linkedin - centro nacional de cibersegurança · linkedin joaoferreirapinto/pt iapp ... • public...
TRANSCRIPT
joaoferreirapinto/pt
IAPP
Lisbon Chapter_KnowledgeNet
João Ferreira Pinto
Lawyer | JFP & Associados
Master | Cyberspace Law and Info. Security (IST)
#CDAYS2016
APPLE vs FBI
(Encryption dispute case study)
#APPLEvsFBI
encryption dispute
case study
USA | 2016
APPLE vs. FBI | encryption dispute case study
João Ferreira Pinto #CDays2016
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
2015.12.02 | San Bernardino | California (USA) (Mass shooting & attempted bombing)
14 killed 22 severely injured
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
2015.12.02 | San Bernardino | California (USA)
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
2015.12.02 | San Bernardino | California (USA)
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
2015.12.02 | San Bernardino | California (USA)
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
2015.12.06 | “Act of terrorism” (President Barack Obama)
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
2015.12.02 | San Bernardino | California (USA)
iPhone 5C (iOS 8)
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
iCloud
(Oct. 2015)
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
.APPLE vs. FBI | encryption dispute case study.
© João Ferreira Pinto. #CDays2016
#APPLEvsFBI
“the case”
(2015/2016)
APPLE vs. FBI | encryption dispute case study
João Ferreira Pinto #CDays2016
• “Backdoor”
• Tool to circumvent the feature that deletes all of the information on the phone after 10 failed password attempts
• No backdoor-friendly legislation
• All Writs Act “AWA” (1789)
• Precedent “United States v. New York Telephone Co” (illegal gambling) (1977)
Legal
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
Public Opinion
• Terrorism (after 09/11/2001)
• False duality: privacy vs security: “We have awesome new technology that creates a serious tension between two values we all treasure: privacy and safety. That tension should not be resolved by corporations that sell stuff for a living. It also should not be resolved by the FBI, which investigates for a living.”
Federal Bureau of Investigation
• AWA - Fullfillment of 4 conditions:1. Absence of alternative remedies or
judicial tools2. An independent basis for
jurisdiction—the act authorizes writs in aid of jurisdiction, doesn´t creates any federal subject-matter jurisdiction.
3. Writ necessary/appropriate to the particular case
4. The writ must be "agreeable to the usages and principles of law (not an “unreasonably burdensome”)
• Costly
Legal
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
Public Opinion
• Public brand marketing - there´s no trade-off: security & privacy are not mutually exclusive (FaQs)
• Civil liberties (mass surveillance): encryption is about privacy and public safety
• The precedent isn’t to unlock one phone (eg MSFT/Google/Facebook)
• Dangerous:a) Hackers/criminals/terrorists b) Russia/China
APPLE
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
#APPLEvsFBI
Mass surveillance?
APPLE vs. FBI | encryption dispute case study
João Ferreira Pinto #CDays2016
MASS SURVEILLANCE?
(PRISM Program)
Snowden
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
European Union - (6 Oct. 2015):
Case C-362/14 | Max. Schrems / Data Protection Commissioner
• Articles 7, 8 and 47 of the Charter of Fundamental Rights of the EU (…) must be interpreted on the adequacy of the protection provided by the safe harbour privacy principles (…) the law and practices in force in the third country do not ensure an adequate level of protection.
• Decision 2000/520/EC, of 26 July (Safe Harbour) - Transfer of personal data to the United States - Inadequate level of protection - is invalid
MASS SURVEILLANCE?
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
#APPLEvsFBI
Privacy by Design
APPLE vs. FBI | encryption dispute case study
João Ferreira Pinto #CDays2016
Principle 4: FULL FUNCIONALITY | POSITIVE SUM
• Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner, not through a dated, zero-sum approach, where unnecessary trade-offs are made.
• Privacy by Design avoids the pretense of false dichotomies, such as privacy vs. security, demonstrating that it is possible, and far more desirable, to have both.
PRIVACY BY DESIGN (ANN CAVOUKIAN)
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
#APPLEvsFBI
GDPR (2018)
APPLE vs. FBI | encryption dispute case study
João Ferreira Pinto #CDays2016
PRIVACY BY DESIGN / PRIVACY BY DEFAULT
• Each new service or business process that makes use of personal data must take the protection of such data into consideration, during the whole life cycle of the system or process development.
GENERAL DATA PROTECTION REGULATION | GDPR
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
PRIVACY BY DESIGN / PRIVACY BY DEFAULT
• (…) require that appropriate technical and organisational measures be taken to ensure that the requirements of this Regulation are met (recital 78)
• the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisationalmeasures, such as pseudonymisation (…), such as data minimization … (article 25)
APPLE vs. FBI | encryption dispute case study
© João Ferreira Pinto #CDays2016
GENERAL DATA PROTECTION REGULATION | GDPR
#APPLEvsFBI
WINNERS?
APPLE vs. FBI | encryption dispute case study
João Ferreira Pinto #CDays2016