Home > 2016 > Identity Theft

Privacy vs. Security: Where Should We Draw the Encrypted Line in the Sand?

Advertiser Disclosure Comments 3 Comments

The recent Game of Phones between the FBI and Apple underscored an area in our jurisprudence that is screaming for more clarity. If there is a tipping point when the protection of consumer privacy should yield to the needs of a criminal investigation, where is it?

Few will dispute the obvious cases where the Constitutional rights of a citizen are disrupted by a judge who knows (or at least has access to) the legal precedents informing the decision to suspend a citizen’s right to privacy. A court-ordered search warrant trumps those rights, for a defined period of time, and it can happen fairly quickly when a member of the judiciary believes there is good and sufficient reason for it. Sometimes, in instances involving probable cause and easily discernible physical evidence, the law permits on-the-spot access.

The latter scenario came into play with the phone belonging to San Bernardino shooter Syed Rizwan Farook, an iPhone 5C running iOS 9. Law enforcement officials had every reason to believe there could be time-sensitive information on the device—information that very well might save lives. They attempted to access that information through Farook’s iCloud account. But, in the process, they made a mistake. They reset the password remotely. When they did that, they cut off a way into the device, an auto-backup, which may have been possible had the phone been transported and connected to a Wi-Fi network that it recognized—in this case, the shooter’s home wireless network. There was only one way to find out if that would have worked, and it disintegrated when a law enforcement official reset that password.

Locked out, the government requested Apple’s help. Apple CEO Tim Cook refused to provide that help on the grounds it would compromise consumer privacy and set a dangerous precedent. The FBI secured a court order demanding Apple unlock Farook’s iPhone, and still the company refused to comply, which begged the question: Should the government be allowed special access to information that is protected by encryption or any other method designed to protect user privacy?

In October 2015, the Obama administration had decided it was not a good idea to legislatively force decryption at the behest of law enforcement. “The administration has decided not to seek a legislative remedy now, but it makes sense to continue the conversations with industry,” FBI director James B. Comey told the Homeland Security and Governmental Affairs Committee. Not long after that announcement, the San Bernardino shooting caused the Justice Department to do a 180—getting a court to order Apple to decrypt. The case made daily headlines. Numerous briefs were filed by all stripe of organization on both sides of the issue. Then the action became moot because—reportedly with the help of a third-party technology firm—the FBI wormed its way into the phone.

But on the other side of the FBI’s successful workaround with Farook’s iPhone 5C lies a legal shadowland. This pivotal question about consumer privacy still has not been addressed, because the FBI successfully breached the phone without Apple’s help.

What Now?

When it comes to encrypted devices, can there be special access afforded to the government, in only extreme cases, without weakening the privacy protections afforded by encryption to consumers?

Digital enterprise probably won (by a smidge) in the battle over access to Farook’s iPhone because Apple was not required to provide what could have amounted to a permanent backdoor to law enforcement. The FBI said this week that it would help local law enforcement agencies decrypt information on devices without saying that it would specifically make available to them the means used to crack the San Bernardino shooter’s phone. You can be sure that when Apple closes the door on the FBI’s exploit, there will be an announcement and the fight over law enforcement access to encrypted information will resume in earnest.

It is not breaking news in the information security community that the FBI has had a Tor exploit for a while now. Tor is an anonymizing network that allows people to visit websites without being traced. There are as many legitimate reasons to use it as there are illegal ones—among the latter category being the trafficking of child pornography, which was the reason the FBI developed the tracker malware used to locate and arrest people who transmit illegal images. What is not known: how many other presumed safe platforms have glass walls for law-enforcement eyes only?

I think it’s also worth wondering aloud if the FBI always knew there was a hack to get in Farook’s iPhone. Were that the case, the FBI motion in this case would have been less about finding a way into the phone and more about two-stepping around the Obama Administration’s previously stated position to continue conversations and not go to war with Silicon Valley over decryption legislation.

In February, Tim Cook explained to ABC World News Tonight that the FBI had essentially asked him to create “the software equivalent of cancer.” The tension between selling privacy and having it compromised by legal means is not an easy one to navigate, but in this war of words and ideology, we need to do a whole lot better than we have so far.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

More on Identity Theft:

Image: stevanvicigor

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

  • Sree Indian


    I enjoying reading your blog. I have a question regarding providing my SSN and Driving License to a non-profit Hospice company. This is for VOLUNTEER position. Without these they cannot process my application.

    I would love to volunteer but scared to provide these details. What would you suggest me?


    • Sree Indian


      Thanks for the reply. This volunteer position is to meet with terminally ill patients. When I asked how they protect my data, he showed me a locked drawer. It makes me uncomfortable, since any employee can go to that room (open access). I am still wondering to volunteer or not. Thanks for your insights again.


  • Adam Levin


    Because there have
    been so many incidents in the healthcare sector (breaches and insider
    data theft leading to possible identity compromise), many organizations are conducting more extensive background investigations of anyone whom, either working in a healthcare facility or in the home of a chronically or terminally ill patient as a home healthcare worker, might have the opportunity to access the personal identifiable information of those patients.

    There are serious institutional regulatory and financial
    liability issues, not to mention potentially devastating victim emotional, financial
    and health issues at stake. Therefore, they certainly have the right
    (and even responsibility) to request whatever they believe is
    appropriate in order to conduct a thorough investigation.

    might inquire as to how they will protect your data if you choose to go
    forward with your application. Unfortunately, even if they have solid security protocols there
    is always the risk that some employee will make a mistake,
    click on the wrong link or respond to a phishing email, potentially exposing your data.

    I think your desire to be a volunteer is a wonderful thing and you should follow your heart. Just understand the risks.

Certain credit cards and other financial products mentioned in this and other articles on Credit.com News & Advice may also be offered through Credit.com product pages, and Credit.com will be compensated if our users apply for and ultimately sign up for any of these cards or products. However, this relationship does not result in any preferential editorial treatment.

Hello, Reader!

Thanks for checking out Credit.com. We hope you find the site and the journalism we produce useful. We wanted to take some time to tell you a bit about ourselves.

Our People

The Credit.com editorial team is staffed by a team of editors and reporters, each with many years of financial reporting experience. We’ve worked for places like the New York Times, American Banker, Frontline, TheStreet.com, Business Insider, ABC News, NBC News, CNBC and many others. We also employ a few freelancers and more than 50 contributors (these are typically subject matter experts from the worlds of finance, academia, politics, business and elsewhere).

Our Reporting

We take great pains to ensure that the articles, video and graphics you see on Credit.com are thoroughly reported and fact-checked. Each story is read by two separate editors, and we adhere to the highest editorial standards. We’re not perfect, however, and if you see something that you think is wrong, please email us at editorial team [at] credit [dot] com,

The Credit.com editorial team is committed to providing our readers and viewers with sound, well-reported and understandable information designed to inform and empower. We won’t tell you what to do. We will, however, do our best to explain the consequences of various actions, thereby arming you with the information you need to make decisions that are in your best interests. We also write about things relating to money and finance we think are interesting and want to share.

In addition to appearing on Credit.com, our articles are syndicated to dozens of other news sites. We have more than 100 partners, including MSN, ABC News, CBS News, Yahoo, Marketwatch, Scripps, Money Magazine and many others. This network operates similarly to the Associated Press or Reuters, except we focus almost exclusively on issues relating to personal finance. These are not advertorial or paid placements, rather we provide these articles to our partners in most cases for free. These relationships create more awareness of Credit.com in general and they result in more traffic to us as well.

Our Business Model

Credit.com’s journalism is largely supported by an e-commerce business model. Rather than rely on revenue from display ad impressions, Credit.com maintains a financial marketplace separate from its editorial pages. When someone navigates to those pages, and applies for a credit card, for example, Credit.com will get paid what is essentially a finder’s fee if that person ends up getting the card. That doesn’t mean, however, that our editorial decisions are informed by the products available in our marketplace. The editorial team chooses what to write about and how to write about it independently of the decisions and priorities of the business side of the company. In fact, we maintain a strict and important firewall between the editorial and business departments. Our mission as journalists is to serve the reader, not the advertiser. In that sense, we are no different from any other news organization that is supported by ad revenue.

Visitors to Credit.com are also able to register for a free Credit.com account, which gives them access to a tool called The Credit Report Card. This tool provides users with two free credit scores and a breakdown of the information in their Experian credit report, updated twice monthly. Again, this tool is entirely free, and we mention that frequently in our articles, because we think that it’s a good thing for users to have access to data like this. Separate from its educational value, there is also a business angle to the Credit Report Card. Registered users can be matched with products and services for which they are most likely to qualify. In other words, if you register and you find that your credit is less than stellar, Credit.com won’t recommend a high-end platinum credit card that requires an excellent credit score You’d likely get rejected, and that’s no good for you or Credit.com. You’d be no closer to getting a product you need, there’d be a wasted inquiry on your credit report, and Credit.com wouldn’t get paid. These are essentially what are commonly referred to as "targeted ads" in the world of the Internet. Despite all of this, however, even if you never apply for any product, the Credit Report Card will remain free, and none of this will impact how the editorial team reports on credit and credit scores.

Our Owners

Credit.com is owned by Progrexion Holdings Inc. which is the owner and administrator of a number of business related to credit and credit repair, including CreditRepair.com, and eFolks. In addition, Progrexion also provides services to Lexington Law Firm as a third party provider. Despite being owned by Progrexion, it is not the role of the Credit.com editorial team to advocate the use of the company’s other services. In articles, reporters may mention credit repair as an option, for example, but we’ll also be sure to note the various alternatives to that service. Furthermore, you may see ads for credit repair services on Credit.com, but the editorial team isn’t responsible for the creation or implementation of those ads, anymore than reporters for the New York Times or Washington Post are responsible for the ads on their sites.

Your Stories

Lastly, much of what we do is informed by our own experiences as well as the experiences of our readers. We want to tell your stories if you’re interested in sharing them. Please email us at story ideas [at] credit [dot] com with ideas or visit us on Facebook or Twitter.

Thanks for stopping by.

- The Credit.com Editorial Team