The FBI's battle with Apple over unlocking an alleged terrorist's iPhone 5C continues to drive a high-profile public debate over the question of personal privacy. FBI director James Comey recently added some serious fuel to the fire, telling a group of students during a conference talk that privacy shouldn't be absolute, as Threatpost reports:

“The notion that privacy should be absolute, or that the government should keep their hands off our phones, to me, just makes no sense to me, given our history and our values,” he said.

Comey reiterated several times that the tug of war with Apple was not an attempt to set a precedent and while he’s content the FBI was able to get into the phone, he hopes the conversation around encryption continues. “Litigation is a terrible place to have a conversation, but it’d be a bad thing if the conversation ended,” Comey said.

The director also revealed that the third-party tool the FBI ultimately used to crack the phone won't work on newer iPhone models such as the 5S and 6. However, the FBI hasn't decided whether it will reveal how the 5C's encryption was defeated, either: 

“Should we tell Apple what the flaw is that we found?” Comey asked Wednesday, “If we do, then they’ll fix it and we’re right back where we’re started from.”

Analysis: Comey Invokes a Familar Strawman in the Privacy Debate

"National security administrators often try to wedge privacy advocates with the caricature that 'there is no absolute privacy,'" says Constellation Research VP and principal analyst Steve Wilson. "It's a strawman. No reasonable advocate has ever said privacy takes precedence over everything else."

"If I was to get philosophical—and I am a privacy advocate—then I would have to say that privacy is near the top of Maslow's hierarchy of needs," Wilson adds. "That is, it's not as important as security and safety. And when the going gets tough we do dispense with privacy first."

There are cases when privacy advocates paint themselves into a corner, Wilson says: "The oppostition to encryption backdoors can sometimes sound a little shrill."

Of course there is a reasonable argument against putting such backdoors in encryption algorithms, since by their nature, they will always weaken security. There's also the chance that third parties with ill intentions will discover the backdoor at some point, Wilson says.

But finally, there's the political problem, he adds. "Security authorities, police and so on are prone to overreach," Wilson says. "One of the legitimate fears in the Apple vs FBI case was that granting police powers to crack one phone for one case, will lead to broader and broader application of thoese powers.

But Comey's statements seem to ignore the possibilioty of overreach, Wilson notes. "It doesn't occur to him that the powers he's asking for could be abused one day. Director Comey ought not caricature privacy advocates as demanding absolute privacy or secrecy. What we're asking for is proportionality, accountability, and restraint."

Reasonable privacy frameworks don't insist that personal data is never collected, and they allow for national security interests, Wilson adds. Instead, the point is to collect only the personal data truly needed for a particular task: "If there is a strong case for police to, for example, break into a particular phone, or tap a particular network, then the idea is that the police make their case. And then in principle they can be allowed to collect the right information for the right purpose."

"I tell you what frustrates me in all this," Wilson says. "The debate shouldn't be so hard. Today's standard privacy laws and regulatory frameworks contain within them the very framework needed for a nuanced analysis of security-privacy tradeoffs."

Reprints
Reprints can be purchased through Constellation Research, Inc. To request official reprints in PDF format, https://www.constellationr.com/content/contact-us-0https://www.constellationr.com/content/contact-us-0