I was at a dinner party last night when a very heated debate broke out. One gentleman was insisting that Apple was being a hypocrite by not breaking its encryption for the FBI. Me and another gentleman were insisting that it would be a dangerous precedent for them to do so and that we stood with Apple. Yet another person was insisting that this whole insistence that Apple break its encryption policy was due to Islamaphobia/racism.
In case you have not been keeping up: There was a horrific shooting in San Bernadino, CA. Apple has been helping the FBI with their investigation (the shooters or at least one of the shooters had an IPhone), except for one point. The FBI wants Apple to make it easier to “hack” into Apple devices because the FBI alleges that there MIGHT be useful information on the suspects’ phones. Apple is refusing to do so. This has sparked a big debate on encryption, the government (aka Big Brother), and privacy.
Even though the case is not about the selling of our data, the gentleman whom I was talking to (who wants Apple to comply with the FBI) thought that it was and his confusion is between the collection of data and the selling of data.
There’s a difference (which is what I was insisting) between Apple collecting our data in the aggregate to help improve their products and services and Apple selling our data.
Now, I am very much a lay person when it comes to this stuff, so I’m asking Colin Ley, Chief Lawyer-Human, to weigh in on these matters as a person who has taken the time and energy to educate himself on these matters.
Full Disclosure: When I worked at Microsoft, Colin would call me at work and yell “APPLE RULES” and then hang up. So, he might be a bit biased.
Q: Colin, what do you think about the difference between the collection of data and the sale of customer data? Is there a difference? Do you think it’s an area of confusion?
I don’t think there is a difference in the processes of collecting data and selling data, but there is a difference to the consumer. Everybody collects data, but not everybody sells it. Data storage has become so cheap that companies are collecting and saving more and more data. Some companies don’t even know why or what to do with the data, but its collected…just in case! Apple is primarily a hardware company, meaning they make money on the sale of physical products. Apple has differentiated itself by claiming they do not sell customer data (because they make money off the hardware). Software based companies, especially ones that offer free services like Facebook, make money by selling data. There’s an expression that if a service is free, you’re the product. That means your information and eyeball-time is being sold to advertisers.
Q: But that’s not really what the issue is in this case, is it?
Sort of. There are multiple issues. There is a business model issue in that Apple distinguishes itself by making a secure hardware product that keeps customer data private. If its products are less secure, there goes an advantage that distinguishes itself from its competitors. The other issues are about constitutional rights and limits (or lack thereof) of government powers.
Q: What is “metadata” and how does it play a role?
Say Bob calls Jane on the phone to ask about a recipe. Data from that call would be the actual conversation. Data would let you know what recipe Bob and Jane talked about. The metadata from the call is that Bob called Jane. Big Brother wouldn’t know what amazing recipe they talked about!
In this Apple case, the government wants the data from the phone. They already have the metadata. Just like they already have your metadata!
Q: Why do you think encryption is important?
Encryption is important because information is valuable. Theft of personal information is used to commit identity theft and other forms of fraud. Without secure encryption, more information will be stolen, which puts a high costs on both victims and society.
Q: Is there any way to escape the sweeping eye of Sauron?
Nope! The level of corporate and government surveillance is mind boggling. On the government side, people have traded their privacy for a greater sense of security. The surveillance programs that currently exist very likely violate our constitutional rights, but nobody really knows (or understands) what’s going on inside these programs, so they just keep on keepin’ on.
On the corporate side, people have traded their privacy for free stuff they like. That’s fine, but I don’t think consumers understand what they are trading in exchange for that free stuff.
Q: As someone who is uneducated in these matters, what resources do you recommend me to go to? Books? Youtube videos? Articles?
For data & encryption: “Data and Goliath” by Bruce Schneier is eye-opening. “Citizenfour” is a great documentary to learn about NSA data collection. “Little Brother” by Cory Doctorow is good for fiction fans.
For the Apple case, Smithsonian has an article explaining the All Writs Act, which is the law from 1789 the government relied on to win its court order.
Q: Was there something that I should have asked you that I didn’t because I don’t know what I’m doing?
Does metadata protect my privacy? No. The correlation of metadata reveals more about you than data itself. The former director of the NSA and CIA, Gen. Michael Hayden has said, “we kill people based on metadata.”
Q: Have we now doomed ourselves to closer scrutiny by the NSA due to publishing this post?
Fun fact: yes! The documents leaked by Edward Snowden showed the NSA targets people who are interested in encryption and privacy. Surveillance data about your internet activity will now be saved forever, instead of just for 5 years. Congratulations! You’re immortal.