Apple v. Attorney General Barr: Giving feds access to smartphones is a bad call
It is easy to be sympathetic to Attorney General Bill Barr’s frustration with Apple … just as it was easy to be sympathetic in 2016, when the Justice Department was equally frustrated with the tech giant after jihadists in San Bernardino murdered 14 innocent people.
This time, another jihadist, Saudi air force lieutenant Mohammed Saeed Alshamrani, murdered three members of the U.S. Navy and wounded several others after opening fire at a naval training base in Pensacola, Fla. The jihadist was in possession of two iPhones. He was sufficiently concerned about the contents of one that, during the firefight in which he was killed, he took the time to place it on the floor and fire a round into it, obviously hoping to destroy its contents. But the FBI’s adept technicians have the phones working again.
There’s just one problem — the same problem that plagued the San Bernardino investigation: The investigators cannot get access to the phones’ contents without the passwords.
The presumption, just like last time, is that Apple has the trade-secret algorithm that would unlock the phones without triggering any defensive privacy programs. Such a program might erase the contents after a few unsuccessful attempts to break the code, were the FBI to try.
Apple, yet again, is reluctant to help the bureau. And, just as I argued in the San Bernardino case, the company is making an important point. In fact, notwithstanding my admiration for the attorney general and my sympathy for his effort to protect the country, it is a point that has gotten stronger in the ensuing four years. That owes to the government’s misconduct and its arrogant indifference to the rights of Americans and the authority of Congress to conduct oversight.
Let’s first rehearse the liberty and privacy stakes. These are usually given short shrift, if they are mentioned at all, because these disputes between the state’s investigators and private tech firms invariably arise after some horrific incident, which we badly want law enforcement to solve.
It’s a natural response, but it gives us tunnel vision.
It is not the presumption of our constitutional society that the state is entitled to every private actor’s assistance in solving crime, nor that the people’s privacy rights are limited by the state’s claimed need to breach them whenever it declares some emergency. On the contrary, in our republic, the people are sovereign. The government does not have an inherent power to press private actors into its service. (An exception is military service in wartime because, as the Supreme Court observed during World War I, the Constitution expressly empowers Congress to raise armies.)
When legitimate privacy interests exist, it is the government’s burden to overcome them, not the public’s to justify them. The government is the servant, not the master, and very often the master tells the government “no,” regardless of how dire the emergency appears to be. The state does not get to ride roughshod over, say, the privilege against self-incrimination, the attorney-client privilege, or the spousal privilege just because its investigators really, really need the information for the purported greater good of solving a case, or even protecting lives.
These are not easy questions, consideration of which is confined to public-safety cases. They have broad implications, calling for excruciating cost-benefit analyses. In modern society, terrorists and dangerous criminals make up a negligible percentage of information-technology consumers. Vastly more common are innocent interlocutors. So are corporations, health care providers and financial institutions, responsible for safeguarding business records, identification data, intellectual property, trade secrets, medical information, financial assets, credit transactions and power grids, to say nothing of protecting their own formulas for thwarting hackers, fraudsters, identity thieves and so on.
In any society with such a premium on information exchange, and therefore such vulnerability to the compromise of vital or personal information, privacy is not merely a desire. It is a valuable commodity. It would be commercial suicide for Apple to ignore that fact — to fail to appreciate that, if a tech company shows insufficient zeal in safeguarding its customers’ privacy, the customers will shop elsewhere.
The government does not want to hear this, but it has made the situation immeasurably less attractive for companies inclined to cooperate. In an era of increasing regulation and criminalization, the unintended revelation of private information can lead to prosecution and civil liability. Crusading state attorneys general use the power to compel production of sensitive information as a painful financial weapon.
In the post-9/11 era, moreover, government has become cavalier about privacy rights, rationalizing that mass intrusions on law-abiding citizens are the necessary price for minimizing the chance of a terrorist attack, and for avoiding the politically-incorrect use of more discriminating surveillance that would spur complaints about profiling.
The public largely tolerated this approach as long as it believed that the threat was severe, and that the government was sincerely confining its efforts to counterterrorism. Over time, however, as 9/11 has faded from memory, the perception of threat is not profound. Indeed, many entering college today were not yet born when those attacks happened. Perhaps more significantly, the government has serially abused and politicized its investigative powers.
The most worrisome aspect of the Russia “collusion” caper is the erosion of trust in government investigators. National security is one aspect of governance in which our agencies must be able acquire and use intelligence covertly if the mission is to be accomplished. They have to be able to look the public in the eye and say, “You can trust us to wield these awesome powers responsibly — to use them only for their intended purpose of protecting the American people.”
When these awesome powers are used, instead, for political purposes, or to interfere in our electoral process — or when the government makes misrepresentations to courts and harvests the sensitive communications data of innocent people — then the public becomes convinced that the government cannot be trusted to respect privacy.
And when no one is ever held accountable — when officials close ranks to castigate and frustrate examination of their agencies’ performance — the public is apt to say the government can’t be trusted with new powers to intrude on privacy. Americans and their congressional representatives may even decide that the powers already conferred need to be reconsidered.
I worry about this a lot. I worked on terrorism cases. Attorney General Barr is right to suggest that we cannot protect the country without robust investigative authorities, and without the cooperation of public-spirited private actors.
It would be nice if Apple could help the Pensacola investigation without weighing all the competing concerns, and if the Justice Department could afford to make its demands for investigative assistance without self-awareness of its role these last years in fueling public skepticism. But that is not the world we’re living in.
The government does not have an absolute right to commandeer private assistance and intrude on privacy. And tech companies cannot create a backdoor for good-faith investigators to breach the confidentiality of jihadists without making everybody’s confidentiality vulnerable to bad actors, who will figure out how to exploit that backdoor.
This is not a problem for Apple to solve. Nor is it a problem for the courts and the Justice Department to navigate based on case-by-case exigencies. It is a difficult challenge in which Congress needs to weigh all the competing concerns and enact a solution … if there is one.
Former federal prosecutor Andrew C. McCarthy is a senior fellow at National Review Institute, a contributing editor at National Review, and a Fox News contributor. His latest book is “Ball of Collusion.” Follow him on Twitter @AndrewCMcCarthy.