Device makers, telecoms face competing government demands on privacy

Pieces of an iPhone are seen in a repair store in New York, February 17, 2016.

Reuters/Eduardo Munoz/File photo

For tech companies, there was a confounding juxtaposition in the news this week.

On Monday, the Federal Trade Commission and the Federal Communications Commission announced a joint effort to assure that businesses are safeguarding their customers’ data. The FCC sent a letter to mobile carriers, citing “a growing number of vulnerabilities … that threaten the security and integrity of a user’s device and all the personal, sensitive data on it,” and asking how carriers address those vulnerabilities.

The FTC simultaneously ordered eight manufacturers of mobile devices to respond to a detailed set of questions about how they update the devices’ security protections and keep customers informed of those updates.

Meanwhile, on Wednesday, as Julia Harte reported for Reuters, FBI Director James Comey said in press briefing that he expects to keep litigating to force companies like Apple to help investigators access their customers’ data.

Terrorist groups rely on encryption, Comey said, suggesting – as the government argued throughout its attempt to compel Apple to help crack security on an iPhone used by the San Bernardino shooter – that law enforcement agencies believe they are entitled to assistance from tech companies.

So, one set of government agencies is pressuring mobile companies to keep customer data secure while another segment of the government is pressuring the same companies to help investigators access data.

And on the criminal front, we are not talking about an incidental number of customers. Comey told reporters Wednesday that the FBI has examined about 4,000 devices since October, but that’s just one aspect of the government’s data excavation.

In a must-read essay published Friday on the website justsecurity.org, U.S. Magistrate Judge Stephen Smith of Houston estimated that state and federal courts may be issuing a half-million secret surveillance orders every year.

Apple, Microsoft and other mobile companies have been pushing back against government data demands. (The Electronic Frontier Foundation publishes a handy scorecard, Who Has Your Back?, on the compliance policies of 24 social media, telecom, mobile device and Internet companies.)

In response to Apple’s opposition, the Justice Department accused the company of putting its business interests ahead of national security. According to the government, tech companies know their customers are worried about keeping their personal information private, so the companies put on a show of opposing court-authorized investigative requests.

Now Apple and fellow tech companies can point out that the federal government itself, via the FCC and FTC, is pestering them to prioritize the protection of customer data.

Is there a perfect balance between data privacy and law enforcement? It seems elusive in these relatively early days of the mobile revolution, with Congress so far reluctant to define the responsibilities of the private companies we entrust with our personal information and courts muddling through case-by-case facts. And as we saw this week, the executive branch is of at least two minds about the primary obligations of tech companies.

For lawyers (and reporters), the double-sided squeeze on tech companies makes for interesting work. But as mobile device customers and citizens, we’d better hope for consensus to emerge.

(Reporting by Alison Frankel. Editing by Alessandra Rafferty.)