Privacy at all costs? Data protection in the age of terrorism

Apple usually hit the headlines on three occasions: when a new range of products is launched, when their financial results are released and, most relevant to Intellectual Property enthusiasts, when they are either suing or being sued by Samsung for infringement of one or other of the patents that the other asserts ownership over.

However, the technology giant have most recently thrown themselves into the spotlight by refusing to comply with a US court order requesting that they allow access to private data stored on the iPhone of Syed Rizwan Farook, the man who killed 14 and seriously injured 22 others in a gun attack in San Bernadino, California on 2nd December 2015. Specifically, Apple have refused to create a way to override their own encryption and data protection software.

From Apple’s point of view (and taken directly from the company’s open letter on their website), the US government “is asking Apple to hack our own users and undermine decades of security advancements that protect our customers”. Since the news broke of Apple’s stance, other heavyweights have come out in support of the protection of customer data and encryption at all costs. Google’s chief executive, Sundar Pichai, recently tweeted that “forcing companies to enable hacking could compromise users’ privacy” and this stance should please the masses insofar as evidencing that the CEOs of multinational technology corporations treat the privacy and data of their customers in such high regard.

Unfortunately for Apple, the US government’s request is set against a backdrop of terror and the death of innocent civilians. From a UK perspective, a conflict between data protection and national security was envisaged when passing data protection legislation, evidenced through section 28 of the Data Protection Act 1998 which states that personal data is exempt from the data protection principles should the exemption be required for the purposes of safeguarding national security. With this in mind, the salient, and rather circular, question becomes thus: when should protection of the masses (national security) take precedence over protection of the masses (data protection) and vice versa?

Since the dawn of the digital age, data protection has been of the utmost importance for both service providers and end users – service providers gain end users’ trust by protecting their data effectively and end users are more willing to provide personal data to service providers that can show they have taken all necessary measures to protect their data. In this regard, Apple can be highly praised for creating an encryption system that is so secure that they themselves have to create new software for it to be circumvented. This, most would agree, is a far better scenario than having a marketplace saturated with companies with the attitude of VTech, who, as pointed out by Troy Hunt (a Mircrosft MVP for Developer Security) amended their Terms and Conditions after a recent data breach scandal to shift an assumption of responsibility for data provided to VTech on to consumers themselves. (

The present situation is not ideal for the technology industry. Several technology companies (including Twitter and Linkedin) have announced that they have filed a legal brief supporting Apple’s position. Whilst this move will be favoured by those in the ‘privacy at all costs’ camp, the brief lodged in support of the US Justice Department by the families of the victims of the San Bernadino attack can be seen to give off the impression that some of the biggest global corporations are not suitably not engaging with a government body in the fight against domestic and international terrorism.

Apple have always tried to be the company that pushed the boundaries with their innovation and product design, but the trust that they have in the consumer marketplace has been one of the main factors of their global rise from the ashes of a far less profitable time in the company’s history. On the one hand, they now stand on the precipice of making history for advancing the privacy rights of the individual consumer. However, Tim Cook, the CEO of Apple, must surely know that he is playing a dangerous game, running the risk of being seen to be playing off customers’ privacy against national security in a game of cheap point scoring.

As a standalone crusade against being forced to hack its own users, Apple’s resistance is to be admired. However, it is impossible to detach Apple’s stance from the backdrop of the San Bernadino attacks. It is for this reason that Apple need to ensure that in trying to prove a point, they do not isolate a large portion of the general public by not assisting the US government with their enquiries into the tragic events at San Bernadino.

Note from the author – at no stage does the content of this blog post offer or provide legal advice of any form and should not be relied on as such. Should anyone have any personal/professional issues concerning Intellectual Property, please seek legal advice. For further information, please see the full Disclaimer under the ‘About’ tab.