Our phones as our castles: can His Majesty’s Government enter?

The lore on the right to individual privacy includes the early 17th century judicial remarks of Sir Edward Coke that “the house of every one is to him as his castle and fortress”. William Pitt went further, in more florid terms, the following century:

“The poorest man may, in his cottage, bid defiance to all the force of the Crown. It may be frail; its roof may shake; the wind may blow through it; the storm may enter; but all his force dares not cross the threshold of the ruined tenement.”

William Pitt, 1st Earl of Chatham, March 1763

In short, the law fortifies and secures the sanctity of even, and perhaps especially, the most humble of abodes from governmental intrusion.

Since Coke and Pitt, the law has developed to clarify and codify various guardrails for when and how law enforcement authorities may go about their business of seeking physical evidence. Rules requiring warrants and prior notice (or knock and announce in the US), for example, have proliferated not just in the UK but around the world.

Whereas Pitt’s poor man has the law, and perhaps only the law, on his side to protect against governmental intrusion, there is an altogether different paradigm in the digital context. A warrant and prior notice might lead to a door being knocked down and law enforcement rifling through the property for material, but it isn’t as straightforward for obtaining access to information stored on a more heavily fortified possession: our phones.

Such is the sophistication of today’s digital device defence systems that they might truly be regarded as “castles”, with their technological moats, battlements and drawbridges. Advances in cryptography and, specifically, end-to-end encryption, have been a prominent and effective frontline defender of the castle walls around our digital devices, scrambling and withholding from third parties the content we engage in and correspondence we make from those devices.

Those defences have proven so effective at repelling intrusions that law enforcement authorities have grown increasingly concerned by the risk of serious crime, which is increasingly plotted and perpetrated online, “going dark”. Indeed, it’s been 10 years since a terrorist attack in San Bernardino propelled into prominence the debate around encryption and government access to private data. Back then, it was a request from the US Federal Bureau of Investigation to Apple demanding it provide access to the terrorist’s encrypted iPhone. Now, it’s the UK Home Office seeking access to Apple’s encrypted services.

Then, as now, Apple declined to comply and landed, unequivocally, on the side of maintaining privacy and security over introducing a backdoor into its otherwise encrypted systems processing user data. Indeed, Apple would rather withdraw its end-to-end encryption services from the UK than comply with the Home Office’s technical capability notice and build a backdoor.

In other words, instead of Pitt’s poor man granting the Crown’s representatives lawful entry to his humble abode, he would rather pick everything up and relocate than compromise on what little home security he has. Similarly, there is reluctance among those companies faced with lawfully issued requests to sacrifice their principles for compliance. With their abundant resources, these companies are arguably more capable of outmanoeuvring the government to protect their systems.

There are well-documented and legitimate concerns associated with building backdoors into end-to-end encrypted systems that go beyond privacy risk. As data becomes more centralised in the hands of companies and governments, IT and cyber security equities have grown more prominent. Despite, and perhaps even in spite of, the best intentions of those building a backdoor for ostensibly secure data sharing, bad actors find a way in. Consider how a microscopic hole in a car windscreen can compromise the structural integrity and security of the whole.

There are also impassioned concerns about the freedoms of speech, expression and association, which, until recently, were primarily levied by democratic, rule of law-abiding, “western” allies toward techno-authoritarian governments, under which people feared that government outreach into private data would undermine the fundamental right of privacy. In short, the simplified framing of privacy versus law enforcement belies the true multidimensional and multipolar web of equities.

Though the whataboutery of where and how to draw the line on governments gaining access to private information is not new, the technological defences and deeply held concerns against such access pose new, different and more complex power dynamics than those which existed in 16th and 17th century England. While the law pulls in different directions, seeking to fortify or empower intrusion into our digital castles, the technology and the corporate and societal interests in it, are, so far, proving more effective in repelling the King’s government.