February 22, 2016

To Hack or Not to Hack?

Giving the government access to our private information doesn’t actually make us safer.

A few weeks ago, I found myself eavesdropping on an argument about surveillance (and yes, that was intentional). Two students were arguing about Apple CEO Tim Cook’s recent letter, which assured customers that Apple would fight the FBI’s efforts to hack San Bernardino shooter Syed Farook’s iPhone. Both sides of the debate sounded familiar––one student argued that privacy rights always trump the government’s desire to surveil its citizens, while the other student said that advocating for robust privacy protection is opting for terror. The idea that privacy has to be sacrificed to stop terrorism is something we’ve heard a million times before. Although it seemed wrong to me, it’s an appealing argument.

It’s fairly easy to find yourself dismissing worries about government surveillance as wildly overblown. The NSA’s bulk metadata collection was ended under the USA Freedom Act. Phone companies now store metadata, not the government. It includes information about messages, not the content of messages; the government doesn’t have free reign to pore over your texts. And, as proponents of surveillance are quick to point out, if you’ve got nothing to hide, why worry?

Other alleged privacy violations, like encryption backdoors, appear even more innocuous; the only people affected by such a measure are already targets of criminal investigations. Why would you care if the FBI could hack into a criminal’s phone, unless you’re planning to commit a crime yourself? It would seem that only two kinds of people are opposed to surveillance: paranoid individuals and criminals. And who wants to be accused of belonging to either group?

If that wasn’t enough, there’s always the argument that surveillance is integral to security––former NSA director General Keith Alexander claimed in 2013 that the government had thwarted 54 terror attacks using its cyber surveillance programs. And with 9/11 still looming in the not-so-distant past, wanting to err on the side of caution when it comes to fighting terrorism is understandable.

The case for surveillance has been somewhat successful. Congress continues to consider legislation requiring encryption backdoors. According to a Pew Research Center poll, the American public is deeply divided over security measures; in May 2015, 54 percent of Americans disapproved of surveillance programs, while nearly half believed that antiterrorism policies (at the time, this included the Patriot Act) weren’t enough protection.

But the choice between privacy and safety is ultimately a false one. There’s no evidence that sacrificing privacy will actually make you safer. Take the claim that the NSA’s surveillance has stopped 54 terrorist attacks. During a Senate Judiciary Committee hearing in 2013, Alexander admitted that of the 54 alleged terrorist attacks, not all were actually plots (some simply involved charging individuals who had provided support to terrorist organizations). And the list of actual plots remains classified, leaving not enough information to determine what role expanded surveillance powers played in preventing them. More damning still is an analysis from New America, a nonpartisan think tank, which analyzed the cases of 225 individuals charged with terror-related crimes and found that bulk collection of metadata started only 1.8 percent of the investigations and contributed little to the remainder. Our privacy rights are too important to be sacrificed based on the unverifiable claim that it will make us safer.

But the inefficiency of bulk metadata collection has done little to stop calls for the renewal of bulk collection, especially in the wake of the San Bernardino shootings and the Paris attacks. Proposals calling for encryption backdoors have also gained traction, even though the legal justification used to create these backdoors is tenuous, and the threat posed to data security is significant.

The order forcing Apple to access Syed Farook’s phone was justified with the All Writs Act––a statute written in 1789 that allows orders to be issued when there are no applicable laws. The statute requires that the order isn’t unreasonably burdensome. As Tim Cook rightly pointed out in his open letter, forcing a company to build a backdoor is unreasonably burdensome, even if the government intends to access only one device. Should such a backdoor fall into the wrong hands, it could have devastating implications for all the owners of the product in question, defeating the purpose of developing encrypted technologies in the first place. Backdoors also have one glaring problem when it comes to terror prevention: any tech-savvy terrorist could purchase a non-American product and skirt the threat of backdoors altogether. Backdoors would imperil cyber-security, threaten the competitiveness of American companies, and leave the American public no safer.

Getting rid of bulk metadata collection was a great first step for privacy rights. The fact that Congress has yet to pass legislation weakening encryption is something to celebrate. But when politicians like Jeb Bush declare their support for bulk metadata collection, they reveal an enduring ignorance of what expanded government surveillance will lead to. Increasing surveillance powers hasn’t, and won’t, improve public safety. What expanded surveillance will do is undermine the privacy and freedom of the American people, while granting extraordinary powers to institutions with insufficient oversight and accountability.

Natalie Denby is a first-year in the College majoring in public policy.

Comments have been closed.