This piece appeared in The Hill Times on October 8, 2018.
How many of you recall the terrorist attack in San Bernardino back in December 2015? An Islamist terrorist couple went in to a California health sector office’s Christmas party and opened fire, killing 14 and wounding 22. The two were later killed in a hail of police gunfire, but that is where the controversy over the incident really started. In an attempt to find out the motivation behind the attack, US law enforcement tried to get into Syed Rizwan Farook’s cellphone only to find they could not as it was password protected. Authorities approached the phone’s manufacturer, Apple, for help only to be rebuffed. The company said variably that it could not unlock the device or that by doing so it would set a dangerous precedent and undermine their users’ confidence in Apple’s ability to ensure privacy. In the end, the FBI allegedly paid a hacker to get into the phone and allow the Bureau to continue their investigation anyway.
At the time this debate was heated with strong positions on both sides. Those in favour of meeting the government’s request who thought Apple should comply said that terrorists – especially dead ones – have no expectations of privacy and that the FBI needed the phone’s data to see who else was involved in the plot and whether others were being planned. Those against said the State has no business asking for private information and that if Apple had complied nothing would be secure ever again from Big Brother’s prying eyes (and ears). I saw both arguments and weighed in – cautiously – on giving the police access, albeit on very strict conditions.
Well, guess what? The issue has not gone away. In early September the US intelligence community, in conjunction with their ‘5 eyes’ partners (the ‘5 eyes’ is a group of nations that includes Australia, Canada, New Zealand, the UK and the US and is the world’s premier intelligence club), apparently ‘quietly warned’ technology firms that they will “demand lawful access to all encrypted emails, text messages and voice communications” and threatened to impose compliance if such assistance is not rendered.
Wow, is that ever strong! The community will ‘demand access’ and if denied will look into legislation to make sure they get what they want/need. Is this acceptable in a liberal democratic society (I assume police states and dictatorships have no compunction on making these threats)?
In a word, yes, with a caveat. My position has not changed since 2015 and I do think we can achieve security and privacy at the same time. Just as spies and cops cannot normally intercept communications of citizens without a courrt-approved warrant (SIGINT organizations like CSE do not get warrants but they also do not collect domestically) nor should they be able to demand access to encrypted domestic communications without one. If CSIS or the RCMP can make a case that an ongoing investigation into a serious threat can only go forward with access to data they cannot currently read, they can go before a Federal Court judge and make that case, much as they currently do for other intercept warrants. Who would be opposed to this? There are rules and procedures to follow and judges who deem certain cases too weak can turn them down (this does happen by the way).
There is, of course, a downside to having to get a warrant. It presupposes that you already have begun an investigation into an individual or cell and already have enough info to make your case. You are asking for part of the puzzle you don’t have yet. It does not allow for ‘fishing expeditions’ into those who have not already crossed your radar (which was what transpired in San Bernardino, no?). In other words, even a warrant does not guarantee 100% security. As a free society we have to accept that. The alternative is unfettered and uncontrolled State access to everyone’s communications and I am fairly confident no Canadian (or Australian, or Brit or…) wants that.
We as a society have to decide what the balance is between giving our security intelligence and law enforcement agencies the tools they need and safeguarding the privacy and immunity from eavesdropping we crave. I happen to think we can achieve both through the courts – what say you?
Phil Gurski is a former strategic analyst with CSIS, an author and the Director of Intelligence and Security at the SecDev Group.