In the wake of the San Bernardino shootings that left 14 people dead and 22 others wounded, the debate over encryption between tech companies and law enforcement has reached a fever pitch in the US. The FBI wants Apple to help it crack into the iPhone of Syed Rizwan Farook who, along with wife Tashfeen Malik, carried out the ISIS-inspired attack in December.
Apple has refused, saying that its job is to protect the privacy of its customers. The company contends that the debate shouldn't be framed as privacy or security, but privacy and security. With both sides digging in their heels, the case looks destined for the Supreme Court. Meanwhile, lawmakers in some European countries are taking new steps to broaden government access to big data.
“You see France after the Charlie Hebdo attacks passing a massive new surveillance bill that goes much farther than US law,” says Kevin Bankston, director of the Open Technology Institute at New America, a public policy think tank. “You see the UK right now debating and likely to pass a new law that goes far beyond what US law authorizes.”
European countries have different stances on digital security, but generally are more willing than the US to grant governments access to personal data. Part of the United States’ wariness over government surveillance stems directly from a now-infamous incident in 2013, in which US intelligence worker Edward Snowden leaked secret documents revealing that the National Security Agency was secretly collecting data on millions of Americans. Snowden was both hailed as a hero and condemned as a traitor, but Bankston says quibbling about Snowden’s place in history is “stupid.”
What matters, he says, is recognizing that the release of those documents sparked "a substantial policy debate about security and liberty and privacy that we were not having previously.”
But Bankston says, the Snowden leaks didn't engender the same type of conversation in Europe.
"In terms of surveillance by the government, I think we are in a very interesting situation where Europe is angry at the United States, but is failing to look at its own practices," Bankston says. "The fact is, Snowden at least prompted a debate about the scope of the US surveillance power in the US. It doesn't seem to have done that in Europe. ... Instead what you are seeing is the expansion of surveillance power happening in Europe."
The US also regulates data differently than European countries. Zach Goldman, the director of the Center on Law and Security at NYU explains: "Europe regulates very closely what companies can collect but does not regulate all that closely what European intelligence services can collect. In the United States, the legal regime is almost exactly the opposite. We regulate very, very carefully what the government can collect, but for the purposes of consumer privacy there's a lot lighter legal regime."
This tension was on display in October when a European court struck down a 15-year trans-Atlantic deal between the US and the European Union that allowed international companies like Facebook, Amazon and Apple to move digital information — including social media postings and browser histories — back and forth. The court ruled against the law, called Safe Harbor, saying that it did, in fact, violate Europeans' privacy rights. Lawmakers put a new measure in place in early February called the Privacy Shield, but it's too soon to say whether the same privacy concerns that doomed Safe Harbor will eventually kill it, too.
The US and other countries will continue to grapple with the paradox of personal privacy and collective security — if one thing is for certain, it likely won't be settled anytime soon.