Privacy is something that none of us who live in the digital connected world really have. While we would like to believe that we are safe from prying eyes by using the tools provided by the different vendors who design security solutions that incorporate into our systems, I think that this ship has sailed. The moment you decided to be a part of the Internet, be it on the social media, or be it for simple browsing, or e-mail, or chatting, you created a door into your device, and a means for your information to become available to the snoops, and also for folks who want to misuse your device. The security solutions I mentioned before can barely keep up with the hacking world in this regard. And it only takes one mistake to open the backdoor into your system! The best you can do is try to limit the damage.
There are all kinds of snoops. There are the ones trying to get at your confidential information to do something bad to you. There are those who are trying to misuse your personal information for other illicit purposes. There are those who are trying to legally or illegally gain some commercial advantage, trying to sell things to you by learning more about you from your computer. And then there is the government that might suspect you of doing something illegal on your computer.
Why has it been so easy for people to get into our private systems? For one thing, most of the systems that we work with have fundamental software design flaws that can be exploited. Next, whenever you are connected into the Internet, you have an address at which you can be reached. Then, for reasons of convenience, and for supporting required functionalities, systems also include means for others to get access to your working environment for legitimate purposes. (For example, remote login capability exists for debugging purposes.)
Once you have an identity on the network, there are ways for people to try to access your system for both legitimate and nefarious purposes. Every time you visit a website you are executing code from the website on your computer. Websites leave cookies on your computer regularly when you browse them. And sometimes you give outsiders access inadvertently by going to a website that interacts with your computer in a malicious manner. Once you have have hit the wrong button on the browser screen, or in an e-mail, or even opened a malicious application file that you downloaded, you could be at the mercy of the entity on the the other side of the communication link established.
And then there are many of us who are willing to give up our privacy willingly in return for something that we want. It happens all the time when you give your information to companies like Facebook, or Google, or LinkedIn or Microsoft, to name a few. It happens when you make a purchase at any online shopping site like Amazon or even an Expedia. And then the systems that these organizations use for storing all this information are not foolproof. Personal information for millions of people have been stolen from the records of more than one government agency.
Your digital communications are themselves not safe from snooping. Communications from your smart phone can be intercepted by fake cell towers, and communications through an ISP can be snooped upon directly. Both the bad guys and the good guys take advantage of this approach.
There are rules and regulations meant to address many of the above scenarios to try to protect your privacy, but in many cases rules cannot keep up with either the technologies nor the human ingenuity when it comes to creating problems and creating chaos. Then there are the human tendencies that make us disregard the speed-bumps in the processes that are meant to make us slow down and think for a minute. We make mistakes that allow our privacy to be compromised. When was the last time one read a EULA? When was the last time one read and reacted to the privacy statement (mandated by law) they received from their financial organization? Do we accept and store all cookies offered up when browsing a website?
Tim Cook at Apple has decided that the privacy of the owner of a device must be protected at all costs. In this case, he is talking about access to the contents of a device by a third party that has your device in their hands and wants to look into its contents without asking you. They want to make it extremely difficult, if not impossible, to do something like this. Recently Apple introduced the concept of having all the contents of the device encrypted, and limiting access to the decryption key to the the owner of the device (i.e., even Apple does not know what it is). In order to be able to use the key, the user has to first get access to his or her device with a password. If somebody tries to hack the password too many times, the device stops working completely. The system is “bricked“. The only way to break the system is to guess the password without too many attempts. Apple does not have a back door in its current software that lets it bypass this security.
This is where government access to a device becomes the topic of discussion. What the FBI has asked Apple to do is to hack into their own system so that they can read the contents of another person’s smartphone. Apple is refusing in spite of being under a court order. They are in a difficult place. If they attempt to break their own system and are successful, it could indicate that others could also find a way to hack into their supposedly super-secure system. They designed the system to work this way for a reason!
Is Apple justified in refusing to cooperate with the FBI? Under ideal conditions I would say that they are not, since once you become a part of a society and its systems and use it to your benefit, you have some responsibilities to the system also. But we also know that the system is not infallible, and can easily be manipulated and misused (as shown by Edward Snowden). And the tendency for misuse is somehow inbuilt into the system because of human nature and can perhaps never be fixed.
Where should the line be drawn with regards to trying to protect privacy under these circumstances? It is certainly a dilemma…