Americans want their cyber data to be safe from prying eyes. They also want the government to be able to catch criminals. Can they have both?
It’s an especially pertinent question to ask at a time when concerns over Russian hacking are prevalent. Can we expose lawbreakers without also putting law-abiders at greater risk? After all, the same iPhone that makes life easier for ordinary Americans also makes life easier for criminals.
Manhattan District Attorney Cyrus Vance Jr. has described the operating system of the iPhone as “warrant-proof,” saying criminals are using the devices — encrypted by default — to their advantage. In one instance, he quoted an inmate who, ironically, called the iPhone a “gift from God.”
Divine involvement is a matter of debate, but there’s no question that when it comes to the choice of breaking the cybersecurity of criminals without also endangering the personal data of ordinary Americans, well, the devil is in the details.
This is especially true given the evolving nature of the threat. Even if we wanted to give the government access to all the metadata it wants (when, where, and who called), technology is moving away from phone calls to text messages and other non-telephony applications. Traditional metadata will be of limited use to law enforcement in pursuit of the savvy criminal of the future. Law enforcement needs to develop new strategies and investigative techniques without making us all prey.
It’s nearly impossible to assess the total monetary value for all successfully prosecuted cybercrimes in the U.S., let alone estimate the number of criminal cases that would have fallen apart without access to a smartphone’s data. The Department of Justice doesn’t publish such data. But, according to the 2014 Center for Strategic and International Studies report “Net Losses: Estimating the Global Cost of Cybercrime,” global cybercriminal activity is valued at $400 billion a year. Cybercrime damages trade, reduces competitiveness, and limits innovation and global growth.
The fundamental problem is that no one in the government is responsible for securing the internet for all of us. The Department of Homeland Security is responsible for safeguarding our nation’s critical infrastructure, yet the insecure internet presents cyberthreats to non-enterprise users affect individual security, safety and economic prosperity. Who is responsible for their security?
Some elements of the federal government are so focused on hunting down information against a few horrendous criminals that they don’t seem to realize they’re doing it at the expense of our right to privacy and online protection. We can appreciate their dedication in these noble causes, but the fact remains that the internet has become a host to more and more personal information ever since Steve Jobs introduced the first iPhone.
Since then, the smartphone has evolved to have much more control over our lives, homes and vehicles. There is no sign of less data being held in the cyberspace.
In attempting to square this cyber-circle, the government would be wise to take a cue from the medical profession, which uses the Hippocratic oath to dictate an underlying requirement to refrain from causing harm to patients.
There is no such oath for members of the Department of Justice. They simply affirm that they will faithfully execute their duties without affirming that they will do so without harming the citizenry as a whole.
DOJ lawyers focus on individual prosecutions. That is too narrow of a definition of success. It forces them to use all means they can muster to make their prosecutions successful with little or no consideration of the larger harm their efforts may cause to the population in general.
That is a problem today and will only be magnified in the coming years as technology advances and the gap between those advances and the DOJ’s understanding of them widens. Within this environment, where insecurity breed’s criminality and stopping individual high-value criminals can motivate the DOJ to undermine security, one can only wonder, who is responsible for our security?
The world has changed. A new paradigm is needed to ensure the safety and security of all American’s data predicated on applying airtight security to our data. There is no return to the past. Perhaps the Trump administration will make this need for security a priority in a manner the previous administration did not.
A former acting director of the Defense Intelligence Agency, David R. Shedd is a visiting distinguished fellow in The Heritage Foundation’sDavis Institute for National Security and Foreign Policy, 214 Massachusetts Avenue NE, Washington, D.C., 20002; Website: www.heritage.org. Information about Heritage’s funding may be found at http://www.heritage.org/about/reports.cfm.