On a recent morning in Sao Paulo, Brazil, Diego Jorge Dzodan was arrested on his way to work, because of his work. Dzodan is Facebook’s Latin American Vice President. Police took him into custody after a daily fine amounting to about $250,000 failed to compel Facebook to reveal personal information about several of the 100 million Brazilian users of the Facebook-owned messaging service WhatsApp. Police say the WhatsApp users were involved in organized crime and drug trafficking. For its part, WhatsApp could not have complied with police if it wanted to. By design, the service uses end-to-end encryption and does not store its users’ data. Dzodan spent the night in jail.
The standoff was a particularly brutal variation of the fight currently raging between Apple and the FBI. Dzodan’s experience highlights the complicated balancing act between law enforcement and the efforts of many technology companies to provide basic privacy and security in the digital age. It also shows just how much law enforcement agencies around the world want to have access to all of our digital communications and personal data.
And when it comes to personal data, there’s a lot of it. Most of the critical details that make up who we are is being collected by private companies. Some of them have familiar names, some don’t, but the collection is enormous. It is easy to see why it would be tempting to the world’s police.
There are technologies like wi-fi sniffers that can track your movements in department stores, and audio beacons that use imperceptible sounds to connect devices like TVs and smart phones. Companies like Rocket Fuel brag about their use of artificial intelligence to create targeted political ads that hit you at your most vulnerable. Stored searches and data brokers comb public records and then auction that personal data off for pennies. Technology has created a shockingly accurate personal electronic visage of you, a ghost in the machine. As fictional President Frank Underwood’s adviser says in the latest season of House of Cards: “If you know what people are searching for, you know everything, their hopes, their fears, what they think about when they are staring at the ceiling in the middle of the night.” It’s true.
Until now that surveillance economy has driven Silicon Valley. Information, as they say, is the new oil. But what happens when companies try to hold onto it, use it as a part of their service, but reassure you it is safe? Law enforcement interest aside, can they even realistically make that claim? Barely a week has gone by in the last year where there hasn’t been an enormous data breach. Some companies are minimizing the data they hold, not wanting to find themselves either an arm of law enforcement or a victim of an attack. That collected information is becoming a liability. As someone told me at the recent RSA security conference in San Francisco, instead of personal data being the new oil, it is becoming the new asbestos. Many government departments believe strong encryption is critical for national security, after all more than 21 million records were at risk from a massive and damaging data breach at the United States Office of Personnel Management.
What the FBI is compelling Apple to do is create a tool to undermine one of their main security features, a tool that once created could also be used by criminals and foreign governments. Law enforcement in Brazil doesn’t just want Facebook to turn over data, they want WhatsApp to be an entirely different product, one in which they have some say in its design. That raises a pretty critical question: Should a government be able to force a company to make the sort of product they think best helps law enforcement? Where does this stop? Think “Internet of things” when self-driving cars could theoretically auto-lock and drive a suspect to a precinct, at the request of how many governments?
We are in the middle of the second crypto-wars. Since I’m a filmmaker I can’t resist adding the tagline “this time, it’s personal.” To have a future any of us want to live in we need individual freedom, privacy and basic security for the information that is now the foundation of our lives. Real national security, and human rights depend on encryption. We cannot throw out basic civil liberties and protections just because we live in the digital age.