No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

The Pit and the Pendulum

by Shamoil Shipchandler
February 6, 2015
in Compliance
The Pit and the Pendulum

With contributing author Rachel M. Riley

There’s a conversation going on right now that sounds like this:

Government: “Give us data. We want to make you more safe!”

Company: “No, thanks. We’d rather put our customers at risk.”

Wait. That doesn’t sound right. We must have misheard it. It must be more like this:

Government: “Give us data. We want to make you more safe!”

Company: “Sure. Take it all. Here you go. Keep us safe.”

Could we have misheard that, too? Or – gasp! – could those two separate conversations be occurring simultaneously? And how is that possible?

Quick answer: That is basically the tension that we are seeing right now, the classic standoff between privacy and security.

Economists like to call it a zero-sum game, where one side’s gain is directly responsible for the other side’s loss. But economists are peculiar people and tend to want to assume things that aren’t necessarily there, so we’ll chart our own course. (Example: Three economists go hunting and come across a deer. The first economist fires and misses by one foot to the left. The second economist fires and misses by a foot to the right. The third economist stands up and shouts, “We hit it!”)

We instead like to think of this tension as a pendulum, with security on one side and privacy on the other. When the pendulum swings toward security, then more and more privacy interests are sacrificed for security. And vice versa.

In mid-September, Apple issued an open letter about its commitment to privacy. One of the company’s key points was that the encryption of its new mobile operating system, iOS 8, prevents anyone but the end users from accessing the content of their iPhones or iPads that are running the system. The takeaway point? Well, let’s just ask Apple itself: “On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes and reminders is placed under the protection of your passcode. Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”

Google’s newest Android operating system is going to offer encryption as well. Google previously offered encryption as an option, but will now apply it by default. (Q: Why did the Stormtrooper choose an iPhone? A: Because he couldn’t find the ’Droid he was looking for.)

There’s a lot to, well, decrypt, here. First, let’s get a little historical perspective. Can you imagine what the reaction would have been like if a company announced that it was developing a system so secure that law enforcement could not access it on the day after the 9/11 attacks? Mass hysteria, right? Apple stock prices plummeting? Because that was when the pendulum took the hardest swing to the security side, resulting in the passage of the Patriot Act just six weeks after the attacks. No company would have wanted to be perceived as shielding potentially vital information from the government.

Contrast that time with the present, in a world where NSA spying accusations, Edward Snowden, nude celebrity photographs, Target credit card breaches and Sony information leaks have caused the focus to shift away from the possibility of a terrorist attack on U.S. soil and on to the basic privacy protections that citizens expect for their personal information. According to polls taken in July 2013 after the Snowden revelations, for the first time since the 9/11 attacks, Americans were more worried about the infringement of civil liberties than terrorism.

But the fundamental nature of a pendulum is to swing back … which is exactly what happened after the recent Paris terrorist attacks and North Korean hacking activity. Once again, a Washington Post-ABC poll showed that 63 percent of Americans preferred protection to privacy. When the next inevitable data breach of a major retailer compromises thousands of pieces of consumer data, can you guess which way the pendulum will swing?

You may be wondering what the urgency is around this issue right now. After all, this tension has existed for years, right? Well, this time, there is a very stark distinction: this is the first time that a major piece of technology has the potential to prevent law enforcement from acquiring important – and private – information.

Think about it.  Before the question revolved around whether the government could establish sufficient proof to access information. Now though, you have companies who are proposing to block law enforcement’s access irrespective of whether it has proof. And what’s more, Apple is able to use the shielding of information from the government as a marketing ploy – and Google immediately matches.

But while the broad-based approach of the NSA has fueled public sentiment toward privacy, the real impact of encryption will be felt by the police officers and federal agents who are investigating non-terrorism cases and who have historically relied on Constitutionally-permissible searches based on a warrant that is obtained by making a showing of probable cause to a judge.

How would this impact investigations? There are many real-life examples. Here’s a hypothetical: a Starbucks employee calls the police after two independent customers have complained that a man in the coffee shop is viewing what is clearly child pornography on an iPad. When detectives arrive and ask to see the iPad, which runs iOS 8, the device is turned on but requires a password for access. The man declines to provide a password and asks for an attorney.

Now what? Since Apple encrypted its devices, what can the detectives do? And what if the man is part of a child pornography ring – aren’t linkages that would otherwise appear on the iPad now lost? Apple’s take – and Google’s take – is that the privacy concern is paramount.

What’s your take?

This kind of situation is why so many in law enforcement – including the Attorney General, the Director of the FBI and the Manhattan District Attorney – are adamantly against what Apple and Google have done. It’s why people like John J. Escalante, Chief of Detectives for the Chicago Police Department, say, “Apple will become the phone of choice for the pedophile. The average pedophile at this point is probably thinking, I’ve got to get an Apple phone.”

Because of this type of issue and the government interest in preventing terrorism, law enforcement and the White House have called for companies to build a back door into their encryption walls for law enforcement access. In essence, the government intends that no means of communication exist that the government cannot access in some fashion. So it’s no more iOS 8 encryption, no more Android encryption and perhaps heavy caution for apps like SnapChat, that delete user messages immediately without saving them. The technological advances force the government to restrict innovation to protect security.

Is there a happy medium? Most everyone agrees that building a law enforcement back door into iOS 8 or Android is a bad idea, and one that will lend itself to exploitation by determined hackers. After all, hackers are outstanding at exploiting vulnerabilities to access places where they should not be – just imagine if a vulnerability is built right into the system. The Washington Post’s Editorial Board, which predictably calls for a balance between security and privacy interests, offers that, “with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant.”

A golden key steeped in wizardry? And surely riding on the back of a unicorn.

There really is no good answer here. Security and privacy do not coexist well together. The real question is whether existing laws can ensure that our courts – the neutral arbiters – are equipped to make these determinations on a case-by-case basis.

Because unfortunately, on either side of the pendulum, there is a deep, dark and perilous pit.


Tags: Board Risk Oversight
Previous Post

Health Care Compliance Programs: Stepping Up the Game

Next Post

The 5 Irrefutable Laws of Leadership — And They’re Non-Negotiable, Folks!

Shamoil Shipchandler

Shamoil Shipchandler

Shamoil Shipchandler headshot 5-12-14 (457x640)Shamoil T. Shipchandler is a white collar defense partner at Bracewell & Giuliani in Dallas, where he counsels corporate and individual clients regarding statutory and regulatory compliance and advises companies and corporations who were victimized through white collar crime or cybercrime.  Previously, Shamoil was a former Deputy Criminal Chief with the United States Attorney’s Office for the Eastern District of Texas, where he served for nearly 10 years as the Attorney-in-Charge of the Plano Office and as the Asset Forfeiture Chief. During his tenure with the Department of Justice, Shamoil handled the prosecution of some of the largest and most significant complex white collar matters in North Texas, including cases involving securities fraud, mortgage fraud, tax evasion, bank fraud, mail and wire fraud, computer sabotage, money laundering, public corruption, theft of trade secrets and immigration fraud. Shamoil is a frequent nationwide instructor regarding trial techniques, professional responsibility, asset forfeiture, money laundering and substantive white collar crimes. Shamoil has developed and presented financial investigations courses to U.S. Attorney’s offices and local state and federal law enforcement, as well as to Bosnian and Macedonian prosecutors and judges. Shamoil received the 2011 Director’s Award, a Department of Justice-wide recognition, for his work in the United States v. Barry, et al. prosecution. He can be reached at shamoil.shipchandler@bgllp.com  

Related Posts

board tech purchase

Directors: Don’t Approve a Tech Purchase Without Asking These Questions

by Jean Hill
January 25, 2023

Board directors don’t need to be able to fix a broken server, but they do need basic technology competence, which...

frayed_white

New Year, Same ESG Challenges: Overstretched Boards Face Barrage of Global Regulation

by Helle Bank Jorgensen
January 25, 2023

Global economic uncertainty notwithstanding, 2023 is certain to bring a host of emerging risks for board directors to navigate. One...

tech fluency_n

Not Your Grandpa’s C-Suite: Improving Tech Fluency at the Top of the Organization

by Jim DeLoach
January 18, 2023

In our hyper-connected world, just about every company is a tech company. As commerce and technology become increasingly intertwined, it’s...

hottest takes

The Hottest Compliance Takes of 2022

by Staff and Wire Reports
December 14, 2022

Nobody was canceled for anything they wrote for our pages in 2022 — at least that we know of. But...

Next Post
The 5 Irrefutable Laws of Leadership — And They’re Non-Negotiable, Folks!

The 5 Irrefutable Laws of Leadership -- And They’re Non-Negotiable, Folks!

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT