Apple, Privacy, POPI and Cybercrimes
Anyone who's ever lost their cell phone knows how lost you feel without that cell phone. Technology is part of life. We live, record our lives and communicate using technology without a second thought. The records we create and send to others often include extremely personal information which can be used to identify us. With the advent of social media and the pervasive use of computers and the Internet, there are probably records stored on some server somewhere about everything from our health, financial information, our children right down to what we had for breakfast. When the Protection of Personal Information Act (POPI) comes into operation, it imposes some specific safeguards for personal information consistent with the right to privacy guaranteed by the Constitution. Those safeguards apply to companies as much as individuals.
Apple's recent fight with the FBI against a court order compelling it to develop a backdoor to its encryption systems highlight the increasingly precarious balance of law enforcement's justifiable desire to enforce the law and protect the safety and security of those threatened by terrorism and crime with the right to privacy. The FBI withdrew its case against Apple at the end of March 2016.
Apple’s court papers make interesting reading. There is the obvious commercial point that developing a backdoor to its encryption would undermine the security, and consequently the intrinsic value, of its products essentially leaving it with nothing to sell. Apple also makes the point that creating the back door software is opening Pandora's box. That software will have enormous value in the criminal market and become an immediate target for criminals. And Apple correctly points out that it is unrealistic to think that the software would not become available to criminals. The software would also would also give government extraordinary power to spy on individuals. In South Africa where memories of powers abused under the states of emergency are relatively fresh, our constitutional rights to privacy are especially precious.
Apple makes the point in its opposing arguments that the court’s order forcing Apple to spend a fortune developing software which does not currently exist and which will destroy the security of Apple’s products creates a very dangerous precedent. What, Apple asks, is to stop the government forcing technology companies to develop software switches that can be used to turn on the microphones and cameras on any computer allowing the government to listen in to or watch private individuals. Big Brother will truly be watching you.
Hot on the heels of the Apple dispute has come the implementation of end-to-end encryption of messages by What's App with effect from 5 April 2016. Not even What's App can read the messages sent using its application. Is this an attempt to make it pointless for governments to try and get orders against tech companies forcing them to help hack their own tech?
The world really is a small place and it is interesting to think about how the Apple dispute would have played out in our courts against the background of the Constitution and POPI. One hopes that the right to privacy, supposedly given practical effect by POPI would prevail but its worth bearing in mind though that the protections granted by POPI are subject to a number of exceptions including allowing the disclosure of personal information when permitted or required by law. Not only do we have extremely widely framed statutes dealing generally with organised crime and terrorism but the draft Cybercrimes Bill with its far-reaching and draconian powers may also become part of our legislative landscape. That bill doesn't go as far as the Apple order but at the moment it is only a bill. And even the intention it demonstrates in its present form is frightening for business and individuals.
The Apple dispute hasn't gone away. The fight has simply been postponed. It isn’t simply someone else's problem either, but an issue we are likely to see in our own courts.