I just watched the debate presented by IQ2: Debating the Constitution: Technology and Privacy and I have some thoughts on privacy rights, technology, and the balance.
I was going to describe this in philosophical rants but decided technical people might find it more interesting.
My first observation is one should never hold a legal-technical debate with either all-lawyers or all-technologists. They seem to think ex-government secretaries and law professors are the ideal representation, in fact neither are, because they are jaded by old precedent and are already present in the law as they sit. The law of the future will be written by those fighting new cases right now. Privacy/rights arguments are always two-headed and without both expertises present the discussion is as complete and stable as a two-legged chair. One needs to volley from technically feasible to publicly advantageous and back again. One must consider technologies like encryption at the same time as the legal implication for and against it at every turn. You get no debate without a profound knowledge of both applied equally to each point. So I found the debate lacked real debate.
The debate itself was generally known arguments. It was all plowed ground, no new or interesting spins on interpretation. There is a balance between security urgency for the public good and the civil rights of the individual and company in the long term. The balance must be weighed and the tension considered at every instance where the two competing interests conflict.
So let me share with you my impressions.
Firstly, I start with an expression by Winston Churchill,
"Science bestowed immense new powers on man, and, at the same time, created conditions which were largely beyond his comprehension."
It doesn't matter if you are talking about nuclear fission or radar, or networked computers, mankind builds technology generally with a singular purpose at first, because he is distracted by the considerable task in making it work, and then later, often by people that are not familiar like lawyers, the interpretation as to use or purpose is very different. W. Brian Arthur warned in his book The Nature of Technology that ALL technology has unintended consequences. It has always been this way and probably always will.
Mankind never gets out ahead of his knowledge far enough to look back and pause. I state this as a truism.
With that in mind, what at first is lacking is a direct symbiosis of lawyers and engineers to describe how new technology works. If we had this, a meeting of the minds, lawyers could ask for technology to do things in a certain way that makes it both helpful and private. Then engineers would design it with this end in mind, not as an afterthought.
Instead we have lawyers looking back and asking for descriptive help, can you fix this, can you invade this phone, in ways that aren't necessarily legal or aren't necessarily practical.
What is needed is lawyers to ask for prescriptive help, it would be better if technology arrived at this, or delivered this fact. This would solve problems before they happened. It is almost a pipe dream in a non-planned capitalistic society to wish for this kind of planning.
So, in reality, we have what Apple and other tech companies do.
They design products now for the single purpose they see, and they react to what the government asks for balancing both what is commercially important to them and within the law.
I called this post federal legal overreach, because that describes perfectly the facts I have laid out. Companies huddle to make something, the government overreaches into that technology, and demands access to some of it a posteriori to the design stage.
The single biggest problem with this state of affairs isn't that both sides are doing the best they can to achieve competing objectives in tension. The problem is that it's always a one-way transaction. If there was a meeting of the minds, one might counterbalance demands with solutions that go farther to meet companies' rights and individual privacy as well.
Instead, there should be a law that obligates the government to cooperate to the same level they expect companies to to safeguard all rights not just in the moment but over the long haul. That would make company objections less potent, because right now they use engineering to avoid lawyers, instead of using lawyers and engineers at the same time to achieve both objectives.
For example, yes it's always compelling when a terrorist phone might break up a terror network and stop an attack. No sane human would object to the characterization this was a security threat and in the public good that government should ask for and get help. What is forgotten long after this one phone hack request is what happens to that data, where is the government obligation to exceed expectations in the safe-keeping and destruction? Lawyers lose evidence, facilities are stolen from. Where is the expectation on the government to fulfill the companies' obligations to clients when they demand access.
Why should a company open a phone wide open forever for a government? Why can't it encrypt and decrypt a copy for a time-limited period that automatically destroys itself? Right now it's an all-or-nothing proposition based on arguments above.
The government's expediency justification would be moot if there was a jointly-designed encryption and storage system made by both the companies and government. If the data was hidden but accessible, then they can spend time and effort on applying to the courts a valid argument instead of drag-netting the internet and bypassing both.
If the US government can store nuclear waste for eons, and collect intelligence from global networks illegally or extra-legally, why can't this same government collect private data in an agreed encrypted form from companies and networks that it can access only in justified cases for limited uses?
With a pre-made solution, a court could rule they can access a phone's contacts or credit card data, or messages, or some or all of the above. With a defined system it can be made specific to limit overreach. The order wouldn't read anything for all time, it could specify from and to time dates.
At the same time, the government access to data would be limited and time-dependent. That would go a long way to assuring that there are few unintended consequences of data spill into the open. They would have to safeguard and account for all data in a responsible and obligated way.
Of course, until they invite new people with new ideas, these debates would remain steeped in the present dogma.
I was going to describe this in philosophical rants but decided technical people might find it more interesting.
My first observation is one should never hold a legal-technical debate with either all-lawyers or all-technologists. They seem to think ex-government secretaries and law professors are the ideal representation, in fact neither are, because they are jaded by old precedent and are already present in the law as they sit. The law of the future will be written by those fighting new cases right now. Privacy/rights arguments are always two-headed and without both expertises present the discussion is as complete and stable as a two-legged chair. One needs to volley from technically feasible to publicly advantageous and back again. One must consider technologies like encryption at the same time as the legal implication for and against it at every turn. You get no debate without a profound knowledge of both applied equally to each point. So I found the debate lacked real debate.
The debate itself was generally known arguments. It was all plowed ground, no new or interesting spins on interpretation. There is a balance between security urgency for the public good and the civil rights of the individual and company in the long term. The balance must be weighed and the tension considered at every instance where the two competing interests conflict.
So let me share with you my impressions.
Firstly, I start with an expression by Winston Churchill,
"Science bestowed immense new powers on man, and, at the same time, created conditions which were largely beyond his comprehension."
It doesn't matter if you are talking about nuclear fission or radar, or networked computers, mankind builds technology generally with a singular purpose at first, because he is distracted by the considerable task in making it work, and then later, often by people that are not familiar like lawyers, the interpretation as to use or purpose is very different. W. Brian Arthur warned in his book The Nature of Technology that ALL technology has unintended consequences. It has always been this way and probably always will.
Mankind never gets out ahead of his knowledge far enough to look back and pause. I state this as a truism.
With that in mind, what at first is lacking is a direct symbiosis of lawyers and engineers to describe how new technology works. If we had this, a meeting of the minds, lawyers could ask for technology to do things in a certain way that makes it both helpful and private. Then engineers would design it with this end in mind, not as an afterthought.
Instead we have lawyers looking back and asking for descriptive help, can you fix this, can you invade this phone, in ways that aren't necessarily legal or aren't necessarily practical.
What is needed is lawyers to ask for prescriptive help, it would be better if technology arrived at this, or delivered this fact. This would solve problems before they happened. It is almost a pipe dream in a non-planned capitalistic society to wish for this kind of planning.
So, in reality, we have what Apple and other tech companies do.
They design products now for the single purpose they see, and they react to what the government asks for balancing both what is commercially important to them and within the law.
I called this post federal legal overreach, because that describes perfectly the facts I have laid out. Companies huddle to make something, the government overreaches into that technology, and demands access to some of it a posteriori to the design stage.
The single biggest problem with this state of affairs isn't that both sides are doing the best they can to achieve competing objectives in tension. The problem is that it's always a one-way transaction. If there was a meeting of the minds, one might counterbalance demands with solutions that go farther to meet companies' rights and individual privacy as well.
Instead, there should be a law that obligates the government to cooperate to the same level they expect companies to to safeguard all rights not just in the moment but over the long haul. That would make company objections less potent, because right now they use engineering to avoid lawyers, instead of using lawyers and engineers at the same time to achieve both objectives.
For example, yes it's always compelling when a terrorist phone might break up a terror network and stop an attack. No sane human would object to the characterization this was a security threat and in the public good that government should ask for and get help. What is forgotten long after this one phone hack request is what happens to that data, where is the government obligation to exceed expectations in the safe-keeping and destruction? Lawyers lose evidence, facilities are stolen from. Where is the expectation on the government to fulfill the companies' obligations to clients when they demand access.
Why should a company open a phone wide open forever for a government? Why can't it encrypt and decrypt a copy for a time-limited period that automatically destroys itself? Right now it's an all-or-nothing proposition based on arguments above.
The government's expediency justification would be moot if there was a jointly-designed encryption and storage system made by both the companies and government. If the data was hidden but accessible, then they can spend time and effort on applying to the courts a valid argument instead of drag-netting the internet and bypassing both.
If the US government can store nuclear waste for eons, and collect intelligence from global networks illegally or extra-legally, why can't this same government collect private data in an agreed encrypted form from companies and networks that it can access only in justified cases for limited uses?
With a pre-made solution, a court could rule they can access a phone's contacts or credit card data, or messages, or some or all of the above. With a defined system it can be made specific to limit overreach. The order wouldn't read anything for all time, it could specify from and to time dates.
At the same time, the government access to data would be limited and time-dependent. That would go a long way to assuring that there are few unintended consequences of data spill into the open. They would have to safeguard and account for all data in a responsible and obligated way.
Of course, until they invite new people with new ideas, these debates would remain steeped in the present dogma.
