The iPhone Privacy Dilemma
The right to privacy is an established tenet of democratic society. Famously defined at the end of the nineteenth century by Warren and Brandeis as the right "to be left alone", the right at that time centred on an individual's requirement for their own personal space so as to "develop beliefs, attitudes, and behavioural norms." Warren and Brandeis went on to declare that "(T)he common law secures to each individual the right of determining, ordinarily, to what extent his thoughts, sentiments, and emotions shall be communicated to others" before determining that the right to privacy is a "principle which protects personal writings and any other productions of the intellect or of the emotions".
These statements, which are clearly appropriate for modern privacy demands, remain especially pertinent in the United States where Apple is fighting to retain control over the encryption of its iPhones. There are a myriad of different opinions as to whether a federal court should be allowed to order Apple to help the FBI decrypt an iPhone used by the terrorists who murdered 14 people in California recently. The Los Angeles court has ordered Apple to provide "reasonable technical assistance" to investigators who are seeking to read the data on an iPhone 5C that had been used by Rizwan Farook who, along with his wife, carried out the shootings.
Current interpretations of privacy strongly associate the right with innovative technology. Moreover, heightened technology sophistication & increased divulgence of personal data invariably lead to greater scope for honest error relating to, and criminal manipulation of, information privacy which should be safeguarded by adequate legal provisions. Lastly, acknowledging the fundamental right to data protection can now arguably be viewed as a prerequisite for a citizen’s ability to participate in society. This right is set out in the EU & UN human rights conventions and has been emphasised by the European Court of Justice in the recent, seminal ‘Google Spain’ and ‘Schrems v DPC’ decisions.
Nonetheless, the standard that now evidently exists in, and is influenced by, the US is a demonstrable evidence of the tension that exists between the fundamental right to privacy and the right to life, liberty, and security of person. One of the many effects of the September 2011 terrorist attacks has been heightened impact of security provisions that have been implemented in order to protect national security and preserve economic stability. Security measures such as facial scanning and recognition software that can recognise and compare faces in crowds at public events or places to existing databases possibly satisfy the requirement of minimal intrusion because individuals are only photographed as they go about their normal course of business. However, in spite of this satisfaction, the Snowden revelations, which unveiled privacy rights infringements that go beyond minimal intrusion, have influenced public consciousness to the extent that a chilling effect has been noted as a consequence of an acknowledged perception of US government surveillance tactics.
The US government’s argument is that the iPhone in question is a vital piece of evidence. Civil liberties groups such as the ACLU are warning however that forcing companies to crack their own encryption endangers the technical integrity of the Internet and threatens not just the privacy of customers but potentially that of citizens of any country. As a consequence, public opinion in the US is now divided on whether Apple should rework its software in order to help the FBI. In addition, leading tech companies and privacy groups appear to be siding with Apple CEO Tim Cook who, after the order was issued last month, asserted that the tech giant would be challenging the court ruling because it could establish a dangerous precedent to weaken the security of Apple devices. A federal court hearing to determine the outcome of the earlier order is set for later this month.
Privacy as a concept extends to various spheres of human interaction, including physical and emotional invasiveness. Therefore, it must be argued that if the iPhone, an essential, global instrument of personal data privacy, is declared to be open to interference in the name of protecting one country’s national security, what will come next? Moreover, this case is not an isolated incident - elsewhere in the US, a New York district judge ruled this very week that the government cannot force Apple to unlock a drug dealer’s iPhone.
This all comes at a vital point in time for data sharing between the EU and the US ahead of the introduction of Safe Harbor 2.0, renamed “Privacy Shield” and already touted as being inadequate in terms of safeguarding EU citizen’s data when transmitted to the US. The new agreement has been quickly drafted behind closed doors, in stark contrast to the new EU-wide law on data protection; the General Data Protection Regulation (GDPR), which has incurred countless redrafts and amendments over the past five years.
Article 41 of the GDPR states:
“A transfer of personal data to a third country or an international organisation may take place where the (European) Commission has decided that the third country, or a territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection.”
It remains therefore to be seen over the next few weeks and months if the current ethos as espoused by the ECJ and the GDPR will be safeguarded by Privacy Shield and ultimately respected by the judiciary in the United States.