When security endangers safety

A look into the ethics behind Apple's privacy policy

Map of Huaraz, Peru where Galganov's location was last pinned.
Map of Huaraz, Peru where Galganov's location was last pinned.
Credit: 
Screenshot of google maps

According to his mother, Jesse Galganov used his iPhone to contact his loved ones every day, as most of us do. Now Galganov is missing, his mother is fighting for Apple and T-Mobile to tell authorities where and when he last used it and in this case, common sense appears to have been suspended.

CBC reports that on Sept. 28, the 22-year-old Galganov texted his mother, Alisa Clamen, from Peru, informing her of his plans to go on a four-day hike and that he would contact her again on Oct. 2. The Montrealer had landed in Lima on Sept. 24 to begin an eight-month-long backpacking trip through South America and Southeast Asia before beginning medical school in Philadelphia. But after Sept. 29, all communication from his phone stopped and nobody has heard from him since.

Travelling alone, Galganov shared his location with his mother through the Apple feature “Find my Friends.” According to the Montreal police report, the last location indicates Galganov  was in Huaraz, 400 km north of Lima, at 4:53 p.m. on Sept. 28. His T-Mobile account, to which his mother has partial access, indicates the last time his iPhone connected to the Internet was at 4:52 a.m. on Sept. 29.

At press time, Peruvian authorities had received limited co-operation from Apple and T-Mobile. But further clues about Galganov’s movements and contacts around that time remain locked, despite his mother’s pleas.

To access another person’s “Find my iPhone” location, a 90-hour account recovery process is started, contingent on an international law enforcement agency’s request to release the information. On Oct. 15, Ms. Clamen contacted Apple through Interpol and the RCMP to initiate this process.

Apple has yet to respond to her request on the grounds that sharing Jesse’s information is considered a violation of his privacy.

This is standard Apple policy – after the 2015 San Bernardino shootings in California, the company refused both FBI and federal Justice Department orders to unlock the shooter’s iPhone. The company argued the creation of a “backdoor” to unlock software would cause security risks and create a dangerous precedent for other organizations to access encrypted data.

In principle, Apple’s entrenched respect for the privacy of others is legitimate. But where is the line drawn? At what point does the relentless protection of privacy become a danger in itself?

Queen’s Political Studies professor Andrew Lister told The Journal though we tend to focus on the specifics of a life-or-death situation, Apple must operate by a general policy that applies to many different cases. That policy is “applied by imperfect human beings with limited information,” according to Lister.

Apple CEO Tim Cook called the government’s data demands in the San Bernardino case “chilling.” Not only did he deem the creation of “backdoor” software a “master key” that would “undermine decades of security advancements,” Cook took great issue with the principle of the request.

Arguing the FBI’s demands were a step towards a total disregard for individual privacy, Apple’s stance was the government – or other governments — could extend the breach of privacy to build and implement surveillance software without the public’s knowledge. Apple’s public Customer Letter challenges the FBI due to “the deepest respect for American democracy.”

Queen’s professor and security expert Christian Leuprecht has a more pragmatic view. Speaking to The Journal on Oct. 24, Leuprecht argued “under the guise of privacy, it’s in [Apple’s] business not to cooperate.”

If customers know Apple is willing to hand encryption keys to external agencies, there’s a “reasonable chance they’ll defect to other products,” according to Leuprecht. Despite Apple’s adherence to privacy on the supposed grounds of principle, the fact remains, though an extended and difficult process, the state can use other legal means to obtain encrypted data – like “obtaining a search warrant on a house.” 

The control of data is largely a game of politics and principles due to its abstract nature. In theory, Apple is correct: the release of an individual’s data may compromise their safety.

In the words of Professor Lister, there’s a danger in heightened privacy stakes today, as an “increased concentration of easily communicable information … exists about us in one place”.

Though careful not to minimize a parent’s anguish, Leuprecht made the point that the state’s authority to track a person must be reserved for “exceptional circumstances.” If there’s no evidence of criminal wrongdoing, the state has no ethical justification to pursue a citizen’s personal information.

But a focus on a company ideology is useless when that company may hold the key to a person’s rescue.

Principles and values are indispensable – they provide a public moral compass and serve as a basis for human behavior. But these intangibles become dangerous when they turn against dictating common sense, and common sense is never enshrined in the rules.

If you have the ability and capacity to help a mother whose son is missing in Peru, you should do it. It’s counter-intuitive not to help a mother — or any person — in need.

If Apple does seek democratic interests, they should do so by exercising their power to help a suffering citizen. It’s impossible for Apple to evaluate every plea for assistance individually, which is why their overriding policy exists. But when a life is at stake, it’s common sense to re-evaluate circumstances on a case-by-case basis.

Tim Cook once said of his personal life, “where I valued my privacy significantly … I was valuing it too far above what I could do with other people.” The same is true of technology companies today in their refusal to cooperate with the Galganov family’s pleas to help find their son.

Tags: 

When commenting, be considerate and respectful of writers and fellow commenters. Try to stay on topic. Spam and comments that are hateful or discriminatory will be deleted. Our full commenting policy can be read here.