NC experts: FBI, phone makers likely to continue encryption fight | McClatchy Washington Bureau

Although the FBI resolved its case against Apple with the San Bernardino iPhone, the broader encryption debate isn’t going away, according to legal experts in North Carolina with insights on national security, privacy and technology.

The FBI’s revelation that it gained access to the San Bernardino shooter’s iPhone without Apple’s help “changes the whole calculus,” said Mary-Rose Papandrea, a law professor at the University of North Carolina Chapel Hill.

“The FBI argument all along has been that they cannot get into the phone without Apple’s help. That undermines their litigation position on that point,” Papandrea said.

Future cases similar to the legal clash between Apple and the U.S. government are likely, she said. Papandrea thinks Congress should debate the issue and consider clarifying in law the obligations of tech companies pertaining to encryption software and compliance during terrorism or law enforcement investigations.

With so many people – voters – carrying iPhones and other devices with encrypted technology designed to protect their personal information, it’s important to know where candidates and lawmakers stand on the issue, Papandrea said.

“We have to decide how much, as a country, we value privacy. . . . That’s a debate that’s not going to end,” she said.

The San Bernardino phone case was different from past instances of government officials asking for phone data or records. Apple’s encryption technology was blocking the FBI and the tech company itself from accessing information on the phone, even though it was in the custody of investigators.

It appeared the only way to gain access was to hack into the iPhone’s famously impervious security software.

That encryption hurdle, Papandrea said, presents a challenge beyond the FBI’s need to unlock just one phone. Encryption technology is crucial to the government’s own data and correspondence, including those federal employees who use Apple phones and products.

In that way, Papandrea said, the debate is “security vs. security,” not just national security vs. personal privacy.

There’s good reason for concerns that creating a “back door” past Apple’s encryption could have unintended implications, Papandrea said.

Apple CEO Tim Cook, a Duke University graduate and member of the school’s Board of Trustees, made that argument in a February letter to customers before the government dropped its suit. The FBI’s request that Apple create a way to circumvent security features, Cook said, could lead to such an encryption bypass falling into the wrong hands, making other iPhones vulnerable to hacks.

The government has argued that Apple’s “doomsday scenario is overblown,” Papandrea said.

While she hasn’t made up her mind about whether companies should be required to develop such encryption-breaking software, Papandrea said Apple’s concern was a legitimate one.

Apple’s legal spat and the FBI’s success in getting into the phone anyway may inspire “legitimate companies to get into the business of cracking phones and other high-tech devices for law enforcement,” Duke University professor Charles Dunlap Jr. said in an email. Dunlap is the director of Duke’s Center for Law, Ethics and National Security and a retired Air Force major general who served as a military trial attorney and judge.

Tech companies, he said, would be better off complying with court orders or developing their own ways to access their devices. Otherwise, companies risk having no control over others who “set up shop to serve law enforcement in these situations.”

Congress may have the power to gain compliance from companies such as Apple if federal lawmakers create “a cause of action” that would let victims of terror attacks and other crimes sue technology companies, Dunlap said.

If companies know, for example, that they could be found liable in court if their encrypted devices were used in crimes, they may be interested in providing access to the devices to prove the companies had no liability. Or, Dunlap said, those companies can accept the liability and “inject that cost into the price of the device.”

“We’ve learned that big business – auto manufacturers, drug makers, chemical giants, tobacco companies and more – too often need to be incentivized by the fear of lawsuits in order to take actions to protect the general public’s safety,” he said. Dunlap added that he thinks “one of Apple’s motives for resisting the court order centered around their financial interests and their brand.”

Finding the balance between privacy and security has been mostly left up to courts on such cases, a process that seems to be working, Dunlap said. If society decides it wants more privacy than existing laws provide, “we ought not kid ourselves that there is no cost to doing so,” he said.

“It is certain that every terrorist, drug dealer, Wall Street cheat, sex slaver and crook of every variety will use a secure device if they think it will shield them from law enforcement,” Dunlap said. “And, to the extent that using such devices fulfills that desire, we have to expect and accept more terrorism and more crime.”