Privacy Vs. Security

By | Updated June 6, 2017 7:45 PM UTC

In 2013, the world first learned that the U.S. was sucking up phone records of hundreds of millions of people, along with e-mails and texts. These revelations, leaked by former government contractor Edward Snowden, showed how the widespread adoption of technology laid the groundwork for data collection on a previously unimaginable scale. Now the U.K. and U.S. have turned their sights on the encryption meant to protect data. This has revived debates over the sometimes conflicting goals of law enforcement and privacy in an age of rising terrorism.

The Situation

Many technology companies began to add encryption to their products and services after the revelations from Snowden elevated privacy concerns. After recent terrorist attacks in Manchester and London, the U.K. government renewed calls for companies such as Facebook Inc. and its subsidiary WhatsApp Inc. to allow investigators access to encrypted services upon request. Encryption was also at issue after the U.S. Federal Bureau of Investigation seized an iPhone used by a shooter involved in a terrorist attack in December 2015. A federal judge ordered Apple to create new software to get past the phone’s password encryption. Apple refused, saying this could threaten the data security of all its customers. The FBI dropped the case after it bought a hacking tool from an outside entity to unlock the phone. In May 2016, Brazil temporarily blocked the WhatsApp messaging service for the second time in five months for failing to turn over data in a criminal investigation. Other data collection issues continue to cause divisions. Last year, the U.K. passed legislation that gave authorities sweeping powers to hack, intercept and retain the communications of all British citizens; the European Union’s top court ruled in December that this “indiscriminate” data collection was illegal. In June, the U.S. Supreme Court agreed to hear a case on whether prosecutors need a warrant to obtain mobile-phone tower records that can show someone’s location.

The Background

The U.S. Constitution established the rights of law enforcement officials to search homes and property with court permission. A Supreme Court ruling from 1979 cemented their rights to reach out to phone companies and determine what calls were made from someone’s phone; no warrant was needed unless the police also wanted to listen in. In the 1990s, the FBI and others began using simulators of cell phone towers, now known as Stingrays, DRTboxes or dirtboxes, to glean data to locate mobile users and intercept their voice and text communications. Then after Sept. 11, the National Security Agency expanded its surveillance programs, including collecting phone records of millions of innocent Americans. Snowden’s leaks about this included details of a program known as Prism, in which the U.S. used court orders to compel companies to turn over customers’ texts and e-mails. After public outcry, Congress voted to stop the NSA’s collection of bulk records in 2015. Under the new system, phone companies store call records that investigators can request with court warrants. Also in 2015, revelations about U.S. data surveillance prompted the EU’s highest court to strike down a 15-year-old “safe harbor” agreement that had allowed American companies to transfer European users’ commercial data to the U.S. In response, the U.S. agreed to strengthened protection for EU citizens.

The Argument

During the FBI’s battles with Apple over encryption, former FBI Director James Comey said that the Constitution’s provisions for searches “couldn’t have imagined any box or storage area or device that could never be entered.” Yet the U.S. Congress and state legislatures are now considering limits to Stingray surveillance, which law enforcement agencies have worked hard to keep secret. Meanwhile, critics have questioned the usefulness of mass data collection. An advisory panel appointed by then-President Barack Obama concluded in 2013 that the NSA’s phone records program “was not essential to preventing attacks” since information could be obtained through court orders. The public has been torn over the balance between security needs and privacy rights, according to polls in the U.K. and U.S. In one survey, a quarter of Americans polled said they changed the way they use their phones, the web, email and texts after learning about the government’s surveillance programs.

The Reference Shelf

  • Congressional Research Service report: “Encryption and Evolving Technology: Implications for U.S. Law Enforcement Investigations.”
  • Scientific American article: “What Is the Big Secret Surrounding Stingray Surveillance?” The Cato Institute explored the legal issues.
  • American Civil Liberties Union report: “How the NSA’s Surveillance Procedures Threaten Americans’ Privacy.
  • Pew Research Center look at privacy in post-Snowden America.
  • Bloomberg news report: “The Behind-the-Scenes Fight Between Apple and the FBI.”
  • A Bloomberg QuickTake Q&A on how the U.K. went after tech firms following the terrorist attacks. 

First published Jan. 23, 2014

To contact the writer of this QuickTake:
Chris Strohm in Washington at cstrohm1@bloomberg.net

To contact the editor responsible for this QuickTake:
Anne Cronin at acronin14@bloomberg.net