A Philosopher's Blog

Apple, the FBI & Backdoors

Posted in Ethics, Law, Philosophy, Technology by Michael LaBossiere on February 19, 2016

Data breaches, hacking and device theft are a routine part of modern life. In order to help defend customers, Apple and Google added very effective security features to their phone operating systems. American law enforcement, who had grown accustomed to easy access to the treasure trove of evidence that is a smartphone, were generally dismayed by this—they could no longer get Apple or Google to unlock a phone because the phones were effectively unlockable.

In the light of revelations about the extreme ineffectiveness, egregious incompetence and privacy violations on the part of the state security apparatus, the public was generally in favor of the strong encryption offered by Apple and Google. The FBI, however, thinks it has found an ideal rhetorical tool to exploit against encryption: the murders in San Bernardino. The FBI has claimed that the work iPhone of one of the alleged attackers contains critical evidence and a judge has demanded that Apple write a special version of its iOS to enable the FBI to crack the phone. Apple, which has cooperated fully with the investigation to this point, has refused to create a means of breaking iPhone encryption. The company has made its case via a letter to the customers.

Since people have an irrational fear of domestic terrorism vastly out of proportion to the actual threat level, the FBI has chosen wisely with this case. They can try to make use of scare tactics and appeal to fear to get the public to unwisely side against Apple. Since I have argued at length against backdoors in general, I will not rehash those general, rational arguments here. Instead, I will focus on the situation at hand. Since I am not a lawyer, I will stick primarily to the ethics of the matter and leave the legal wrangling to those who have billable hours.

The standard argument in favor of giving the state access to private information, be it on a phone or written on paper, is based on security: the state needs that information in order to protect citizens from harm. In the case of the iPhone, the argument is presumably that the phone contains information the FBI needs to conduct its investigation. Since the person who knew the passcode is dead, the FBI cannot compel that person into allowing access to the phone. Either the FBI lacks the means to get into iPhones or has elected not to reveal that capacity, so they need to turn to Apple to access the data.

Others in law enforcement advance similar arguments: they have many phones that they think contains data relevant to cases and the argument from public safety should, they think, override all other concerns. Since the focus of the FBI and law enforcement in general is on finding and prosecuting criminals to protect the public, it makes sense that they would see the matter from that perspective. Apple and Google, as they see it, are helping the criminals and terrorists by providing them with unbreakable vaults for their data.

The argument from safety should not be simply dismissed.  After all, the primary function of the state is to protect its citizens and the usual utilitarian moral argument can be made in favor of endeavors aimed at reducing privacy in order to increase security.

The easy and obvious counter to this security argument is another security argument. If the United States government and law enforcement were the only ones who could access such data and could do so only via due process of the law, then it would be reasonable to allow such access. Unfortunately, such access cannot be limited to the United States and history has shown that the state has a rather vague notion of due process. Because of this, it seems likely that far more harm would be done by getting on the road the FBI wants Apple to walk. While law enforcement would, it is true, be able to crack some phones and get some information that would prove useful, this would be outweighed by the harm done to citizens by criminals and foreign states. After all, if law enforcement can get into an iPhone, then so can China and criminal hackers. It could, of course, be argued that my estimate is in error—that the harms prevented by allowing law enforcement into phones will vastly outweigh the harms that will occur from hackers getting into the phones of citizens and the harm done when foreigners decide to go with competing phones rather than risk using an American iPhone or Android phone. However, given the damage done by hacking and the fact that law enforcement can use other means of investigation (such as what they did before smart phones), this does not seem to be the case.

Another approach is to make use of stock conservative arguments against government overreach and in favor of rights. Conservatives routinely argue against government regulation, in favor of small government, against government intrusion and in favor of constitutional rights. While these arguments are usually employed against environmental regulations and in defense of gun rights, they would also apply with slight modifications to the matter at hand. Libertarians who grasp the concept of consistency are in favor of such encryption and against such intrusions into privacy rights. Unfortunately, some conservatives throw away their espoused principles in the face of overblown fears about terrorists and criminals. However, these principles need to be applied consistently and, if they were, conservatives should oppose such government overreach and intrusions into the freedom of businesses and into constitutional rights.

As a final point, consider the stock argument in favor of gun rights that citizens need guns in order to engage in self-defense and to do so even against the tyranny of the state. The same sort of argument would seem to apply in the case of phone encryption: it serves as a digital defense against criminals and terrorists, but also as a very real defense of the tyranny of the state. So, if citizens have a right to firearms to defend against the forcible acts of criminals and state tyranny in the physical world, they should have the right to encryption to defend against criminals and state tyranny in the digital world. What is needed is a suitable slogan on par with the NRA’s famous line about guns: “I’ll give you my data when you take my phone from my cold, dead hands.”

 

My Amazon Author Page

My Paizo Page

My DriveThru RPG Page

Follow Me on Twitter

How Your Next Fridge Will Turn on You

Posted in Technology by Michael LaBossiere on January 10, 2014

Fridge2There is considerable buzz about the internet of things, smart devices and connected devices. These devices range from toothbrushes to underwear to cars. As might be imagined, one might wonder whether a person really needs a connected toothbrush or even a connected fridge. While the matter of need is interesting, I’ll focus on other matters.

One obvious point of concern is the fact that a device connected to the internet can be hacked. In some cases, people will engage in prank hacking. For example, a wit might hack a friend’s connected fridge to say “I am sorry Dave. No pie for you” in Hal’s voice. Of greater concern is the possibility that people will engage in truly malicious hacking. For example, a smart fridge might be hacked and shut off, allowing the food in it to spoil. Or the temperature might be lowered so that the food in the refrigerator is frozen. As another example, it might be possible to burn out the motors in a washing machine—something analogous to what happened in the famous case of the Iranian centrifuges. Or a dryer might be hacked in a way that could burn down a house. As a final example, consider the damage that could be done by someone hacking the systems in a connected car, such as turning it off while it is roaring down the highway or disabling the software that allows the car to brake.

Because of these risks, manufacturers will make considerable effort to ensure that the devices are safe even when hacked. Naturally, the easiest way to stay safer is to stick with dumb, unconnected devices—no one can hack my 1997 washing machine nor my 2001 Toyota Tacoma from the internet. But, of course, being safe in this way would entail missing out on the alleged benefits of the connected lifestyle. I cannot, for example, turn on my washer from work—I have to walk over to the machine and turn it on. As another example, my non-smart fridge cannot send me a text telling me to buy more pie. I have to remember when I am out of pie.

Another obvious point of concern is that connected devices can easily be used as spies—they can send all sorts of data to companies, governments and individuals. For example, a suitably smart connected fridge could provide data about its contents on a regular basis, thus providing a decent report on the users’ purchasing and consumption behavior. As another example, a suitably smart connected car can provide all sorts of behavioral and location data. It goes without saying that the NSA will be accessing all these devices and siphoning vast amounts of data about us. It also goes without saying that corporations will be doing the same—just think about Google appliances, cars, and underwear. Individuals, such as stalkers and thieves, will also be keen to get the data from such devices. These concerns are, obviously, not new ones—but the more we are connected, the more our privacy will be violated.

A practical concern is that such devices will be more complicated than the non-smart devices they replace, perhaps making them less reliable, more expensive and such that they become obsolete sooner. While my washer is not smart, it has proven to be very reliable: I’ve had it repaired once since 1997. In contrast, I’ve had to replace my smart devices (like my PC and tablets) to keep up with changes. For example, the used iPad 1 I own is stuck on version 5 of the iOS—and Apple is now on version 7. While some apps still update and run, many do not. Just imagine if your fridge, washer, dryer and car get on the high tech upgrade cycle of being obsolete (and perhaps unusable) in a few years. While this will be great for the folks who want to sell us a new fridge every 2-3 years, it might not be so great for the consumer.

While I do like technology and can see the value in smart, connected devices, I do have these concerns about them. Of course, my best defense against them is that I am a low-paid professor: I’ll only be replacing my current non-smart devices when they can no longer be repaired.

My Amazon Author Page

My Paizo Page

My DriveThru RPG Page

Enhanced by Zemanta