A Response to Sam Harris on Apple, FBI, Encryption and Privacy!

Sam Harris has often taken very informed and sound positions on many topics, but this one seems to be slipping away from him. In a recent portion of his podcast, he makes several claims, which I will respond to. Please note that Sam has said that he’s still forming his opinion on this matter, so I hope that this letter can be helpful in that respect.

Also note that what Sam Harris is arguing is not actually responding to the particulars of the Apple case, but to a more general point. The Apple case is about whether or not the government should have the right to force a private company to develop solutions which devalue their product. They’re spinning it as a big effort to protect our privacy, but they’re fully aware of the ramifications should they be forced to build a backdoor. Sam might not be aware of the Clipper Chip, but it was a very similar effort on the part of the government and it failed miserably. If Apple builds a backdoor, which compromises their customer’s privacy, then their brand and their product will be highly devalued. A competitor, which does provide strong encryption without a backdoor, will have a more valuable product. Sam doesn’t actually address this point, but he makes a claim which speaks to a general issue of whether we should expect to have perfect privacy at all. The answer is a bit complicated, depending on the context of the privacy you’re seeking to have. Different contexts could have immensely different consequences, should your private information be exposed.

The Cult of Privacy

Sam, you describe a fictional group of individuals, who you then proceeds to address. I say fictional, because there may be some really confused and uninformed individuals, who may in fact hold that view, it’s largely not the case for many more out there:

“Your texts, and e-mails, and photos, and medical records, and browser history, are so precious and sensitive, that no human purpose could justify their being viewed by others without your consent. No court order, no reasonable suspicion, could justify government intrusion into your privacy, then you’re a devotee of this faith.”

There seems to be a logical fallacy in that statement, and while I can’t readily identify if it’s equivocation, a straw man, or something else, it basically boils down to this: believing that no human purpose can justify another person viewing your information without your consent is not the same as believing that no government agency should be intruding into your privacy.

And there is a huge difference! If some random person off the street gets a hold of my private text messages, then I’m not really concerned that this information can be misused against me. However, if I’m the subject of a government investigation, whether justified or not, then I will have serious concerns about my rights. Even more, if I’m the subject of an unauthorized government intrusion, then I will be extremely concerned about my well being! And despite having a very good judicial system in the US, we’ve seen plenty of innocent people being sent to jail whether by error, by malice or by serious abuse of power. If the government is investigating me, then I would want all of my constitutional rights to be protected! My freedom would depend on it! It is my fifth amendment right to not incriminate myself. As in the case of United States v. Hubbell, this includes refusing to disclose something of value which may incriminate me. The Supreme Court hasn’t ruled on whether disclosure of private keys is self incrimination, but a number of lower courts have and there would be a serious implication on the 5th amendment if it’s not the case!

Is Tim Cook the Last Line of Defense Against Theocracy?

No certainly not. The last line of defense against theocracy is the protection of my privacy. Tim Cook cannot break PGP, Tim Cook is not the person I want to rely on for my defense. However, if Tim Cook has sold me a product equipped with strong encryption, but he’s put a back-door for the government, then I’d like to know about it. If there is indeed a back door for the government, then I’m not going to buy Tim Cook’s product, and I’ll buy another product.

Total Lack of Trust in Government

Even if the government produces a completely valid search warrant, it is still my 5th amendment right not to incriminate myself. It really doesn’t matter how valid their search warrant is, how much I love or hate the government, how much I trust or distrust the Supreme Court, how guilty or innocent I may be, or how heinous of a crime I may or may not have committed. I have the right not to incriminate myself! No search warrant can take that right away from me, and having back doors to encryption would definitely compromise my rights!

How and When Our Government Should Have Access to Our Private Information?

The answer is not “never”, the answer is “whenever I feel like I’m not incriminating myself.” Every person should be allowed a fair trial, regardless of how horrible of a crime they’re accused of. If my freedom is at stake, then I would want to ensure that I have all the tools, necessary to protect myself, at my disposal. This is not about whether or not I want to grant the Islamic State access to perfect encryption. The truth is that they already have access to perfect encryption in the form of hundreds of open source encryption algorithms, and no matter what Tim Cook puts in his product or the government demands that Tim Cook puts in his product, that will ever change! So the argument that protecting our 5th amendment rights is somehow aiding terrorists is patently absurd.

The Government Should Have No Tools Whatsoever, With Which to Combat the Threat of Nuclear Terrorism

Again, this is a gross misunderstanding of what’s at stake here. The US government has a $1.5 trillion dollar military budget per year, so we’ve given them plenty of tools to combat the threat of nuclear terrorism! If the government is complaining that they don’t have enough tools to combat nuclear terrorism, then I’d be seriously concerned about how they’re spending that $1.5 trillion USD. What we don’t want to give them, is the ability to forgo our 5th amendment rights. Simply having a search warrant is not enough to compel me to incriminate myself.

But You’ll Post Pictures of Yourselves Half-naked on Instagram

Yes, and that’s my right too! And if I’m using a corporation which requires me to disclose a large amount of private information, then it’s my right to engage in a contract with them as I see fit. It is entirely up to me what I do with my information. If the government has access to things that I’ve publicly shared, then I’ve waived my 5th amendment right in regards to that information. However, if I’ve encrypted my hard drive and I’m not willing to share my password with the government, then I’m definitely not waiving my 5th amendment right.

The Prediction

However we resolve the challenges of information security, there is going to be some legal process where governments can spy on us, or publicly demand our data. When the totality of threats in the 21st century is understood by rational adults, some role for government intrusion into our affairs, some legal process, whether overt or covert, some way of scrutinizing the behavior of dangerous people, will remain necessary and and inevitable.

That’s very accurate and that’s why the public has granted the government with $1.5 billion dollars per year as part of the defense budget. However, just because rational adults understand that we need the government to protect us, those rational adults also understand that we shouldn’t waive our constitutional rights in the process. Furthermore, no amount of intrusion into our privacy will actually stop the terrorists from having the ability to have perfectly encrypted communications. The encryption algorithms are open sourced, the tools to use them are open source and they’re all accessible to everybody, including the terrorists. It is completely impractical to think that just because Apple is forced to sell insecure products to the public, then that would actually stop terrorists from being able to communicate in secret. It may hamper their efforts, but at the cost of our privacy and/or our constitutional rights.

Unsolved Murders

Sam also discusses the event of unsolved murders, due to the police being unable to unlock the victim’s phone (which may hold the answer to the murder). This analogy is the emotional response combined with the lack of technical knowledge to figure out the solution. We’re increasingly leaving a larger digital footprint than ever before, and to many people it may become very important to leave a digital will. There already companies which deal with that! If the public has such a concern, then there is a technical solution for it, which again, does not expose our privacy or violate our 5th amendment rights. It’s called multi-signature encryption and it works by allowing encrypted data to be decrypted by M of N keys. I can authorize several members of my family to decrypt my phone, in case of an emergency or the unfortunate event of my death. The decryption would require something like 2 out of 3 encryption keys (or 3 out of 5 keys, or any other combination of keys), and the people that ultimately have access to my private information will be my loved ones. This is the equivalent of my family signing off on my death certificate and unlocking my private information in order to aide the investigation. Again, I would be in total control of my privacy and I would have entrusted it to people I love, without compromising my rights. Some of these solutions may eventually become a standard offering in iPhone or Android device.

So no, there is no need to grant the government with a backdoor, because it would neither solve the problem of protecting us, nor would it be constitutional. It would be highly unprecedented and damaging to people, corporations and the fabric of our society!