won't trade it with anything else.

You were angry. Yes, privacy can be important, but what can be more important than security? Isn't it necessary, you thought, to comprise some privacy, in the name of keeping secured from terrorism?

This was what took the headlines of American medias last week, the fight between the FBI and Apple, or rather, Security v. Privacy. As you already known, the government has framed the argument as a simple trade-off: you must surrender a little privacy if you want more security. FBI director James Comey even wrote an op-ed to push the dichotomy.

And his theory was bought by quite a lot of people. As a recent poll shown, 51 percent of respondents believe that Apple should comply with the FBI's orders.

However, Apple isn't alone, either. Many other technology companies in Silicon Valley, including Amazon, Facebook, Google and Microsoft, pledged support for Apple. In fact, I'm on their side, too. And there're 3 main reasons.

First, people carry so much personal information on our phones today, and there are new data breaches every week affecting individuals, companies and governments. The passcode lock and requirement for manual entry of the passcode are at the heart of the safeguards built into our phones. The FBI also argued that the backdoor will only be opened on the very phone that the terrorist owns. It would be great if we could make a backdoor that only the FBI could walk through.

But that doesn’t exist. Once the Pandora's box is opened, everything happening next is out of control.

Next, the order would set a legal precedent that would expand the powers of the government and we simply don’t know where that would lead us. Should the government be allowed to order companies like Apple to create other capabilities for surveillance purposes, such as recording conversations or location tracking? This would set a very dangerous precedent.

What's more, with such a precedent established, countries like China and Russia that is enthused about censorship, will have a great excuse to order Apple to do so, which would be a nightmare for users in these lands.

Ultimately, the reason this debate is happening at all is that there’s no legislative guidance around encryption.

The All Writs Act that the FBI has cited dates back to 1798, and even the most recent supporting precedent dates back to 1977. Therefore, although the FBI has turned to the court, judges can refer to nothing but conflicting interpretations of a law passed ages ago, even before Bell invented the telephone. Obviously, any judgements based on such an outdated law is not persuasive.

In my opinion, this Security v. Privacy case, put forward by the government, is a pseudo-proposition itself. In modern society, we cannot give up one without presenting a grave threat to the other. Without security protections around us, our privacy will be easily comprised by malicious people; oppositely, with our privacy ditched, we will be vulnerable before potential attacks based on our personal information.

Therefore, the FBI has no right to choose between security and privacy. Neither does Apple. Neither does the court, to some extent. Only people do. Let Congress, stakeholders, and the American people, who will be infected immediately and directly after the judgement is pronounced, who know the best where their value and benefits lie, debate and give the final answer.

And before those debates do happen, let’s also make sure they’re not framed by misleading dichotomies like “Security v. Privacy.”

Thank you.