The terrorist attack on London committed by Khalid Masood last month has once again pushed encryption (section 1.2 of the ITGS syllabus) into the news. British intelligence services revealed that Masood used WhatsApp in the moments before his attack. However, the system’s encryption prevented them reading the messages. Increasingly encryption is stumping law enforcement’s ability to read suspects’ data, and this stirs debate between individual privacy and national security. Here are five cases where encryption and law enforcement have clashed:
London terrorist attack, March 2017
On 22 March 2017 Khalid Masood killed 4 people in an attack in Westminster in London. In the days after the attack the British intelligence service MI5 revealed that Masood had used WhatsApp before the attack. This was discovered by examining metadata from the service – for example, details about the times of contacts.
However, encryption used by WhatsApp meant that security services were unable to view the contents of the messages themselves. This prompted British Home Secretary Amber Rudd to insist police officers should be able to “get into situations like encrypted WhatsApp” and declare that encryption should not provide a “hiding place” for terrorists.
United States, March 2017
On March 21 2017 a US man was ordered by a judge to provide access to his encrypted hard drive. The man has been held in prison – without charge – for 18 months accused of possessing indecent images. After his arrest police were able to decrypt his Mac Pro computer and found evidence to “suggest” his external hard drive contained more indecent images. However, they were unable to decrypt the drive. The man’s lawyers say forcing him to decrypt the hard drive would break the 5th Amendment (the right to avoid self incrimination). They also say the case breaches the 6th Amendment, which guarantees a speedy trial. It is unclear whether the man will now provide the passphrase to decrypt the hard drive.
Florida, December 2016
Florida Court of Appeal’s Second District ordered a man suspected of taking indecent images to reveal the passcode to his iPhone. The encrypted nature of the iPhone’s storage meant the passcode was essential to decrypt it. A lower court ruled that the man may be protected by his 5th Amendment right to protect against self incrimination. However, the appeal court overruled that decision. Much of the discussion centred on previous cases – where it has been ruled that a defendant can be ordered to give up a physical key (e.g. to a strong box) to police, but cannot be ordered to reveal the combination to a safe (which is held in the defendants head).
Apple Touch ID system, May 2016
A court ordered Paytsar Bkhchadzhyan from Los Angeles to unlock her iPhone device using her fingerprint. As iPhone storage is encrypted and the device was locked with Apple’s Touch ID, this was the only way for police to access the data. Again, Bkhchadzhyan’s defence claimed a 5th Amendment protection, but this was overruled by the court.
Pennsylvania, April 2016
A former police officer was sent to prison for refusing to unlock two encrypted hard drives. A lower court had ruled that the man could not be compelled to unlock the devices, but this was overturned by a Federal court. After claiming his 5th Amendment right and declining to testify, the man was sent to jail – where he has been held for 7 months. The judge said he would be held “until he complied”.
Apple vs FBI, 2016
This is one of the more famous cases involving encryption. The FBI took Apple to court in an attempt to force them to unlock a protected iPhone. The phone belonged to Syed Rizwan Farook, who killed 14 people in a terrorist attack in California. The FBI wanted to search the device to find evidence of others who may have been involved in planning the attack. To complicate the issue, iPhones can be configured to auto-erase their contents if an incorrect passcode is entered multiple times. The FBI sought to compel Apple to disable this functionality on Farook’s phone. They also wanted Apple to remove the delay between entering passcodes (which is designed to stop people randomly trying a large number of different codes). Apple argued that they had no facility to perform these tasks. They also claimed they would need to write special software to do what the FBI wanted, and that writing this software would amount to “compelled speech” which violates the First Amendment. Eventually the FBI were able to access the contents of the phone with help from a third party.
ITGS – TOK classroom discussion questions
These cases are extremely relevant to ITGS students as encryption clearly provides major benefits to many stakeholders. Without strong encryption, online banking, online business, and online healthcare would be impossible. Even logging in to a social network or email account would be much riskier if login details were not encrypted. However, criminals and terrorists can also use encryption to hide their communications and data from law enforcement. These cases also raise several ITGS-TOK links and provide ample opportunity for classroom discussion.
- Should law enforcement be able to compel a suspect to reveal knowledge of a password? Does this apply to other types of knowledge?
- Where is the line between individual privacy and national security – and how does this relate to the TOK concept of utilitarianism?
- What challenges are faced when trying to apply existing laws to rapidly developing new technologies?